how-to block ads
|
dauthiatull
join:2003-08-06
Toronto, ON
| [Virus] HJT Log virus wont go away
my system keeps getting infected even after a boot scan
I avast stoped a virus then windows defender went off and and blocked some stuff
scaned with both then spybot then adaware then did boot scan with avast and spybot
upon reboot avast dectects a virus again
the viruses are not the same they change names with each clean and reinfection
cant seem to get rid of what is going on here
here is the hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:49 PM, on 6/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\RivaTuner v2.08\RivaTuner.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Core Temp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe
C:\Program Files\Active Ports\aports.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = »rogers.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
»go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
»go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
»go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
»go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{189A78B1-CEB8-45FD-9C12-4B9C8A965A58} -
C:\WINDOWS\system32\xxyyxwtr.dll
O2 - BHO: BitComet ClickCapture -
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program
Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program
Files\RivaTuner v2.08\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program
Files\RivaTuner v2.08\RivaTuner.exe" /T
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NNma] C:\Program
Files\NNsquad\nnma.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program
Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program
Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows
Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Shortcut to Core Temp.lnk = C:\Core
Temp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed
Launch.lnk.disabled
O4 - Global Startup: DynDNS Updater Tray Icon.lnk =
C:\Program Files\DynDNS Updater\DynTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet
- res://C:\Program
Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with
BitComet - res://C:\Program
Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with
BitComet - res://C:\Program
Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) -
{85d1f590-48f4-11d9-9669-0800200c9a66} -
C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender
Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} -
C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet -
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -
res://C:\Program
Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file
missing)
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy
Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
»go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
»security.symantec.com/sscv6/Shar···t/vc/bin
/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
(CDownloadCtrl Object) -
»www.fileplanet.com/fpdlmgr/cabs/···.6.108.c
ab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
(BDSCANONLINE Control) -
»download.bitdefender.com/resourc···8/oscan8.
cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
(Symantec RuFSI Utility Class) -
»security.symantec.com/sscv6/Shar···t/common
/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java
Runtime Environment 1.6.0) -
»sdlc-esd.sun.com/ESD39/JSCDL/jre···/jinstal
l-6u5-windows-i586-jc.cab?AuthParam=1209151229_e7b2a16e
6101a83eacffac4af562ce6e&GroupName=JSC&BHost=javadl.sun
.com&FilePath=/ESD39/JSCDL/jre/6u5-b15/jinstall-6u5-win
dows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
»fpdownload2.macromedia.com/get/s···/cabs/fl
ash/swflash.cab
O20 - Winlogon Notify: WinCtrl32 -
C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: xxyyxwtr -
C:\WINDOWS\SYSTEM32\xxyyxwtr.dll
O21 - SSODL: adgpfoxs -
{9777231B-CA22-48DB-9D58-D495D96985EB} -
C:\WINDOWS\adgpfoxs.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) -
Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv)
- ALWIL Software - C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DynDNS Updater - Unknown owner -
C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner -
C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0
(experimental) (rpcapd) - CACE Technologies -
C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 9146 bytes | |
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
| Download Deckard's System Scanner:
• Close all applications and windows.
• Double-click on dss.exe to run it, and follow the prompts.
• When the scan is complete, a text file will open - Main.txt.
• This next stop is very important: Click "Format" in the top menu. Uncheck Word Wrap. If you do not do this your logs when posted here will be unreadable.
• Please save this file and close Notepad.
• A folder, C:\Deckard, will also open. In it will be another text file, Extra.txt. Repeat the Word Wrap disable step.Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
Post back to the Forum the contents of Main.txt and the contents of C:\Deckard\System Scanner\Extra.txt
Do a preview of your post. The text should be the full width of the screen, and not word wrapped.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
| |
dauthiatull
join:2003-08-06
Toronto, ON
| reply to dauthiatull
main txt
Deckard's System Scanner v20071014.68
Run by Shawn on 2008-06-06 19:42:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
66: 2008-06-06 23:43:00 UTC - RP66 - Deckard's System Scanner Restore Point
65: 2008-06-05 23:49:04 UTC - RP65 - Installed Ad-Aware
64: 2008-06-05 22:45:56 UTC - RP64 - Windows Defender Checkpoint
63: 2008-06-05 22:03:38 UTC - RP63 - Software Distribution Service 3.0
62: 2008-06-05 00:20:22 UTC - RP62 - Windows Defender Checkpoint
-- First Restore Point --
