Sign in to follow this  
Sabii

Gf's laptop hijacked...she thinks

Recommended Posts

Hi,

 

Last week my GF said her laptop started acting weird, IE would spam "pop-unders", Explorer would hang and crash, Yahoo chat wouldn't log in and Firefox would hang and crash on start up.

 

She ran spybot, NAV, and Adaware which fixed if for a little bit then it started again. I had mentioned Vundo and immediately she said that what one of the pop-ups said. So we ran Vundo Fix, which found nothing.

 

;)

 

at this point if it were my computer I would have wiped the hard drive and reinstalled everything..BUT she doesn't want to do that so we ran Hijack this and got.

 

Scan saved at 7:03:40 PM, on 4/29/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\Explorer.EXE

C:\Program Files\WinRAR\WinRAR.exe

C:\Users\Agent N\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\AGENTN~1\AppData\Local\Temp\byXRkJbA.dll,c

O4 - HKCU\..\Run: [startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"

O4 - HKCU\..\Run: [147fba20] rundll32.exe "C:\Users\AGENTN~1\AppData\Local\Temp\gsvxtyym.dll",b

O4 - HKCU\..\Run: [bM174c89bc] Rundll32.exe "C:\Users\AGENTN~1\AppData\Local\Temp\ukfprevp.dll",s

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: M-Audio MobilePre Installer (MAudioMobilePreService) - Avid Technology, Inc. - C:\Program Files\M-Audio\MobilePre\MAUSBMPInst.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 7503 bytes

 

 

Thanks in advance

Share this post


Link to post
Share on other sites

Hi

 

 

Disable Spybot's TeaTimer

  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode

  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
    and OK any prompts.
  • Restart your computer

1. Download combofix from any of these links and save it to Desktop:

Link 1

Link 2

Link 3

 

**Note: It is important that it is saved directly to your desktop**

 

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.

 

If you have problems with Combofix usage, see here

Share this post


Link to post
Share on other sites

Ok. I'll be waiting for your reply :D

Share this post


Link to post
Share on other sites

alllrighty this is what I got...

 

first the combofix log

 

ComboFix 08-05-01.3 - Agent N 2008-05-03 17:57:10.1 - NTFSx86

Running from: C:\Users\Agent N\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_NPF

 

 

((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))

.

 

2008-04-29 23:59 . 2008-04-29 23:59 <DIR> d-------- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP

2008-04-29 19:21 . 2008-04-29 19:21 <DIR> d-------- C:\VundoFix Backups

2008-04-28 15:49 . 2008-04-28 15:55 <DIR> d-------- C:\Windows\Repair

2008-04-28 15:46 . 2008-04-28 15:46 <DIR> d-------- C:\Users\Agent N\AppData\Roaming\Systweak

2008-04-28 15:44 . 2008-04-28 15:45 <DIR> d-------- C:\Program Files\Advanced System Optimizer

2008-04-26 12:51 . 2008-04-26 12:51 <DIR> d-------- C:\Windows\Sun

2008-04-25 08:16 . 2008-04-25 08:16 <DIR> d-------- C:\Program Files\RegCleaner

2008-04-24 18:53 . 2008-04-24 19:26 <DIR> d-------- C:\Users\Agent N\AppData\Roaming\Symantec

2008-04-23 20:14 . 2008-04-23 20:14 1,409 --a------ C:\Windows\QTFont.for

2008-04-23 19:50 . 2008-04-30 00:02 <DIR> d-------- C:\Program Files\Norton AntiVirus

2008-04-23 19:48 . 2008-04-30 00:12 <DIR> d-------- C:\Program Files\Symantec

2008-04-22 22:17 . 2008-04-22 22:16 691,545 --a------ C:\Windows\unins000.exe

2008-04-22 22:17 . 2008-04-22 22:17 2,543 --a------ C:\Windows\unins000.dat

2008-04-22 02:47 . 2008-04-28 16:43 <DIR> d-------- C:\Users\Agent N\AppData\Roaming\Orbit

2008-04-22 02:47 . 2008-04-22 02:47 <DIR> d-------- C:\Downloads

2008-04-22 01:31 . 2008-04-22 01:40 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-04-22 01:28 . 2008-04-22 01:28 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-04-22 01:28 . 2008-04-22 01:28 <DIR> d-------- C:\ProgramData\WLInstaller

