bkloos

Hey All,

I seem to be infected from the "Antivirus 2008 Pro" bug. I downloaded what I though to be java update, and since I have had some problems. When I open a new browser, I am directed to a new homepage that states
"Insecure Internet activity. Threat of virus attack" and asks me to follow various prompts. Additionally, I continually recieve pop-ups from a page titles "Antivirus 2008 Po" asking me to purchase software to remedy my pc's infection. I am also having random pop-ups previously not seen on my system.

I have tried to follow all the steps mentioned in preparation of posting the log. I hope I am doing all this correctly, and I appologize if I am making any mistakes. I could not run IE-Spyad, andalo could not update XP though I should be current with XP.

Any and all help is GREATLY appreciated. Many thanks in advance!!!


Deckard's System Scanner v20071014.68
Run by Bryan Kloos on 2008-06-26 22:00:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-27 02:01:08 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Bryan Kloos.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:32 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\BRYANK~1\LOCALS~1\Temp\dssec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bryan Kloos\Local Settings\Temporary Internet Files\Content.IE5\70Z67Q8L\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bryan Kloos.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: QXK Olive - {8E0B059F-DFFA-46F5-B6F9-2B2EB2551AD8} - C:\WINDOWS\gfetqaxsxqs.dll
O2 - BHO: (no name) - {F91D8E51-FF31-40B2-B8BC-59C20DFF4736} - C:\WINDOWS\system32\mlJdaaBU.dll
O3 - Toolbar: gxvpsafm - {A60C6234-48AB-4295-B542-24F8679FA15C} - C:\WINDOWS\gxvpsafm.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LogEnable]

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [3cd2a47e] rundll32.exe "C:\WINDOWS\system32\kyljsraq.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.146.203.9.204 (HKLM)
O15 - ESC Trusted Zone: *.146.203.9.204 (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livephish.com/nugster/dlControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: nnnomJYq - C:\WINDOWS\SYSTEM32\nnnomJYq.dll
O21 - SSODL: qegbdmwf - {B3A7D097-1643-476F-A3EB-18C1E7738DF8} - C:\WINDOWS\qegbdmwf.dll
O21 - SSODL: pntqkflv - {BF67151B-3F06-4F31-B0D7-2211591F6B9A} - C:\WINDOWS\pntqkflv.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\winvnc4.exe (file missing)

--
End of file - 10120 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 GoProto (GoProto Protocol Driver) - c:\windows\system32\drivers\goprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 NAVENG - c:\progra~1\common~1\symant~1\virusd~1\20070314.017\naveng.sys (file missing)
S3 NAVEX15 - c:\progra~1\common~1\symant~1\virusd~1\20070314.017\navex15.sys (file missing)
S3 SDDMI2 - c:\windows\system32\ddmi2.sys <Not Verified; Gteko Ltd.; DDMI>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 MaxBackServiceInt - "c:\program files\maxtor\maxtor backup\maxbackserviceint.exe" <Not Verified; ; MaxBackServiceInt Module>
R2 NICSer_WPC54G - c:\program files\linksys\wireless-g notebook adapter\nicserv.exe
R2 NTService1 (MaxSyncService) - "c:\program files\maxtor\onetouch\utils\syncservices.exe" <Not Verified; ; SyncServices>

S2 WinVNC4 (VNC Server Version 4) - "c:\program files\realvnc\vnc4\winvnc4.exe" -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1FD1D481344FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1FD1D481344FC000
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-06-25 21:56:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-26 and 2008-06-26 -----------------------------

2008-06-26 20:31:21 0 d-------- C:\ie-spyad_zo
2008-06-26 20:25:01 0 d-------- C:\Program Files\Panda Security
2008-06-26 20:24:59 0 d-------- C:\WINDOWS\LastGood
2008-06-26 20:04:56 0 d-------- C:\Program Files\Trend Micro
2008-06-26 19:04:46 92032 --a------ C:\WINDOWS\system32\kyljsraq.dll
2008-06-26 19:04:04 1330 --ahs---- C:\WINDOWS\system32\UBaadJlm.ini2
2008-06-26 19:04:00 318208 --a------ C:\WINDOWS\system32\mlJdaaBU.dll
2008-06-26 18:59:13 27776 --a------ C:\WINDOWS\system32\yayaXQjJ.dll
2008-06-26 18:58:55 27776 --a------ C:\WINDOWS\system32\nnnomJYq.dll
2008-06-26 18:58:17 81920 --a------ C:\WINDOWS\tovafrnm.exe
2008-06-26 18:58:17 180224 --a------ C:\WINDOWS\qegbdmwf.dll
2008-06-26 18:58:17 229376 --a------ C:\WINDOWS\pntqkflv.dll
2008-06-26 18:58:17 155648 --a------ C:\WINDOWS\gxvpsafm.dll
2008-06-26 18:58:17 303104 --a------ C:\WINDOWS\gfetqaxsxqs.dll
2008-06-26 18:58:17 94208 --a------ C:\WINDOWS\ebxq.exe
2008-06-22 22:04:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Comcast