1: 2008-04-12 23:50:49 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Shawn.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:00 PM, on 6/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\RivaTuner v2.08\RivaTuner.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\NNsquad\nnma.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Core Temp.exe
C:\Documents and Settings\Shawn\My Documents\downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Shawn.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »rogers.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {189A78B1-CEB8-45FD-9C12-4B9C8A965A58} - C:\WINDOWS\system32\xxyyxwtr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.08\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.08\RivaTuner.exe" /T
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NNma] C:\Program Files\NNsquad\nnma.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Shortcut to Core Temp.lnk = C:\Core Temp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - »security.symantec.com/sscv6/Shar···niff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - »www.fileplanet.com/fpdlmgr/cabs/···.108.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - »download.bitdefender.com/resourc···can8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - »security.symantec.com/sscv6/Shar···absa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - »sdlc-esd.sun.com/ESD39/JSCDL/jre···6-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »fpdownload2.macromedia.com/get/s···lash.cab
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: xxyyxwtr - C:\WINDOWS\SYSTEM32\xxyyxwtr.dll
O21 - SSODL: adgpfoxs - {9777231B-CA22-48DB-9D58-D495D96985EB} - C:\WINDOWS\adgpfoxs.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DynDNS Updater - Unknown owner - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 8975 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080606-190029-360 O2 - BHO: (no name) - {189A78B1-CEB8-45FD-9C12-4B9C8A965A58} - C:\WINDOWS\system32\xxyyxwtr.dll
backup-20080606-190250-756 O2 - BHO: (no name) - {189A78B1-CEB8-45FD-9C12-4B9C8A965A58} - C:\WINDOWS\system32\xxyyxwtr.dll
backup-20080606-190359-585 O2 - BHO: (no name) - {189A78B1-CEB8-45FD-9C12-4B9C8A965A58} - C:\WINDOWS\system32\xxyyxwtr.dll
backup-20080606-190535-855 O2 - BHO: (no name) - {189A78B1-CEB8-45FD-9C12-4B9C8A965A58} - C:\WINDOWS\system32\xxyyxwtr.dll
backup-20080606-191753-758 O2 - BHO: (no name) - {189A78B1-CEB8-45FD-9C12-4B9C8A965A58} - C:\WINDOWS\system32\xxyyxwtr.dll
backup-20080606-192058-390 O2 - BHO: (no name) - {189A78B1-CEB8-45FD-9C12-4B9C8A965A58} - C:\WINDOWS\system32\xxyyxwtr.dll
-- File Associations -----------------------------------------------------------
[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 ALSysIO - c:\docume~1\shawn\locals~1\temp\alsysio.sys (file missing)
R3 RivaTuner32 - c:\program files\rivatuner v2.08\rivatuner32.sys
S0 Winhb08 - c:\windows\system32\drivers\winhb08.sys (file missing)
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 DynDNS Updater - c:\program files\dyndns updater\dynupsvc.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2C575ACB&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0
Service: i8042prt
-- Scheduled Tasks -------------------------------------------------------------
2008-06-06 19:38:45 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
-- Files created between 2008-05-06 and 2008-06-06 -----------------------------
2008-06-06 19:23:17 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-06 18:38:39 0 d-------- C:\Program Files\Trend Micro
2008-06-06 18:13:45 0 --a------ C:\WINDOWS\system32\wvUmlkki.dll
2008-06-05 19:49:06 0 d-------- C:\Program Files\Lavasoft
2008-06-05 19:49:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 19:48:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 18:59:10 0 d-------- C:\WINDOWS\BDOSCAN8
2008-06-04 20:32:02 0 d-------- C:\Program Files\WinAVI Video Converter
2008-06-04 20:19:13 15360 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-06-04 20:19:11 33920 --a------ C:\WINDOWS\system32\xxyyxwtr.dll
2008-06-04 20:18:59 94208 --a------ C:\WINDOWS\exmk.exe
2008-06-04 20:16:57 0 d-------- C:\Documents and Settings\Shawn\Application Data\Media Player Classic
2008-06-04 19:24:58 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-04 19:24:56 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-04 19:24:56 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-04 19:24:56 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-04 19:24:55 682496 --a------ C:\WINDOWS\system32\divx.dll
2008-06-04 19:24:54 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-04 19:24:53 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-06-04 19:06:27 0 d-------- C:\Program Files\AviSynth 2.5
2008-06-04 19:05:39 0 d-------- C:\Program Files\Avi2Dvd
2008-06-04 17:28:55 0 d-------- C:\Documents and Settings\Shawn\Application Data\dvdcss
2008-06-02 18:29:37 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-02 18:29:37 0 d-------- C:\Documents and Settings\Shawn\Application Data\Vso
2008-06-02 18:29:37 47360 --a------ C:\Documents and Settings\Shawn\Application Data\pcouffin.sys
2008-06-02 18:29:31 0 d-------- C:\Program Files\VSO
2008-06-01 21:31:13 0 d-------- C:\Documents and Settings\Shawn\Application Data\Any Video Converter
2008-06-01 21:31:11 0 d-------- C:\Program Files\Any Video Converter
2008-06-01 19:22:45 233472 --a------ C:\WINDOWS\system32\viscomdvdimg.dll
2008-06-01 19:22:45 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-01 19:22:45 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-06-01 19:22:45 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-01 19:22:45 15360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-06-01 19:22:45 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-01 19:22:44 0 d-------- C:\Program Files\Videos To DVD
2008-06-01 19:01:03 3138048 --a------ C:\WINDOWS\system32\apexxbox.exe
