Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected:rxjddnvj.exe, Startdrv.exe, Taskmanager Disabled


  • This topic is locked This topic is locked
9 replies to this topic

#1 navson

navson

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 08 April 2008 - 09:33 PM

I wanted to give a little more info on my problems. A few things that are happening are my task manager is disabled don't know how. My antivirus is disabled don't know how. my quicktime application at start up is eating up 90% or more of my computer resource. My desktop icons have grey shadows. I have popups for window security center which are sites trying to run scams.

Deckard's System Scanner v20071014.68
Run by Nelson Navarro on 2008-04-08 21:03:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2008-04-09 02:03:12 UTC - RP893 - Deckard's System Scanner Restore Point
15: 2008-04-08 05:01:40 UTC - RP892 - System Checkpoint
14: 2008-04-06 00:32:10 UTC - RP891 - System Checkpoint
13: 2008-04-05 00:04:16 UTC - RP890 - System Checkpoint
12: 2008-03-30 19:02:28 UTC - RP889 - System Checkpoint


-- First Restore Point --
1: 2008-03-06 22:12:01 UTC - RP878 - Unsigned driver install


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.62 GiB (less than 15%) free.


-- HijackThis (run as Nelson Navarro.exe) --------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-08 21:06:44
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\Nelson Navarro\Desktop\dss.exe
F:\DOWNLOADS\Nelson Navarro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Nelson Navarro\Application Data\ntos.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18789170-5204-4422-3382-06C49B4BCADB} - C:\Program Files\Elfntfnv\kgojumji.dll (file missing)
O2 - BHO: (no name) - {1888D4BA-8C81-FD13-3C52-03DA8BFFC171} - C:\Program Files\Isufrujx\ufmrtzmh.dll
O2 - BHO: (no name) - {194A85AF-3A38-5A36-A3CA-32A59D63A163} - C:\WINDOWS\system\brfmct32.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Flash Module - {C87FA4A3-2474-4a3f-B413-67D515905024} - akun54.dll (file missing)
O2 - BHO: (no name) - {F1EC8B49-44DD-1ECD-AC9E-E615F5BBAF50} - C:\PROGRA~1\FLAWON~1\Shim Hope.exe (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: CBho Class - {F369DA09-FADE-44CB-987F-E2E0DEF51BCA} - C:\WINDOWS\system32\pgd.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [TSC] "C:\Program Files\Trend Micro\Internet Security\tsc.exe" /HD
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [c0t7RfJ5O] loarenv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] E:\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133760249607
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{347BA074-14DC-4790-80C1-23503480E791}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Mbbjknea.dll (file missing)
O21 - SSODL: cyTMjyiLHUxZfsiu - {4440FA69-EEEA-50C3-29C8-3C226BB68006} - C:\WINDOWS\system32\peo.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPcservice.exe


--
End of file - 10732 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 si3114r (SiI-3114 SATARaid Controller) - c:\windows\system32\drivers\si3114r.sys <Not Verified; Silicon Image, Inc; SATARAID>
R0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys <Not Verified; Silicon Image, Inc.; SATALink Windows Accelerator>
R0 SiWinAcc - c:\windows\system32\drivers\siwinacc.sys <Not Verified; Silicon Image, Inc.; SATALink Windows Accelerator>

S3 SaiClass - c:\windows\system32\drivers\saintbus.sys <Not Verified; Saitek; Configuration Software>
S3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
S3 SaiNtHid - c:\windows\system32\drivers\sainthid.sys <Not Verified; Saitek; Configuration Software>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 Amsmgtee -
S3 Cisnkfp -
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-08 21:00:00 256 --ah----- C:\WINDOWS\Tasks\AB20D550918B4ACC.job
2008-04-08 21:00:00 256 --ah----- C:\WINDOWS\Tasks\A8749D8491BF0EA8.job
2008-03-27 22:33:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-08 and 2008-04-08 -----------------------------

2008-04-07 20:06:31 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-07 20:06:29 2559 --a------ C:\WINDOWS\unins000.dat
2008-04-02 20:09:29 10752 --a------ C:\WINDOWS\DCEBoot.exe


