Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probable Vundo infection - Help needed


  • This topic is locked This topic is locked
7 replies to this topic

#1 olidavies

olidavies

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 10 January 2009 - 09:08 AM

Hi, a couple of days ago I started getting a blue stop screen error on startup (Error number 0x8E, beginning physical memory dump, physical memory dump complete). I managed to stop this from happening by starting in safe mode and deselecting all the startup programs. This only seems to have been a temporary cure though as I now get Firefox popups and McAfee saying that I have the Vundo trojan. I've tried running a number of programs recommended on these forums (malwarebytes etc) but don't seem able to shift the problem on my own - so I'm turning to you for help!


DDS (Ver_09-01-07.01) - NTFSx86
Run by Frankie and Oli at 14:05:33.20 on 10/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.495 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
c:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Frankie and Oli\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell.co.uk/myway
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: ggnjly.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\franki~1\applic~1\mozilla\firefox\profiles\onactsvx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - component: c:\documents and settings\frankie and oli\application data\mozilla\firefox\profiles\onactsvx.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\frankie and oli\application data\mozilla\firefox\profiles\onactsvx.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\documents and settings\frankie and oli\application data\mozilla\firefox\profiles\onactsvx.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {FB43650E-F7EC-42DE-9BC8-866237F39D3C} - c:\windows\system32\config\systemprofile\local settings\application data\{fb43650e-f7ec-42de-9bc8-866237f39d3c}\

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-17 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-17 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-17 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-17 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-17 40488]
R3 VBus;Virtual Bus;c:\windows\system32\drivers\NkVBus.sys [2005-6-17 17664]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-23 359248]
R4 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2007-2-17 144704]
R4 NkPtpEnumP2;NkPtpEnumP2;c:\program files\nikon\wireless camera setup utility\NkPtpEnum.exe [2005-6-17 24064]
R4 Seagate Sync Service;Seagate Sync Service;c:\program files\seagate\sync\SeaSyncServices.exe [2007-1-18 24120]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-17 33832]

=============== Created Last 30 ================

2009-01-10 13:27 <DIR> --d----- c:\docume~1\franki~1\applic~1\Uniblue
2009-01-10 13:27 <DIR> --d----- c:\program files\Uniblue
2009-01-10 13:26 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-10 13:24 <DIR> --d----- C:\virus
2009-01-08 23:12 250 a------- c:\windows\gmer.ini
2009-01-08 20:48 <DIR> --d----- C:\nup
2009-01-08 20:38 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-01-08 20:35 <DIR> --d----- c:\program files\trend micro
2009-01-08 19:17 1,254,442 ---sh--- c:\windows\system32\csstnrfe.ini
2009-01-08 19:14 139,264 a------- c:\windows\system32\wstvwuqp.dll
2009-01-08 19:10 <DIR> --d----- c:\docume~1\franki~1\applic~1\Malwarebytes
2009-01-08 19:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-08 19:10 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-08 19:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 19:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-07 22:53 <DIR> --d----- C:\VundoFix Backups
2009-01-07 22:44 <DIR> --d----- c:\program files\Registry Easy
2009-01-07 20:08 516,096 -------- c:\windows\system32\ati2sgag.exe
2009-01-07 20:07 <DIR> --d----- c:\program files\MultiRes
2009-01-07 20:06 451,072 a------- c:\windows\Radeon Omega Drivers v3.8.252 Uninstall.exe
2009-01-07 20:06 <DIR> --d----- c:\program files\Radeon Omega Drivers
2009-01-07 19:34 <DIR> --d----- c:\program files\Driver Cleaner Pro
2009-01-07 19:18 <DIR> --d----- c:\program files\CCleaner
2009-01-07 19:00 <DIR> --d----- c:\windows\pss
2009-01-06 19:58 664 a------- c:\windows\system32\d3d9caps.dat
2008-12-30 19:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nokia
2008-12-30 18:44 26,112 a------- c:\windows\system32\drivers\usbser.sys
2008-12-30 18:44 26,112 a------- c:\windows\system32\dllcache\usbser.sys
2008-12-30 18:44 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-30 18:44 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-30 18:37 <DIR> --d----- c:\program files\common files\PCSuite
2008-12-30 18:37 <DIR> --d----- c:\program files\common files\Nokia
2008-12-30 18:37 21,632 a------- c:\windows\system32\drivers\pccsmcfd.sys
2008-12-30 18:36 <DIR> --d----- c:\program files\PC Connectivity Solution
2008-12-30 18:36 8,064 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-12-30 18:36 8,064 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-30 18:36 20,864 a------- c:\windows\system32\drivers\ccdcmbo.sys
2008-12-30 18:36 1,419,232 a------- c:\windows\system32\wdfcoinstaller01005.dll
2008-12-30 18:36 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2008-12-30 18:36 17,536 a------- c:\windows\system32\drivers\ccdcmb.sys
2008-12-30 18:36 90,624 a------- c:\windows\system32\nmwcdcls.dll
2008-12-30 18:36 <DIR> --d----- c:\program files\Nokia
2008-12-23 21:31 <DIR> --d----- c:\program files\Seagate
2008-12-23 21:28 <DIR> --d----- c:\docume~1\franki~1\applic~1\Ceedo
2008-12-13 19:07 45,132 -------- c:\docume~1\franki~1\applic~1\JuniperExtXP.exe
2008-12-13 13:38 <DIR> --d----- c:\windows\system32\IOSUBSYS

