Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot access windows update


  • This topic is locked This topic is locked
11 replies to this topic

#1 jboutbound

jboutbound

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 29 March 2010 - 11:36 AM

Hi, I seem to have caught something beyond amateur removal!

Main symptom is unable to access windows update at http://windowsupdate.microsoft.com
Behaves just as if I had no internet connection.
This using IE7, which can access any other site OK.

Chrome will not open any web pages at all.

Firefox seems fine (except for trying windows update when it does not get as far as the usual 'you need to use IE' message).

I'm also seeing a strange behaviour when entering passwords on any website, it always takes two attempts.

I've scanned repeatedly with several AV, malware, and spyware tools. which have found a few infections but removal has made no difference.

I attach the logs from dds and gmer as requested.

thanks for your time and help.

jb



DDS (Ver_10-03-17.01) - NTFSx86
Run by jb at 17:06:29.23 on 29/03/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.296 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe
C:\software\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail2web.com/login/
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\jb\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SlipStream] "c:\program files\onspeed\onspeedcore.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btvoya~1.lnk - c:\program files\bt voyager\bt voyager wireless\WLM.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267991819537
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jb\applic~1\mozilla\firefox\profiles\24tn51c1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\jb\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-29 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-29 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-29 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2008-11-17 16384]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-29 285392]
R3 PCMCIABTXP;BT Voyager 1020 Laptop Adapter;c:\windows\system32\drivers\BTNETXP.SYS [2010-2-8 77952]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\eappkt.sys --> c:\windows\system32\drivers\EAPPkt.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-1-9 7680]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-13 38224]
S3 ne2000;Novell/Eagle NE2000 Adapter Driver;c:\windows\system32\drivers\ne2000.sys [2008-12-12 15872]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-11-22 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-11-22 8320]
S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys --> c:\windows\system32\drivers\RTL8187.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys --> c:\windows\system32\drivers\RTL8187.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-1-9 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-1-9 104960]
S4 OKI OPHK DCS Loader;OKI OPHK DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHKLDCS.EXE [2007-7-24 24576]

=============== Created Last 30 ================

2010-03-29 14:36:50 0 d--h--w- C:\$AVG
2010-03-29 14:36:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-29 14:36:33 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-29 14:36:25 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-29 14:36:10 0 d-----w- c:\windows\system32\drivers\Avg
2010-03-29 14:35:42 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-03-29 13:02:35 0 d-----w- c:\program files\common files\PC Tools
2010-03-29 12:05:33 0 d-----w- c:\docume~1\jb\applic~1\SlipStream
2010-03-29 08:51:15 0 d-----w- c:\program files\highjackthis
2010-03-29 08:37:16 0 d-----w- C:\VundoFix Backups
2010-03-13 11:19:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-13 11:19:30 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-13 11:19:30 0 d-----w- c:\docume~1\jb\applic~1\SUPERAntiSpyware.com
2010-03-13 11:18:57 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-13 11:12:06 0 d-----w- c:\docume~1\jb\applic~1\Malwarebytes
2010-03-13 11:12:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 11:12:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-13 11:11:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 11:11:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 19:14:59 0 d-----w- c:\windows\system32\MpEngineStore
2010-03-10 11:14:48 4054076 ----a-w- c:\windows\firewall log.log.old
2010-03-10 10:33:46 0 d-----w- c:\docume~1\jb\applic~1\JAM Software
2010-03-10 10:33:41 0 d-----w- c:\program files\TreeSize Professional
2010-03-10 10:29:09 0 d-----w- c:\program files\CCleaner
2010-03-09 18:36:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Sophos
2010-03-08 18:47:25 0 d-----w- c:\program files\AVG
2010-03-03 09:25:18 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-03 09:25:15 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-03-03 09:25:03 0 d-----w- c:\windows\Logs
2010-03-03 09:24:53 0 d-----w- c:\program files\Winamp Detect

==================== Find3M ====================

2010-03-05 00:29:19 14336 ----a-w- c:\windows\system32\svchost.exe
2010-02-10 17:31:09 69361 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2008-11-17 19:57:47 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111720081118\index.dat

============= FINISH: 17:07:58.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 tetonbob

tetonbob

  • Malware Response Team
  • 796 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 02 April 2010 - 12:22 PM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click "Options" at the upper right of the page, then click "Track this topic". Make sure it is set to "Immediate Email Notification", then click Proceed.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You can get help on disabling your protection programs here

Please include the C:\ComboFix.txt in your next reply for further review.