-- Find3M Report ---------------------------------------------------------------

2008-03-30 14:00:00 0 d-------- C:\Program Files\mvgdknuh
2008-03-30 13:58:57 0 d-------- C:\Program Files\Elfntfnv
2008-03-16 21:07:04 0 d-------- C:\Documents and Settings\Nelson Navarro\Application Data\Adobe
2008-03-05 15:58:40 0 d-------- C:\Documents and Settings\Nelson Navarro\Application Data\Canon
2008-02-25 22:22:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-25 22:10:44 0 d-------- C:\Program Files\Common Files
2008-02-24 22:33:24 0 d-------- C:\Program Files\Griffin Technology
2008-02-23 02:15:22 0 d-------- C:\Documents and Settings\Nelson Navarro\Application Data\Uniblue
2008-02-18 22:46:59 0 d-------- C:\Program Files\Motorola Phone Tools
2008-02-18 22:38:33 9472 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2008-02-18 22:38:32 15360 --a------ C:\WINDOWS\aconti.exe
2008-02-18 22:38:30 16384 --a------ C:\WINDOWS\hotporn.exe
2008-02-12 23:23:05 0 d-------- C:\Program Files\Lcbogcyt2
2008-02-09 17:31:57 0 d-------- C:\Documents and Settings\Nelson Navarro\Application Data\Yahoo!
2008-02-09 11:13:55 53248 --a------ C:\WINDOWS\system32\akun54.dll <Not Verified; Saterdat; Corp stand>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18789170-5204-4422-3382-06C49B4BCADB}]
C:\Program Files\Elfntfnv\kgojumji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1888D4BA-8C81-FD13-3C52-03DA8BFFC171}]
11/06/2007 11:59 PM 102400 --a------ C:\Program Files\Isufrujx\ufmrtzmh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{194A85AF-3A38-5A36-A3CA-32A59D63A163}]
C:\WINDOWS\system\brfmct32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C87FA4A3-2474-4a3f-B413-67D515905024}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1EC8B49-44DD-1ECD-AC9E-E615F5BBAF50}]
C:\PROGRA~1\FLAWON~1\Shim Hope.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F369DA09-FADE-44CB-987F-E2E0DEF51BCA}]
11/21/2007 10:37 AM 18944 --a------ C:\WINDOWS\system32\pgd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 02:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 06:43 PM]
"c0t7RfJ5O"="loarenv.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Uniblue RegistryBooster 2"="E:\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"TSC"="C:\Program Files\Trend Micro\Internet Security\tsc.exe" /HD

C:\Documents and Settings\Nelson Navarro\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [10/17/2004 2:25:30 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/30/2004 12:29:25 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [5/19/2006 8:00:06 PM]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [8/17/2007 2:20:06 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Internet Explorer"= {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Mbbjknea.dll [ ]
"cyTMjyiLHUxZfsiu"= {4440FA69-EEEA-50C3-29C8-3C226BB68006} - C:\WINDOWS\system32\peo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Nelson Navarro\Application Data\ntos.exe,C:\WINDOWS\system32\rxjddnvj.exe,"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- autorun.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com

2 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-08 21:07:41 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2800+
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 511.48 MiB / 184.22 MiB
Pagefile Memory (total/avail): 1248.22 MiB / 896.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.86 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 9.77 GiB total, 0.62 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 39.06 GiB total, 27.3 GiB free.
F: is Fixed (NTFS) - 62.98 GiB total, 12.33 GiB free.

\\.\PHYSICALDRIVE0 - SAMSUNG SP1213C SCSI Disk Device - 111.81 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 9.77 GiB - C:
\PARTITION1 - Installable File System - 39.06 GiB - E:
\PARTITION2 - Installable File System - 62.98 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FW: Trend Micro Personal Firewall v5.2 (Trend Micro Inc.)
AV: Trend Micro Internet Security v16.10.1079 ()