==================== Find3M ====================

2008-12-21 11:10 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2008-12-13 06:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-07 09:18 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-17 20:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-10-29 19:48 52,224 a------- c:\windows\ipuninst.exe
2008-10-24 11:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2007-02-11 09:49 32 a----r-- c:\documents and settings\all users\hash.dat
2008-07-09 19:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070920080710\index.dat

============= FINISH: 14:06:40.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:07 PM

Posted 10 January 2009 - 10:53 AM

Hello Olidavies and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 olidavies

olidavies
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 10 January 2009 - 11:39 AM

Thanks - Here's the Goored log:

GooredFix v1.8 by jpshortstuff
Log created at 16:24 on 10/01/2009 running Option #2 (Frankie and Oli)
Firefox version 3.0.5 (en-GB)

=====Goored Deletions=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

And here's the combofix log:

ComboFix 09-01-09.03 - Frankie and Oli 2009-01-10 16:30:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.588 [GMT 0:00]
Running from: c:\documents and settings\Frankie and Oli\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\csstnrfe.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
.

2009-01-10 13:27 . 2009-01-10 13:27 <DIR> d-------- c:\program files\Uniblue
2009-01-10 13:27 . 2009-01-10 13:27 <DIR> d-------- c:\documents and settings\Frankie and Oli\Application Data\Uniblue
2009-01-10 13:26 . 2009-01-10 13:27 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-10 13:24 . 2009-01-10 13:24 <DIR> d-------- C:\virus
2009-01-08 23:12 . 2009-01-10 13:14 250 --a------ c:\windows\gmer.ini
2009-01-08 20:48 . 2009-01-08 20:48 <DIR> d-------- C:\nup
2009-01-08 20:38 . 2009-01-08 20:40 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-08 20:35 . 2009-01-08 20:35 <DIR> d-------- C:\rsit
2009-01-08 20:35 . 2009-01-08 20:35 <DIR> d-------- c:\program files\trend micro
2009-01-08 19:10 . 2009-01-08 19:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 19:10 . 2009-01-08 19:10 <DIR> d-------- c:\documents and settings\Frankie and Oli\Application Data\Malwarebytes
2009-01-08 19:10 . 2009-01-08 19:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-08 19:10 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-08 19:10 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-07 22:53 . 2009-01-07 22:53 <DIR> d-------- C:\VundoFix Backups
2009-01-07 22:44 . 2009-01-07 22:52 <DIR> d-------- c:\program files\Registry Easy
2009-01-07 20:08 . 2004-09-15 21:10 516,096 --------- c:\windows\SYSTEM32\ati2sgag.exe
2009-01-07 20:07 . 2009-01-07 20:07 <DIR> d-------- c:\program files\MultiRes
2009-01-07 20:06 . 2009-01-07 20:06 <DIR> d-------- c:\program files\Radeon Omega Drivers
2009-01-07 20:06 . 2009-01-07 20:06 451,072 --a------ c:\windows\Radeon Omega Drivers v3.8.252 Uninstall.exe
2009-01-07 19:34 . 2009-01-07 19:54 <DIR> d-------- c:\program files\Driver Cleaner Pro
2009-01-07 19:18 . 2009-01-07 19:18 <DIR> d-------- c:\program files\CCleaner
2009-01-07 18:56 . 2009-01-07 18:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-01-07 18:54 . 2005-04-04 14:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2009-01-07 18:54 . 2005-04-04 14:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic
2009-01-07 18:54 . 2005-04-04 14:50 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-01-07 18:54 . 2005-04-04 14:48 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Creative
2009-01-07 18:54 . 2009-01-07 18:54 <DIR> d-------- c:\documents and settings\Administrator
2009-01-06 19:58 . 2009-01-07 22:51 664 --a------ c:\windows\SYSTEM32\d3d9caps.dat
2008-12-30 19:39 . 2008-12-30 19:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia
2008-12-30 18:44 . 2008-04-13 19:45 26,112 --a------ c:\windows\SYSTEM32\DRIVERS\usbser.sys
2008-12-30 18:44 . 2008-04-13 19:45 26,112 --a------ c:\windows\SYSTEM32\DLLCACHE\usbser.sys
2008-12-30 18:44 . 2008-12-30 18:44 0 --ah----- c:\windows\SYSTEM32\DRIVERS\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-30 18:44 . 2008-12-30 18:44 0 --ah----- c:\windows\SYSTEM32\DRIVERS\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-30 18:39 . 2008-12-30 18:44 <DIR> d-------- c:\documents and settings\Frankie and Oli\Application Data\PC Suite
2008-12-30 18:39 . 2008-12-30 19:30 <DIR> d-------- c:\documents and settings\Frankie and Oli\Application Data\Nokia
2008-12-30 18:39 . 2008-12-30 18:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2008-12-30 18:37 . 2008-12-30 18:37 <DIR> d-------- c:\program files\DIFX
2008-12-30 18:37 . 2008-12-30 18:37 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-30 18:37 . 2008-12-30 19:50 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-30 18:37 . 2007-09-17 15:53 21,632 --a------ c:\windows\SYSTEM32\DRIVERS\pccsmcfd.sys