-- Find3M Report ---------------------------------------------------------------

2008-05-28 17:51:54 0 d-------- C:\Program Files\Java
2008-05-17 18:29:05 0 d-------- C:\Documents and Settings\Bryan Kloos\Application Data\EndNote
2008-05-08 13:03:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-08 13:01:52 0 d-------- C:\Documents and Settings\Bryan Kloos\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E0B059F-DFFA-46F5-B6F9-2B2EB2551AD8}]
06/26/2008 01:23 PM 303104 --a------ C:\WINDOWS\gfetqaxsxqs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F91D8E51-FF31-40B2-B8BC-59C20DFF4736}]
06/26/2008 07:04 PM 318208 --a------ C:\WINDOWS\system32\mlJdaaBU.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [08/13/2003 11:27 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [05/21/2003 12:21 AM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 05:24 PM C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
"LogEnable"="1 (0x1)" []
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [03/27/2006 03:04 PM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [10/17/2005 04:24 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2007 09:18 AM]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [04/24/2008 01:25 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"3cd2a47e"="C:\WINDOWS\system32\kyljsraq.dll" [06/26/2008 07:04 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [10/30/2006 11:01 AM]
"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" []

C:\Documents and Settings\Bryan Kloos\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 2:36:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [7/12/2004 9:50:08 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
DESKTOP.INI [9/3/2002 2:36:04 PM]
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [4/11/2006 9:48:09 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoActiveDesktop"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{41B93EB1-608A-465B-A1F0-EA1DFEC3E247}"= C:\WINDOWS\system32\nnnomJYq.dll [06/26/2008 06:58 PM 27776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qegbdmwf"= {B3A7D097-1643-476F-A3EB-18C1E7738DF8} - C:\WINDOWS\qegbdmwf.dll [06/26/2008 01:23 PM 180224]
"pntqkflv"= {BF67151B-3F06-4F31-B0D7-2211591F6B9A} - C:\WINDOWS\pntqkflv.dll [06/26/2008 01:23 PM 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="ziswin.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnomJYq]
nnnomJYq.dll 06/26/2008 06:58 PM 27776 C:\WINDOWS\SYSTEM32\nnnomJYq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlJdaaBU

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d408645-78bc-11db-8c3c-000f1f0d8513}]
AutoRun\command- H:\setupSNK.exe

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-06-26 22:04:59 ------------

Attached Files

	ActiveScan.txt (7.2 KB, 0 views)
	extra.txt (13.8 KB, 0 views)

Glaswegian

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.



Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here or here

Double-click mbam-setup.exe and follow the prompts to install the program.

• Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.

You can also access the log by doing the following:

-> Click on the Malwarebytes' Anti-Malware icon to launch the program.
-> Click on the Logs tab.
-> Click on the log at the bottom of those listed to highlight it.
-> Click Open.

Copy & Paste the entire report in your next reply.




Now we'll use ComboFix. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that ComboFix is saved directly to your desktop**

Please ensure you read this guide carefully and install the Recovery Console. This will help us restore your system in the event of a serious crash. It's very simple to complete and will only take a few moments. A quick guide is detailed below.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See here for a guide to disabling AV, Firewall and Anti-malware programmes.

Once you've downloaded the appropriate RC setup package for your system to the desktop, follow these instructions:

• Drag the setup package onto ComboFix.exe and drop it.
  
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
  
  
  
• When the tool is finished, it will produce a report for you.

Please post the log C:\ComboFix.txt along with a fresh HijackThis log for further review.

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::5 Steps For Infected PCs