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\kdx\\khost.exe"="C:\\WINDOWS\\kdx\\khost.exe:*:Disabled:Secure Delivery Plug-In"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:YServer Module"
"E:\\UT2004\\System\\UT2004.exe"="E:\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"E:\\limewire\\LimeWire.exe"="E:\\limewire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\iTunes\\iTunes.exe"="E:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nelson Navarro\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STUDENT-LP5VEKG
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nelson Navarro
LOGONSERVER=\\STUDENT-LP5VEKG
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\backburner 2\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\NELSON~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\NELSON~1\LOCALS~1\Temp
USERDOMAIN=STUDENT-LP5VEKG
USERNAME=Nelson Navarro
USERPROFILE=C:\Documents and Settings\Nelson Navarro
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Nelson Navarro (admin)
Hazel
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Illustrator CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
AT&T Yahoo! Music Jukebox --> MsiExec.exe /X{54AA707B-68DA-49A4-9916-68DD670241BD}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
BitTorrent 5.0.3 --> "C:\Program Files\BitTorrent\uninstall.exe"
Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9 anything
Canon i850 --> C:\WINDOWS\System32\CNMCP4b.exe "-PRINTERNAMECanon i850" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i850 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i850 Installer\Inst2\cnmi0409.dll"
DivX Player --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Player\uninstal.log
Doom 3 DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986A457F-8230-4042-BC9F-5241BAAEC393}\setup.exe" -l0x9 -removeonly
DVD Decrypter (Remove Only) --> "E:\DVD Decrypter\uninstall.exe"
DVD Shrink 3.1.7 --> "E:\DVD Shrink\unins000.exe"
eIMAGE Recovery --> F:\PROGRA~1\EIMAGE~1\UNWISE.EXE F:\PROGRA~1\EIMAGE~1\INSTALL.LOG
Freedom Force --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75AD7D33-EF26-4609-9D8D-CBF7F9AC5E08}\Setup.exe" -l0x9
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 1.99.1 --> F:\DOWNLOADS\HijackThis.exe /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
LimeWire 4.14.8 --> "E:\limewire\uninstall.exe"
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x10 mmUninstall
Macromedia Fireworks MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Fireworks MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x10 UNINSTALL
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x10 UNINSTALL
Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x10 UNINSTALL
Manual CanoScan 3000,3000F --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E088AC54-7379-4C8F-A8B6-D2381E5A1172}\setup.exe" -l0x9
MechWarrior 4 Mercenaries --> "E:\Program Files\Microsoft Games\Mechwarrior Mercenaries\UNINSTAL.EXE" /runtemp /addremove
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Nero 6 Ultra Edition --> F:\My Documents\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
NVIDIA nForce Drivers --> C:\WINDOWS\System32\nvuninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers
OmniPage SE --> MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
OrangeWare USB2.0 Driver --> C:\WINDOWS\system32\UnORGUSB20.EXE RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B53422A7-10EC-4156-BCF3-550E82D4F363}\Setup.exe" -uninst
procreate™ Painter Classic™ --> C:\WINDOWS\IsUninst.exe -fe:\painterclas\UninstPPC.isu
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove DivX Pro Codec --> C:\WINDOWS\unvise32.exe e:\UninstalDivXProCodec.log
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
TOD-Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC6D3E44-0C50-49DF-B1DD-4017C3B4EA40}\SETUP.EXE"
Trend Micro Internet Security --> C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Unreal Tournament 2004 --> E:\UT2004\System\Setup.exe uninstall "UT2004"
Vstascan --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314C19E0-7FA5-11D5-A6B4-0050BA724CB6}\Setup.exe"
Winamp (remove only) --> "E:\winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type10979 / Error
Event Submitted/Written: 04/02/2008 09:05:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application startdrv.exe, version 0.0.0.0, faulting module startdrv.exe, version 0.0.0.0, fault address 0x00001043.
Processing media-specific event for [startdrv.exe!ws!]

Event Record #/Type10971 / Error
Event Submitted/Written: 03/30/2008 10:30:44 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application SfCtlCom.exe, version 16.10.0.1079, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.
Processing media-specific event for [SfCtlCom.exe!ws!]

Event Record #/Type10967 / Error
Event Submitted/Written: 03/30/2008 01:14:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application startdrv.exe, version 0.0.0.0, faulting module startdrv.exe, version 0.0.0.0, fault address 0x00001043.
Processing media-specific event for [startdrv.exe!ws!]

Event Record #/Type10963 / Error
Event Submitted/Written: 03/27/2008 08:01:06 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application startdrv.exe, version 0.0.0.0, faulting module startdrv.exe, version 0.0.0.0, fault address 0x00001043.
Processing media-specific event for [startdrv.exe!ws!]

Event Record #/Type10957 / Error
Event Submitted/Written: 03/24/2008 09:36:34 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application startdrv.exe, version 0.0.0.0, faulting module startdrv.exe, version 0.0.0.0, fault address 0x00001043.
Processing media-specific event for [startdrv.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type56512 / Error
Event Submitted/Written: 04/08/2008 08:08:05 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer NELHAZLAPTOP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DD0FDC65-C631-4.
The master browser is stopping or an election is being forced.

Event Record #/Type56511 / Error
Event Submitted/Written: 04/08/2008 06:56:13 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer NELHAZLAPTOP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DD0FDC65-C631-4.
The master browser is stopping or an election is being forced.

Event Record #/Type56484 / Error
Event Submitted/Written: 04/08/2008 06:51:07 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Amsmgtee service failed to start due to the following error:
%%3

Event Record #/Type56467 / Error
Event Submitted/Written: 04/08/2008 07:35:28 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Amsmgtee service failed to start due to the following error:
%%3

Event Record #/Type56459 / Error
Event Submitted/Written: 04/07/2008 10:35:31 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Trend Micro Proxy Service service failed to start due to the following error:
%%1053



-- End of Deckard's System Scanner: finished at 2008-04-08 21:07:41 ------------

Attached Files


Edited by navson, 08 April 2008 - 09:40 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:05 PM

Posted 09 April 2008 - 06:45 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 navson

navson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 09 April 2008 - 10:24 PM