2008-12-30 18:36 . 2008-12-30 18:36 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-12-30 18:36 . 2008-12-30 19:50 <DIR> d-------- c:\program files\Nokia
2008-12-30 18:36 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\SYSTEM32\wdfcoinstaller01005.dll
2008-12-30 18:36 . 2008-05-07 07:38 659,968 --a------ c:\windows\SYSTEM32\nmwcdcocls.dll
2008-12-30 18:36 . 2008-05-07 07:38 90,624 --a------ c:\windows\SYSTEM32\nmwcdcls.dll
2008-12-30 18:36 . 2008-05-07 07:38 20,864 --a------ c:\windows\SYSTEM32\DRIVERS\ccdcmbo.sys
2008-12-30 18:36 . 2008-05-07 07:38 17,536 --a------ c:\windows\SYSTEM32\DRIVERS\ccdcmb.sys
2008-12-30 18:36 . 2008-05-07 07:38 8,064 --a------ c:\windows\SYSTEM32\DRIVERS\usbser_lowerfltj.sys
2008-12-30 18:36 . 2008-06-06 09:24 8,064 --a------ c:\windows\SYSTEM32\DRIVERS\usbser_lowerflt.sys
2008-12-30 18:32 . 2008-12-30 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2008-12-23 21:31 . 2008-12-23 21:31 <DIR> d-------- c:\program files\Seagate
2008-12-23 21:28 . 2008-12-23 21:28 <DIR> d-------- c:\documents and settings\Frankie and Oli\Application Data\Ceedo
2008-12-13 19:07 . 2008-12-13 19:07 45,132 --------- c:\documents and settings\Frankie and Oli\Application Data\JuniperExtXP.exe
2008-12-13 13:38 . 2008-12-13 13:38 <DIR> d-------- c:\windows\SYSTEM32\IOSUBSYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 16:33 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-01-07 20:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-07 19:47 --------- d-----w c:\documents and settings\Frankie and Oli\Application Data\ATI
2008-12-21 11:10 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-12-16 23:03 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-12-16 18:13 --------- d-----w c:\program files\World of Warcraft
2008-12-13 19:08 --------- d-----w c:\documents and settings\Frankie and Oli\Application Data\Juniper Networks
2008-12-13 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\Juniper Networks
2008-12-13 13:37 --------- d-----w c:\program files\Google
2008-12-13 00:28 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-12-08 23:11 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-12-07 09:17 --------- d-----w c:\program files\Java
2008-11-30 09:31 --------- d-----w c:\program files\iTunes
2008-11-30 09:31 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 09:30 --------- d-----w c:\program files\iPod
2008-11-30 09:30 --------- d-----w c:\program files\Common Files\Apple
2008-11-30 09:27 --------- d-----w c:\program files\QuickTime
2008-11-29 19:08 --------- d-----w c:\program files\Kontiki
2008-11-29 19:08 --------- d-----w c:\program files\Channel4
2008-11-29 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\Channel4
2008-10-29 19:48 52,224 ----a-w c:\windows\ipuninst.exe
2007-02-11 09:49 32 ----a-r c:\documents and settings\All Users\hash.dat
2008-07-09 19:04 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008070920080710\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ggnjly.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2008-01-25 10:08 1032376 c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-09-14 01:50 1603152 c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-10-26 01:10 652624 c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a------ 2003-06-18 00:00 45056 c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 09:43 57344 c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 14:57 133016 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 10:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 00:05 127035 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-27 00:02 86016 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-10-12 15:54 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
--a------ 2006-03-22 23:13 1591808 c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2004-06-29 10:23 135168 c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 19:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2008-01-25 10:08 1032376 c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 18:12 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 00:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
--a------ 2007-01-18 14:20 190008 c:\program files\Seagate\SystemTray\StxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-07 09:18 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
--a------ 2008-08-26 16:48 2019624 c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a------ 2006-02-22 01:05 344064 c:\windows\SYSTEM32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2004-03-11 08:50 28672 c:\windows\SYSTEM32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 VBus;Virtual Bus;c:\windows\SYSTEM32\DRIVERS\NkVBus.sys [2005-06-17 17664]
R4 NkPtpEnumP2;NkPtpEnumP2;c:\program files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe [2005-06-17 24064]
R4 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03423a0-d136-11dd-a850-001111799a21}]
\Shell\AutoRun\command - F:\Autorun.exe /run
\Shell\Shell00\Command - F:\Autorun.exe /run
\Shell\Shell01\Command - F:\Autorun.exe /action
\Shell\Shell02\Command - F:\Autorun.exe /uninstall
.
Contents of the 'Scheduled Tasks' folder

