Sign in to follow this  
AnDyTaN

'Critical system errors" taskbar popup

Recommended Posts

Ok well i done my scan with Ad-Aware then used Hijackthis.Few days ago i got infected by malware called win32.dialer/QS.It installed a fake antivirus program called Virus Bursters or something.After that my computer receive several annoying popups every minute so i had to call for help immediately.I managed to fix the annoying popups and removed the fake antivirus program but this "critical system error" thing in my taskbar still exist.Anyway heres the log:P By the way are there any other more problems on my computer?I hope u pros will help me fix it:P

 

 

Logfile of HijackThis v1.99.1

Scan saved at 7:27:35 AM, on 12/14/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\ATITool\ATITool.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN

C:\Documents and Settings\Administrator\Desktop\Antivirus stuff\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - (no file)

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [inCD] "C:\Program Files\Ahead\InCD\InCD.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [TaskSwitchXP] "C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe"

O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: gloomily - {9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f} - C:\WINDOWS\system32\mlraakb.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IWin service - Unknown owner - C:\WINDOWS\system32\iwinapp.exe (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ODBC service - Unknown owner - C:\WINDOWS\system32\odbc.exe (file missing)

O23 - Service: Win Common module - Unknown owner - C:\WINDOWS\system32\servicemp.exe (file missing)

Edited by AnDyTaN

Share this post


Link to post
Share on other sites

Wow...I have the same problem....I guess I'll post my log here to save some space........

 

 

Logfile of HijackThis v1.99.1

Scan saved at 7:22:25 PM, on 12/13/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\PowerISO\SCDEmuApp.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\ups.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spyware Tools\KillBox.exe

C:\Program Files\Spyware Tools\HiJackThis1991\Hijackthis1991.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [sCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: AbsolutePoker.net - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\AbsolutePoker NET\AbsolutePoker NET.lnk (file missing)

O9 - Extra 'Tools' menuitem: AbsolutePoker.net - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\AbsolutePoker NET\AbsolutePoker NET.lnk (file missing)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mista6356.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CC49479E-93A8-455E-959A-C49BE895D87C} - https://mytbb.primus.ca/webportal/plugins/VMPlayer.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by Mistaredx

Share this post


Link to post
Share on other sites

I had ran SS&D and AASE in safe mode before this log, but I think I'll try again and then repost my HJT log in a new thread....sorry for hijacking your thread Andytan :)

 

 

 

 

As of 8:30 I got rid of it. Seems that my ADSE definitions were out of date. Thanks for looking and I hopw I won't be back for a LONG time. :D

Edited by Mistaredx

Share this post


Link to post
Share on other sites

Hello,AnDyTaN & Welcome

 

Please do this for me

 

Please download ComboFix and save it to your desktop.

 

Double click combofix.exe and follow the prompts.

 

When it's done running it will produce a log for you. Please post that log in your next reply.

 

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

 

 

@ Mistaredx

 

Please do not post in someone else's topic start your own Thread

 

Gogo :)

Share this post


Link to post
Share on other sites

Ok HJthis i finished scanning with Combofix...here's the log ;). To Mistared:Goodluck fixing your comp :)

 

Administrator - 06-12-14 18:38:42.60 Service Pack 2

ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Administrator\Desktop"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\components

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-11-14 to 2006-12-14 ))))))))))))))))))))))))))))))))))

 

 