Hello sam. I just want to start by saying thank you for helping me with my problem.I know your site has been very busy. I ran combo fix and this is the post of the Log. Just let me know what I need to do next. Thanks :thumbsup:


ComboFix 08-04-09.8 - Nelson Navarro 2008-04-09 21:50:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.145 [GMT -5:00]
Running from: C:\Documents and Settings\Nelson Navarro\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\Nelson Navarro\Application Data\wsnpoem
C:\Documents and Settings\Nelson Navarro\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\Nelson Navarro\Application Data\wsnpoem\audio.dll.cla
C:\Documents and Settings\Nelson Navarro\Application Data\wsnpoem\video.dll
C:\Documents and Settings\Nelson Navarro\Local Settings\Application Data\n.ini
C:\Documents and Settings\Nelson Navarro\Local Settings\Temporary Internet Files\sports.ico
C:\Program Files\windows adstatus
C:\WINDOWS\aconti.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\k.dat
C:\WINDOWS\system32\kwkx.exe
C:\WINDOWS\system32\kx.exe
C:\WINDOWS\system32\n.ini
C:\WINDOWS\system32\n2.ini
C:\WINDOWS\system32\pgd.dll
C:\WINDOWS\system32\setup.ini
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P
-------\Legacy_DRIVER
-------\Legacy_RUNTIME
-------\Legacy_RUNTIME2
-------\Service_asc3550p
-------\Service_Driver


((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-08 22:00 . 2008-04-08 22:00 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-08 21:02 . 2008-04-08 21:02 <DIR> d----c--- C:\Deckard
2008-04-07 20:06 . 2008-04-07 20:04 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-07 20:06 . 2008-04-07 20:06 2,559 --a------ C:\WINDOWS\unins000.dat
2008-04-02 20:09 . 2008-04-09 21:48 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2008-03-24 22:27 . 2008-04-02 21:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-24 22:27 . 2008-03-24 22:27 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 03:00 --------- d-----w C:\Program Files\Isufrujx
2008-04-08 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 19:00 --------- d-----w C:\Program Files\mvgdknuh
2008-03-30 18:58 --------- d-----w C:\Program Files\Elfntfnv
2008-03-05 20:58 --------- d-----w C:\Documents and Settings\Nelson Navarro\Application Data\Canon
2008-02-26 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-26 03:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-25 03:33 --------- d-----w C:\Program Files\Griffin Technology
2008-02-23 07:15 --------- d-----w C:\Documents and Settings\Nelson Navarro\Application Data\Uniblue
2008-02-19 03:46 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-02-16 04:37 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2008-02-16 04:37 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2008-02-13 04:23 --------- d-----w C:\Program Files\Lcbogcyt2
2007-12-24 20:52 92,064 ----a-w C:\Documents and Settings\Nelson Navarro\mqdmmdm.sys
2007-12-24 20:52 9,232 ----a-w C:\Documents and Settings\Nelson Navarro\mqdmmdfl.sys
2007-12-24 20:52 79,328 ----a-w C:\Documents and Settings\Nelson Navarro\mqdmserd.sys
2007-12-24 20:52 66,656 ----a-w C:\Documents and Settings\Nelson Navarro\mqdmbus.sys
2007-12-24 20:52 6,208 ----a-w C:\Documents and Settings\Nelson Navarro\mqdmcmnt.sys
2007-12-24 20:52 5,936 ----a-w C:\Documents and Settings\Nelson Navarro\mqdmwhnt.sys
2007-12-24 20:52 4,048 ----a-w C:\Documents and Settings\Nelson Navarro\mqdmcr.sys
2007-12-24 20:52 25,600 ----a-w C:\Documents and Settings\Nelson Navarro\usbsermptxp.sys
2007-12-24 20:52 22,768 ----a-w C:\Documents and Settings\Nelson Navarro\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18789170-5204-4422-3382-06C49B4BCADB}]
C:\Program Files\Elfntfnv\kgojumji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{194A85AF-3A38-5A36-A3CA-32A59D63A163}]
C:\WINDOWS\system\brfmct32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C87FA4A3-2474-4a3f-B413-67D515905024}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1EC8B49-44DD-1ECD-AC9E-E615F5BBAF50}]
C:\PROGRA~1\FLAWON~1\Shim Hope.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]
"c0t7RfJ5O"="loarenv.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Uniblue RegistryBooster 2"="E:\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56 158208]