2008-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-02-17 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2007-02-17 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-10 c:\windows\Tasks\ojqqioqr.job
- c:\windows\system32\rundll32.exe [2008-04-14 00:12]

2009-01-07 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-01-05 18:14]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-a8f1c755 - c:\windows\system32\korqsuox.dll
MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
MSConfigStartUp-Ceedo AutoDetect - c:\docume~1\FRANKI~1\LOCALS~1\Temp\AutoDetect.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.co.uk/myway
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Frankie and Oli\Application Data\Mozilla\Firefox\Profiles\onactsvx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - component: c:\documents and settings\Frankie and Oli\Application Data\Mozilla\Firefox\Profiles\onactsvx.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Frankie and Oli\Application Data\Mozilla\Firefox\Profiles\onactsvx.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\documents and settings\Frankie and Oli\Application Data\Mozilla\Firefox\Profiles\onactsvx.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 16:35:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1814754977-4133968167-2660383756-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1d,f9,1e,de,1f,38,af,37,9e,dc,01,20,1e,85,0b,6b,1a,80,f6,4c,7c,a4,bd,
e5,3f,de,ba,6d,3b,a8,53,3c,82,bf,db,c3,dd,16,2b,12,16,21,0a,89,e0,d3,53,e1,\
"??"=hex:7a,27,14,9d,85,f6,15,95,ef,00,65,99,40,38,7b,5b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Neoteris\Installer Service\NeoterisSetupService.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-01-10 16:40:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-10 16:40:52

Pre-Run: 49,213,472,768 bytes free
Post-Run: 49,104,236,544 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
311 --- E O F --- 2008-12-18 23:20:30

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:07 PM

Posted 10 January 2009 - 12:45 PM

Hello Olidavies,

Did you create the folder C:\Virus yourself ?

