MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: virus help hjt
November 15, 2019, 11:24:08 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 15, 2019, 11:24:08 AM

Login with username, password and session length
 Featured Sites:
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: virus help hjt  (Read 4503 times)
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« on: February 18, 2008, 10:44:35 AM »

weird virus allpictures dont show up unless i click comp stalls now and again viruses keep coming




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:28, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: C:\WINDOWS\system32\J8dj3jg.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\J8dj3jg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199618910234
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmxtqxt.dll
O20 - Winlogon Notify: LogCrypt - LogCrypt.dll (file missing)
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O22 - SharedTaskScheduler: sklfc94krteetj - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\J8dj3jg.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Online Search Service - Unknown owner - C:\WINDOWS\system32\winlagons.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Microsoft PS Service - Unknown owner - C:\WINDOWS\system32\_svchost.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10101 bytes
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: February 19, 2008, 10:08:18 PM »

Please download SDFix from here and save it to your desktop


Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.


Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.


=========================================


Please download Combofix from any of the links below, and save it to your desktop.  For further information regarding this download you can see this on this Information Page

            Combofix Link 1
            Combofix Link 2
            Combofix Link 3 


**Note:  It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you. 
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
 


Caution...Never run and remove files using ComboFix without being supervised by a security analyst.



Logged

An Australian Member of

EDDY
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« Reply #2 on: February 20, 2008, 12:16:45 AM »


SDFix: Version 1.143

Run by me on 19/02/2008 at 23:57

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\me\Desktop\folders\SDFix

Checking Services:

Name:
Google Online Search Service
kcp
Microsoft PS Service
DIO40

Path:

Google Online Search Service - Deleted
kcp - Deleted
Microsoft PS Service - Deleted
DIO40 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service DIO40 - Deleted after Reboot
Service Ntsb57 - Deleted after Reboot

Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\drivers\Ntsb57.sys - Deleted
C:\WINDOWS\system32\drivers\DIO40.sys - Deleted
C:\WINDOWS\SYSTEM32\CREATE.EXE - Deleted
C:\WINDOWS\SYSTEM32\TASKKILL.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADRUQUPD.TMP - Deleted
C:\DOCUME~1\ALLUSE~1\DOCUME~1\SETTINGS\CONFIG.INI - Deleted
C:\WINDOWS\system32\6_exception.nls - Deleted
C:\Program Files\outlook\p.zip  - Deleted
C:\WINDOWS\system32\~.exe  - Deleted
C:\WINDOWS\system32\cmd.com  - Deleted
C:\WINDOWS\system32\netstat.com  - Deleted
C:\WINDOWS\system32\pac.txt  - Deleted
C:\WINDOWS\system32\ping.com  - Deleted
C:\WINDOWS\system32\regedit.com  - Deleted
C:\WINDOWS\system32\svchost.t__  - Deleted
C:\WINDOWS\system32\svchost.tmp  - Deleted
C:\WINDOWS\system32\taskkill.com  - Deleted
C:\WINDOWS\system32\tasklist.com  - Deleted
C:\WINDOWS\system32\tracert.com  - Deleted
C:\WINDOWS\system32\winlagons.exe  - Deleted
C:\WINDOWS\system32\winlogans.tmp  - Deleted





Removing Temp Files...

ADS Check:
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 00:03:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3


Remaining Services:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:


File Backups: - C:\DOCUME~1\me\Desktop\folders\SDFix\backups\backups.zip

Files with Hidden Attributes:


Finished!

Logged
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« Reply #3 on: February 20, 2008, 12:27:16 AM »

ComboFix 08-02-20.2 - me 2008-02-20  0:20:36.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.138 [GMT 0:00]
Running from: C:\Documents and Settings\me\Desktop\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\outlook
C:\Temp\isgTi19
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\nGpxx01

.
(((((((((((((((((((((((((   Files Created from 2008-01-20 to 2008-02-20  )))))))))))))))))))))))))))))))
.