C:\Documents and Settings\Nelson Navarro\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-10-17 02:25:30 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-04-30 00:29:25 110592]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-05-19 20:00:06 217088]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-17 14:20:06 54512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Internet Explorer"= {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Mbbjknea.dll [ ]
"cyTMjyiLHUxZfsiu"= {4440FA69-EEEA-50C3-29C8-3C226BB68006} - C:\WINDOWS\system32\peo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"E:\\UT2004\\System\\UT2004.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"E:\\limewire\\LimeWire.exe"=
"E:\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-02-12 07:37]
R2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 14:58]
S3 SaiClass;SaiClass;C:\WINDOWS\system32\drivers\SaiNtBus.sys [2003-04-10 12:41]
S3 SaiNtHid;SaiNtHid;C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys [2003-04-10 12:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-10 03:00:00 C:\WINDOWS\Tasks\A8749D8491BF0EA8.job"
- c:\progra~1\glueloud\locksforksupport.exe
"2008-04-10 03:00:00 C:\WINDOWS\Tasks\AB20D550918B4ACC.job"
- c:\progra~1\glueloud\locksforksupport.exe
"2008-03-28 03:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 22:03:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
.
**************************************************************************
.
Completion time: 2008-04-09 22:05:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-10 03:05:14
Pre-Run: 370,700,288 bytes free
Post-Run: 595,087,360 bytes free
.
2008-04-09 03:02:07 --- E O F ---

Edited by navson, 09 April 2008 - 10:24 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:05 PM

Posted 10 April 2008 - 06:57 AM

Let's see what we can do about getting you fixed up here. :thumbsup:

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
C:\Program Files\Isufrujx
C:\Program Files\mvgdknuh
C:\Program Files\Elfntfnv
C:\Program Files\Lcbogcyt2
C:\PROGRA~1\FLAWON~1

File::
C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\system\brfmct32.dll
C:\WINDOWS\system32\Mbbjknea.dll
C:\WINDOWS\system32\peo.dll 
C:\WINDOWS\Tasks\A8749D8491BF0EA8.job
C:\WINDOWS\Tasks\AB20D550918B4ACC.job

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18789170-5204-4422-3382-06C49B4BCADB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{194A85AF-3A38-5A36-A3CA-32A59D63A163}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C87FA4A3-2474-4a3f-B413-67D515905024}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1EC8B49-44DD-1ECD-AC9E-E615F5BBAF50}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c0t7RfJ5O"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Internet Explorer"=-
"cyTMjyiLHUxZfsiu"=-
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.



==================



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Edited by Buckeye_Sam, 10 April 2008 - 07:04 AM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 navson

navson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 10 April 2008 - 10:49 PM

Hello sam, I got your reply and have followed your directions. I ran ComboFix and posted the log in blue.Then I ran HJTand posted the log in red. Finally I ran kaspersky
and posted the log in green. I hope the colors make it easier. I will be awaiting your next orders. Thanks again :thumbsup:

ComboFix 08-04-09.8 - Nelson Navarro 2008-04-10 18:59:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.156 [GMT -5:00]
Running from: C:\Documents and Settings\Nelson Navarro\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nelson Navarro\Desktop\CFScript
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\system\brfmct32.dll
C:\WINDOWS\system32\Mbbjknea.dll
C:\WINDOWS\system32\peo.dll
C:\WINDOWS\Tasks\A8749D8491BF0EA8.job
C:\WINDOWS\Tasks\AB20D550918B4ACC.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Elfntfnv
C:\Program Files\Isufrujx
C:\Program Files\Lcbogcyt2
C:\Program Files\Lcbogcyt2\bb.exe
C:\Program Files\mvgdknuh
C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\Tasks\A8749D8491BF0EA8.job
C:\WINDOWS\Tasks\AB20D550918B4ACC.job

.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-08 22:00 . 2008-04-08 22:00 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-08 21:02 . 2008-04-08 21:02 <DIR> d----c--- C:\Deckard
2008-04-07 20:06 . 2008-04-07 20:04 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-07 20:06 . 2008-04-07 20:06 2,559 --a------ C:\WINDOWS\unins000.dat
2008-03-24 22:27 . 2008-04-02 21:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-24 22:27 . 2008-03-24 22:27 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 20:58 --------- d-----w C:\Documents and Settings\Nelson Navarro\Application Data\Canon
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-26 03:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-25 03:33 --------- d-----w C:\Program Files\Griffin Technology
2008-02-23 07:15 --------- d-----w C:\Documents and Settings\Nelson Navarro\Application Data\Uniblue
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 03:46 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-02-16 04:37 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2008-02-16 04:37 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2008-02-09 16:13 53,248 ----a-w C:\WINDOWS\system32\akun54.dll
2007-12-24 20:52 92,064 ----a-w C:\Documents and Settings\Nelson Navarro\mqdmmdm.sys
2007-12-24 20:52 9,232 ----a-w C:\Documents and Settings\Nelson Navarro\mqdmmdfl.sys
2007-12-24 20:52 79,328 ----a-w C:\Documents and Settings\Nelson Navarro\mqdmserd.sys
2007-12-24 20:52 66,656 ----a-w C:\Documents and Settings\Nelson Navarro\mqdmbus.sys
2007-12-24 20:52 6,208 ----a-w C:\Documents and Settings\Nelson Navarro\mqdmcmnt.sys
2007-12-24 20:52 5,936 ----a-w C:\Documents and Settings\Nelson Navarro\mqdmwhnt.sys
2007-12-24 20:52 4,048 ----a-w C:\Documents and Settings\Nelson Navarro\mqdmcr.sys
2007-12-24 20:52 25,600 ----a-w C:\Documents and Settings\Nelson Navarro\usbsermptxp.sys
2007-12-24 20:52 22,768 ----a-w C:\Documents and Settings\Nelson Navarro\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-09_22.05.00.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-10 02:53:48 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-11 00:01:51 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Uniblue RegistryBooster 2"="E:\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]