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
c:\windows\Tasks\ojqqioqr.job
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03423a0-d136-11dd-a850-001111799a21}]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 olidavies

olidavies
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 10 January 2009 - 01:14 PM

Ha ha, yes I did create that folder - to store all my stuff regarding this in. Didn't think at the time that it might be a bit confusing! I've deleted viewpoint now - thanks for the tip.

Here's the new combofix log:

ComboFix 09-01-09.03 - Frankie and Oli 2009-01-10 17:56:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.555 [GMT 0:00]
Running from: c:\documents and settings\Frankie and Oli\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Frankie and Oli\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
* Resident AV is active


FILE ::
c:\windows\Tasks\ojqqioqr.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\ojqqioqr.job

.
((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
.

2009-01-10 13:27 . 2009-01-10 13:27 <DIR> d-------- c:\program files\Uniblue
2009-01-10 13:27 . 2009-01-10 13:27 <DIR> d-------- c:\documents and settings\Frankie and Oli\Application Data\Uniblue
2009-01-10 13:26 . 2009-01-10 13:27 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-10 13:24 . 2009-01-10 13:24 <DIR> d-------- C:\virus
2009-01-08 23:12 . 2009-01-10 13:14 250 --a------ c:\windows\gmer.ini
2009-01-08 20:48 . 2009-01-08 20:48 <DIR> d-------- C:\nup
2009-01-08 20:38 . 2009-01-08 20:40 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-08 20:35 . 2009-01-08 20:35 <DIR> d-------- C:\rsit
2009-01-08 20:35 . 2009-01-08 20:35 <DIR> d-------- c:\program files\trend micro
2009-01-08 19:10 . 2009-01-08 19:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 19:10 . 2009-01-08 19:10 <DIR> d-------- c:\documents and settings\Frankie and Oli\Application Data\Malwarebytes
2009-01-08 19:10 . 2009-01-08 19:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-08 19:10 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-08 19:10 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-07 22:53 . 2009-01-07 22:53 <DIR> d-------- C:\VundoFix Backups
2009-01-07 22:44 . 2009-01-07 22:52 <DIR> d-------- c:\program files\Registry Easy
2009-01-07 20:08 . 2004-09-15 21:10 516,096 --------- c:\windows\SYSTEM32\ati2sgag.exe
2009-01-07 20:07 . 2009-01-07 20:07 <DIR> d-------- c:\program files\MultiRes
2009-01-07 20:06 . 2009-01-07 20:06 <DIR> d-------- c:\program files\Radeon Omega Drivers
2009-01-07 20:06 . 2009-01-07 20:06 451,072 --a------ c:\windows\Radeon Omega Drivers v3.8.252 Uninstall.exe
2009-01-07 19:34 . 2009-01-07 19:54 <DIR> d-------- c:\program files\Driver Cleaner Pro
2009-01-07 19:18 . 2009-01-07 19:18 <DIR> d-------- c:\program files\CCleaner
2009-01-07 18:56 . 2009-01-07 18:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-01-07 18:54 . 2005-04-04 14:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2009-01-07 18:54 . 2005-04-04 14:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic
2009-01-07 18:54 . 2005-04-04 14:50 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-01-07 18:54 . 2005-04-04 14:48 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Creative
2009-01-07 18:54 . 2009-01-07 18:54 <DIR> d-------- c:\documents and settings\Administrator
2009-01-06 19:58 . 2009-01-07 22:51 664 --a------ c:\windows\SYSTEM32\d3d9caps.dat
2008-12-30 19:39 . 2008-12-30 19:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia
2008-12-30 18:44 . 2008-04-13 19:45 26,112 --a------ c:\windows\SYSTEM32\DRIVERS\usbser.sys
2008-12-30 18:44 . 2008-04-13 19:45 26,112 --a------ c:\windows\SYSTEM32\DLLCACHE\usbser.sys
2008-12-30 18:44 . 2008-12-30 18:44 0 --ah----- c:\windows\SYSTEM32\DRIVERS\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-30 18:44 . 2008-12-30 18:44 0 --ah----- c:\windows\SYSTEM32\DRIVERS\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-30 18:39 . 2008-12-30 18:44 <DIR> d-------- c:\documents and settings\Frankie and Oli\Application Data\PC Suite
2008-12-30 18:39 . 2008-12-30 19:30 <DIR> d-------- c:\documents and settings\Frankie and Oli\Application Data\Nokia
2008-12-30 18:39 . 2008-12-30 18:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2008-12-30 18:37 . 2008-12-30 18:37 <DIR> d-------- c:\program files\DIFX
2008-12-30 18:37 . 2008-12-30 18:37 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-30 18:37 . 2008-12-30 19:50 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-30 18:37 . 2007-09-17 15:53 21,632 --a------ c:\windows\SYSTEM32\DRIVERS\pccsmcfd.sys
2008-12-30 18:36 . 2008-12-30 18:36 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-12-30 18:36 . 2008-12-30 19:50 <DIR> d-------- c:\program files\Nokia
2008-12-30 18:36 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\SYSTEM32\wdfcoinstaller01005.dll
2008-12-30 18:36 . 2008-05-07 07:38 659,968 --a------ c:\windows\SYSTEM32\nmwcdcocls.dll
2008-12-30 18:36 . 2008-05-07 07:38 90,624 --a------ c:\windows\SYSTEM32\nmwcdcls.dll
2008-12-30 18:36 . 2008-05-07 07:38 20,864 --a------ c:\windows\SYSTEM32\DRIVERS\ccdcmbo.sys
