Tech Support banner

Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
4 Posts
hi guys

ok ive followed the 5 steps and i am unsure what viruses i have ? can u help me in finding them with the names so i can post on here what my virus problems are ?

thanks
mike



Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-19 16:58:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
131: 2008-07-19 15:58:55 UTC - RP131 - Deckard's System Scanner Restore Point
130: 2008-07-19 15:48:36 UTC - RP130 - Installed Windows Internet Explorer 7.
129: 2008-07-19 15:48:25 UTC - RP129 - Installed Windows IDNMitigationAPIs.
128: 2008-07-19 15:48:04 UTC - RP128 - Installed Windows NLSDownlevelMapping.
127: 2008-07-19 13:10:57 UTC - RP127 - System Checkpoint


-- First Restore Point --
1: 2008-07-05 08:13:37 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-19 17:00:32
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.besttoolbars.net/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {262352ee-3ec8-4f52-ad69-4826a706485c} - C:\WINDOWS\system32\rqRLbaBs.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3f3a7a0b-e7de-4a4d-887c-c53654a80fbc} - C:\WINDOWS\system32\mojnfcqp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {be7e4ce1-8cba-44a6-956f-462a667d3286} - C:\WINDOWS\system32\geBuTmND.dll
O2 - BHO: Rmn plugin - {d9a7b3b6-1f8a-4cf9-a20c-bdf427dbdb4a} - jzcom32.dll (file missing)
O2 - BHO: {8c4ac09d-d9cd-d979-ddb4-9653a6fda9ad} - {da9adf6a-3569-4bdd-979d-dc9dd90ca4c8} - C:\WINDOWS\system32\mgjahe.dll
O2 - BHO: (no name) - {e9d62f86-a82d-496a-955f-a137679968f6} - C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLSP49DN\3077ahntdksr[1].dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Microsoft Windows Sound] svshost.exe
O4 - HKLM\..\Run: [BMf3a3c701] Rundll32.exe "C:\WINDOWS\system32\hcybkxpl.dll",s
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svshost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: about://internet (HKCU)
O15 - Trusted Zone: http://mcafee.com (HKCU)
O15 - Trusted Zone: https://mcafee.com (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208875785089
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: gebutmnd - C:\WINDOWS\system32\geBuTmND.dll
O20 - Winlogon Notify: vtUnmJbY - C:\WINDOWS\system32\vtUnmJbY.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: siteadvisor service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe


--
End of file - 8165 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>

S1 94b55b44 - c:\windows\system32\drivers\94b55b44.sys
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Device
Device ID: USB\VID_04B4&PID_8613\5&7D9C4AE&0&6
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_04B4&PID_8613\5&7D9C4AE&0&6
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-16 15:50:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-15 02:02:27 280 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-07-07 18:54:29 372 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-06-19 and 2008-07-19 -----------------------------