2008-02-19 23:27 . 2004-08-04 05:00   577,024   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll
2008-02-19 23:26 . 2008-02-19 23:26   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-02-19 23:18 . 2008-02-17 00:05   <DIR>   d--------   C:\SDFix
2008-02-19 22:42 . 2008-02-19 22:42   <DIR>   d--------   C:\SAVE
2008-02-19 22:35 . 2008-02-19 22:35   57   --a------   C:\WINDOWS\sierra.ini
2008-02-19 22:28 . 2008-02-19 22:29   <DIR>   d--------   C:\Program Files\MagicDisc
2008-02-19 22:28 . 2008-02-18 17:29   96,256   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\mcdbus.sys
2008-02-19 21:12 . 2008-02-19 21:12   <DIR>   d--------   C:\Program Files\VistaCodecPack
2008-02-19 21:12 . 2008-02-19 21:12   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-19 21:06 . 2008-02-19 21:06   <DIR>   d--------   C:\Sierra
2008-02-19 20:57 . 2008-02-19 20:57   <DIR>   d--------   C:\Program Files\MagicISO
2008-02-19 20:36 . 2008-02-19 20:41   <DIR>   d--------   C:\Program Files\RegCure
2008-02-19 19:51 . 2008-02-19 19:51   <DIR>   d--------   C:\~QTWTMP.TMP
2008-02-19 19:51 . 2008-02-19 19:52   832   --a------   C:\WINDOWS\QT$INST$.~32
2008-02-19 19:16 . 2008-02-19 20:00   <DIR>   d--------   C:\Program Files\DOSBox-0.72
2008-02-18 19:23 . 2008-02-18 19:23   <DIR>   d--------   C:\Program Files\THQ
2008-02-18 10:40 . 2008-02-18 10:40   <DIR>   d--------   C:\Program Files\Trend Micro
2008-02-14 15:05 . 2008-02-20 00:20   <DIR>   d--------   C:\Temp
2008-02-13 20:31 . 2008-02-13 20:31   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\Webroot
2008-02-13 20:29 . 2008-02-13 20:29   <DIR>   d--------   C:\Program Files\Webroot
2008-02-13 20:29 . 2008-02-13 20:29   <DIR>   d--------   C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-13 20:29 . 2008-02-13 20:29   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-13 20:29 . 2007-03-01 19:54   144,960   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-02-13 20:29 . 2007-03-01 19:54   22,080   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-02-13 20:29 . 2007-03-01 19:54   21,056   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-02-13 20:29 . 2007-03-01 19:54   20,544   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0509.sys
2008-02-13 20:26 . 2008-02-13 20:26   <DIR>   d--------   C:\Documents and Settings\me\Application Data\Webroot
2008-02-13 19:20 . 2008-02-13 19:26   203   --a------   C:\WINDOWS\QTW.QTW
2008-02-13 18:51 . 2008-02-19 19:30   241   --a------   C:\WINDOWS\QTW.INI
2008-02-13 18:50 . 2008-02-13 19:26   536   --a------   C:\WINDOWS\WININI.QTW
2008-02-13 18:50 . 2008-02-13 19:26   271   --a------   C:\WINDOWS\SYSINI.QTW
2008-02-13 18:48 . 2008-02-13 19:26   <DIR>   d--------   C:\Program Files\Myst
2008-02-13 18:48 . 2008-02-13 18:48   <DIR>   d--------   C:\Documents and Settings\me\WINDOWS
2008-02-13 18:48 . 1996-01-09 10:38   283,648   --a------   C:\WINDOWS\uninst.exe
2008-02-12 21:31 . 2008-02-19 08:00   <DIR>   d--------   C:\Documents and Settings\me\Application Data\AVG7
2008-02-12 21:30 . 2008-02-12 21:30   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-12 21:29 . 2008-02-12 21:29   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 21:29 . 2008-02-12 22:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg7
2008-02-12 20:57 . 2008-02-12 20:57   16,384   --a------   C:\WINDOWS\SYSTEM32\mmmxtqxt.dll
2008-02-12 20:13 . 2008-02-12 20:13   <DIR>   d--------   C:\Program Files\Lavasoft
2008-02-12 20:13 . 2008-02-12 20:13   <DIR>   d--------   C:\Documents and Settings\me\Application Data\Lavasoft
2008-02-12 20:05 . 2008-02-12 20:05   <DIR>   d--------   C:\Program Files\FBrowsingAdvisor
2008-02-12 20:05 . 2008-02-12 20:05   <DIR>   d--------   C:\Program Files\FBrowserAdvisor
2008-02-12 20:05 . 2006-04-14 23:05   9,952   --a------   C:\regxpcom.exe
2008-02-12 19:01 . 2008-02-12 19:01   16,384   --a------   C:\WINDOWS\SYSTEM32\mmmtiqti.dll
2008-02-12 13:04 . 2008-02-13 21:31   14   --ah-----   C:\WINDOWS\mmax_hren2.ini