2008-04-21 13:33 . 2008-04-21 13:46 <DIR> d-------- C:\VueScan

2008-04-21 09:22 . 2008-04-21 09:22 <DIR> d-------- C:\Program Files\Apple Software Update

2008-04-09 06:54 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe

2008-04-09 06:54 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll

2008-04-09 06:54 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll

2008-04-09 06:54 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe

2008-04-09 06:54 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll

2008-04-09 06:54 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll

2008-04-09 06:54 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe

2008-04-09 06:54 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll

2008-04-09 06:54 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll

2008-04-09 06:53 . 2008-02-29 00:16 2,027,008 --a------ C:\Windows\System32\win32k.sys

2008-04-09 06:52 . 2008-02-21 00:43 296,448 --a------ C:\Windows\System32\gdi32.dll

2008-04-09 06:48 . 2007-12-16 07:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll

2008-04-09 06:48 . 2007-12-16 07:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe

2008-04-07 23:50 . 2008-04-07 23:50 <DIR> d-------- C:\Program Files\iTunes

2008-04-07 23:50 . 2008-04-07 23:50 <DIR> d-------- C:\Program Files\iPod

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-03 15:24 --------- d-----w C:\Program Files\Common Files\Sonic Shared

2008-05-03 15:14 --------- d---a-w C:\ProgramData\TEMP

2008-04-30 04:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-30 04:12 --------- d-----w C:\ProgramData\Symantec

2008-04-30 02:39 --------- d-----w C:\Program Files\HP Games

2008-04-30 02:32 --------- d-----w C:\ProgramData\WildTangent

2008-04-29 21:06 --------- d-----w C:\Users\Agent N\AppData\Roaming\BitTorrent

2008-04-28 20:43 --------- d-----w C:\Users\Agent N\AppData\Roaming\GetRightToGo

2008-04-28 20:42 --------- d-----w C:\ProgramData\iWin Games

2008-04-28 20:42 --------- d-----w C:\Program Files\LimeWire

2008-04-28 17:53 --------- d-----w C:\Program Files\Canon

2008-04-28 17:49 --------- d-----w C:\Program Files\Google

2008-04-28 17:44 --------- d-----w C:\Program Files\Real

2008-04-28 17:35 --------- d-----w C:\ProgramData\Skype

2008-04-28 17:31 --------- d-----w C:\Program Files\NCH Swift Sound

2008-04-28 17:28 --------- d-----w C:\Program Files\Trillian

2008-04-28 17:28 --------- d-----w C:\Program Files\Total Video Converter

2008-04-28 17:27 --------- d-----w C:\Program Files\Windows Live Toolbar

2008-04-28 17:20 --------- d-----w C:\Program Files\The Weather Channel FW

2008-04-25 00:17 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-04-25 00:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-04-24 04:26 --------- d-----w C:\ProgramData\FLEXnet

2008-04-23 06:07 --------- d-----w C:\Users\Agent N\AppData\Roaming\FileZilla

2008-04-23 01:19 --------- d-----w C:\ProgramData\HP

2008-04-23 01:15 --------- d-----w C:\Users\Agent N\AppData\Roaming\Yahoo!

2008-04-23 01:15 --------- d-----w C:\ProgramData\Yahoo!

2008-04-23 01:15 --------- d-----w C:\Program Files\Yahoo!

2008-04-21 17:21 --------- d-----w C:\Users\Agent N\AppData\Roaming\Lasersoft Imaging

2008-04-15 13:11 --------- d-----w C:\Users\Agent N\AppData\Roaming\LimeWire

2008-04-10 07:25 --------- d-----w C:\Program Files\Windows Mail

2008-04-10 07:16 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-08 03:46 --------- d-----w C:\Program Files\QuickTime

2008-04-04 14:28 --------- d-----w C:\Program Files\Common Files\Adobe

2008-04-03 03:43 --------- d-----w C:\ProgramData\ALM

2008-04-03 02:30 --------- d-----w C:\ProgramData\Roxio

2008-03-25 06:27 --------- d-----w C:\Users\Agent N\AppData\Roaming\Apple Computer

2008-03-20 18:39 --------- d-----r C:\Users\Agent N\AppData\Roaming\Brother

2008-03-18 19:59 --------- d-----w C:\Program Files\Common Files\Control Panels

2008-03-18 19:52 --------- d-----w C:\Program Files\Bonjour

2008-03-18 19:31 --------- d-----w C:\Program Files\Common Files\Macrovision Shared