C:\Documents and Settings\Nelson Navarro\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-10-17 02:25:30 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-04-30 00:29:25 110592]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-05-19 20:00:06 217088]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-17 14:20:06 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"E:\\UT2004\\System\\UT2004.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"E:\\limewire\\LimeWire.exe"=
"E:\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-02-12 07:37]
R2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 14:58]
S3 SaiClass;SaiClass;C:\WINDOWS\system32\drivers\SaiNtBus.sys [2003-04-10 12:41]
S3 SaiNtHid;SaiNtHid;C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys [2003-04-10 12:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 03:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 19:01:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-04-10 19:02:41
ComboFix-quarantined-files.txt 2008-04-11 00:02:34
ComboFix2.txt 2008-04-10 03:05:23
Pre-Run: 675,426,304 bytes free
Post-Run: 670,367,744 bytes free
.
2008-04-09 03:02:07 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:44 PM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] E:\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133760249607
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{347BA074-14DC-4790-80C1-23503480E791}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{347BA074-14DC-4790-80C1-23503480E791}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{347BA074-14DC-4790-80C1-23503480E791}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8406 bytes


Thursday, April 10, 2008 10:11:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/04/2008
Kaspersky Anti-Virus database records: 696523


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 88880
Number of viruses found 32
Number of infected objects 108
Number of suspicious objects 26
Duration of the scan process 01:45:05

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\NELSON~1\LOCALS~1\Temp\fiefahqu.exe/data0000.bin Infected: Trojan-Spy.Win32.Agent.ir skipped

C:\Deckard\System Scanner\backup\DOCUME~1\NELSON~1\LOCALS~1\Temp\fiefahqu.exe EmbeddedEXE: infected - 1 skipped

C:\Deckard\System Scanner\backup\DOCUME~1\NELSON~1\LOCALS~1\Temp\fiefahqu.exe UPX: infected - 1 skipped

C:\Deckard\System Scanner\backup\WINDOWS\temp\~641542.tmp Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak3.zip/hcwprn.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak3.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer2.zip/install.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer2.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy17.zip/msexreg.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy17.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip/msexreg.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy32.zip/msexreg.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy32.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy47.zip/msexreg.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy47.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip/vxddsk.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp10.zip/kkcomp$.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp10.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp44.zip/amp2pl.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp44.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp9.zip/kkcomp.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp9.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindUpdates1.zip/AdTools.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindUpdates1.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMurloffrtk.zip/startdrv.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMurloffrtk.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMurloffrtk2.zip/startdrv.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMurloffrtk2.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Nelson Navarro\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Nelson Navarro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Nelson Navarro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Nelson Navarro\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Nelson Navarro\Local Settings\History\History.IE5\MSHist012008041020080411\index.dat Object is locked skipped

C:\Documents and Settings\Nelson Navarro\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Nelson Navarro\ntuser.dat Object is locked skipped