2008-06-01 19:01:03 398798 --a------ C:\WINDOWS\system32\apexpmp.exe
2008-06-01 19:01:03 4755968 --a------ C:\WINDOWS\system32\apexconverter.exe
2008-06-01 19:01:03 120320 --a------ C:\WINDOWS\system32\apexchanger.exe
2008-06-01 19:01:03 109568 --a------ C:\WINDOWS\system32\apex3gp.exe
2008-06-01 19:01:03 86016 --a------ C:\WINDOWS\system32\AddiTunes.exe
2008-06-01 19:01:02 495104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2008-06-01 19:01:02 764416 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2008-06-01 19:01:02 249856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2008-06-01 19:01:02 626688 --a------ C:\WINDOWS\system32\NCTImageFile.dll
2008-06-01 19:01:02 61440 --a------ C:\WINDOWS\system32\cygz.dll
2008-06-01 19:01:02 1295582 --a------ C:\WINDOWS\system32\cygwin1.dll
2008-06-01 19:01:01 215552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2008-06-01 19:01:01 312320 --a------ C:\WINDOWS\system32\NCTVideoView.dll
2008-06-01 19:01:01 188416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2008-06-01 19:01:01 780288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2008-06-01 19:01:01 382464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2008-06-01 19:01:01 90112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2008-06-01 19:01:01 2846720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2008-06-01 19:01:01 778240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2008-06-01 19:01:00 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-06-01 19:00:59 81920 --a------ C:\WINDOWS\system32\viscomwave.dll
2008-06-01 19:00:59 147456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2008-06-01 19:00:59 139264 --a------ C:\WINDOWS\system32\viscomqtde.dll
2008-06-01 19:00:59 0 d-------- C:\WINDOWS\system32\RMBin
2008-06-01 19:00:57 0 d-------- C:\Program Files\Apex
2008-06-01 19:00:57 0 d-------- C:\Apex
2008-06-01 17:18:51 0 d-------- C:\New Folder
2008-06-01 13:29:43 0 d-------- C:\Documents and Settings\Shawn\Application Data\vlc
2008-06-01 13:28:16 0 d-------- C:\Program Files\VideoLAN
2008-06-01 11:47:23 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-01 11:46:30 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-01 10:48:11 0 d-------- C:\Program Files\Windows Defender
2008-06-01 10:46:27 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-31 09:18:21 0 d-------- C:\Program Files\WinPcap
2008-05-31 09:18:13 88436 --a------ C:\WINDOWS\Network Measurement Agent Uninstaller.exe
2008-05-31 09:18:13 0 d-------- C:\Program Files\NNsquad
2008-05-20 17:22:56 0 d-------- C:\Program Files\Apperson
2008-05-18 11:51:14 843776 --a------ C:\WINDOWS\vsnpstd3(5).exe
2008-05-18 11:51:14 843776 --a------ C:\WINDOWS\vsnpstd3(4).exe
2008-05-18 11:51:14 843776 --a------ C:\WINDOWS\vsnpstd3(3).exe
2008-05-18 11:51:14 843776 --a------ C:\WINDOWS\vsnpstd3(2).exe
2008-05-17 14:36:29 4194304 --a------ C:\Documents and Settings\Shawn\ntuser.dat
2008-05-16 16:07:07 0 d-------- C:\Documents and Settings\Shawn\Application Data\Electronic Arts
2008-05-16 14:26:34 0 d-------- C:\Mythic
2008-05-16 13:13:40 0 d-------- C:\Program Files\Philips
2008-05-16 13:13:34 0 d-------- C:\Documents and Settings\Shawn\Application Data\InstallShield
2008-05-16 13:01:17 0 d-------- C:\Program Files\Download Manager
2008-05-16 13:00:57 0 d-------- C:\Documents and Settings\Shawn\Application Data\IGN_DLM
2008-05-10 12:37:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-10 12:37:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-10 12:01:34 0 d-------- C:\Documents and Settings\Shawn\Application Data\AdobeUM
2008-05-07 23:36:53 0 d-------- C:\WINDOWS\Prefetch
2008-05-07 23:15:49 0 d-------- C:\WINDOWS\system32\scripting
2008-05-07 23:15:49 0 d-------- C:\WINDOWS\l2schemas
2008-05-07 23:15:48 0 d-------- C:\WINDOWS\system32\en
2008-05-07 23:15:48 0 d-------- C:\WINDOWS\system32\bits
2008-05-07 23:14:25 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-07 22:47:08 0 d-------- C:\Program Files\AnalogX
2008-05-06 14:51:55 49664 --a------ C:\WINDOWS\unvise32.exe
2008-05-06 14:51:52 0 d-------- C:\Program Files\Active Ports
-- Find3M Report ---------------------------------------------------------------
2008-06-05 19:48:24 0 d-------- C:\Program Files\Common Files
2008-06-04 20:17:53 55 --a------ C:\Documents and Settings\Shawn\Application Data\pcouffin.log
2008-06-04 20:17:52 1144 --a------ C:\Documents and Settings\Shawn\Application Data\pcouffin.inf
2008-06-04 20:17:52 7887 --a------ C:\Documents and Settings\Shawn\Application Data\pcouffin.cat
2008-06-04 20:00:16 668 --a------ C:\Documents and Settings\Shawn\Application Data\vso_ts_preview.xml
2008-06-04 19:22:57 0 d-------- C:\Program Files\DivX
2008-05-22 17:46:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-22 17:46:26 0 d-------- C:\Program Files\Windows Live
2008-05-19 13:34:51 0 d-------- C:\Program Files\World of Warcraft
2008-05-10 12:35:53 0 d-------- C:\Documents and Settings\Shawn\Application Data\Adobe
2008-05-07 23:16:07 0 d-------- C:\Program Files\Messenger
2008-05-07 23:15:48 0 d-------- C:\Program Files\Movie Maker
2008-05-07 23:14:13 0 d-------- C:\Program Files\Windows NT
2008-05-05 11:32:39 0 d-------- C:\Documents and Settings\Shawn\Application Data\CoreFTP
2008-05-03 19:12:29 0 d-------- C:\Program Files\CoreFTP
2008-05-03 19:09:35 0 d-------- C:\Program Files\LeechFTP
2008-05-03 10:12:53 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-26 12:14:42 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-25 15:24:30 0 d-------- C:\Documents and Settings\Shawn\Application Data\DivX
2008-04-25 15:19:53 0 d-------- C:\Documents and Settings\Shawn\Application Data\Sun
2008-04-25 15:19:43 0 d-------- C:\Program Files\Java
2008-04-25 15:19:06 0 d-------- C:\Program Files\Common Files\Java
2008-04-24 18:23:29 0 d-------- C:\Documents and Settings\Shawn\Application Data\Yahoo!
2008-04-24 18:23:04 0 d-------- C:\Program Files\Yahoo!