2008-03-18 04:38 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-18 04:38 --------- d-----w C:\Program Files\Common Files\muvee Technologies

2008-03-18 01:50 --------- d-----w C:\ProgramData\Sony

2008-03-18 01:49 --------- d-----w C:\Program Files\Sony

2008-03-18 01:34 --------- d-----w C:\Users\Agent N\AppData\Roaming\dvdcss

2008-03-17 05:41 --------- d-----w C:\Program Files\iWin.com Games

2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-14 06:25 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-14 06:18 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-14 06:18 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-14 06:17 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-14 06:17 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-14 06:17 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-14 06:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-14 06:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-14 06:16 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-14 06:16 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-02-14 06:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-14 06:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-14 06:16 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2007-12-06 08:48 27,525 ----a-w C:\Users\Agent N\AppData\Roaming\nvModes.dat

2007-10-16 16:05 174 --sha-w C:\Program Files\desktop.ini

2007-11-16 17:57 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-11-16 17:57 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-11-16 17:57 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2007-10-15 23:25 22 --sha-w C:\Windows\SMINST\HPCD.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]

"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 11:55 919280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-04 05:57 1006264]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-08 22:57 8433664]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 18:38 583048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"= 0 (0x0)

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk

backup=C:\Windows\pss\Vongo Tray.lnk.CommonStartup

backupExtension=.CommonStartup

 

 

now the HjT log...

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:28:25 AM, on 5/4/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Agent N\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk (file missing)

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: M-Audio MobilePre Installer (MAudioMobilePreService) - Avid Technology, Inc. - C:\Program Files\M-Audio\MobilePre\MAUSBMPInst.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8083 bytes

 

 

B)

Share this post


Link to post
Share on other sites

Hi

 

The ComboFix log is only partial. Please post a complete one.

Share this post


Link to post
Share on other sites
Hi

 

The ComboFix log is only partial. Please post a complete one.

 

 

Oh sorry bout that

 

ComboFix 08-05-01.3 - Agent N 2008-05-03 17:57:10.1 - NTFSx86

Running from: C:\Users\Agent N\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_NPF

 

 

((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))

.

 

2008-04-29 23:59 . 2008-04-29 23:59 <DIR> d-------- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP

2008-04-29 19:21 . 2008-04-29 19:21 <DIR> d-------- C:\VundoFix Backups

2008-04-28 15:49 . 2008-04-28 15:55 <DIR> d-------- C:\Windows\Repair

2008-04-28 15:46 . 2008-04-28 15:46 <DIR> d-------- C:\Users\Agent N\AppData\Roaming\Systweak

2008-04-28 15:44 . 2008-04-28 15:45 <DIR> d-------- C:\Program Files\Advanced System Optimizer

2008-04-26 12:51 . 2008-04-26 12:51 <DIR> d-------- C:\Windows\Sun

2008-04-25 08:16 . 2008-04-25 08:16 <DIR> d-------- C:\Program Files\RegCleaner

2008-04-24 18:53 . 2008-04-24 19:26 <DIR> d-------- C:\Users\Agent N\AppData\Roaming\Symantec

2008-04-23 20:14 . 2008-04-23 20:14 1,409 --a------ C:\Windows\QTFont.for

2008-04-23 19:50 . 2008-04-30 00:02 <DIR> d-------- C:\Program Files\Norton AntiVirus

2008-04-23 19:48 . 2008-04-30 00:12 <DIR> d-------- C:\Program Files\Symantec

2008-04-22 22:17 . 2008-04-22 22:16 691,545 --a------ C:\Windows\unins000.exe

2008-04-22 22:17 . 2008-04-22 22:17 2,543 --a------ C:\Windows\unins000.dat

2008-04-22 02:47 . 2008-04-28 16:43 <DIR> d-------- C:\Users\Agent N\AppData\Roaming\Orbit

2008-04-22 02:47 . 2008-04-22 02:47 <DIR> d-------- C:\Downloads

2008-04-22 01:31 . 2008-04-22 01:40 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-04-22 01:28 . 2008-04-22 01:28 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-04-22 01:28 . 2008-04-22 01:28 <DIR> d-------- C:\ProgramData\WLInstaller

2008-04-21 13:33 . 2008-04-21 13:46 <DIR> d-------- C:\VueScan

2008-04-21 09:22 . 2008-04-21 09:22 <DIR> d-------- C:\Program Files\Apple Software Update