2008-02-11 15:42 . 2008-02-11 16:03   <DIR>   d--------   C:\WINDOWS\BDOSCAN8
2008-02-10 21:51 . 2008-02-10 22:43   <DIR>   d--------   C:\WINDOWS\SYSTEM32\ActiveScan
2008-02-10 21:51 . 2008-02-10 21:51   30,590   --a------   C:\WINDOWS\SYSTEM32\pavas.ico
2008-02-10 21:51 . 2008-02-10 21:51   2,550   --a------   C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-02-10 21:51 . 2008-02-10 21:51   1,406   --a------   C:\WINDOWS\SYSTEM32\Help.ico
2008-02-09 10:31 . 2008-02-09 10:31   <DIR>   d--------   C:\WINDOWS\Sun
2008-02-07 13:48 . 2008-02-07 13:48   140   --a------   C:\WINDOWS\SYSTEM32\herjt389.bat
2008-02-04 14:06 . 2008-02-04 14:06   268   --ah-----   C:\sqmdata01.sqm
2008-02-04 14:06 . 2008-02-04 14:06   244   --ah-----   C:\sqmnoopt01.sqm
2008-02-04 11:07 . 2008-02-04 11:07   244   --ah-----   C:\sqmnoopt00.sqm
2008-02-04 11:07 . 2008-02-04 11:07   232   --ah-----   C:\sqmdata00.sqm
2008-01-21 00:16 . 2004-08-04 00:56   159,232   --a------   C:\WINDOWS\SYSTEM32\ptpusd.dll
2008-01-21 00:16 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2008-01-21 00:16 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\usbscan.sys
2008-01-21 00:16 . 2001-08-17 22:36   5,632   --a------   C:\WINDOWS\SYSTEM32\ptpusb.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 00:13   ---------   d-----w   C:\Program Files\IntelligentAdvisor
2008-02-19 23:20   ---------   d-----w   C:\Documents and Settings\me\Application Data\uTorrent
2008-02-19 12:06   ---------   d-----w   C:\Program Files\uTorrent
2008-02-18 19:23   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-02-16 18:33   ---------   d-----w   C:\Program Files\PartyGaming
2008-01-28 15:19   ---------   d-----w   C:\Documents and Settings\me\Application Data\Microgaming
2008-01-19 12:34   ---------   d-----w   C:\Documents and Settings\me\Application Data\LimeWire
2008-01-17 23:28   ---------   d-----w   C:\Program Files\Project64 1.6
2008-01-09 15:01   53,248   ----a-w   C:\WINDOWS\bdoscandel.exe
2008-01-06 17:08   ---------   d-----w   C:\Program Files\MSN Messenger
2008-01-06 16:06   ---------   d-----w   C:\Documents and Settings\me\Application Data\MSNInstaller
2008-01-06 12:04   ---------   d-----w   C:\Program Files\Windows Live Toolbar
2008-01-06 12:03   ---------   d-----w   C:\Program Files\Windows Live Favorites
2008-01-06 12:02   ---------   dcsh--w   C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-06 11:58   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-06 11:50   ---------   d-----w   C:\Program Files\Google
2007-12-30 15:44   ---------   d-----w   C:\Program Files\Common Files\AOL
2007-12-30 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2007-12-30 15:43   ---------   d-----w   C:\Program Files\Modem Helper
2007-12-30 15:43   ---------   d-----w   C:\Program Files\Intel
2007-12-30 15:43   ---------   d-----w   C:\Program Files\Championship Manager 3
2007-12-30 15:43   ---------   d-----w   C:\Program Files\Championship Manager 00-01
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]
2007-12-11 21:27   1019904   --a------   C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-06 11:50 171448]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 11:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 11:51 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-02-17 14:34 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-17 14:35 98304]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 15:15 139264]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 18:26 245760]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-08-17 18:29 184320]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 16:55 180224]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 15:31 1327104]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 09:29 40960]
"Microsoft hren1"="C:\WINDOWS\mmhren1.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-12 21:29 579072]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 19:55 4865600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-12 21:30 219136]