2008-04-13 22:03:17 0 d-------- C:\Program Files\RivaTuner v2.08
2008-04-13 17:05:58 0 d-------- C:\Documents and Settings\Shawn\Application Data\GetRightToGo
2008-04-13 16:33:07 0 d-------- C:\Documents and Settings\Shawn\Application Data\Astroburn
2008-04-13 16:33:02 0 d-------- C:\Program Files\Astroburn
2008-04-13 13:46:54 0 d-------- C:\Program Files\Windows Grep
2008-04-13 02:24:50 0 d-------- C:\Program Files\DynDNS Updater
2008-04-13 02:19:58 0 d-------- C:\Program Files\Alwil Software
2008-04-12 21:20:21 0 d-------- C:\Documents and Settings\Shawn\Application Data\WinRAR
2008-04-12 21:14:00 0 d-------- C:\Program Files\Activision
2008-04-12 21:11:28 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-04-12 21:09:02 0 d-------- C:\Documents and Settings\Shawn\Application Data\DAEMON Tools
2008-04-12 21:03:31 0 d-------- C:\Program Files\MSXML 6.0
2008-04-12 20:59:34 0 d-------- C:\Program Files\MSBuild
2008-04-12 20:57:22 0 d-------- C:\Program Files\Reference Assemblies
2008-04-12 20:40:50 0 d-------- C:\Program Files\BitComet
2008-04-12 20:39:27 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-04-12 20:38:48 0 d-------- C:\Documents and Settings\Shawn\Application Data\Macromedia
2008-04-12 19:56:20 0 d-------- C:\Program Files\Realtek
2008-04-12 19:56:17 315392 --a------ C:\WINDOWS\HideWin.exe
2008-04-12 19:56:15 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-12 19:54:29 0 d-------- C:\Program Files\Intel
2008-04-12 19:50:40 0 d-------- C:\Documents and Settings\Shawn\Application Data\Identities
2008-04-12 19:47:25 0 d-------- C:\Program Files\microsoft frontpage
2008-04-12 19:47:13 0 -rahs---- C:\MSDOS.SYS
2008-04-12 19:47:13 0 -rahs---- C:\IO.SYS
2008-04-12 19:47:13 0 --a------ C:\CONFIG.SYS
2008-04-12 19:47:13 0 --a------ C:\AUTOEXEC.BAT
2008-04-12 19:46:19 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-12 19:45:37 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-12 19:44:56 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-12 19:44:38 0 d-------- C:\Program Files\Online Services
2008-04-12 19:44:31 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-12 15:38:18 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-12 15:38:16 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-12 15:37:55 62 --ahs---- C:\Documents and Settings\Shawn\Application Data\desktop.ini
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{189A78B1-CEB8-45FD-9C12-4B9C8A965A58}]
06/04/2008 08:19 PM 33920 --a------ C:\WINDOWS\system32\xxyyxwtr.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [04/10/2007 11:28 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [04/04/2007 01:22 PM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 02:43 PM C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.08\RivaTuner.exe" [03/10/2008 04:10 AM]
"RivaTuner"="C:\Program Files\RivaTuner v2.08\RivaTuner.exe" [03/10/2008 04:10 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NNma"="C:\Program Files\NNsquad\nnma.exe" [05/27/2008 12:47 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 05:39 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
C:\Documents and Settings\Shawn\Start Menu\Programs\Startup\
Shortcut to Core Temp.lnk - C:\Core Temp.exe [4/13/2008 9:58:07 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Adobe Reader Speed Launch.lnk.disabled [4/13/2008 4:36:17 PM]
DynDNS Updater Tray Icon.lnk - C:\Program Files\DynDNS Updater\DynTray.exe [4/8/2008 3:56:04 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{189A78B1-CEB8-45FD-9C12-4B9C8A965A58}"= C:\WINDOWS\system32\xxyyxwtr.dll [06/04/2008 08:19 PM 33920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"adgpfoxs"= {9777231B-CA22-48DB-9D58-D495D96985EB} - C:\WINDOWS\adgpfoxs.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 06/06/2008 06:08 PM 15360 C:\WINDOWS\system32\WinCtrl32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyxwtr]
xxyyxwtr.dll 06/04/2008 08:19 PM 33920 C:\WINDOWS\system32\xxyyxwtr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineq32.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp80.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winof78.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winop32.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpc32.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- Hosts -----------------------------------------------------------------------
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
8715 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-06-06 19:45:59 ------------ | |
dauthiatull
join:2003-08-06
Toronto, ON
| reply to dauthiatull
extra txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 2047.17 MiB / 1580.11 MiB
Pagefile Memory (total/avail): 3939.64 MiB / 3522.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1876.24 MiB
A: is Removable (Unformatted)
C: is Fixed (NTFS) - 74.52 GiB total, 22.78 GiB free.
E: is CDROM (Unformatted)
F: is CDROM (No Media)
G: is CDROM (No Media)
M: is Network (FAT32)
N: is Network (FAT32)
\\.\PHYSICALDRIVE0 - WDC WD800AAJS-00TDA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Shawn\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MINE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Shawn
LOGONSERVER=\\MINE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Shawn\LOCALS~1\Temp
TMP=C:\DOCUME~1\Shawn\LOCALS~1\Temp
USERDOMAIN=MINE
USERNAME=Shawn
USERPROFILE=C:\Documents and Settings\Shawn
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Shawn (admin)
Jen (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Active Ports --> C:\WINDOWS\unvise32.exe C:\Program Files\Active Ports\uninstal.log
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
AnalogX ITR Client --> C:\Program Files\AnalogX\ITR\itrcu.exe
AnalogX NetStat Live --> C:\Program Files\AnalogX\NetStat Live\nslu.exe
AnalogX PacketMon --> C:\Program Files\AnalogX\PacketMon\pmonu.exe
Any Video Converter 2.6.0 --> "C:\Program Files\Any Video Converter\unins000.exe"
Apex Video Converter Free 6.78 --> "C:\Program Files\Apex\Apex Video Converter Free\unins000.exe"
Astroburn --> C:\Program Files\Astroburn\uninst.exe
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E19F210-3813-4002-B561-94D66AA182B6}\Setup.exe" -l0x9 -removeonly
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Avi2Dvd 0.4.5 beta --> C:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BitComet 1.00 --> C:\Program Files\BitComet\uninst.exe
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch --> C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Core FTP LE 2.1 --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Dark Age of Camelot - Shrouded Isles --> "C:\Mythic\Isles\unins000.exe"
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Manager 2.3.6 --> C:\Program Files\Download Manager\uninst.exe
DynDNS Updater --> C:\Program Files\DynDNS Updater\Uninstall.exe {98339427-8436-4156-BD9C-36E137EE8179}
Free Videos To DVD V2.1 --> "C:\Program Files\Videos To DVD\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.7.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LeechFTP --> C:\WINDOWS\eraser.exe KILL "C:\Program Files\LeechFTP\uninstall.uif"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Network Measurement Agent --> C:\WINDOWS\Network Measurement Agent Uninstaller.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RivaTuner v2.08 --> "C:\Program Files\RivaTuner v2.08\uninstall.exe"
SA23xx Device Manager --> C:\Program Files\InstallShield Installation Information\{144B4BF4-16CA-4FD3-A547-8A8107EF40D7}\setup.exe -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WallWatcher --> C:\Documents and Settings\Shawn\My Documents\downloads\WallWatcher\Setup.exe
Win AVI HelixSDK --> "C:\Program Files\WinAVI Video Converter\HelixSDK\unins000.exe"
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Grep 2.3 --> "C:\Program Files\Windows Grep\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type594 / Warning
Event Submitted/Written: 06/05/2008 09:03:54 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type593 / Error
Event Submitted/Written: 06/05/2008 08:23:36 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application core temp.exe, version 0.95.4.0, faulting module core temp.exe, version 0.95.4.0, fault address 0x0000b2d0.