2008-04-09 06:54 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe

2008-04-09 06:54 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll

2008-04-09 06:54 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll

2008-04-09 06:54 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe

2008-04-09 06:54 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll

2008-04-09 06:54 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll

2008-04-09 06:54 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe

2008-04-09 06:54 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll

2008-04-09 06:54 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll

2008-04-09 06:53 . 2008-02-29 00:16 2,027,008 --a------ C:\Windows\System32\win32k.sys

2008-04-09 06:52 . 2008-02-21 00:43 296,448 --a------ C:\Windows\System32\gdi32.dll

2008-04-09 06:48 . 2007-12-16 07:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll

2008-04-09 06:48 . 2007-12-16 07:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe

2008-04-07 23:50 . 2008-04-07 23:50 <DIR> d-------- C:\Program Files\iTunes

2008-04-07 23:50 . 2008-04-07 23:50 <DIR> d-------- C:\Program Files\iPod

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-03 15:24 --------- d-----w C:\Program Files\Common Files\Sonic Shared

2008-05-03 15:14 --------- d---a-w C:\ProgramData\TEMP

2008-04-30 04:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-30 04:12 --------- d-----w C:\ProgramData\Symantec

2008-04-30 02:39 --------- d-----w C:\Program Files\HP Games

2008-04-30 02:32 --------- d-----w C:\ProgramData\WildTangent

2008-04-29 21:06 --------- d-----w C:\Users\Agent N\AppData\Roaming\BitTorrent

2008-04-28 20:43 --------- d-----w C:\Users\Agent N\AppData\Roaming\GetRightToGo

2008-04-28 20:42 --------- d-----w C:\ProgramData\iWin Games

2008-04-28 20:42 --------- d-----w C:\Program Files\LimeWire

2008-04-28 17:53 --------- d-----w C:\Program Files\Canon

2008-04-28 17:49 --------- d-----w C:\Program Files\Google

2008-04-28 17:44 --------- d-----w C:\Program Files\Real

2008-04-28 17:35 --------- d-----w C:\ProgramData\Skype

2008-04-28 17:31 --------- d-----w C:\Program Files\NCH Swift Sound

2008-04-28 17:28 --------- d-----w C:\Program Files\Trillian

2008-04-28 17:28 --------- d-----w C:\Program Files\Total Video Converter

2008-04-28 17:27 --------- d-----w C:\Program Files\Windows Live Toolbar

2008-04-28 17:20 --------- d-----w C:\Program Files\The Weather Channel FW

2008-04-25 00:17 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-04-25 00:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-04-24 04:26 --------- d-----w C:\ProgramData\FLEXnet

2008-04-23 06:07 --------- d-----w C:\Users\Agent N\AppData\Roaming\FileZilla

2008-04-23 01:19 --------- d-----w C:\ProgramData\HP

2008-04-23 01:15 --------- d-----w C:\Users\Agent N\AppData\Roaming\Yahoo!

2008-04-23 01:15 --------- d-----w C:\ProgramData\Yahoo!

2008-04-23 01:15 --------- d-----w C:\Program Files\Yahoo!

2008-04-21 17:21 --------- d-----w C:\Users\Agent N\AppData\Roaming\Lasersoft Imaging

2008-04-15 13:11 --------- d-----w C:\Users\Agent N\AppData\Roaming\LimeWire

2008-04-10 07:25 --------- d-----w C:\Program Files\Windows Mail

2008-04-10 07:16 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-08 03:46 --------- d-----w C:\Program Files\QuickTime

2008-04-04 14:28 --------- d-----w C:\Program Files\Common Files\Adobe

2008-04-03 03:43 --------- d-----w C:\ProgramData\ALM

2008-04-03 02:30 --------- d-----w C:\ProgramData\Roxio

2008-03-25 06:27 --------- d-----w C:\Users\Agent N\AppData\Roaming\Apple Computer

2008-03-20 18:39 --------- d-----r C:\Users\Agent N\AppData\Roaming\Brother

2008-03-18 19:59 --------- d-----w C:\Program Files\Common Files\Control Panels

2008-03-18 19:52 --------- d-----w C:\Program Files\Bonjour

2008-03-18 19:31 --------- d-----w C:\Program Files\Common Files\Macrovision Shared

2008-03-18 04:38 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-18 04:38 --------- d-----w C:\Program Files\Common Files\muvee Technologies