C:\Documents and Settings\me\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-02-19 22:28:55 546816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\mmmxtqxt.dll


.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 00:13:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2005-02-25 21:03:56 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\OOBEBALN.EXE
"2008-02-20 00:11:50 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (ROY-me).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-02-20 00:25:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D5NFXH1J-Owner).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- c:\PROGRA~1\mcafee.com\agent
"2008-02-20 00:23:00 C:\WINDOWS\Tasks\McAfee.com Update Check (ROY-me).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-02-20 00:02:19 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-19 20:37:03 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 00:23:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-20  0:25:16
ComboFix-quarantined-files.txt  2008-02-20 00:25:13




ok thanks for the help appreciate it
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: February 20, 2008, 12:42:04 AM »

We need to install your Recovery Console first.
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System




Download the file  & save it as its originally named, next to ComboFix.exe. 






Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log. 


Download the file  & save it as it's originally named, next to the ComboFix.exe. 


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it.




 Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.





Logged

An Australian Member of

EDDY
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« Reply #5 on: February 24, 2008, 12:23:08 AM »

WinXP_EN_HOM_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
Logged
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« Reply #6 on: February 24, 2008, 12:28:53 AM »

think ive done that right
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: February 24, 2008, 12:42:07 AM »

Yep.Ok.Good.

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


O2 - BHO: C:\WINDOWS\system32\J8dj3jg.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\J8dj3jg.dll (file missing)
O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmxtqxt.dll
O20 - Winlogon Notify: LogCrypt - LogCrypt.dll (file missing)
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O22 - SharedTaskScheduler: sklfc94krteetj - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\J8dj3jg.dll (file missing)
O23 - Service: Google Online Search Service - Unknown owner - C:\WINDOWS\system32\winlagons.exe (file missing)
O23 - Service: Microsoft PS Service - Unknown owner - C:\WINDOWS\system32\_svchost.exe (file missing)

Reboot...

===========================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote

Killall::

File::
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt00.sqm
C:\sqmdata00.sqm
C:\WINDOWS\mmax_hren2.ini
C:\WINDOWS\mmhren1.exe
C:\WINDOWS\system32\mmmxtqxt.dll

Folder::
C:\Program Files\IntelligentAdvisor

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]
 

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply  please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

« Last Edit: February 24, 2008, 12:46:53 AM by Pancake » Logged

An Australian Member of

EDDY
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« Reply #8 on: February 24, 2008, 10:49:04 AM »

ComboFix 08-02-20.2 - me 2008-02-24  1:51:44.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.235 [GMT 0:00]
Running from: C:\Documents and Settings\me\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\me\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\WINDOWS\mmax_hren2.ini
C:\WINDOWS\mmhren1.exe
C:\WINDOWS\system32\mmmxtqxt.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\IntelligentAdvisor
C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-1.dll
C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll
C:\Program Files\IntelligentAdvisor\IntelligentAdvisor.dat
C:\Program Files\IntelligentAdvisor\pcre3.dll
C:\Program Files\IntelligentAdvisor\uninstall.exe
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\WINDOWS\mmax_hren2.ini
C:\WINDOWS\system32\create.exe
C:\WINDOWS\system32\mmmxtqxt.dll

.
(((((((((((((((((((((((((   Files Created from 2008-01-24 to 2008-02-24  )))))))))))))))))))))))))))))))
.