Practice Safe Surfing

Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015

#3 jboutbound

jboutbound
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 03 April 2010 - 05:44 AM

thanks for your help!

combofix log follows.

symptoms seem to have disappeared since running combo fix, so I am already very grateful! but I will await your further advice.

jb

ComboFix 10-04-01.02 - jb 03/04/2010 11:20:29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.399 [GMT 1:00]
Running from: c:\documents and settings\jb\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\AcAdProc.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCI


((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-03 09:52 . 2010-04-03 09:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-02 15:10 . 2010-04-02 15:10 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-02 15:10 . 2010-04-02 15:10 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-01 12:10 . 2010-04-01 12:11 -------- d-----w- c:\documents and settings\jb\Local Settings\Application Data\Mozilla
2010-04-01 11:00 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-31 12:07 . 2010-03-31 12:07 -------- d-----w- C:\$AVG
2010-03-31 11:49 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-31 11:48 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-30 17:10 . 2010-03-30 17:10 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-30 17:10 . 2010-03-30 17:10 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-30 17:10 . 2010-03-30 17:10 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-30 17:10 . 2010-03-30 17:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-30 17:08 . 2010-03-29 14:35 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-30 17:08 . 2010-03-29 14:35 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-29 14:36 . 2010-03-30 17:10 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-29 14:36 . 2010-03-30 17:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-29 14:36 . 2010-03-30 17:10 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-29 14:36 . 2010-04-03 09:47 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-29 14:35 . 2010-03-29 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-29 13:02 . 2010-03-29 13:02 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-29 12:05 . 2010-03-29 12:05 -------- d-----w- c:\documents and settings\jb\Application Data\SlipStream
2010-03-29 11:46 . 2010-03-29 11:46 -------- d-----w- c:\documents and settings\jb\Local Settings\Application Data\Threat Expert
2010-03-29 08:51 . 2010-03-29 08:51 388096 ----a-r- c:\documents and settings\jb\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-29 08:51 . 2010-03-29 08:51 -------- d-----w- c:\program files\highjackthis
2010-03-29 08:37 . 2010-03-29 08:37 -------- d-----w- C:\VundoFix Backups
2010-03-28 12:00 . 2010-03-28 12:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-13 17:42 . 2010-03-31 18:50 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-13 11:20 . 2010-03-13 11:20 52224 ----a-w- c:\documents and settings\jb\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-13 11:20 . 2010-03-31 12:03 117760 ----a-w- c:\documents and settings\jb\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-13 11:19 . 2010-03-13 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-13 11:19 . 2010-03-13 11:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-13 11:19 . 2010-03-13 11:19 -------- d-----w- c:\documents and settings\jb\Application Data\SUPERAntiSpyware.com
2010-03-13 11:18 . 2010-03-13 11:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-13 11:12 . 2010-03-13 11:12 -------- d-----w- c:\documents and settings\jb\Application Data\Malwarebytes
2010-03-13 11:12 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 11:12 . 2010-03-13 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-13 11:11 . 2010-03-13 11:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 11:11 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 19:14 . 2010-03-11 19:14 -------- d-----w- c:\windows\system32\MpEngineStore
2010-03-11 17:05 . 2010-04-02 16:07 0 ----a-w- c:\documents and settings\jb\Local Settings\Application Data\prvlcl.dat
2010-03-10 10:33 . 2010-03-10 10:33 -------- d-----w- c:\documents and settings\jb\Application Data\JAM Software
2010-03-10 10:33 . 2010-03-10 10:33 -------- d-----w- c:\program files\TreeSize Professional
2010-03-10 10:29 . 2010-03-10 10:29 -------- d-----w- c:\program files\CCleaner
2010-03-10 10:02 . 2010-03-10 10:02 -------- d-----w- c:\documents and settings\admin2\Application Data\SlipStream
2010-03-09 18:42 . 2010-03-09 18:42 -------- d-----w- c:\documents and settings\jb\Local Settings\Application Data\Sophos
2010-03-09 18:36 . 2010-03-09 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2010-03-08 18:47 . 2010-03-08 18:47 -------- d-----w- c:\program files\AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 09:52 . 2009-12-31 17:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-01 15:08 . 2004-08-04 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-01 12:13 . 2010-02-18 10:35 -------- d-----w- c:\program files\SeaMonkey
2010-04-01 12:01 . 2008-12-23 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-29 14:24 . 2008-12-23 12:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-28 10:39 . 2010-02-04 17:01 -------- d-----w- c:\documents and settings\jb\Application Data\Dropbox
2010-03-27 20:56 . 2008-11-20 12:58 -------- d-----w- c:\documents and settings\jb\Application Data\SlipStream.old
2010-03-11 12:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-08 10:51 . 2009-01-01 14:27 -------- d-----w- c:\documents and settings\jb\Application Data\Skype
2010-03-08 10:46 . 2009-01-01 14:28 -------- d-----w- c:\documents and settings\jb\Application Data\skypePM
2010-03-07 20:35 . 2008-12-23 12:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-05 00:29 . 2004-08-04 12:00 14336 ----a-w- c:\windows\system32\svchost.exe
2010-03-03 11:45 . 2010-02-04 17:01 91696 ----a-w- c:\documents and settings\jb\Application Data\Dropbox\bin\Uninstall.exe