2008-07-19 16:54:48 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-07-19 16:54:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-19 16:54:44 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-19 16:21:44 0 d-------- C:\ie-spyad_zo
2008-07-19 16:10:42 0 d-------- C:\Program Files\SpywareBlaster
2008-07-19 15:18:55 0 d-------- C:\WINDOWS\LastGood.Tmp
2008-07-19 15:18:03 0 d-------- C:\Program Files\Panda Security
2008-07-19 10:37:42 0 d-------- C:\Program Files\InterActual
2008-07-19 10:23:34 102912 --a------ C:\WINDOWS\system32\mgjahe.dll
2008-07-19 10:23:32 102912 --a------ C:\WINDOWS\system32\txyucxea.dll
2008-07-19 10:20:46 118784 --a------ C:\WINDOWS\system32\mojnfcqp.dll
2008-07-19 09:36:02 118784 --a------ C:\WINDOWS\system32\uslmqjcb.dll
2008-07-17 19:22:57 0 --a------ C:\WINDOWS\system32\miexsjdv.dll
2008-07-17 19:20:09 118784 --a------ C:\WINDOWS\system32\pvjbaxea.dll
2008-07-17 18:02:33 118784 --a------ C:\WINDOWS\system32\rtutvbvs.dll
2008-07-16 18:00:37 0 --a------ C:\WINDOWS\system32\nximzb.dll
2008-07-16 18:00:36 0 --a------ C:\WINDOWS\system32\pafvsmjm.dll
2008-07-16 13:14:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-07-16 13:06:09 0 d-------- C:\Program Files\Atari
2008-07-15 18:02:26 0 --a------ C:\WINDOWS\system32\ezjvwg.dll
2008-07-15 09:40:40 25600 --a------ C:\WINDOWS\system32\geBuTmND.dll
2008-07-15 07:47:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-07-12 16:02:46 1 --a------ C:\WINDOWS\system32\rc.dat
2008-07-12 16:02:46 1 --a------ C:\WINDOWS\system32\ps1.dat
2008-07-12 15:23:25 69820 --a------ C:\WINDOWS\system32\drivers\49e156d6.sys
2008-07-12 15:20:47 69820 --a------ C:\WINDOWS\system32\drivers\66686c.sys
2008-07-12 15:20:36 45056 --a------ C:\WINDOWS\system32\jkcom32.dll <Not Verified; Gorosoft inc.; Asdam>
2008-07-12 15:19:44 0 d--hs---- C:\Documents and Settings\LocalService\Application Data\wsnpoem
2008-07-12 15:19:31 0 d--hs---- C:\Documents and Settings\NetworkService\Application Data\wsnpoem
2008-07-12 15:16:38 69820 --a------ C:\WINDOWS\system32\drivers\94b55b44.sys
2008-07-12 15:16:37 0 d--hs---- C:\WINDOWS\system32\wsnpoem
2008-07-12 15:16:30 22383 --a------ C:\WINDOWS\system32\sklh.dat
2008-07-12 15:16:30 45056 --a------ C:\WINDOWS\system32\jzcom32.dll <Not Verified; Gorosoft inc.; Asdam>
2008-07-12 15:16:17 286720 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2008-07-12 15:16:17 143872 --a------ C:\WINDOWS\system32\NCTWMAFile.dll <Not Verified; NCT Company; NCTWMAFile ActiveX DLL>
2008-07-12 15:16:17 168448 --a------ C:\WINDOWS\system32\NCTAudioPlayer.dll <Not Verified; NCT Company; NCTAudioPlayer ActiveX DLL>
2008-07-12 15:16:17 573440 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-07-12 15:16:16 491520 --a------ C:\WINDOWS\system32\NCTAudioFile.dll <Not Verified; NCT Company; NCTAudioFile ActiveX DLL>
2008-07-12 15:16:16 120832 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-07-12 10:21:02 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-12 10:20:35 0 d-------- C:\Program Files\Real
2008-07-12 10:20:28 0 d-------- C:\Program Files\Common Files\Real
2008-07-12 10:20:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-11 21:11:42 20480 --a------ C:\WINDOWS\system32\[email protected]@@k.DLL
2008-07-11 20:19:42 0 --a------ C:\WINDOWS\PowerReg.dat
2008-07-07 20:29:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\McAfee
2008-07-07 18:55:40 0 d-------- C:\Program Files\SiteAdvisor
2008-07-07 18:55:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2008-07-07 18:54:08 0 d-------- C:\Program Files\McAfee.com
2008-07-07 18:54:03 0 d-------- C:\Program Files\Common Files\McAfee
2008-07-07 18:53:53 0 d-------- C:\Program Files\McAfee
2008-07-06 13:02:34 3702 --a------ C:\WINDOWS\system32\msupdte.exe
2008-07-06 13:02:30 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-05 21:21:05 103424 --a------ C:\WINDOWS\system32\lpfhdy.dll
2008-07-05 21:21:05 103424 --a------ C:\WINDOWS\system32\lhtnlvnp.dll
2008-07-05 09:13:27 606474 --ahs---- C:\WINDOWS\system32\sBabLRqr.ini2
2008-07-05 09:13:24 321024 --a------ C:\WINDOWS\system32\rqRLbaBs.dll