C:\Documents and Settings\Nelson Navarro\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\SBC Self Support Tool\log\mpbtn.log Object is locked skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\10.tmp Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\19.tmp Infected: Trojan-Downloader.JS.Inor.a skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\1B.tmp Infected: Trojan-Proxy.Win32.Agent.ry skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\1BE.tmp Infected: Trojan-Downloader.Win32.Small.asa skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\1BF.tmp Infected: Trojan-Proxy.Win32.Agent.df skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\1C.tmp Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\1C0.tmp Infected: Packed.Win32.Tibs.dm skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\1C1.tmp/mbkwnst.exe/data0002/data0002 Infected: not-a-virus:AdWare.Win32.MBKWBar.a skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\1C1.tmp/mbkwnst.exe/data0002 Infected: not-a-virus:AdWare.Win32.MBKWBar.a skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\1C1.tmp/mbkwnst.exe Infected: not-a-virus:AdWare.Win32.MBKWBar.a skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\1C1.tmp CAB: infected - 3 skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\1C1.tmp CryptFF.b: infected - 3 skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\1D.tmp Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\36.tmp/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\36.tmp/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\36.tmp/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.f skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\36.tmp/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\36.tmp/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\36.tmp NSIS: infected - 5 skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\36.tmp CryptFF.b: infected - 5 skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\37.tmp Infected: Trojan-Downloader.Win32.Small.gfo skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\38.tmp Infected: Trojan-Downloader.Win32.Small.bzm skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\3B.tmp Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\3D.tmp Infected: Packed.Win32.Tibs.ap skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\3E.tmp Infected: Trojan.Win32.BHO.gv skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\43.tmp Infected: Trojan-Spy.Win32.KeyLogger.rp skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\44.tmp Infected: Trojan.Win32.Obfuscated.gx skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\46.tmp Infected: Trojan-Downloader.Win32.Agent.euu skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\47.tmp Infected: Trojan.Win32.Obfuscated.gx skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\49.tmp Infected: Trojan-Downloader.Win32.Zlob.edm skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\4A.tmp Infected: Trojan.Win32.Obfuscated.gx skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\4B.tmp Infected: Trojan.Win32.Obfuscated.gx skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\4C.tmp Infected: Trojan-Downloader.Win32.Zlob.edm skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\4E.tmp Infected: Trojan-Downloader.Win32.Agent.fke skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\6.tmp Infected: Trojan-Downloader.Win32.Agent.gbh skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\7.tmp Infected: Trojan-Downloader.Win32.Agent.gbh skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\8.tmp Infected: Trojan-Downloader.Win32.Agent.gbh skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\9.tmp Infected: Trojan-Downloader.Win32.Agent.gbh skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A.tmp Infected: Trojan-Downloader.Win32.Agent.gbh skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0132291.sys Infected: Packed.Win32.Tibs.ap skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0149378.sys Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0149408.sys Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0149427.sys Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0150444.sys Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0152507.sys Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0152537.sys Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0152606.sys Infected: Packed.Win32.Tibs.ap skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0152607.dll Infected: Trojan.Win32.BHO.gv skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0153629.sys Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0155646.sys Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0155672.sys Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0155935.exe Infected: Trojan-Spy.Win32.Zbot.bq skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0157185.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0157186.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\A0162097.exe Infected: Trojan-Downloader.Win32.Agent.euu skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\B.tmp Infected: Trojan-Downloader.Win32.Agent.gbh skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\C.tmp Infected: Trojan-Downloader.Win32.Agent.gbh skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\csrss.exe Infected: Trojan-Downloader.Win32.Agent.gbh skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\D.tmp Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\E.tmp Infected: Trojan-Downloader.Win32.Agent.gbh skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\F.tmp Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\ip6fw.sys Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\ip6fw_13c.VIR Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\ip6fw_1b0.VIR Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\ip6fw_694.VIR Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\ip6fw_6b8.VI0 Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\ip6fw_6b8.VIR Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\ip6fw_6cc.VIR Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\ip6fw_700.VIR Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\ip6fw_784.VIR Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\ip6fw_c0.VIR Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\ip6fw_d4.VIR Infected: Trojan-Downloader.Win32.Agent.acl skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\ntos.exe Infected: Trojan-Spy.Win32.Zbot.bq skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\runtime.sys Infected: Trojan-Downloader.Win32.Agent.dpe skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\runtime_150.VIR Infected: Trojan-Downloader.Win32.Agent.dpe skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\runtime_2f8.VIR Infected: Trojan-Downloader.Win32.Agent.dpe skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\runtime_318.VIR Infected: Trojan-Downloader.Win32.Agent.dpe skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\runtime_66c.VIR Infected: Trojan-Downloader.Win32.Agent.dpe skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\runtime_6c4.VIR Infected: Trojan-Downloader.Win32.Agent.dpe skipped

C:\Program Files\Trend Micro\Internet Security\Quarantine\runtime_704.VIR Infected: Trojan-Downloader.Win32.Agent.dpe skipped

C:\Program Files\Trend Micro\Internet Security\Trusted.dat Object is locked skipped

C:\QooBox\Quarantine\C\Program Files\Lcbogcyt2\bb.exe.vir Infected: not-virus:Hoax.Win32.Renos.asa skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\runtime2.sys.vir Infected: Rootkit.Win32.Agent.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\pgd.dll.vir Infected: Trojan.Win32.BHO.afz skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{A7DED935-46BD-4B0F-8459-A2297D3D01AD}\RP891\A0164194.exe Infected: not-virus:Hoax.Win32.Renos.asa skipped