2010-03-03 11:44 . 2010-03-03 11:44 13264416 ----a-w- c:\documents and settings\jb\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-03-03 09:34 . 2008-11-29 18:02 -------- d-----w- c:\program files\Winamp
2010-03-03 09:24 . 2010-03-03 09:24 -------- d-----w- c:\program files\Winamp Detect
2010-03-03 09:24 . 2008-11-29 18:02 -------- d-----w- c:\documents and settings\jb\Application Data\Winamp
2010-02-28 13:12 . 2008-11-20 13:41 -------- d-----w- c:\documents and settings\jb\Application Data\Nokia
2010-02-27 17:26 . 2010-02-25 21:41 -------- d-----w- c:\documents and settings\jb\Application Data\Spotify
2010-02-27 10:28 . 2008-11-20 13:41 -------- d-----w- c:\documents and settings\jb\Application Data\PC Suite
2010-02-26 18:18 . 2008-11-21 14:06 -------- d-----w- c:\documents and settings\jb\Application Data\FileZilla
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\jb\Application Data\Dropbox\bin\Dropbox.exe
2010-02-26 00:46 . 2010-02-24 11:29 -------- d-----w- c:\documents and settings\jb\Application Data\vlc
2010-02-25 21:41 . 2010-02-25 21:41 -------- d-----w- c:\program files\Spotify
2010-02-25 21:27 . 2009-12-29 14:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-25 21:27 . 2010-03-10 09:45 38784 ----a-w- c:\documents and settings\admin2\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-25 21:27 . 2009-12-29 14:41 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-10 17:37 . 2010-02-10 17:33 13432816 ----a-w- c:\documents and settings\All Users\Application Data\Birdstep Technology\EasyConnect\Update\3UK_2.7.0.77_AUP_Huawei.exe
2010-02-10 17:32 . 2010-02-10 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Birdstep Technology
2010-02-10 17:32 . 2010-02-10 17:32 -------- d-----w- c:\documents and settings\jb\Application Data\Birdstep Technology
2010-02-10 17:31 . 2010-02-10 17:31 69361 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2010-02-10 17:31 . 2010-02-10 17:31 -------- d-----w- c:\program files\Huawei Modems
2010-02-10 17:31 . 2010-02-10 17:31 -------- d-----w- c:\program files\3
2010-02-10 17:31 . 2008-11-29 12:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 17:30 . 2008-11-29 12:50 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-08 15:57 . 2010-02-08 15:57 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-02-08 15:57 . 2010-02-08 15:57 -------- d--h--w- c:\program files\CanonBJ
2010-02-08 14:31 . 2010-02-08 14:31 -------- d-----w- c:\program files\BT Voyager
2010-01-23 08:00 . 2010-01-23 08:00 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\jb\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\jb\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\jb\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\jb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-29 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlipStream"="c:\program files\ONSPEED\onspeedcore.exe" [2008-07-24 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BT Voyager Wireless Utility.lnk - c:\program files\BT Voyager\BT Voyager Wireless\WLM.exe [2010-2-8 266240]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-30 17:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ONSPEED.lnk]
backup=c:\windows\pss\ONSPEED.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Update Agent.lnk
backup=c:\windows\pss\Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^jb^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\documents and settings\jb\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-06-27 07:53 88363 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-04-02 15:11 2064224 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2005-04-20 01:38 208896 ----a-w- c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMGAG]
2005-04-20 01:38 110592 ----a-w- c:\progra~1\ThinkPad\UTILIT~1\PWRMONIT.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMLREF]
2005-04-20 01:38 20480 ----a-w- c:\program files\ThinkPad\Utilities\BMMLREF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMMONWND]
2005-04-20 01:38 396288 ----a-w- c:\progra~1\ThinkPad\UTILIT~1\BATINFEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-29 10:47 135664 ----atw- c:\documents and settings\jb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2005-07-23 02:40 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2009-10-26 17:26 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 10:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler]
2009-10-20 02:57 1401096 ----a-w- c:\program files\Registry Cleaner\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-19 14:57 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 16:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2003-06-24 14:33 561152 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2003-06-24 14:34 126976 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
2006-05-12 01:32 86016 ----a-w- c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"OKI OPHK DCS Loader"=2 (0x2)
"NMSSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\jb\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29/03/2010 15:36 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29/03/2010 15:36 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [17/11/2008 19:48 16384]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [30/03/2010 18:10 308064]
R3 PCMCIABTXP;BT Voyager 1020 Laptop Adapter;c:\windows\system32\drivers\BTNETXP.SYS [08/02/2010 15:31 77952]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [09/01/2010 09:57 7680]
S3 ne2000;Novell/Eagle NE2000 Adapter Driver;c:\windows\system32\drivers\ne2000.sys [12/12/2008 11:58 15872]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [22/11/2009 22:11 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [22/11/2009 22:11 8320]
S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [09/01/2010 09:57 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [09/01/2010 09:58 104960]
S4 OKI OPHK DCS Loader;OKI OPHK DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHKLDCS.EXE [24/07/2007 10:52 24576]
.
Contents of the 'Scheduled Tasks' folder

