Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
My wife set this virus free while trying to install Bejeweled. She does not know about computers at all. Anytime I access the internet or Windows Explorer, I get anywhere from 1-4 system error! popups that say,

"Some dangerous trojan horses detected in your system. Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection softwhere now!"

It won't let you 'x' out of it, if you click 'no' it redirects you to a rogue program download, and I won't click 'yes'. The only way I can get rid of them is to ctrl+alt+del, which closes each error message AND internet explorer. Norton still hasn't detected the virus, however, ADaware detected Virtumonde. Hijack This post...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:52 AM, on 6/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080531
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080531
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,win.com wowexec
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14370F76-7676-44A2-AD11-93A31C5FC9FC} - C:\WINDOWS\system32\urqQgfDT.dll
O2 - BHO: BhoApp Class - {5F920865-38C9-40DA-8FCF-D9DC83F84EC5} - C:\WINDOWS\system32\topdfim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: (no name) - {D5150AE6-A902-4531-B1EF-F9BF9FB912D8} - C:\WINDOWS\system32\khfFUMcc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [9ca093c6] rundll32.exe "C:\WINDOWS\system32\krjtkbse.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\WINDOWS\TEMP\E_S16D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212955384218
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O20 - Winlogon Notify: urqQgfDT - C:\WINDOWS\SYSTEM32\urqQgfDT.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8123 bytes



DSS....

Deckard's System Scanner v20071014.68
Run by Beautiful Family on 2008-06-15 10:17:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
64: 2008-06-15 17:17:15 UTC - RP64 - Deckard's System Scanner Restore Point
63: 2008-06-15 12:39:41 UTC - RP63 - Installed Ad-Aware
62: 2008-06-15 12:20:14 UTC - RP62 - Uniblue RegistryBooster
61: 2008-06-15 09:49:24 UTC - RP61 - Uniblue RegistryBooster
60: 2008-06-15 02:21:32 UTC - RP60 - Last known good configuration


-- First Restore Point --
1: 2008-06-15 02:21:24 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Beautiful Family.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:03 AM, on 6/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Installation Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Beautiful Family.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080531
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080531
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,win.com wowexec
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14370F76-7676-44A2-AD11-93A31C5FC9FC} - C:\WINDOWS\system32\urqQgfDT.dll
O2 - BHO: BhoApp Class - {5F920865-38C9-40DA-8FCF-D9DC83F84EC5} - C:\WINDOWS\system32\topdfim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: (no name) - {D5150AE6-A902-4531-B1EF-F9BF9FB912D8} - C:\WINDOWS\system32\khfFUMcc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [9ca093c6] rundll32.exe "C:\WINDOWS\system32\krjtkbse.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\WINDOWS\TEMP\E_S16D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212955384218
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O20 - Winlogon Notify: urqQgfDT - C:\WINDOWS\SYSTEM32\urqQgfDT.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8104 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080615-064111-752 O2 - BHO: (no name) - {B0E137E2-9A55-4FB6-8D74-CC0FF07B59AD} - C:\WINDOWS\system32\khfFUMcc.dll
backup-20080615-064111-965 O2 - BHO: (no name) - {14370F76-7676-44A2-AD11-93A31C5FC9FC} - C:\WINDOWS\system32\urqQgfDT.dll
backup-20080615-064148-528 O2 - BHO: (no name) - {14370F76-7676-44A2-AD11-93A31C5FC9FC} - C:\WINDOWS\system32\urqQgfDT.dll
backup-20080615-064148-799 O2 - BHO: (no name) - {B0E137E2-9A55-4FB6-8D74-CC0FF07B59AD} - C:\WINDOWS\system32\khfFUMcc.dll

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>

S1 OMCI - c:\windows\system32\drivers\omci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 nTuneService (Performance Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&1DF012F&3&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&1DF012F&3&00
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2008-06-09 20:29:30 578 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Beautiful Family.job


