NTOSKRNL-HOOK plus possible other trojans

DVD Smith · 04-19-2009, 03:51 AM

I am running Windows Vista Business (not too sure about the service pack) with McAfee on a Sony Vaio.

Every time I log in to Vista, the desktop goes completely black except for the mouse pointer, and I can bring up the Task Manager using Ctrl-Alt-Del, which suggests that the desktop is there, just not visible. About ten seconds later the system bluescreens with the error "STOP: 1x000000008E". This happens on every system startup.

When I run the machine in Safe Mode, McAfee VirusScan picks up a Trojan called NTOSKRNL-HOOK, which it then proceeds to fix. Except it doesn't fix it; it reappears every time the scan is run. I also fear that my machine is infected with spyware due to weird behaviour in Firefox, but I cannot get any anti-spyware software to successfully run. I also sometimes get a blue screen crash dump when I load the McAfee Security Centre as well, but this isn't consistent.

I have seen this type of problem resolved on these forums before, so I'm hoping you can help as McAfee is failing me right now. Here is the log:

EDIT: Oh, and I should mention that I have tried running ComboFix and when it runs it gives me the two files to keep a note of, then reboots my system (which I have to place back into Safe Mode), but does not give any follow-up message once I have logged back in and doesn't give me any kind of .txt file to post here. Help would this would also be appreciated.

---------------------

DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by David at 10:37:01.27 on 19/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.44.1033.18.2038.1573 [GMT 1:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Users\David\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = 193.129.184.167:8080
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Winamp Toolbar BHO: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - c:\program files\nettransfer\NXIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\nettransfer\NXToolBar.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [WallPaper] c:\progra~1\wallpa~1\WALLPA~1.EXE /h
uRun: [Aim6]
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Norton Save and Restore 2.0] "c:\program files\norton save and restore\agent\VProTray.exe"
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [Wallpaper]
mRun: [Skytel] Skytel.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Toolbar Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Download All Files by HiDownload - c:\program files\hidownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\hidownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 85.255.112.136,85.255.112.145
TCP: {988C848B-4219-4F04-8B28-AEAA29A77AE2} = 85.255.112.136,85.255.112.145
TCP: {AC7DBA62-EFDD-4FA1-A5FE-D9D714569368} = 85.255.112.136,85.255.112.145
TCP: {E33D9B4C-6163-49A8-A2AF-80070615B036} = 85.255.112.136,85.255.112.145
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\uhilkoes.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: network.proxy.ftp - 82.5.185.111
FF - prefs.js: network.proxy.ftp_port - 7212
FF - prefs.js: network.proxy.gopher - 82.5.185.111
FF - prefs.js: network.proxy.gopher_port - 7212
FF - prefs.js: network.proxy.socks - 82.5.185.111
FF - prefs.js: network.proxy.socks_port - 7212
FF - prefs.js: network.proxy.ssl - 82.5.185.111
FF - prefs.js: network.proxy.ssl_port - 7212
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\david\appdata\roaming\mozilla\firefox\profiles\uhilkoes.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\david\appdata\roaming\mozilla\firefox\profiles\uhilkoes.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

============= SERVICES / DRIVERS ===============

S1 64827c74-552b-46a7-9d9a-a54e57da6ef1;64827c74-552b-46a7-9d9a-a54e57da6ef1;c:\windows\iprot\64827c74-552b-46a7-9d9a-a54e57da6ef1\PhysMem.sys [2008-1-17 3584]
S2 0016211239916340mcinstcleanup;McAfee Application Installer Cleanup (0016211239916340);c:\windows\temp\001621~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\001621~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\mcafee\siteadvisor\mcsacore.exe" --> c:\program files\mcafee\siteadvisor\McSACore.exe [?]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-7-31 29744]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]
S3 Norton Save and Restore;Norton Save and Restore;c:\program files\norton save and restore\agent\VProSvc.exe [2007-2-14 2655848]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-7-30 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-7-30 43904]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-7-30 812544]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-8-23 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-8-23 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-8-23 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-27 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-7-22 87328]