-- Find3M Report ---------------------------------------------------------------

2008-07-19 16:04:29 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-07-19 15:03:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-07-16 15:19:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-12 10:21:02 0 d-------- C:\Program Files\Common Files
2008-07-10 22:27:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-07-03 07:50:48 0 d-------- C:\Program Files\Azureus
2008-06-20 14:40:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-06-14 19:42:03 0 d-------- C:\Program Files\NAMCO BANDAI Games
2008-06-12 23:25:45 0 d-------- C:\Program Files\LucasArts
2008-06-11 17:34:48 0 d-------- C:\Program Files\Java
2008-06-08 21:31:55 0 d-------- C:\Program Files\LimeWire
2008-06-06 23:44:24 0 d-------- C:\Program Files\DivX
2008-05-31 00:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 00:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-27 14:57:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-05-27 14:49:11 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-22 23:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 23:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 23:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-20 19:09:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-13 16:29:50 6172 --a----c- C:\WINDOWS\system32\d3d9caps.dat
2008-04-24 08:45:56 1692 --a----c- C:\WINDOWS\mozver.dat
2008-04-22 23:14:43 0 -rahs---- C:\MSDOS.SYS
2008-04-22 23:14:43 0 -rahs---- C:\IO.SYS
2008-04-22 23:14:43 0 --a------ C:\CONFIG.SYS
2008-04-22 23:14:43 0 --a------ C:\AUTOEXEC.BAT
2008-04-22 23:11:12 21640 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-04-22 16:20:42 0 --a----c- C:\WINDOWS\nsreg.dat
2008-04-22 15:55:31 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{262352ee-3ec8-4f52-ad69-4826a706485c}]
05/07/2008 09:13 321024 --a------ C:\WINDOWS\system32\rqRLbaBs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3f3a7a0b-e7de-4a4d-887c-c53654a80fbc}]
19/07/2008 10:20 118784 --a------ C:\WINDOWS\system32\mojnfcqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{be7e4ce1-8cba-44a6-956f-462a667d3286}]
15/07/2008 09:40 25600 --a------ C:\WINDOWS\system32\geBuTmND.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9a7b3b6-1f8a-4cf9-a20c-bdf427dbdb4a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da9adf6a-3569-4bdd-979d-dc9dd90ca4c8}]
19/07/2008 10:23 102912 --a------ C:\WINDOWS\system32\mgjahe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9d62f86-a82d-496a-955f-a137679968f6}]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLSP49DN\3077ahntdksr[1].dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17/03/2006 17:16]
"nwiz"="nwiz.exe" [17/03/2006 17:16 C:\WINDOWS\system32\nwiz.exe]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [01/11/2007 19:12]
"Microsoft Windows Sound"="svshost.exe" []
"BMf3a3c701"="C:\WINDOWS\system32\hcybkxpl.dll" []
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [24/07/2006 21:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Windows Sound"=svshost.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BE7E4CE1-8CBA-44A6-956F-462A667D3286}"= C:\WINDOWS\system32\geBuTmND.dll [15/07/2008 09:40 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebutmnd]
geBuTmND.dll 15/07/2008 09:40 25600 C:\WINDOWS\system32\geBuTmND.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUnmJbY]
vtUnmJbY.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 20/12/2001 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRLbaBs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0072891215454304mcinstcleanup]
C:\WINDOWS\TEMP\007289~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMf3a3c701]
Rundll32.exe "C:\WINDOWS\system32\hcybkxpl.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
"C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f090f49d]
rundll32.exe "C:\WINDOWS\system32\dofnjhku.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]
lass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]
qwnuroc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Sound]
svshost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft WinUpdate]
C:\WINDOWS\system32\msupdte.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mjc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f99e7fc-113c-11dd-a241-000b6b4d14f0}]
AutoRun\command- K:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f99e7fd-113c-11dd-a241-000b6b4d14f0}]
autorun\command- F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5dcffe3-1096-11dd-a239-000b6b4d14f0}]
AutoRun\command- K:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5dcffe4-1096-11dd-a239-000b6b4d14f0}]
autorun\command- F:\VMC_PBStarter.exe

*Newly Created Service* - PAVBOOT



-- Hosts -----------------------------------------------------------------------

127.0.0.1 microsoft.com


-- End of Deckard's System Scanner: finished at 2008-07-19 17:01:23 ------------

Ok this is whats happening to my laptop,

In msconfig i keep getting svshost and random dll's files for example "iomhhflb" and "sqhkbmdd" also "qwnuroc" and lots lots more.

These dll's files keep coming up and if i untick them in msconfig it then tells me i cannot untick as i am not the administrator but i am the administrator ??

I have mcafee and i use the shredder to remove these dll's but they keep coming up everytime i restart, in different names.

These problems these things are doing is not loading up internet pages, (i have IE and firefox)

Once i have shredded these files and restart my IE and firefox run normally but not for long though.

I feel that when i keep shredding these dll's it causing more harm, ive noticed run errors and slow computer. Every other day i do a "sfc /scannow" with oem disc to try and keep my files in tact.