-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-15 08:16:53 0 d-------- C:\Program Files\Panda Security
2008-06-15 06:32:50 0 d-------- C:\Program Files\Trend Micro
2008-06-15 05:39:42 0 d-------- C:\Program Files\Lavasoft
2008-06-15 05:39:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 05:32:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 05:30:31 0 d--hs---- C:\WINDOWS\CSC
2008-06-15 05:23:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-06-15 02:34:32 13312 --a------ C:\WINDOWS\system32\topdfim.dll <Not Verified; ; BhoNew Module>
2008-06-15 02:02:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-15 01:42:17 0 d-------- C:\Program Files\ReflexiveArcade
2008-06-14 22:13:27 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-14 21:47:16 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\DivX
2008-06-14 21:46:33 0 d-------- C:\Program Files\DivX
2008-06-14 19:25:02 80896 --a------ C:\WINDOWS\system32\krjtkbse.dll
2008-06-14 19:21:14 3671 --ahs---- C:\WINDOWS\system32\ccMUFfhk.ini2
2008-06-14 19:21:13 322048 --a------ C:\WINDOWS\system32\khfFUMcc.dll
2008-06-14 19:18:40 0 d-------- C:\Program Files\ASIO4ALL v2
2008-06-14 19:18:09 0 d-------- C:\Program Files\VstPlugins
2008-06-14 19:17:42 0 d-------- C:\Program Files\Outsim
2008-06-14 19:16:09 57344 --a------ C:\WINDOWS\system32\urqQgfDT.dll
2008-06-14 13:16:42 0 d-------- C:\Program Files\Java
2008-06-14 13:16:18 0 d-------- C:\Program Files\Common Files\Java
2008-06-14 10:24:34 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-06-14 10:24:29 0 d-------- C:\WINDOWS\Logs
2008-06-13 23:09:50 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-06-13 23:09:48 0 d-------- C:\Program Files\Image-Line
2008-06-12 19:02:17 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-06-12 17:35:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-06-11 12:32:29 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\Turbine
2008-06-11 09:36:04 0 d-------- C:\WINDOWS\Sun
2008-06-11 09:36:04 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\Sun
2008-06-09 21:03:40 0 d-------- C:\Program Files\Electronic Arts
2008-06-09 19:21:42 0 d-------- C:\Program Files\Download Manager
2008-06-09 19:21:29 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\IGN_DLM
2008-06-08 22:27:35 0 d-------- C:\Incomplete
2008-06-08 22:27:12 0 d-------- C:\Music
2008-06-08 22:26:39 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\LimeWire
2008-06-08 22:26:29 0 d-------- C:\Program Files\LimeWire
2008-06-08 22:15:39 0 d-------- C:\WINDOWS\nvidia icons
2008-06-08 22:15:30 0 d-------- C:\WINDOWS\nview
2008-06-08 20:46:59 29218 --a------ C:\WINDOWS\scunin.dat
2008-06-08 20:46:58 967 --a------ C:\WINDOWS\ScUnin.pif
2008-06-08 20:46:58 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-06-08 19:03:12 45568 --a------ C:\WINDOWS\UniFish3.exe
2008-06-08 18:29:05 314368 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-08 18:29:04 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-08 15:34:24 0 d-------- C:\WINDOWS\pss
2008-06-08 12:44:08 0 d-------- C:\Program Files\Windows Sidebar
2008-06-08 12:44:07 0 d-------- C:\Program Files\Norton AntiVirus
2008-06-08 12:43:56 0 d-------- C:\Program Files\Symantec
2008-06-08 12:43:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-08 12:42:25 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-08 12:35:25 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-06-07 21:20:18 801 --a------ C:\WINDOWS\eReg.dat
2008-06-07 21:06:47 118832 --a------ C:\WINDOWS\system32\SHW32.DLL <Not Verified; MicroQuill Software Publishing, Inc.; SmartHeap>
2008-06-07 21:00:25 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\System Tweaker
2008-06-07 21:00:19 0 d-------- C:\Program Files\System Tweaker
2008-06-07 20:51:04 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-06-07 20:51:04 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-06-07 20:51:04 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-06-07 20:43:59 30081 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-07 20:43:57 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-07 20:43:57 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-07 20:26:24 2829 --a------ C:\WINDOWS\DiabUnin.pif
2008-06-07 20:26:24 118784 --a------ C:\WINDOWS\DiabUnin.exe <Not Verified; Blizzard Entertainment; Diablo Uninstaller>