=============== Created Last 30 ================

2009-04-19 10:09 318,976 a------- c:\windows\system32\CF18182.exe
2009-04-19 10:09 <DIR> --d----- C:\ComboFix
2009-04-19 09:49 318,976 a------- c:\windows\system32\CF14420.exe
2009-04-19 09:49 318,976 a------- c:\windows\system32\CF14309.exe
2009-04-19 09:44 318,976 a------- c:\windows\system32\CF13493.exe
2009-04-19 09:43 318,976 a------- c:\windows\system32\CF13192.exe
2009-04-19 09:42 318,976 a------- c:\windows\system32\CF13094.exe
2009-04-19 09:42 161,792 a------- c:\windows\SWREG.exe
2009-04-19 09:42 98,816 a------- c:\windows\sed.exe
2009-04-19 09:42 318,976 a------- c:\windows\system32\CF13026.exe
2009-04-19 09:42 <DIR> --d----- C:\ComboFxx
2009-04-19 09:41 318,976 a------- c:\windows\system32\CF12840.exe
2009-04-19 09:40 318,976 a------- c:\windows\system32\CF12556.exe
2009-04-19 09:37 318,976 a------- c:\windows\system32\CF11987.exe
2009-04-19 09:36 318,976 a------- c:\windows\system32\CF11854.exe
2009-04-19 09:20 35 a------- c:\users\david\appdata\roaming\SetValue.bat
2009-04-19 09:19 691 a------- c:\users\david\appdata\roaming\GetValue.vbs
2009-04-19 09:18 4,986 a------- c:\windows\system32\tmp.reg
2009-04-19 09:17 289,144 a------- c:\windows\system32\VCCLSID.exe
2009-04-19 09:17 288,417 a------- c:\windows\system32\SrchSTS.exe
2009-04-19 09:17 87,552 a------- c:\windows\system32\VACFix.exe
2009-04-19 09:17 82,944 a------- c:\windows\system32\IEDFix.exe
2009-04-19 09:17 82,944 a------- c:\windows\system32\IEDFix.C.exe
2009-04-19 09:17 82,432 a------- c:\windows\system32\404Fix.exe
2009-04-19 09:17 80,384 a------- c:\windows\system32\o4Patch.exe
2009-04-19 09:17 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2009-04-19 09:17 53,248 a------- c:\windows\system32\Process.exe
2009-04-19 09:17 51,200 a------- c:\windows\system32\dumphive.exe
2009-04-19 09:17 25,600 a------- c:\windows\system32\WS2Fix.exe
2009-04-17 12:21 318,976 a------- c:\windows\system32\CF4208.exe
2009-04-17 12:15 318,976 a------- c:\windows\system32\CF3062.exe
2009-04-17 12:15 318,976 a------- c:\windows\system32\CF2964.exe
2009-04-17 11:28 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-04-17 11:28 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-17 11:28 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-04-17 10:39 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-17 10:39 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-07 22:52 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-04-07 22:52 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-07 22:51 <DIR> --d----- c:\program files\iPod
2009-04-07 22:51 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 22:51 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 00:03 <DIR> --d----- c:\program files\Research In Motion
2009-03-29 08:54 <DIR> --d----- c:\program files\Mozilla Firefox - Backup
2009-03-26 11:27 <DIR> --d----- c:\program files\common files\DivX Shared
2009-03-24 11:06 <DIR> --d----- c:\users\david\appdata\roaming\Red Kawa

==================== Find3M ====================

2009-04-07 00:10 51,200 a------- c:\windows\inf\infpub.dat
2009-04-07 00:10 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-07 00:09 86,016 a------- c:\windows\inf\infstor.dat
2009-03-25 11:06 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 11:06 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 11:06 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 11:05 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-17 04:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 04:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 04:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 00:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-06 00:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-03 05:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 05:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 05:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 05:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 05:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 05:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 05:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 05:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 05:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 05:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 04:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 03:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-03 03:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-13 09:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 09:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-09 04:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-01-27 02:35 129,784 -------- c:\windows\system32\PxAFS.DLL
2009-01-27 02:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-01-27 02:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-01-27 02:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-01-27 02:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-01-27 02:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-01-27 02:34 684,032 a------- c:\windows\system32\DivX.dll
2009-01-23 18:20 2,738 a------- c:\windows\system32\SpoonUninstall-dBpoweramp DirectShow Decoder.dat
2009-01-23 18:20 229,752 a------- c:\windows\system32\SpoonUninstall.exe
2008-11-04 00:37 8 a------- c:\users\david\appdata\roaming\usb.dat.bin
2008-06-28 10:39 174 a--sh--- c:\program files\desktop.ini
2008-06-28 10:25 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 10:37:28.23 ===============

DVD Smith · 04-22-2009, 03:12 AM

BUMP, please

DVD Smith · 04-24-2009, 01:03 PM

BUMP, please. This is urgent, I have exams in a couple of weeks and all my revision notes are on this computer. I know this forum is busy but more recent threads about the same trojan are been answered and mine remains ignored.

I deleted ComboFix and McAfee and now my computer boots in normal mode but there are still problems with it.

04-22-2009, 03:12 AM	#2 (permalink)
DVD Smith Registered User Join Date: Apr 2009 Posts: 3 OS: Vista Business	Re: NTOSKRNL-HOOK plus possible other trojans BUMP, please

04-24-2009, 01:03 PM	#3 (permalink)
DVD Smith Registered User Join Date: Apr 2009 Posts: 3 OS: Vista Business	Re: NTOSKRNL-HOOK plus possible other trojans BUMP, please. This is urgent, I have exams in a couple of weeks and all my revision notes are on this computer. I know this forum is busy but more recent threads about the same trojan are been answered and mine remains ignored. I deleted ComboFix and McAfee and now my computer boots in normal mode but there are still problems with it. Last edited by DVD Smith; 04-24-2009 at 01:05 PM.