2010-02-10 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2008-11-17 01:38]

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-484763869-854245398-1004Core.job
- c:\documents and settings\jb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-29 10:47]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-484763869-854245398-1004UA.job
- c:\documents and settings\jb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-29 10:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail2web.com/login/
FF - ProfilePath - c:\documents and settings\jb\Application Data\Mozilla\Firefox\Profiles\iisd9a55.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\jb\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adparatus - c:\program files\Adparatus\Adparatus.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-PCTAVApp - c:\program files\PC Tools AntiVirus\PCTAV.exe
MSConfigStartUp-RelevantKnowledge - c:\program files\relevantknowledge\rlvknlg.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 11:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(432)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2536)
c:\windows\system32\WININET.dll
c:\documents and settings\jb\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\wudfhost.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-04-03 11:35:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-03 10:35

Pre-Run: 2,551,943,168 bytes free
Post-Run: 2,721,349,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - EA875338585DCEA4D78E28A324238D7A


#4 tetonbob

tetonbob

  • Malware Response Team
  • 796 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 03 April 2010 - 09:05 AM

Great, glad to hear that. Still a bit of work to do.

Next steps...

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------


    Open notepad and copy/paste the text in the codebox below into it:

    CODE
    @echo off
    for %%g in (

    C:\Qoobox\Quarantine\c\windows\AppPatch\AcAdProc.dll.vir

    ) do zip Files_for_submission %%g
    del %0


    Save this as grab.bat
    Choose to "Save type as - All Files"
    Save it on your desktop.
    It should look like this:
    Double click on grab.bat & allow it to run

    A file, Files_for_submission.zip will be created on your desktop. Please upload that file here:

    http://www.bleepingcomputer.com/submit-malware.php?channel=4


    In the Link to topic where this file was requested: area, copy and paste this :


    http://www.bleepingcomputer.com/forums/topic305699.html#entry1698591

    Once it shows:

    QUOTE
    Your file was successfully submitted. Please let the user helping you know that you have submitted the file.


    Close the site and let me know. If there were no troubles with that step, please proceed with the following steps.


    ============================

  1. These indicate some settings have been changed

    This log entry indicates your Windows Firewall is off. I don't see a third party software firewall, so you should enable Windows Firewall. Control Panel > Windows Firewall.

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    ============================



  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    QUOTE
    Dequarantine::
    C:\Qoobox\Quarantine\c\windows\AppPatch\AcAdProc.dll.vir
    Quit::

    Reboot::


    Save this as CFScript.txt




    Referring to the picture above, drag CFScript.txt into ComboFix.exe
  4. ComboFix may request an update; please allow it.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix will reboot your machine. This is expected.
  6. When finished, it shall produce a log for you, C:\DeQuarantine.txt. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.


    ---------------------------------------------------------------------------------------------





Practice Safe Surfing

Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015

#5 jboutbound

jboutbound
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 04 April 2010 - 05:13 AM

Hi, thanks again.