2008-02-19 23:27 . 2004-08-04 05:00   577,024   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll
2008-02-19 23:26 . 2008-02-19 23:26   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-02-19 23:18 . 2008-02-17 00:05   <DIR>   d--------   C:\SDFix
2008-02-19 22:42 . 2008-02-19 22:42   <DIR>   d--------   C:\SAVE
2008-02-19 22:35 . 2008-02-19 22:35   57   --a------   C:\WINDOWS\sierra.ini
2008-02-19 22:28 . 2008-02-19 22:29   <DIR>   d--------   C:\Program Files\MagicDisc
2008-02-19 22:28 . 2008-02-18 17:29   96,256   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\mcdbus.sys
2008-02-19 21:12 . 2008-02-19 21:12   <DIR>   d--------   C:\Program Files\VistaCodecPack
2008-02-19 21:12 . 2008-02-19 21:12   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-19 21:06 . 2008-02-19 21:06   <DIR>   d--------   C:\Sierra
2008-02-19 20:57 . 2008-02-19 20:57   <DIR>   d--------   C:\Program Files\MagicISO
2008-02-19 20:36 . 2008-02-19 20:41   <DIR>   d--------   C:\Program Files\RegCure
2008-02-19 19:51 . 2008-02-19 19:51   <DIR>   d--------   C:\~QTWTMP.TMP
2008-02-19 19:51 . 2008-02-19 19:52   832   --a------   C:\WINDOWS\QT$INST$.~32
2008-02-19 19:16 . 2008-02-19 20:00   <DIR>   d--------   C:\Program Files\DOSBox-0.72
2008-02-18 19:23 . 2008-02-18 19:23   <DIR>   d--------   C:\Program Files\THQ
2008-02-18 10:40 . 2008-02-18 10:40   <DIR>   d--------   C:\Program Files\Trend Micro
2008-02-14 15:05 . 2008-02-20 00:20   <DIR>   d--------   C:\Temp
2008-02-13 20:31 . 2008-02-13 20:31   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\Webroot
2008-02-13 20:29 . 2008-02-13 20:29   <DIR>   d--------   C:\Program Files\Webroot
2008-02-13 20:29 . 2008-02-13 20:29   <DIR>   d--------   C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-13 20:29 . 2008-02-13 20:29   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-13 20:29 . 2007-03-01 19:54   144,960   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-02-13 20:29 . 2007-03-01 19:54   22,080   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-02-13 20:29 . 2007-03-01 19:54   21,056   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-02-13 20:29 . 2007-03-01 19:54   20,544   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0509.sys
2008-02-13 20:26 . 2008-02-13 20:26   <DIR>   d--------   C:\Documents and Settings\me\Application Data\Webroot
2008-02-13 19:20 . 2008-02-13 19:26   203   --a------   C:\WINDOWS\QTW.QTW
2008-02-13 18:51 . 2008-02-19 19:30   241   --a------   C:\WINDOWS\QTW.INI
2008-02-13 18:50 . 2008-02-13 19:26   536   --a------   C:\WINDOWS\WININI.QTW
2008-02-13 18:50 . 2008-02-13 19:26   271   --a------   C:\WINDOWS\SYSINI.QTW
2008-02-13 18:48 . 2008-02-13 19:26   <DIR>   d--------   C:\Program Files\Myst
2008-02-13 18:48 . 2008-02-13 18:48   <DIR>   d--------   C:\Documents and Settings\me\WINDOWS
2008-02-13 18:48 . 1996-01-09 10:38   283,648   --a------   C:\WINDOWS\uninst.exe
2008-02-12 21:31 . 2008-02-23 21:35   <DIR>   d--------   C:\Documents and Settings\me\Application Data\AVG7
2008-02-12 21:30 . 2008-02-12 21:30   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-12 21:29 . 2008-02-12 21:29   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 21:29 . 2008-02-12 22:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg7
2008-02-12 20:13 . 2008-02-12 20:13   <DIR>   d--------   C:\Program Files\Lavasoft
2008-02-12 20:13 . 2008-02-12 20:13   <DIR>   d--------   C:\Documents and Settings\me\Application Data\Lavasoft
2008-02-12 20:05 . 2008-02-12 20:05   <DIR>   d--------   C:\Program Files\FBrowsingAdvisor
2008-02-12 20:05 . 2008-02-12 20:05   <DIR>   d--------   C:\Program Files\FBrowserAdvisor
2008-02-12 20:05 . 2006-04-14 23:05   9,952   --a------   C:\regxpcom.exe
2008-02-12 19:01 . 2008-02-12 19:01   16,384   --a------   C:\WINDOWS\SYSTEM32\mmmtiqti.dll
2008-02-11 15:42 . 2008-02-11 16:03   <DIR>   d--------   C:\WINDOWS\BDOSCAN8
2008-02-10 21:51 . 2008-02-10 22:43   <DIR>   d--------   C:\WINDOWS\SYSTEM32\ActiveScan
2008-02-10 21:51 . 2008-02-10 21:51   30,590   --a------   C:\WINDOWS\SYSTEM32\pavas.ico
2008-02-10 21:51 . 2008-02-10 21:51   2,550   --a------   C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-02-10 21:51 . 2008-02-10 21:51   1,406   --a------   C:\WINDOWS\SYSTEM32\Help.ico
2008-02-09 10:31 . 2008-02-09 10:31   <DIR>   d--------   C:\WINDOWS\Sun
2008-02-07 13:48 . 2008-02-07 13:48   140   --a------   C:\WINDOWS\SYSTEM32\herjt389.bat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 01:37   ---------   d-----w   C:\Documents and Settings\me\Application Data\uTorrent
2008-02-19 12:06   ---------   d-----w   C:\Program Files\uTorrent
2008-02-18 19:23   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-02-16 18:33   ---------   d-----w   C:\Program Files\PartyGaming
2008-01-28 15:19   ---------   d-----w   C:\Documents and Settings\me\Application Data\Microgaming
2008-01-19 12:34   ---------   d-----w   C:\Documents and Settings\me\Application Data\LimeWire
2008-01-17 23:28   ---------   d-----w   C:\Program Files\Project64 1.6
2008-01-09 15:01   53,248   ----a-w   C:\WINDOWS\bdoscandel.exe
2008-01-06 17:08   ---------   d-----w   C:\Program Files\MSN Messenger
2008-01-06 16:06   ---------   d-----w   C:\Documents and Settings\me\Application Data\MSNInstaller
2008-01-06 12:04   ---------   d-----w   C:\Program Files\Windows Live Toolbar
2008-01-06 12:03   ---------   d-----w   C:\Program Files\Windows Live Favorites
2008-01-06 12:02   ---------   dcsh--w   C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-06 11:58   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-06 11:50   ---------   d-----w   C:\Program Files\Google
2007-12-30 15:44   ---------   d-----w   C:\Program Files\Common Files\AOL
2007-12-30 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2007-12-30 15:43   ---------   d-----w   C:\Program Files\Modem Helper
2007-12-30 15:43   ---------   d-----w   C:\Program Files\Intel
2007-12-30 15:43   ---------   d-----w   C:\Program Files\Championship Manager 3
2007-12-30 15:43   ---------   d-----w   C:\Program Files\Championship Manager 00-01
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-06 11:50 171448]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 11:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 11:51 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-02-17 14:34 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-17 14:35 98304]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 15:15 139264]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 18:26 245760]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-08-17 18:29 184320]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 16:55 180224]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 15:31 1327104]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 09:29 40960]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-12 21:29 579072]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 19:55 4865600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-12 21:30 219136]