Processing media-specific event for [core temp.exe!ws!]
Event Record #/Type589 / Error
Event Submitted/Written: 06/05/2008 06:25:05 PM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80072ee2, P2 unspecified, P3 unspecified, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Event Record #/Type586 / Warning
Event Submitted/Written: 06/05/2008 04:46:36 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type583 / Warning
Event Submitted/Written: 06/04/2008 09:02:52 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type3300 / Warning
Event Submitted/Written: 06/06/2008 07:44:12 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MINE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MINE27 can't undo changes that you allow.
For more information please see the following:
%MINE275
Scan ID: {200335DD-1B4E-40D1-85DB-15EF1805293E}
User: MINE\Shawn
Name: %MINE271
ID: %MINE272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %MINE276
Alert Type: %MINE278
Detection Type: 1.1.1593.02
Event Record #/Type3299 / Warning
Event Submitted/Written: 06/06/2008 07:44:12 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MINE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MINE27 can't undo changes that you allow.
For more information please see the following:
%MINE275
Scan ID: {CBDA2794-E2E6-493A-8B5C-E2D25971F64E}
User: MINE\Shawn
Name: %MINE271
ID: %MINE272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %MINE276
Alert Type: %MINE278
Detection Type: 1.1.1593.02
Event Record #/Type3298 / Warning
Event Submitted/Written: 06/06/2008 07:44:12 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MINE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MINE27 can't undo changes that you allow.
For more information please see the following:
%MINE275
Scan ID: {69933B8D-A258-43C1-88DD-742D37E4244A}
User: MINE\Shawn
Name: %MINE271
ID: %MINE272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %MINE276
Alert Type: %MINE278
Detection Type: 1.1.1593.02
Event Record #/Type3297 / Warning
Event Submitted/Written: 06/06/2008 07:44:10 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MINE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MINE27 can't undo changes that you allow.
For more information please see the following:
%MINE275
Scan ID: {D24F2028-8ED9-41FD-AB75-1A78069387FE}
User: MINE\Shawn
Name: %MINE271
ID: %MINE272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %MINE276
Alert Type: %MINE278
Detection Type: 1.1.1593.02
Event Record #/Type3296 / Warning
Event Submitted/Written: 06/06/2008 07:44:10 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MINE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MINE27 can't undo changes that you allow.
For more information please see the following:
%MINE275
Scan ID: {F39D8975-1E7D-4549-8519-03E965DBA140}
User: MINE\Shawn
Name: %MINE271
ID: %MINE272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %MINE276
Alert Type: %MINE278
Detection Type: 1.1.1593.02
-- End of Deckard's System Scanner: finished at 2008-06-06 19:45:59 ------------ | |
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
| reply to dauthiatull
First Steps
:!: The following instructions are only for this Forum member. Please do not use these instructions on another computer system. You can seriously damage your system by following the instructions below without guided assistance. You assuredly will make a cleanup of your system more difficult.
Please download ATF Cleaner
It does not require any installation.. It is set up to clean Windows TEMP folders, as well as IE, FireFox and Opera, Temporary Internet Files and Cookies.
• Double-click ATF-Cleaner.exe to run the program.
First Step:
• Under Main choose: Select All
• Click the Empty Selected button.
Next, if you use Firefox (and some Mozilla-based browsers)
• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
Next, if you use the Opera browser
• Click Opera at the top and choose: Select All
• Click the Empty Selected button. :!: Click Exit on the Main menu to close the program.
Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:
• Close all programs so that you are at your desktop.
• Double-click on the My Computer icon.
• Select the Tools menu and click Folder Options.
• After the new window appears select the View tab.
• Put a checkmark in the checkbox labeled Display the contents of system folders.
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
• Press the Apply button and then the OK button and exit My Computer.
• Now your computer is configured to show all hidden files.
Malware Removal Steps
1. Open HijackThis again, System scan only. Checkmark these items:
O4 - Startup: Shortcut to Core Temp.lnk = C:\Core Temp.exe
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: xxyyxwtr - C:\WINDOWS\SYSTEM32\xxyyxwtr.dll
O21 - SSODL: adgpfoxs - {9777231B-CA22-48DB-9D58-D495D96985EB} - C:\WINDOWS\adgpfoxs.dll (file missing)
Click "Fix checked" and when the log panel clears exit HijackThis.
2. Download -- but do not yet run -- ComboFix©
Download this file -- to your Desktop -- [/b]from any of these sources:
Right-click on the header of the Code box below, where on the right side it says: "Copy to clipboard":
Open a new Notepad session - (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .
• Disconnect from the Internet.
• Disable your Antivirus. If the Antivirus software you use has any Script Blocking features, be certain to disable these as well.
Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• A window will open with a warning. Accept any Disclaimers to start the fix.
Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown in this little picture:
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
•!• A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
3. Please download MalwareBytes Anti-malware (MBAM) from one of the following links:
Once downloaded, close all programs and Windows on your computer (including this one.)
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results. Make sure all entries have a checkmark at their far left. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window. Remember where you saved the log file, as we will want to see it later.