2008-12-30 18:36 . 2008-05-07 07:38 17,536 --a------ c:\windows\SYSTEM32\DRIVERS\ccdcmb.sys
2008-12-30 18:36 . 2008-05-07 07:38 8,064 --a------ c:\windows\SYSTEM32\DRIVERS\usbser_lowerfltj.sys
2008-12-30 18:36 . 2008-06-06 09:24 8,064 --a------ c:\windows\SYSTEM32\DRIVERS\usbser_lowerflt.sys
2008-12-30 18:32 . 2008-12-30 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2008-12-23 21:31 . 2008-12-23 21:31 <DIR> d-------- c:\program files\Seagate
2008-12-23 21:28 . 2008-12-23 21:28 <DIR> d-------- c:\documents and settings\Frankie and Oli\Application Data\Ceedo
2008-12-13 19:07 . 2008-12-13 19:07 45,132 --------- c:\documents and settings\Frankie and Oli\Application Data\JuniperExtXP.exe
2008-12-13 13:38 . 2008-12-13 13:38 <DIR> d-------- c:\windows\SYSTEM32\IOSUBSYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-01-07 20:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-07 19:47 --------- d-----w c:\documents and settings\Frankie and Oli\Application Data\ATI
2008-12-21 11:10 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-12-16 23:03 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-12-16 18:13 --------- d-----w c:\program files\World of Warcraft
2008-12-13 19:08 --------- d-----w c:\documents and settings\Frankie and Oli\Application Data\Juniper Networks
2008-12-13 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\Juniper Networks
2008-12-13 13:37 --------- d-----w c:\program files\Google
2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-13 00:28 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-12-08 23:11 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-12-07 09:18 410,984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2008-12-07 09:17 --------- d-----w c:\program files\Java
2008-11-30 09:31 --------- d-----w c:\program files\iTunes
2008-11-30 09:31 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 09:30 --------- d-----w c:\program files\iPod
2008-11-30 09:30 --------- d-----w c:\program files\Common Files\Apple
2008-11-30 09:27 --------- d-----w c:\program files\QuickTime
2008-11-29 19:08 --------- d-----w c:\program files\Kontiki
2008-11-29 19:08 --------- d-----w c:\program files\Channel4
2008-11-29 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\Channel4
2008-11-17 20:04 2,306,113 ----a-w c:\windows\SYSTEM32\GPhotos.scr
2008-10-29 19:48 52,224 ----a-w c:\windows\ipuninst.exe
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\SYSTEM32\WUPS.DLL
2008-10-16 14:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2007-02-11 09:49 32 ----a-r c:\documents and settings\All Users\hash.dat
2008-07-09 19:04 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008070920080710\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-10_16.39.30.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-10 12:56:32 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2009-01-10 17:43:59 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2009-01-10 12:56:32 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-10 17:43:59 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-10 12:56:32 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-10 17:43:59 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2008-01-25 10:08 1032376 c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-09-14 01:50 1603152 c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-10-26 01:10 652624 c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a------ 2003-06-18 00:00 45056 c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 09:43 57344 c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 14:57 133016 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 10:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 00:05 127035 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-27 00:02 86016 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-10-12 15:54 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
--a------ 2006-03-22 23:13 1591808 c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2004-06-29 10:23 135168 c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 19:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2008-01-25 10:08 1032376 c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 18:12 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 00:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
--a------ 2007-01-18 14:20 190008 c:\program files\Seagate\SystemTray\StxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-07 09:18 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
--a------ 2008-08-26 16:48 2019624 c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a------ 2006-02-22 01:05 344064 c:\windows\SYSTEM32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2004-03-11 08:50 28672 c:\windows\SYSTEM32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 VBus;Virtual Bus;c:\windows\SYSTEM32\DRIVERS\NkVBus.sys [2005-06-17 17664]
R4 NkPtpEnumP2;NkPtpEnumP2;c:\program files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe [2005-06-17 24064]
R4 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
.
Contents of the 'Scheduled Tasks' folder