I would love to find a fix for this if you guys can really help me, a format is something i dont wanna do but if i have no choice.

thank you
 

Attachments

·
Registered
Joined
·
5,264 Posts
Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please Do Not Attach logs to your posts unless you are advised to do so.


========

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

=========

P2P

P2P - I see you have P2P software Azureus Vuze and LimeWire 4.18.2 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are Here,
Here and Here.

==========

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with all the required logs

===========

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

============

Please download HijackThis to your desktop

Alternate link

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

============
Logs Required
Report.txt
C:\Combofix.txt
Hijackthis Log
 

·
Registered
Joined
·
4 Posts
Discussion Starter #3 (Edited)
hi there

thanks for getting back to me.

as requested here are the 3 files.



report .txt

SDFix: Version 1.207
Run by Administrator on 22/07/2008 at 18:24

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
49e156d6
66686c

Path :
\SystemRoot\System32\drivers\49e156d6.sys
\SystemRoot\System32\drivers\66686c.sys

49e156d6 - Deleted
66686c - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\geBuTmND.dll - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\removalfile.bat - Deleted
C:\WINDOWS\system32\alog.txt - Deleted
C:\WINDOWS\system32\[email protected]@@k.dll - Deleted
C:\WINDOWS\system32\jkcom32.dll - Deleted
C:\WINDOWS\system32\jzcom32.dll - Deleted
C:\WINDOWS\system32\msupdte.exe - Deleted
C:\WINDOWS\system32\ps1.dat - Deleted
C:\WINDOWS\system32\rc.dat - Deleted
C:\WINDOWS\system32\sklh.dat - Deleted
C:\WINDOWS\system32\drivers\49e156d6.sys - Deleted
C:\WINDOWS\system32\drivers\66686c.sys - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll - Deleted
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 18:30:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:84,e1,9a,a4,a2,36,3b,c7,1d,6f,d3,50,26,32,b0,50,c9,2d,af,c3,e1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,be,fd,de,ef,8d,24,ce,1c,2a,68,c2,2a,3e,57,b1,c3,30,..
"hdf12"=hex:3e,cf,34,17,d1,1f,9e,54,3b,cb,b1,42,57,ac,2c,1a,af,13,f0,a1,4a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:fb,09,b9,de,a6,fe,f0,e3,e3,f5,d1,af,64,24,42,8d,13,61,2f,ac,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,c9,e0,dd,ef,46,ec,5f,41,a9,46,78,e3,f6,ad,36,ca,fc,..
"hdf12"=hex:c8,04,af,e4,1a,5f,ad,8c,17,4d,ba,99,c8,bf,4e,43,ff,9c,4e,7e,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:cf,9b,76,3b,5c,7e,83,81,d0,e2,73,d4,01,e4,fc,a1,c2,1e,45,c8,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:84,e1,9a,a4,a2,36,3b,c7,1d,6f,d3,50,26,32,b0,50,c9,2d,af,c3,e1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,be,fd,de,ef,8d,24,ce,1c,2a,68,c2,2a,3e,57,b1,c3,30,..
"hdf12"=hex:3e,cf,34,17,d1,1f,9e,54,3b,cb,b1,42,57,ac,2c,1a,af,13,f0,a1,4a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:de,a0,ad,23,ee,07,88,f8,f9,23,74,94,61,52,51,19,34,9a,7f,7d,73,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,c9,e0,dd,ef,46,ec,5f,41,a9,46,78,e3,f6,ad,36,ca,fc,..
"hdf12"=hex:c8,04,af,e4,1a,5f,ad,8c,17,4d,ba,99,c8,bf,4e,43,ff,9c,4e,7e,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:cf,9b,76,3b,5c,7e,83,81,d0,e2,73,d4,01,e4,fc,a1,c2,1e,45,c8,2f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:84,e1,9a,a4,a2,36,3b,c7,1d,6f,d3,50,26,32,b0,50,c9,2d,af,c3,e1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,be,fd,de,ef,8d,24,ce,1c,2a,68,c2,2a,3e,57,b1,c3,30,..
"hdf12"=hex:3e,cf,34,17,d1,1f,9e,54,3b,cb,b1,42,57,ac,2c,1a,af,13,f0,a1,4a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:fb,09,b9,de,a6,fe,f0,e3,e3,f5,d1,af,64,24,42,8d,13,61,2f,ac,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,c9,e0,dd,ef,46,ec,5f,41,a9,46,78,e3,f6,ad,36,ca,fc,..
"hdf12"=hex:c8,04,af,e4,1a,5f,ad,8c,17,4d,ba,99,c8,bf,4e,43,ff,9c,4e,7e,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:cf,9b,76,3b,5c,7e,83,81,d0,e2,73,d4,01,e4,fc,a1,c2,1e,45,c8,2f,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\lass.exe"="C:\\WINDOWS\\system32\\lass.exe:*:Disabled:lass"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 22 Apr 2008 166,912 A..H. --- "C:\Program Files\eMPIA\Setup.exe"
Sun 4 May 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 7 Jul 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Mon 7 Jul 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Fri 25 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 21 Jul 2004 40,960 A..H. --- "C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Installer\Setup.exe"