4. Run HijackThis again, and save the log file.
Submit to the Forum:
• The contents of C:\Combofix.txt;
• Your MBAM log results;
• The new HijackThis log.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
| |
dauthiatull
join:2003-08-06
Toronto, ON
| reply to dauthiatull
well all seems to be ok now
did all you said and just to be sure I updated all security apps (spybot adaware) as well as windows and windows defender then I puled the network cable and uninstalled avast( was acting strange) scaned the system with everything including the apps you linked
reinstalled a fresh copy of avast
scanned with everything again
during all this I also found infections in several restore points and deleated them (the whole restore point not just the files)
funy thing is that your instructions regarding hijackthis didnt work till I ran mbam and combo fix. untill I ran them the entries in hjk would just keep returning
no wories though after running everything the entries are gone
as for core temp it is a cpu temp monitor. I have had this forever and I dont belive it to be a risk( all other temp utils reported wrong temp)
funy thing is when I sent these files to virustotal they came back clean
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: xxyyxwtr - C:\WINDOWS\SYSTEM32\xxyyxwtr.dll
anyway here are the new logs. let me know if you see anything else
==========================================================================
ComboFix 08-06-06.4 - Shawn 2008-06-07 10:21:15.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1636 [GMT -4:00]
Running from: C:\Documents and Settings\Shawn\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shawn\Desktop\CFscript.txt
* Created a new restore point
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
FILE ::
C:\WINDOWS\adgpfoxs.dll
C:\WINDOWS\exmk.exe
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\wvUmlkki.dll
C:\WINDOWS\system32\xxyyxwtr.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ALSYSIO
((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.
2008-06-07 10:19 . 2008-06-07 10:19 268 --ah----- C:\sqmdata07.sqm
2008-06-07 10:19 . 2008-06-07 10:19 244 --ah----- C:\sqmnoopt07.sqm
2008-06-06 22:29 . 2008-06-06 22:29 268 --ah----- C:\sqmdata06.sqm
2008-06-06 22:29 . 2008-06-06 22:29 244 --ah----- C:\sqmnoopt06.sqm
2008-06-06 22:03 . 2008-06-06 22:03 268 --ah----- C:\sqmdata05.sqm
2008-06-06 22:03 . 2008-06-06 22:03 244 --ah----- C:\sqmnoopt05.sqm
2008-06-06 21:07 . 2008-06-06 21:07 268 --ah----- C:\sqmdata04.sqm
2008-06-06 21:07 . 2008-06-06 21:07 244 --ah----- C:\sqmnoopt04.sqm
2008-06-06 20:52 . 2008-06-06 21:06 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 20:52 . 2008-06-06 20:52 d-------- C:\Documents and Settings\Shawn\Application Data\Malwarebytes
2008-06-06 20:52 . 2008-06-06 20:52 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 20:52 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 20:52 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 20:40 . 2008-06-06 20:40 268 --ah----- C:\sqmdata03.sqm
2008-06-06 20:40 . 2008-06-06 20:40 244 --ah----- C:\sqmnoopt03.sqm
2008-06-06 20:30 . 2008-06-07 09:05 d-------- C:\Program Files\Exterminate It!
2008-06-06 19:42 . 2008-06-06 19:42 d-------- C:\Deckard
2008-06-06 19:23 . 2008-06-06 19:23 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-06 19:07 . 2008-06-06 19:07 268 --ah----- C:\sqmdata02.sqm
2008-06-06 19:07 . 2008-06-06 19:07 244 --ah----- C:\sqmnoopt02.sqm
2008-06-06 18:38 . 2008-06-06 18:38 d-------- C:\Program Files\Trend Micro
2008-06-05 19:49 . 2008-06-05 19:49 d-------- C:\Program Files\Lavasoft
2008-06-05 19:49 . 2008-06-05 19:50 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 19:48 . 2008-06-05 19:48 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 18:59 . 2008-06-05 19:45 d-------- C:\WINDOWS\BDOSCAN8
2008-06-05 18:43 . 2008-06-05 19:15 189 --a------ C:\WINDOWS\wininit.ini
2008-06-04 20:32 . 2008-06-04 20:32 d-------- C:\Program Files\WinAVI Video Converter
2008-06-04 20:16 . 2008-06-04 20:16 d-------- C:\Documents and Settings\Shawn\Application Data\Media Player Classic
2008-06-04 19:34 . 2008-04-13 14:39 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-06-04 19:34 . 2008-04-13 14:39 7,552 --a--c--- C:\WINDOWS\system32\dllcache\mskssrv.sys
2008-06-04 19:24 . 2008-06-04 19:24 d-------- C:\Program Files\K-Lite Codec Pack
2008-06-04 19:24 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-04 19:24 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-06-04 19:24 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-06-04 19:24 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-04 19:24 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-04 19:24 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-04 19:24 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-06-04 19:24 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-04 19:24 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-04 19:24 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-06-04 19:06 . 2008-06-07 09:04 d-------- C:\Program Files\AviSynth 2.5
2008-06-04 19:05 . 2008-06-07 09:04 d-------- C:\Program Files\Avi2Dvd
2008-06-04 17:28 . 2008-06-04 17:30 d-------- C:\Documents and Settings\Shawn\Application Data\dvdcss
2008-06-04 16:42 . 1997-07-19 16:00 227,600 --a------ C:\WINDOWS\system32\MSFLXGRD.OCX
2008-06-04 16:42 . 1999-07-18 08:35 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-06-04 16:34 . 1997-01-16 00:00 958,224 --a------ C:\WINDOWS\system32\MsChart.ocx
2008-06-04 16:34 . 1999-05-07 00:00 209,408 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-06-02 18:29 . 2008-06-04 20:18 d-------- C:\Program Files\VSO