2008-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-02-17 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2007-02-17 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-07 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-01-05 18:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.co.uk/myway
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Frankie and Oli\Application Data\Mozilla\Firefox\Profiles\onactsvx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - component: c:\documents and settings\Frankie and Oli\Application Data\Mozilla\Firefox\Profiles\onactsvx.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Frankie and Oli\Application Data\Mozilla\Firefox\Profiles\onactsvx.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\documents and settings\Frankie and Oli\Application Data\Mozilla\Firefox\Profiles\onactsvx.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 17:59:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1814754977-4133968167-2660383756-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1d,f9,1e,de,1f,38,af,37,9e,dc,01,20,1e,85,0b,6b,1a,80,f6,4c,7c,a4,bd,
e5,3f,de,ba,6d,3b,a8,53,3c,82,bf,db,c3,dd,16,2b,12,16,21,0a,89,e0,d3,53,e1,\
"??"=hex:7a,27,14,9d,85,f6,15,95,ef,00,65,99,40,38,7b,5b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-10 18:01:54
ComboFix-quarantined-files.txt 2009-01-10 18:01:51
ComboFix2.txt 2009-01-10 16:41:03

Pre-Run: 49,065,259,008 bytes free
Post-Run: 49,046,810,624 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
302 --- E O F --- 2008-12-18 23:20:30

By HijakThis log do you mean the DDS logs I posted in my first post. If so, here's an updated one. If not - sorry!



DDS (Ver_09-01-07.01) - NTFSx86
Run by Frankie and Oli at 18:10:02.46 on 10/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.414 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
c:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Frankie and Oli\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell.co.uk/myway
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\franki~1\applic~1\mozilla\firefox\profiles\onactsvx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - component: c:\documents and settings\frankie and oli\application data\mozilla\firefox\profiles\onactsvx.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\frankie and oli\application data\mozilla\firefox\profiles\onactsvx.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\documents and settings\frankie and oli\application data\mozilla\firefox\profiles\onactsvx.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-17 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-17 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-17 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-17 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-17 40488]
R3 VBus;Virtual Bus;c:\windows\system32\drivers\NkVBus.sys [2005-6-17 17664]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-23 359248]
R4 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2007-2-17 144704]
R4 NkPtpEnumP2;NkPtpEnumP2;c:\program files\nikon\wireless camera setup utility\NkPtpEnum.exe [2005-6-17 24064]
R4 Seagate Sync Service;Seagate Sync Service;c:\program files\seagate\sync\SeaSyncServices.exe [2007-1-18 24120]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-17 33832]