C:\Documents and Settings\me\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-02-19 22:28:55 546816]


.
Contents of the 'Scheduled Tasks' folder
"2008-02-24 01:13:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2005-02-25 21:03:56 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\OOBEBALN.EXE
"2008-02-24 01:57:16 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (ROY-me).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-02-24 02:00:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D5NFXH1J-Owner).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- c:\PROGRA~1\mcafee.com\agent
"2008-02-24 01:58:21 C:\WINDOWS\Tasks\McAfee.com Update Check (ROY-me).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-02-24 01:56:53 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-21 03:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 01:57:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.
**************************************************************************
.
Completion time: 2008-02-24  2:00:23 - machine was rebooted [me]
ComboFix-quarantined-files.txt  2008-02-24 02:00:18
ComboFix2.txt  2008-02-23 19:26:46
ComboFix3.txt  2008-02-23 18:41:17
ComboFix4.txt  2008-02-20 00:25:17


Logged
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« Reply #9 on: February 24, 2008, 10:50:02 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:30, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
C:\Program Files\MagicDisc\MagicDisc.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199618910234
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8809 bytes
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #10 on: February 24, 2008, 10:59:54 AM »

Ok.All done,all finished,all clean.

This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below  and click OK.

Quote

ComboFix /u




Now that you are clean,and If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure..they can be done at your leisure.

Download and scan with CCleaner from http://www.ccleaner.com/downloadbuilds.asp

1. Starting with v1.27.260, http://www.ccleaner.com/downloadbuilds.asp installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Logged

An Australian Member of

EDDY
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« Reply #11 on: February 24, 2008, 11:34:22 AM »

thanks a lot its so much better now
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #12 on: February 24, 2008, 09:22:30 PM »

Ok.Glad all is well.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 30, 2017, 02:09:45 AM