2008-06-02 18:29 . 2008-06-04 20:17 d-------- C:\Documents and Settings\Shawn\Application Data\Vso
2008-06-02 18:29 . 2008-06-02 18:29 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-02 18:29 . 2008-06-04 20:17 47,360 --a------ C:\Documents and Settings\Shawn\Application Data\pcouffin.sys
2008-06-01 21:31 . 2008-06-07 09:03 d-------- C:\Program Files\Any Video Converter
2008-06-01 21:31 . 2008-06-07 09:03 d-------- C:\Documents and Settings\Shawn\Application Data\Any Video Converter
2008-06-01 19:22 . 2008-06-07 09:07 d-------- C:\Program Files\Videos To DVD
2008-06-01 19:22 . 2005-05-14 21:09 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll
2008-06-01 19:22 . 2006-07-11 19:06 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-06-01 19:22 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-06-01 19:22 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-01 19:22 . 2000-10-01 20:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-06-01 19:22 . 2000-05-22 16:58 115,920 --a------ C:\WINDOWS\system32\msinet.OCX
2008-06-01 19:22 . 2000-07-15 06:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-01 19:22 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-01 19:22 . 1998-07-13 00:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-06-01 19:01 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-06-01 19:01 . 2002-01-05 14:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-06-01 19:01 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-06-01 17:18 . 2008-06-04 20:34 d-------- C:\New Folder
2008-06-01 13:29 . 2008-06-01 13:29 d-------- C:\Documents and Settings\Shawn\Application Data\vlc
2008-06-01 13:28 . 2008-06-01 13:28 d-------- C:\Program Files\VideoLAN
2008-06-01 11:47 . 2008-06-01 11:47 d-------- C:\Program Files\Windows Media Connect 2
2008-06-01 11:46 . 2008-06-01 11:46 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-01 10:48 . 2008-06-01 10:48 d-------- C:\Program Files\Windows Defender
2008-06-01 10:46 . 2008-06-01 10:46 d-------- C:\Program Files\Microsoft Silverlight
2008-05-31 09:18 . 2008-05-31 09:18 d-------- C:\Program Files\WinPcap
2008-05-31 09:18 . 2008-06-07 09:38 d-------- C:\Program Files\NNsquad
2008-05-31 09:18 . 2008-05-31 09:18 88,436 --a------ C:\WINDOWS\Network Measurement Agent Uninstaller.exe
2008-05-20 17:22 . 2008-05-20 17:22 d-------- C:\Program Files\Apperson
2008-05-18 15:25 . 2008-05-18 15:25 268 --ah----- C:\sqmdata01.sqm
2008-05-18 15:25 . 2008-05-18 15:25 244 --ah----- C:\sqmnoopt01.sqm
2008-05-18 12:31 . 2008-05-18 13:54 921,624 --a------ C:\img2-001.raw
2008-05-18 11:54 . 2008-05-18 11:54 268 --ah----- C:\sqmdata00.sqm
2008-05-18 11:54 . 2008-05-18 11:54 244 --ah----- C:\sqmnoopt00.sqm
2008-05-18 11:51 . 2006-09-18 14:12 843,776 --a------ C:\WINDOWS\vsnpstd3(5).exe
2008-05-18 11:51 . 2006-09-18 14:12 843,776 --a------ C:\WINDOWS\vsnpstd3(4).exe
2008-05-18 11:51 . 2006-09-18 14:12 843,776 --a------ C:\WINDOWS\vsnpstd3(3).exe
2008-05-18 11:51 . 2006-09-18 14:12 843,776 --a------ C:\WINDOWS\vsnpstd3(2).exe
2008-05-16 16:07 . 2008-05-16 16:07 d-------- C:\Documents and Settings\Shawn\Application Data\Electronic Arts
2008-05-16 14:26 . 2008-05-16 14:26 d-------- C:\Mythic
2008-05-16 13:13 . 2008-05-16 13:13 d-------- C:\Program Files\Philips
2008-05-16 13:13 . 2008-05-16 13:13 d-------- C:\Documents and Settings\Shawn\Application Data\InstallShield
2008-05-16 13:01 . 2008-05-16 13:01 d-------- C:\Program Files\Download Manager
2008-05-16 13:00 . 2008-05-16 14:24 d-------- C:\Documents and Settings\Shawn\Application Data\IGN_DLM
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-10 12:37 . 2008-05-10 12:38 d-------- C:\Program Files\Common Files\Adobe
2008-05-10 12:01 . 2008-05-10 12:36 d-------- C:\Documents and Settings\Shawn\Application Data\AdobeUM
2008-05-07 23:15 . 2008-05-07 23:15 d-------- C:\WINDOWS\system32\scripting
2008-05-07 23:15 . 2008-05-07 23:15 d-------- C:\WINDOWS\system32\en
2008-05-07 23:15 . 2008-05-07 23:15 d-------- C:\WINDOWS\system32\bits
2008-05-07 23:15 . 2008-05-07 23:15 d-------- C:\WINDOWS\l2schemas
2008-05-07 23:14 . 2008-05-07 23:16 d-------- C:\WINDOWS\ServicePackFiles
2008-05-07 23:04 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-05-07 22:47 . 2008-05-31 09:32 d-------- C:\Program Files\AnalogX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 23:22 --------- d-----w C:\Program Files\DivX
2008-05-22 21:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 21:46 --------- d-----w C:\Program Files\Windows Live
2008-05-22 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-19 17:34 --------- d-----w C:\Program Files\World of Warcraft
2008-05-06 20:23 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 18:51 --------- d-----w C:\Program Files\Active Ports
2008-05-05 15:32 --------- d-----w C:\Documents and Settings\Shawn\Application Data\CoreFTP
2008-05-03 23:12 --------- d-----w C:\Program Files\CoreFTP
2008-05-03 23:09 --------- d-----w C:\Program Files\LeechFTP
2008-05-03 14:12 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-01 21:40 --------- d-----w C:\Documents and Settings\Jen\Application Data\Yahoo!
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 16:14 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-25 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-25 20:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-25 19:24 --------- d-----w C:\Documents and Settings\Shawn\Application Data\DivX
2008-04-25 19:19 --------- d-----w C:\Program Files\Java
2008-04-25 19:19 --------- d-----w C:\Program Files\Common Files\Java
2008-04-24 22:23 --------- d-----w C:\Program Files\Yahoo!
2008-04-24 22:23 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Yahoo!