Finished!
 

·
Registered
Joined
·
5,264 Posts
In my previous post i said:
Please Do Not Attach logs to your posts unless you are advised to do so.
Why don`t you just copy/paste the logs into your posts, as you did with the report.txt, not attached as i stated previously, please read the instructions properly
 

·
Registered
Joined
·
4 Posts
Discussion Starter #6 (Edited)
sorry i must of miss read what you have requested.
thank you for your patience.



ComboFix 08-07-21.2 - Administrator 2008-07-22 18:46:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1643 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
C:\WINDOWS\BMf3a3c701.txt
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aplvbfgu.dll
C:\WINDOWS\system32\blfhhmoi.ini
C:\WINDOWS\system32\dlsqumqg.ini
C:\WINDOWS\system32\dpltkxgu.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\iifgGWqR.dll
C:\WINDOWS\system32\iomhhflb.dll
C:\WINDOWS\system32\joufdxqt.ini
C:\WINDOWS\system32\jtsnteqr.ini
C:\WINDOWS\system32\kcvjsonm.ini
C:\WINDOWS\system32\kyupwuwh.ini
C:\WINDOWS\system32\lhtnlvnp.dll
C:\WINDOWS\system32\lpfhdy.dll
C:\WINDOWS\system32\mcrafiko.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgjahe.dll
C:\WINDOWS\system32\mojnfcqp.dll
C:\WINDOWS\system32\ntbuytnr.ini
C:\WINDOWS\system32\omfxfl.dll
C:\WINDOWS\system32\oomhomdy.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pefwhdid.ini
C:\WINDOWS\system32\pvjbaxea.dll
C:\WINDOWS\system32\qxdkfe.dll
C:\WINDOWS\system32\rqRLbaBs.dll
C:\WINDOWS\system32\rtutvbvs.dll
C:\WINDOWS\system32\sBabLRqr.ini
C:\WINDOWS\system32\sBabLRqr.ini2
C:\WINDOWS\system32\txyucxea.dll
C:\WINDOWS\system32\ugfbvlpa.ini
C:\WINDOWS\system32\ukhjnfod.ini
C:\WINDOWS\system32\unrpjxgd.dll
C:\WINDOWS\system32\uslmqjcb.dll
C:\WINDOWS\system32\wjoehcjj.dll
C:\WINDOWS\system32\wnjocohc.ini
C:\WINDOWS\system32\wojyokih.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\video.dll.cla
C:\WINDOWS\system32\xgeexpxv.dll
C:\WINDOWS\system32\ybrmgxhn.ini
C:\WINDOWS\system32\ydjcjndi.dll
C:\WINDOWS\system32\ylqprhmj.dll
C:\WINDOWS\system32\zgjltr.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.