C:\System Volume Information\_restore{A7DED935-46BD-4B0F-8459-A2297D3D01AD}\RP891\A0164236.dll Infected: Trojan.Win32.Obfuscated.kj skipped

C:\System Volume Information\_restore{A7DED935-46BD-4B0F-8459-A2297D3D01AD}\RP894\A0164327.dll Infected: Trojan.Win32.Obfuscated.kj skipped

C:\System Volume Information\_restore{A7DED935-46BD-4B0F-8459-A2297D3D01AD}\RP895\A0164443.dll Infected: Trojan.Win32.BHO.afz skipped

C:\System Volume Information\_restore{A7DED935-46BD-4B0F-8459-A2297D3D01AD}\RP896\A0164593.exe Infected: not-virus:Hoax.Win32.Renos.asa skipped

C:\System Volume Information\_restore{A7DED935-46BD-4B0F-8459-A2297D3D01AD}\RP896\A0164594.sys Infected: Rootkit.Win32.Agent.jp skipped

C:\System Volume Information\_restore{A7DED935-46BD-4B0F-8459-A2297D3D01AD}\RP896\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{6405205E-99C2-472A-A959-9B7BE5F52436}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

E:\antivirus\Quarantine\05DD64DC Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\antivirus\Quarantine\11E20FF6 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\antivirus\Quarantine\152B7FFD Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\antivirus\Quarantine\174A5041 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\antivirus\Quarantine\1D463DCA Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\antivirus\Quarantine\24364E48 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\antivirus\Quarantine\26B543EC Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\antivirus\Quarantine\33340AD6 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\antivirus\Quarantine\3D020641 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\antivirus\Quarantine\3F932C78 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\antivirus\Quarantine\43AE1453 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\antivirus\Quarantine\4B92759F Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\antivirus\Quarantine\4E39250B Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\antivirus\Quarantine\6B15189E Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\antivirus\Quarantine\7ED21393 Infected: not-a-virus:AdWare.Win32.Wintol.p skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{A7DED935-46BD-4B0F-8459-A2297D3D01AD}\RP896\change.log Object is locked skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\System Volume Information\_restore{A7DED935-46BD-4B0F-8459-A2297D3D01AD}\RP896\change.log Object is locked skipped

Scan process completed.

Edited by navson, 10 April 2008 - 10:50 PM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:05 PM

Posted 11 April 2008 - 01:02 AM

Whew! Thanks for the color coded logs, but let's stick with black and white. :thumbsup:
Your logs looks pretty good to me. How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 navson

navson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 11 April 2008 - 11:54 PM

Hey sam sorry about the whole color thing. I think I got a little too anal about this process.Well the good news is looks like everything is good.My task manager is working again and my computer resources are back to normal. I appreciate all your help and I will be making a donation for all your help. Just a few questions I had, one thing that still stands out is that all my desk top icons have grey boxes on the names. Not sure if this means anything. If you know of any settings I should adjust to help me run smoother, I would love to know. Also If there are any other threads I should read that would help me protect my computer in the future. I know you might not specialize in this type of question but I have my operating system on its own partition but when I made this partition I made it only 10 gb. Is that enough for an OS running sp2? I know there might be threads with these anwsers if you know of any just lead me in the right direction.
Thanks Again
Navson

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:05 PM

Posted 12 April 2008 - 03:52 PM

Let's try this for your desktop icons.

Right click on any empty space on your desktop and select Properties.
Select the Appearance tab and then click on the Effects button.
Put a check next to "Show shadows under menus"
Also check "Use the following method to smooth edges of screen fonts" and select "Clear Type"

As I understand it, 10gb should be plenty of space to operate Windows XP on its own partition.
You can always check with the experts over at the XP forum here to see if they can offer additional insight.

http://www.bleepingcomputer.com/forums/ind...amp;s=&f=56


As far as protecting your computer from malware going forward, here are some final steps and suggestions for you.

First, your log shows that you don't have the recovery console installed.
Check this link for more info on the recovery console and how to get it installed.
http://www.bleepingcomputer.com/tutorials/how-to-install-the-windows-xp-recovery-console/


===================



Next, let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

    • Posted Image
  • When shown the disclaimer, Select "2"
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.


==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :blink:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 navson

navson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 13 April 2008 - 04:06 PM

Hey sam I followed the rest of your directions and my computer is running like a dream. Thanks for all the help. I thought my computer was a goner. I made a donation to you guys and I can not thank you enough for your help. I am so glad I found your site. :thumbsup:

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:05 PM

Posted 13 April 2008 - 04:26 PM

Thanks for the donation. It is greatly appreciated.

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users