'files for submission' uploaded OK.

here is the log requested:

C:\Qoobox\Quarantine\c\windows\AppPatch\AcAdProc.dll.vir -> c:\windows\AppPatch\AcAdProc.dll ( 39424 bytes )



#6 jboutbound

jboutbound
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 04 April 2010 - 05:17 AM

hi again, just noticed that last step has returned the symptoms.

can't access windows update, and chrome won't open any pages.

is that expected?

thanks

#7 jboutbound

jboutbound
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 04 April 2010 - 05:23 AM

sorry! just rebooted and all is normal again, apparently no fault at all.

#8 tetonbob

tetonbob

  • Malware Response Team
  • 796 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 04 April 2010 - 09:31 AM

Thanks for submitting the file.

Next steps....

Your Java is out of date.

Java™ 6 Update 11 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked


    Applications and Applets
    Trace and Log Files


  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
---------------------------------------------------------------------------------------------

I see you have Malwarebytes' AntiMalware installed.

Please update it's definitions, and run a new Quick Scan.
  • Launch Malwarebytes' Antimalware
  • On the updates tab, click on Check for Updates
  • If an update is found, it will begin. Once the update is complete..
  • Click on the Scanner tab. Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

Edited by tetonbob, 04 April 2010 - 09:32 AM.

Practice Safe Surfing

Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015

#9 jboutbound

jboutbound
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 05 April 2010 - 08:34 AM

Hi,

The two logs requested are pasted in below.

Everything seems to be working perfectly now,
as far as i can tell you have totally fixed the problem,
so thanks very much indeed!

jb


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

05/04/2010 10:05:58
mbam-log-2010-04-05 (10-05-58).txt

Scan type: Quick scan
Objects scanned: 112847
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17023 (vista_gdr.100222-0012)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=913347b2db376043983c974ef7df64d6
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-05 09:38:50
# local_time=2010-04-05 10:38:50 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 2388430 2388430 0 0
# compatibility_mode=8192 67108863 100 0 283 283 0 0
# scanned=2138
# found=0
# cleaned=0
# scan_time=1455
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=7.00.6000.17023 (vista_gdr.100222-0012)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=913347b2db376043983c974ef7df64d6
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-05 09:58:14
# local_time=2010-04-05 10:58:14 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 2389966 2389966 0 0
# compatibility_mode=8192 67108863 100 0 1819 1819 0 0
# scanned=2142
# found=0
# cleaned=0
# scan_time=1083
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=7.00.6000.17023 (vista_gdr.100222-0012)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=913347b2db376043983c974ef7df64d6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-05 12:13:16
# local_time=2010-04-05 01:13:17 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 2391093 2391093 0 0
# compatibility_mode=8192 67108863 100 0 2946 2946 0 0
# scanned=61294
# found=1
# cleaned=0
# scan_time=8056
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.VM trojan 00000000000000000000000000000000 I


#10 tetonbob

tetonbob

  • Malware Response Team
  • 796 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 05 April 2010 - 09:11 AM

Great!

The other items Eset found are in ComboFix quarantine, and will be addressed by uninstalling ComboFix as instructed below.

Other than that....We should be done here. Some final housekeeping instructions, and protection information for you.

Your logs appear clean.You should be good to go. We still have a few items to address.


Disconnect from the internet and disable your AntiVirus temporarily.

Go to -> Run -> copy/paste in the following single line command & click OK


ComboFix /Uninstall

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Re-enable your AntiVirus now. Reconnect to the internet at your leisure.

Delete any remaining tools we've used (DDS and GMER) and logs from them.

Empty your Recycle Bin.

---------------------------------------------------------------------------------------------

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update - http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.[list]Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Winpatrol

    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • Scan here http://secunia.com/vulnerability_scanning/online/ for out of date & vulnerable common applications on your computer

  • http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
Practice Safe Surfing

Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015

#11 jboutbound

jboutbound
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 05 April 2010 - 11:58 AM

Thanks so much for all your time and expertise.
The topic can certainly be closed, my computer is working perfectly again.

I have done the final steps of uninstalling and deleting tools, and am working through your very useful suggestions and links.

You're doing a great job up there, whoever you are!

Thanks again

jb

#12 tetonbob

tetonbob

  • Malware Response Team
  • 796 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 05 April 2010 - 12:51 PM

Cheers, jb. I'm happy to have helped. Thanks for the kind words.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be closed.


Practice Safe Surfing

Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users