2008-04-24 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-14 07:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-14 02:03 --------- d-----w C:\Program Files\RivaTuner v2.08
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 00:12 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 21:05 --------- d-----w C:\Documents and Settings\Shawn\Application Data\GetRightToGo
2008-04-13 20:33 --------- d-----w C:\Program Files\Astroburn
2008-04-13 20:33 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Astroburn
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-06_21.17.16.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 01:08:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-07 14:23:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2008-06-07 14:24:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_434.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 11:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 13:22 1822720 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 04:10 2691072]
"RivaTuner"="C:\Program Files\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 04:10 2691072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NNma"="C:\Program Files\NNsquad\nnma.exe" [2008-05-27 00:47 999479]
C:\Documents and Settings\Shawn\Start Menu\Programs\Startup\
Shortcut to Core Temp.lnk - C:\Core Temp.exe [2008-04-13 21:58:07 185856]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Adobe Reader Speed Launch.lnk.disabled [2008-04-13 16:36:17 1757]
DynDNS Updater Tray Icon.lnk - C:\Program Files\DynDNS Updater\DynTray.exe [2008-04-08 15:56:04 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\NNsquad\\nnma.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R2 DynDNS Updater;DynDNS Updater;C:\Program Files\DynDNS Updater\DynUpSvc.exe [2008-04-08 15:56]
R3 ALSysIO;ALSysIO;C:\DOCUME~1\Shawn\LOCALS~1\Temp\ALSysIO.sys []
R3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 20:01]
S0 Winlf87;Winlf87;C:\WINDOWS\system32\Drivers\Winlf87.sys []
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 07:06]
*Newly Created Service* - ALSYSIO
.
Contents of the 'Scheduled Tasks' folder
"2008-06-07 14:27:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-06-07 10:24:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-07 10:27:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-07 14:27:53
ComboFix2.txt 2008-06-07 13:40:30
ComboFix3.txt 2008-06-07 01:17:24
Pre-Run: 38,321,086,464 bytes free
Post-Run: 38,321,401,856 bytes free
315 --- E O F --- 2008-06-05 22:03:49
===============================================================================
Malwarebytes' Anti-Malware 1.15
Database version: 837
1:24:42 PM 6/7/2008
mbam-log-6-7-2008 (13-24-42).txt
Scan type: Full Scan (C:\|)
Objects scanned: 158581
Time elapsed: 18 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
===========================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:58 PM, on 6/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RivaTuner v2.08\RivaTuner.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\NNsquad\nnma.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Core Temp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »rogers.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.08\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.08\RivaTuner.exe" /T
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NNma] C:\Program Files\NNsquad\nnma.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Shortcut to Core Temp.lnk = C:\Core Temp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O4 - Global Startup: Wall Watcher.lnk = C:\Documents and Settings\Shawn\My Documents\downloads\WallWatcher\WallWatcher.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - »security.symantec.com/sscv6/Shar···niff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - »www.fileplanet.com/fpdlmgr/cabs/···.108.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - »download.bitdefender.com/resourc···can8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - »security.symantec.com/sscv6/Shar···absa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - »sdlc-esd.sun.com/ESD39/JSCDL/jre···6-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »fpdownload2.macromedia.com/get/s···lash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DynDNS Updater - Unknown owner - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: YUNMHVLUA - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Shawn\LOCALS~1\Temp\YUNMHVLUA.exe
--
End of file - 8548 bytes | |
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
3 edits | reply to dauthiatull
Not all the files involved in any infection are themselves malware infections. Many play a supporting role, but are themselves "clean". There is nothing unusual about this. But they get removed too as far as I am concerned, as part and parcel of the infection. For example, it the malware intalled a small FTP client to download infectors, the FTP client is likely clean -- but the results of its use is not. Never install or update anti-virus or anti-malware utilities in a cleaning session. This prevents me from tracking the infectors. In addition, never delete System Restore Points until the absolutely very last step, when you are assured the system is completely clean other than the historical information in System Restore. Doing so otherwise can lead to the inability to restore your system if anything goes wrong. You will see below the steps for cleaning System Restore Points as the final stage of this malware removal session.
Please download to your Desktop OT_MOVEIT:
Please double-click OTMoveIt2.exe to run the utility.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window.
IMPORTANT -- Paste only into the bottom input panel (under the Yellow bar), The top panel will not help you.
Right-click and choose Paste.
Click the red Moveit button.
This will not be quick. I am asking it to scan your entire Drive C twice.
Close OTMoveIt2 when it has finished.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Open Acrobat if you have the Full Version installed Click Help and run the Upgrade applet found there. If no update is offered: Use the Preferences, Internet submenu of Acrobat and uncheck to integrate with your Browser. Close Acrobat.
Whether you had the Full Version of Acrobat or not, download and install Adobe Reader 8.1.1 and use this as the integrated PDF Reader insider your browser: »www.adobe.com/products/acrobat/r···ep2.html
Clean-up & Prevention:
• Right click "My Computer", Properties, and then click the System Restore tab. Checkmark the box at the top to stop System Restore on all drives. Click the "Apply" button. Agree to the deletion of old Restore Points. Then uncheck the box at the top and again click the "Apply" button. Finally, click the "OK" button. This will create a new Restore Point reflecting your clean system state.
• Click Start, then click Run.
Enter into the command box that opens: combofix /u and then click OK.
(If we have renamed this file, please use the current name for the program in this instruction.)
• Please double-click OTMoveIt.exe to run it.
• Click on the green CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
• After the list has been download you'll be asked if you want to Begin cleanup process? Select "Yes".
• This step removes the files, folders, and shortcuts created by the tools I had you download and run.
• Run ATF Cleaner  , and checkmark "Empty Recycle Bin", click "Empty Selected" and exit the program. You can delete or keep this utility as you wish.
• Use Control Panel, Add or Remove Programs, and Uninstall any entry related to an On-Line scanner we may have used.
If you find any files or folders created during this cleanup operation remaining, please feel free to delete them.
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
• If I asked you to Disable something like TeaTimer or another malware blocker, please go ahead an re-enable them if you wish.
• Suggestion: Download and install Comodo BOClean (free):
• Suggestion: Download, install, and keep updated Spyware Blaster (free):
• Refer to my first set of instructions above, and reconfigure Hidden Files and Folders to your choosing.
Best wishes.
Bill Castner
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
| |
|