=============== Created Last 30 ================

2009-01-10 16:28 <DIR> a-dshr-- C:\cmdcons
2009-01-10 16:26 161,792 a------- c:\windows\SWREG.exe
2009-01-10 16:26 98,816 a------- c:\windows\sed.exe
2009-01-10 13:27 <DIR> --d----- c:\docume~1\franki~1\applic~1\Uniblue
2009-01-10 13:27 <DIR> --d----- c:\program files\Uniblue
2009-01-10 13:26 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-10 13:24 <DIR> --d----- C:\virus
2009-01-08 23:12 250 a------- c:\windows\gmer.ini
2009-01-08 20:48 <DIR> --d----- C:\nup
2009-01-08 20:38 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-01-08 20:35 <DIR> --d----- c:\program files\trend micro
2009-01-08 19:10 <DIR> --d----- c:\docume~1\franki~1\applic~1\Malwarebytes
2009-01-08 19:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-08 19:10 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-08 19:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 19:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-07 22:53 <DIR> --d----- C:\VundoFix Backups
2009-01-07 22:44 <DIR> --d----- c:\program files\Registry Easy
2009-01-07 20:08 516,096 -------- c:\windows\system32\ati2sgag.exe
2009-01-07 20:07 <DIR> --d----- c:\program files\MultiRes
2009-01-07 20:06 451,072 a------- c:\windows\Radeon Omega Drivers v3.8.252 Uninstall.exe
2009-01-07 20:06 <DIR> --d----- c:\program files\Radeon Omega Drivers
2009-01-07 19:34 <DIR> --d----- c:\program files\Driver Cleaner Pro
2009-01-07 19:18 <DIR> --d----- c:\program files\CCleaner
2009-01-07 19:00 <DIR> --d----- c:\windows\pss
2009-01-06 19:58 664 a------- c:\windows\system32\d3d9caps.dat
2008-12-30 19:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nokia
2008-12-30 18:44 26,112 a------- c:\windows\system32\drivers\usbser.sys
2008-12-30 18:44 26,112 a------- c:\windows\system32\dllcache\usbser.sys
2008-12-30 18:44 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-30 18:44 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-30 18:37 <DIR> --d----- c:\program files\common files\PCSuite
2008-12-30 18:37 <DIR> --d----- c:\program files\common files\Nokia
2008-12-30 18:37 21,632 a------- c:\windows\system32\drivers\pccsmcfd.sys
2008-12-30 18:36 <DIR> --d----- c:\program files\PC Connectivity Solution
2008-12-30 18:36 8,064 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-12-30 18:36 8,064 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-30 18:36 20,864 a------- c:\windows\system32\drivers\ccdcmbo.sys
2008-12-30 18:36 1,419,232 a------- c:\windows\system32\wdfcoinstaller01005.dll
2008-12-30 18:36 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2008-12-30 18:36 17,536 a------- c:\windows\system32\drivers\ccdcmb.sys
2008-12-30 18:36 90,624 a------- c:\windows\system32\nmwcdcls.dll
2008-12-30 18:36 <DIR> --d----- c:\program files\Nokia
2008-12-23 21:31 <DIR> --d----- c:\program files\Seagate
2008-12-23 21:28 <DIR> --d----- c:\docume~1\franki~1\applic~1\Ceedo
2008-12-13 19:07 45,132 -------- c:\docume~1\franki~1\applic~1\JuniperExtXP.exe
2008-12-13 13:38 <DIR> --d----- c:\windows\system32\IOSUBSYS

==================== Find3M ====================

2008-12-21 11:10 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2008-12-13 06:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-07 09:18 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-17 20:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-10-29 19:48 52,224 a------- c:\windows\ipuninst.exe
2008-10-24 11:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2007-02-11 09:49 32 a----r-- c:\documents and settings\all users\hash.dat
2008-07-09 19:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070920080710\index.dat

============= FINISH: 18:10:46.17 ===============

Attached Files



#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:07 PM

Posted 10 January 2009 - 02:03 PM

Hello Olidavies,

Your logs look fine now. :thumbsup:

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

No more problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 olidavies

olidavies
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 11 January 2009 - 04:15 AM

That's great - everything seems to be working much better now.

Thanks for all your help, and thanks to this site in general which has been really useful.

Cheers - hopefully I won't be back too soon!

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:07 PM

Posted 11 January 2009 - 06:40 AM

Glad we could help, Olidavies :thumbsup:

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users