2008-03-18 01:50 --------- d-----w C:\ProgramData\Sony

2008-03-18 01:49 --------- d-----w C:\Program Files\Sony

2008-03-18 01:34 --------- d-----w C:\Users\Agent N\AppData\Roaming\dvdcss

2008-03-17 05:41 --------- d-----w C:\Program Files\iWin.com Games

2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-14 06:25 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-14 06:18 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-14 06:18 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-14 06:17 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-14 06:17 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-14 06:17 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-14 06:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-14 06:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-14 06:16 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-14 06:16 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-02-14 06:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-14 06:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-14 06:16 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2007-12-06 08:48 27,525 ----a-w C:\Users\Agent N\AppData\Roaming\nvModes.dat

2007-10-16 16:05 174 --sha-w C:\Program Files\desktop.ini

2007-11-16 17:57 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-11-16 17:57 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-11-16 17:57 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2007-10-15 23:25 22 --sha-w C:\Windows\SMINST\HPCD.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]

"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 11:55 919280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-04 05:57 1006264]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-08 22:57 8433664]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 18:38 583048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"= 0 (0x0)

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk

backup=C:\Windows\pss\Vongo Tray.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Agent N^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=C:\Users\Agent N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=C:\Windows\pss\Adobe Gamma.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Agent N^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^YouTube Uploader.lnk]

path=C:\Users\Agent N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YouTube Uploader.lnk

backup=C:\Windows\pss\YouTube Uploader.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\147fba20]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

--a------ 2007-05-10 22:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2007-10-15 20:45 286016 C:\Users\Agent N\Program Files\BitTorrent_DNA\dna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM174c89bc]

C:\Users\AGENTN~1\AppData\Local\Temp\bvwydkxi.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]

--------- 2007-07-31 21:37 815104 C:\Program Files\Brownie\BrstsWnd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]

C:\Users\AGENTN~1\AppData\Local\Temp\byXRkJbA.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

--a------ 2007-03-12 14:54 50696 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-05-08 16:24 54840 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

--a------ 2007-03-20 18:23 1773568 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

--a------ 2007-03-01 16:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]

--a------ 2007-06-27 10:28 189440 C:\Windows\System32\M-AudioTaskBarIcon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS Juan]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-07-08 22:57 81920 C:\Windows\system32\NvMcTray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]

--a------ 2007-07-08 22:57 86016 C:\Windows\system32\nvsvc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

--a------ 2007-02-13 14:38 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

--a------ 2007-04-23 21:11 176128 C:\Program Files\HP\QuickPlay\QPService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestartNeroSetup]

C:\Users\AGENTN~1\AppData\Local\Temp\NERO13899\Setupx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2007-09-15 06:50 1021224 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]

--a------ 2007-09-15 06:29 102400 C:\Program Files\Synaptics\SynTP\SynTPStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-10-30 14:15 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]

--a------ 2007-01-10 19:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{DDB79537-BE1B-49D8-9E35-865252F6818E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{62DAD364-9054-4450-8B64-1E97F59A49D1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{5BC58A37-88F1-48D7-8BE5-98236F326965}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play

"{977244DC-0C6F-4602-9E5D-F53F4137696A}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{05F6F3EF-B25C-4001-8372-FE26E6D1B328}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{F238082B-3978-480D-B122-CF2A1C1231A2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{C3E6D97D-27D1-442E-90D3-5D8BC0C51B93}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{9ACF4F2C-C73D-493C-AE92-F439822FD373}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{80385244-1421-485C-A348-EAE53E8D8EEF}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA

"{2476A15D-F118-465D-BD25-6F1B688F49FB}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA

"{EBCFE101-7432-4EDF-B0A3-1CAE926F1436}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

"{57656F89-C756-40AA-9B51-93C259A9E620}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

"{9FE0A2FE-8BE4-475A-BDA5-B068D2130E28}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{8CAB71B3-6DFE-4C81-8FF3-9F709431CDE5}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"TCP Query User{7EA693A6-7109-4531-9A71-5DFBCB63C546}C:\\program files\\trillian\\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian

"UDP Query User{7A7C58DE-E948-4851-91A4-40232984895A}C:\\program files\\trillian\\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian

"TCP Query User{AA050432-BD77-43D6-B3C5-8803BB7A9F22}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{9E6B6440-1FED-4DC9-8EE2-A3969B9CD9B7}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"TCP Query User{4070073F-A3EA-49B6-A836-76D301FEFFAF}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent

"UDP Query User{A185E90A-6CB4-464F-A3A3-CE2B7870F216}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent

"TCP Query User{6558277D-18F6-4BA1-A786-884AD3657731}C:\\program files\\bittorrent_dna\\dna.exe"= UDP:C:\program files\bittorrent_dna\dna.exe:dna

"UDP Query User{36F11B42-C206-4E92-8626-3EC5B4CB31E9}C:\\program files\\bittorrent_dna\\dna.exe"= TCP:C:\program files\bittorrent_dna\dna.exe:dna

"{BDF33702-AA8F-4C51-BD9E-0C233A42D7F4}"= Disabled:TCP:5353:LocalSubnet:LocalSubnet:mDNS-SD/Bonjour

"{A612F9F5-15A5-495D-9462-6E98786C0C79}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{EA5D8596-091E-4C6B-88E6-8D3A0CEB8428}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{35452F7B-B533-43B2-9DDD-9FECF751E5EB}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{772C35EC-07A9-4125-A671-AF75E6FC7FD8}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{BDC09991-B0F8-4C56-9490-D5594F59F02F}"= UDP:3703:Adobe Version Cue CS3 Server

"{74214435-130E-4589-B1F8-784DC0176B07}"= UDP:3704:Adobe Version Cue CS3 Server

"{C530D21B-9F48-429D-A3BA-BBB30EF9F6F3}"= UDP:50900:Adobe Version Cue CS3 Server

"{736F6216-2693-44CA-877E-04EE2DC53912}"= UDP:50901:Adobe Version Cue CS3 Server

"{2E86FCCC-C226-42CF-94FE-620296E3F90E}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{D90E8BBC-391E-4D78-911D-A3A646177EF7}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{17AA1BA9-1DAE-492B-8B72-1FB93FBC7BBB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{35D53AF4-0C10-4DC7-BEEF-C8085D87B70D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{BC3312EA-CBCB-4604-A6A6-6796630F3916}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

 

R2 MAudioMobilePreService;M-Audio MobilePre Installer;C:\Program Files\M-Audio\MobilePre\MAUSBMPInst.exe [2007-06-27 15:21]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 10:27]

R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 19:50]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-13 00:50]

S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);C:\Windows\system32\DRIVERS\mausbmp.sys [2007-06-27 10:35]

S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []

S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\DRIVERS\usbprint.sys [2006-11-02 05:14]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42f5fb43-8963-11dc-88af-001b248a4131}]

\shell\AutoRun\command - F:\Launcher.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

"2008-05-03 03:12:11 C:\Windows\Tasks\User_Feed_Synchronization-{C3870F1A-B1B4-4499-9F20-CBA7293938B0}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-03 18:12:37

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Windows\System32\wlanext.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Completion time: 2008-05-03 18:22:52 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-03 22:22:39

 

Pre-Run: 45,758,722,048 bytes free

Post-Run: 45,527,625,728 bytes free

 

321 --- E O F --- 2008-05-01 23:06:32

Share this post


Link to post
Share on other sites

Hi

 

 

Start hjt, do a system scan, check:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Close browsers and other windows. Click fix checked.

 

Open notepad and copy/paste the text in the quotebox below into it:

 

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\147fba20]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM174c89bc]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS Juan]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]

 

 

Save this as

CFScript

 

 

CFScript.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log.

 

 

Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.

 

 

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

 

Double-click ATF Cleaner.exe to open it

 

Under Main choose:

Windows Temp

Current User Temp

All Users Temp

Cookies

Temporary Internet Files

Prefetch

Java Cache

*The other boxes are optional*

Then click the Empty Selected button.

 

If you use Firefox:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

 

If you use Opera:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

 

Click Exit on the Main menu to close the program.

 

 

Please run an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, click Yes.

  • The program will launch and start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings and select the following:

Scan using the following Anti-Virus database
:

  • Extended (If available, otherwise Standard)

Scan Options
:

  • Scan Archives
  • Scan Mail Bases

  • Click OK.
  • Under
    select a target to scan
    , select My Computer.
  • The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

Once the scan is complete:

  • Click on the Save as Text button.
  • Save the file to your desktop.
  • Copy and paste that information into your next post if the AV content will fit into one post only. Post also a fresh hjt log (without forgetting above meantioned ComboFix resultant log).

 

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

 

If having a problme doing the above

 

Make sure that your Internet security settings are set to default values.

 

To set default security settings for Internet Explorer:

 

* Open Internet Explorer.

* Go to the Tools menu, then choose Internet Options.

* Click on the Security tab.

* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this