2008-07-22 18:21 . 2008-07-22 18:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-22 18:18 . 2008-07-22 18:32 <DIR> d-------- C:\SDFix
2008-07-21 22:18 . 2008-07-21 22:18 <DIR> d-------- C:\Program Files\iPod
2008-07-21 22:17 . 2008-07-21 22:36 <DIR> d-------- C:\Program Files\Bonjour
2008-07-21 17:31 . 2008-07-21 17:33 43,581 --ahs---- C:\WINDOWS\system32\cxctwcot.ini
2008-07-21 17:10 . 2008-07-21 18:28 168 --a------ C:\WINDOWS\system32\temp_0000_85-24.aok
2008-07-21 17:09 . 2008-07-21 18:28 169 --a------ C:\WINDOWS\system32\test.aok
2008-07-21 17:08 . 2008-07-21 17:09 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-07-19 18:20 . 2008-07-19 18:20 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor
2008-07-19 16:58 . 2008-07-19 16:58 <DIR> d-------- C:\Deckard
2008-07-19 16:54 . 2008-07-20 11:07 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-19 16:54 . 2008-07-19 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-19 16:21 . 2008-07-19 16:21 <DIR> d-------- C:\ie-spyad_zo
2008-07-19 16:10 . 2008-07-19 16:11 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-19 15:19 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-19 15:18 . 2008-07-19 15:18 <DIR> d-------- C:\Program Files\Panda Security
2008-07-19 10:48 . 2008-07-19 10:48 0 --a------ C:\WINDOWS\iPlayer.INI
2008-07-19 10:37 . 2008-07-19 15:07 <DIR> d-------- C:\Program Files\InterActual
2008-07-16 13:14 . 2008-07-16 13:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-07-16 13:06 . 2008-07-16 13:06 <DIR> d-------- C:\Program Files\Atari
2008-07-15 07:47 . 2008-07-15 07:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-07-12 15:56 . 2008-04-14 01:12 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-07-12 15:56 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-07-12 15:56 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-07-12 15:56 . 2008-04-14 01:12 18,944 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-07-12 15:56 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-07-12 15:55 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-07-12 15:55 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-07-12 15:55 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-07-12 15:55 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-07-12 15:55 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-07-12 15:55 . 2008-04-13 19:36 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-07-12 15:55 . 2008-04-14 01:12 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-07-12 15:53 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-07-12 15:52 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-07-12 15:51 . 2001-08-17 14:01 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-07-12 15:50 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-07-12 15:49 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2008-07-12 15:48 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-07-12 15:47 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-07-12 15:46 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-07-12 15:45 . 2001-08-17 14:04 173,696 --a--c--- C:\WINDOWS\system32\dllcache\philcam2.sys
2008-07-12 15:44 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-07-12 15:43 . 2008-04-13 19:31 2,065,792 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-07-12 15:42 . 2001-08-17 12:11 128,000 --a--c--- C:\WINDOWS\system32\dllcache\n100325.sys
2008-07-12 15:41 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-07-12 15:40 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-07-12 15:39 . 2008-04-14 01:12 151,552 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-07-12 15:38 . 2008-04-14 01:11 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-07-12 15:37 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-07-12 15:36 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-07-12 15:35 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-07-12 15:34 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-07-12 15:33 . 2001-08-17 22:36 419,357 --a--c--- C:\WINDOWS\system32\dllcache\dgconfig.dll
2008-07-12 15:32 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-07-12 15:31 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-07-12 15:30 . 2008-04-13 20:27 2,188,928 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-07-12 15:16 . 2003-03-26 06:59 573,440 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2008-07-12 15:16 . 2002-12-03 03:02 491,520 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2008-07-12 15:16 . 2003-03-25 15:08 286,720 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2008-07-12 15:16 . 2002-12-03 03:07 168,448 --a------ C:\WINDOWS\system32\NCTAudioPlayer.dll
2008-07-12 15:16 . 2002-12-03 03:11 143,872 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
2008-07-12 15:16 . 2002-03-19 07:18 120,832 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-07-12 15:16 . 2008-07-17 19:11 69,820 --a------ C:\WINDOWS\system32\drivers\94b55b44.sys
2008-07-12 10:21 . 2008-07-12 10:21 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-12 10:20 . 2008-07-12 10:20 <DIR> d-------- C:\Program Files\Real
2008-07-12 10:20 . 2008-07-12 10:20 <DIR> d-------- C:\Program Files\Common Files\Real
2008-07-11 20:19 . 2008-07-11 20:19 0 --a------ C:\WINDOWS\PowerReg.dat
2008-07-08 09:18 . 2008-07-21 16:17 110,446 --a------ C:\WINDOWS\BMf3a3c701.xml
2008-07-07 20:29 . 2008-07-07 20:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee
2008-07-07 19:09 . 2008-07-22 18:48 9,436 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-07 18:55 . 2008-07-20 11:07 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-07-07 18:55 . 2008-07-19 16:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2008-07-07 18:54 . 2008-07-07 18:54 <DIR> d-------- C:\Program Files\McAfee.com
2008-07-07 18:54 . 2008-07-07 19:11 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-07 18:54 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-07 18:54 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-07 18:54 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-07 18:54 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-07 18:54 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-07 18:54 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-07 18:53 . 2008-07-07 20:28 <DIR> d-------- C:\Program Files\McAfee
2008-07-06 13:02 . 2008-07-19 16:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-05 15:17 . 2008-07-05 15:17 298,533 --a------ C:\temp.arc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 13:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-22 06:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2008-07-21 21:19 --------- d-----w C:\Program Files\iTunes
2008-07-21 21:17 --------- d-----w C:\Program Files\QuickTime
2008-07-19 15:04 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-07-16 14:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 16:34 361,344 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-07-10 21:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-07-10 08:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-07 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-03 06:50 --------- d-----w C:\Program Files\Azureus
2008-06-14 18:42 --------- d-----w C:\Program Files\NAMCO BANDAI Games
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 22:25 --------- d-----w C:\Program Files\LucasArts
2008-06-11 19:33 361,344 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-06-11 16:34 --------- d-----w C:\Program Files\Java
2008-06-08 20:31 --------- d-----w C:\Program Files\LimeWire
2008-06-06 22:44 --------- d-----w C:\Program Files\DivX
2008-06-04 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-27 13:49 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-23 13:49 14,642 -c--a-w C:\WINDOWS\E220AutoRunLog.tmp
.