2008-06-07 20:26:22 5650 --a------ C:\WINDOWS\DiabUnin.dat
2008-06-07 20:07:05 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\Uniblue
2008-06-07 20:07:00 0 d-------- C:\Program Files\Registry Cleanup
2008-06-07 19:34:43 263 --a------ C:\WINDOWS\PowerReg.dat
2008-06-07 17:52:51 0 d-------- C:\Program Files\free-downloads.net
2008-06-07 17:52:51 0 d-------- C:\Program Files\Conduit
2008-06-07 17:11:43 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-07 17:09:09 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\DAEMON Tools
2008-06-07 16:41:07 0 dr-h----- C:\Documents and Settings\Beautiful Family\Application Data\SecuROM
2008-06-07 16:24:10 0 d-------- C:\CD Images
2008-06-07 16:19:08 0 d-------- C:\Program Files\Alcohol Soft
2008-06-07 16:16:56 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-07 16:04:24 0 d-------- C:\Installation Programs
2008-06-07 13:33:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-06-07 12:14:58 0 d-------- C:\WINDOWS\Installing Adobe Acrobat Reader
2008-06-07 10:21:20 40960 -ra------ C:\WINDOWS\system32\psfind.dll
2008-06-07 10:17:23 0 d-------- C:\Games
2008-06-07 01:11:57 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-07 01:11:55 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-07 01:11:53 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-07 01:11:15 0 d-------- C:\WINDOWS\Internet Logs
2008-06-07 01:06:22 0 d-------- C:\Family Photos
2008-06-07 00:57:28 0 d-------- C:\Midis
2008-06-07 00:57:25 0 d-------- C:\Icons
2008-06-07 00:56:51 0 d-------- C:\Sound Wavs
2008-06-07 00:56:40 0 d-------- C:\Graphics
2008-06-07 00:54:48 0 d-------- C:\Program Files\7-Zip
2008-06-07 00:33:19 0 d-------- C:\WINDOWS\Prefetch
2008-06-07 00:29:17 0 d-------- C:\WINDOWS\system32\scripting
2008-06-07 00:29:17 0 d-------- C:\WINDOWS\system32\en
2008-06-07 00:29:17 0 d-------- C:\WINDOWS\system32\bits
2008-06-07 00:29:17 0 d-------- C:\WINDOWS\l2schemas
2008-06-07 00:28:37 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-07 00:28:04 0 d-------- C:\WINDOWS\network diagnostic
2008-06-07 00:20:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-07 00:19:55 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-06 23:47:12 0 d---s---- C:\Documents and Settings\Beautiful Family\UserData
2008-06-06 23:34:25 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-05 22:52:25 0 d-------- C:\MDT
2008-06-05 22:40:16 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-05 22:33:59 41 --a------ C:\WINDOWS\popcinfo.dat
2008-06-05 19:30:19 3636 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-06-05 19:27:49 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\Help
2008-06-05 19:27:11 0 d-------- C:\Documents and Settings\Beautiful Family\WINDOWS
2008-06-05 19:24:22 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\Macromedia
2008-06-05 19:20:53 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-06-05 19:20:34 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2008-06-05 18:59:54 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\InstallShield
2008-06-05 18:30:19 0 d-------- C:\WINDOWS\system32\vmm32
2008-06-05 18:20:11 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\Adobe
2008-06-05 18:09:05 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-05 18:06:50 0 d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-06-05 17:51:36 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\Google
2008-06-05 17:29:56 0 d--h----- C:\Documents and Settings\Beautiful Family\Templates
2008-06-05 17:29:56 0 dr------- C:\Documents and Settings\Beautiful Family\Start Menu
2008-06-05 17:29:56 0 dr-h----- C:\Documents and Settings\Beautiful Family\SendTo
2008-06-05 17:29:56 0 dr-h----- C:\Documents and Settings\Beautiful Family\Recent
2008-06-05 17:29:56 0 d--h----- C:\Documents and Settings\Beautiful Family\PrintHood
2008-06-05 17:29:56 2621440 --ah----- C:\Documents and Settings\Beautiful Family\NTUSER.DAT
2008-06-05 17:29:56 0 d--h----- C:\Documents and Settings\Beautiful Family\NetHood
2008-06-05 17:29:56 0 dr------- C:\Documents and Settings\Beautiful Family\My Documents
2008-06-05 17:29:56 0 d--h----- C:\Documents and Settings\Beautiful Family\Local Settings
2008-06-05 17:29:56 0 dr------- C:\Documents and Settings\Beautiful Family\Favorites
2008-06-05 17:29:56 0 d-------- C:\Documents and Settings\Beautiful Family\Desktop