------- Sigcheck -------

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-07-13 17:34 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-07-13 17:34 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-17 17:16 7561216]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"nwiz"="nwiz.exe" [2006-03-17 17:16 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mjc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\applesyncnotifier]
--a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 01:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 14:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-09-04 16:40 6856704 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a--c--- 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raidtool]
-ra------ 2005-06-20 11:53 1056768 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\siteadvisor]
--a------ 2006-07-24 21:28 35992 C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-07-12 10:20 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2008-04-02 09:49 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a--c--- 2001-12-26 01:12 472576 C:\WINDOWS\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2005-09-22 09:42 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14102:TCP"= 14102:TCP:BitComet 14102 TCP
"14102:UDP"= 14102:UDP:BitComet 14102 UDP

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R3 HSFHWVIA;HSFHWVIA;C:\WINDOWS\system32\DRIVERS\HSFHWVIA.sys [2005-10-24 04:21]
S1 94b55b44;94b55b44;C:\WINDOWS\system32\drivers\94b55b44.sys [2008-07-17 19:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f99e7fc-113c-11dd-a241-000b6b4d14f0}]
\Shell\AutoRun\command - K:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f99e7fd-113c-11dd-a241-000b6b4d14f0}]
\shell\autorun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5dcffe3-1096-11dd-a239-000b6b4d14f0}]
\Shell\AutoRun\command - K:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5dcffe4-1096-11dd-a239-000b6b4d14f0}]
\shell\autorun\command - F:\VMC_PBStarter.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 14:50:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-15 01:02:27 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-07-07 17:54:29 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
.
- - - - ORPHANS REMOVED - - - -

Notify-vtUnmJbY - vtUnmJbY.dll
MSConfigStartUp-0072891215454304mcinstcleanup - C:\WINDOWS\TEMP\007289~1.EXE
MSConfigStartUp-BMf3a3c701 - C:\WINDOWS\system32\kwhfilak.dll
MSConfigStartUp-f090f49d - C:\WINDOWS\system32\tocwtcxc.dll
MSConfigStartUp-Microsoft WinUpdate - C:\WINDOWS\system32\msupdte.exe
MSConfigStartUp-Microsoft - lass.exe
MSConfigStartUp-Microsoft Update - qwnuroc.exe
MSConfigStartUp-Microsoft Windows Sound - svshost.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;*.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 18:49:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-07-22 18:52:33 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-07-22 17:52:29

Pre-Run: 67,038,969,856 bytes free
Post-Run: 67,003,121,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

338 --- E O F --- 2008-05-05 11:56:42





Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:55:44, on 22/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208875785089
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Bonjour Service (bonjour service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service (siteadvisor service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 6187 bytes
 

·
Registered
Joined
·
5,264 Posts
Hello again

Download ATF-Cleaner by Atribune to your desktop.Do not run just yet, we will shortly

===========

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\cxctwcot.ini
C:\WINDOWS\BMf3a3c701.xml
Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


===========

JAVA OUTDATED


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

===========

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

===========

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

Animated Tutorial Here


To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

===========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

===========
Logs Required
C:\Combofix.txt
Kaspersky Scan Report
Hijackthis Log


An update on how your system is behaving.
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top