2008-06-05 17:29:56 0 d---s---- C:\Documents and Settings\Beautiful Family\Cookies
2008-06-05 17:29:56 0 d--h----- C:\Documents and Settings\Beautiful Family\Application Data
2008-06-05 17:29:56 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\Identities
2008-06-05 17:29:56 0 d-------- C:\Documents and Settings\Beautiful Family\Application Data\CyberLink
2008-06-05 17:29:01 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-06-05 17:29:00 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-06-05 17:29:00 0 d-------- C:\Documents and Settings\Default User\Application Data\CyberLink
2008-05-30 20:12:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-05-30 20:12:06 0 d-------- C:\WINDOWS\RegisteredPackages
2008-05-30 20:12:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Uninstall
2008-05-30 20:11:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-30 20:11:24 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-30 20:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-30 20:08:25 0 d-------- C:\Program Files\Google
2008-05-30 20:08:25 0 d-------- C:\Program Files\Dell
2008-05-30 20:08:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-30 20:08:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-30 20:07:41 0 d-------- C:\Program Files\My Company Name
2008-05-30 20:07:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-05-30 20:07:31 0 d-------- C:\Program Files\CyberLink
2008-05-30 20:07:29 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-30 20:07:17 0 d-------- C:\WINDOWS\system32\Lang
2008-05-30 20:05:21 0 d-------- C:\WINDOWS\system32\RTCOM
2008-05-30 20:04:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-30 20:04:50 0 d-------- C:\Program Files\NVIDIA Corporation
2008-05-30 20:02:04 0 d-------- C:\Program Files\MSXML 6.0
2008-05-30 19:59:34 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-30 19:52:45 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-30 19:50:51 77824 --a------ C:\WINDOWS\setpwr32.exe
2008-05-30 19:50:47 0 d-------- C:\drivers
2008-05-30 16:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 15:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 15:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 15:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-15 05:32:15 0 d-------- C:\Program Files\Common Files
2008-06-07 00:29:21 0 d-------- C:\Program Files\Messenger
2008-06-07 00:29:17 0 d-------- C:\Program Files\Movie Maker
2008-06-07 00:28:32 0 d-------- C:\Program Files\Windows NT
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14370F76-7676-44A2-AD11-93A31C5FC9FC}]
06/14/2008 07:16 PM 57344 --a------ C:\WINDOWS\system32\urqQgfDT.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F920865-38C9-40DA-8FCF-D9DC83F84EC5}]
06/15/2008 02:34 AM 13312 --a------ C:\WINDOWS\system32\topdfim.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
06/08/2008 12:44 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5150AE6-A902-4531-B1EF-F9BF9FB912D8}]
06/14/2008 07:21 PM 322048 --a------ C:\WINDOWS\system32\khfFUMcc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [03/15/2005 02:46 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/23/2005 04:26 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [09/17/2007 09:56 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [02/06/2008 11:49 PM]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [10/26/2007 09:51 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 06:47 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"9ca093c6"="C:\WINDOWS\system32\krjtkbse.dll" [06/14/2008 07:25 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04/13/2008 05:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [01/15/2008 11:31 AM]
"EPSON Stylus CX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.exe" [02/15/2007 06:00 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 02:39 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/30/2008 08:08 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{14370F76-7676-44A2-AD11-93A31C5FC9FC}"= C:\WINDOWS\system32\urqQgfDT.dll [06/14/2008 07:16 PM 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,win.com wowexec"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgfDT]
urqQgfDT.dll 06/14/2008 07:16 PM 57344 C:\WINDOWS\system32\urqQgfDT.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfFUMcc

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
C:\Dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb3d452-3464-11dd-8f2c-001a701306ea}]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-06-15 10:20:03 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 14%
Physical Memory (total/avail): 3069.4 MiB / 2610.36 MiB
Pagefile Memory (total/avail): 4954.62 MiB / 4616.01 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.91 MiB

C: is Fixed (NTFS) - 462.4 GiB total, 327.03 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is CDROM (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)
L: is CDROM (No Media)
M: is CDROM (No Media)
N: is CDROM (No Media)
O: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD50 00AAKS-75A7B SCSI Disk Device - 465.76 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 462.4 GiB - C:
\PARTITION2 - Unknown - 3.3 GiB

\\.\PHYSICALDRIVE1 - EPSON Stylus Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Beautiful Family\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RAFFERTYS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Beautiful Family
LOGONSERVER=\\RAFFERTYS
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BEAUTI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BEAUTI~1\LOCALS~1\Temp
USERDOMAIN=RAFFERTYS
USERNAME=Beautiful Family
USERPROFILE=C:\Documents and Settings\Beautiful Family
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Beautiful Family (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Age of Conan - Hyborian Adventures --> "C:\Games\Age of Conan\unins000.exe"
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Age of Empires III - The Asian Dynasties --> C:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\Setup.exe" -l0x9
Bejeweled 2 Deluxe 1.0 --> C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Civilization II Multiplayer Gold Edition --> C:\WINDOWS\IsUninst.exe -f"c:\games\Civilization II\Uninst.isu"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Commandos, Beyond the Call of Duty --> C:\WINDOWS\uninst.exe -f"c:\games\commandos\Beyond the Call of Duty\DeIsL1.isu"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Crysis(R) SP Demo --> MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
Dell Resource CD --> MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
Download Manager 2.3.6 --> C:\Program Files\Download Manager\uninst.exe
Dungeon Siege Legends of Aranna --> "C:\Games\Dungeon Siege\Dungeon Siege\UNINSTAL.EXE" /runtemp /addremove
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Fable - The Lost Chapters --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
FL Studio 8 --> C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LimeWire 4.18.2 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LucasArts' Monkey 4 --> C:\WINDOWS\uninst.exe -f"c:\games\Escape From Monkey Island\Install\DeIsL1.isu" -c"c:\games\Escape From Monkey Island\Install\LecSetup.dll"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Neverwinter Nights --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Setup.exe" -l0x9
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_5_0_23\Setup.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA Performance --> "C:\Program Files\InstallShield Installation Information\{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA Performance --> MsiExec.exe /I{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}
NVIDIA System Monitor --> "C:\Program Files\InstallShield Installation Information\{5887D64D-2663-43FB-B4BD-7464C56AB425}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA System Monitor --> MsiExec.exe /I{5887D64D-2663-43FB-B4BD-7464C56AB425}
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Oblivion mod manager 1.1.9 --> "C:\Games\Oblivion\obmm\uninstall\unins000.exe"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PoiZone --> C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Rings of the Magi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B642EC22-0915-11D5-B3F1-00485486D0B6}\setup.exe"
Risk II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0EE11800-A1BD-11D3-BFEB-005004AF2D32}\setup.exe" -l0x0009
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Super TextTwist --> C:\Games\TEXTTW~1\UNWISE.EXE /U C:\Games\TEXTTW~1\INSTALL.LOG
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Tiger Woods PGA TOUR 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E91306C-899F-45F3-B5E9-4B480A27A63D}\Setup.exe" -l0x9 uninstallme
Titan Quest --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x9 -removeonly
Titan Quest Immortal Throne --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x9 -removeonly
Tom Clancy's Rainbow Six Vegas --> C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -l0x0009 -removeonly
Toxic Biohazard --> C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Uniblue RegistryBooster 2 --> "C:\Program Files\Registry Cleanup\RegistryBooster 2\unins000.exe"
Uniblue System Tweaker --> "C:\Program Files\System Tweaker\unins000.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WWII: Normandy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{456C1C87-0D3D-4CC2-B411-98A43D249C12}\setup.exe"
Zuma Deluxe RA --> C:\Games\ZUMADE~1\UNWISE.EXE C:\Games\ZUMADE~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type611 / Error
Event Submitted/Written: 06/15/2008 10:16:29 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type610 / Warning
Event Submitted/Written: 06/15/2008 10:09:37 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type609 / Warning
Event Submitted/Written: 06/15/2008 10:09:37 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type590 / Error
Event Submitted/Written: 06/15/2008 06:17:05 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x000109fb.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type589 / Error
Event Submitted/Written: 06/15/2008 06:16:19 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2848 / Error
Event Submitted/Written: 06/15/2008 10:09:39 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1055" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Event Record #/Type2847 / Error
Event Submitted/Written: 06/15/2008 10:09:39 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1055" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type2843 / Error
Event Submitted/Written: 06/15/2008 10:08:33 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type2842 / Error
Event Submitted/Written: 06/15/2008 10:05:36 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type2841 / Error
Event Submitted/Written: 06/15/2008 06:43:07 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}



-- End of Deckard's System Scanner: finished at 2008-06-15 10:20:03 ------------
 

·
Security Team (ret.)
Joined
·
7,403 Posts
Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.


Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

=======================================

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top