2006-12-14 06:42 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL

2006-12-14 06:42 <DIR> d-------- C:\Program Files\Registry Mechanic

2006-12-14 06:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2

2006-12-14 06:26 <DIR> d-------- C:\Program Files\OpenOffice.org 2.1

2006-12-14 05:58 <DIR> dr-h----- C:\Documents and Settings\Administrator\Recent

2006-12-14 05:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI

2006-12-14 05:35 73,728 --a------ C:\WINDOWS\system32\Oemdspif.dll

2006-12-14 05:35 601,792 --a------ C:\WINDOWS\system32\ativvaxx.dll

2006-12-14 05:35 6,680,576 --a------ C:\WINDOWS\system32\atioglx1.dll

2006-12-14 05:35 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL

2006-12-14 05:35 46,080 --a------ C:\WINDOWS\system32\ati2evxx.dll

2006-12-14 05:35 40,960 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll

2006-12-14 05:35 4,841,472 --a------ C:\WINDOWS\system32\atioglxx.dll

2006-12-14 05:35 39,936 --a------ C:\WINDOWS\system32\ati2edxx.dll

2006-12-14 05:35 376,832 --a------ C:\WINDOWS\system32\ati2evxx.exe

2006-12-14 05:35 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll

2006-12-14 05:35 258,048 --a------ C:\WINDOWS\system32\ATIDEMGR.dll

2006-12-14 05:35 25,088 --a------ C:\WINDOWS\system32\Ati2mdxx.exe

2006-12-14 05:35 241,664 --a------ C:\WINDOWS\system32\ati2dvag.dll

2006-12-14 05:35 233,472 --a------ C:\WINDOWS\system32\ati2cqag.dll

2006-12-14 05:35 2,430,464 --a------ C:\WINDOWS\system32\ati3duag.dll

2006-12-14 05:35 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll

2006-12-14 05:35 147,456 --a------ C:\WINDOWS\system32\atikvmag.dll

2006-12-14 05:35 106,496 --a------ C:\WINDOWS\system32\atipdlxx.dll

2006-12-14 05:35 1,348,096 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys

2006-12-14 05:34 <DIR> d-------- C:\ATI

2006-12-13 19:57 <DIR> d-------- C:\Program Files\ATITool

2006-12-09 19:39 2,829 --a------ C:\WINDOWS\War3Unin.pif

2006-12-09 19:39 139,264 --a------ C:\WINDOWS\War3Unin.exe

2006-12-08 05:41 <DIR> d-------- C:\VundoFix Backups

2006-12-08 01:41 53,248 --a------ C:\WINDOWS\system32\Process.exe

2006-12-08 01:41 42,496 --a------ C:\WINDOWS\system32\swreg.exe

2006-12-08 01:41 40,960 --a------ C:\WINDOWS\system32\swsc.exe

2006-12-08 01:41 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2006-12-08 01:04 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2006-12-08 01:04 299,392 --a------ C:\WINDOWS\system32\imon.dll

2006-12-08 01:04 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2006-12-08 01:03 <DIR> d-------- C:\Program Files\ESET

2006-12-07 23:51 18,432 --a------ C:\WINDOWS\system32\mlraakb.dll

2006-12-07 11:30 <DIR> dr-h----- C:\$VAULT$.AVG

2006-12-07 09:01 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys

2006-12-07 09:01 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys

2006-12-07 09:01 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys

2006-12-07 09:01 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys

2006-12-07 09:01 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys

2006-12-07 09:01 <DIR> d-------- C:\Program Files\Grisoft

2006-12-07 09:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2006-12-07 09:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

2006-12-07 09:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7

2006-12-07 08:30 48,824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2006-12-07 08:30 108,728 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2006-12-07 07:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor

2006-12-07 07:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Identities

2006-12-07 07:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll

2006-12-07 07:06 104,536 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2006-12-07 07:06 <DIR> d-------- C:\Program Files\Common Files\McAfee

2006-12-07 07:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2006-11-29 03:45 <DIR> d-------- C:\Program Files\iTunes

2006-11-29 03:45 <DIR> d-------- C:\Program Files\iPod

2006-11-28 16:30 <DIR> d-------- C:\Program Files\Warcraft III

2006-11-28 13:27 684,032 --a------ C:\WINDOWS\system32\libeay32.dll

2006-11-28 13:27 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll

2006-11-16 16:54 <DIR> d-------- C:\Program Files\Koei

2006-11-16 16:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield Installation Information

2006-11-16 14:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Activision

2006-11-16 14:17 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll

2006-11-16 14:17 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

2006-11-16 14:17 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2006-11-16 14:17 <DIR> d--hs---- C:\WINDOWS\ftpcache

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-12-14 18:37 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Free Download Manager

2006-12-14 18:32 -------- d-------- C:\Program Files\Mozilla Firefox

2006-12-14 17:44 -------- d-------- C:\Program Files\mIRC

2006-12-14 07:59 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-12-14 05:36 -------- d-------- C:\Program Files\ATI Technologies

2006-12-13 20:34 -------- d-------- C:\Program Files\Mozilla Thunderbird

2006-12-13 07:22 -------- d-------- C:\Program Files\ShortKeys2

2006-12-13 07:16 -------- d-------- C:\Program Files\Java

2006-12-13 07:16 -------- d-------- C:\Program Files\Apple Software Update

2006-12-13 05:56 -------- d-------- C:\Program Files\LimeWire

2006-12-08 01:57 -------- d-------- C:\Program Files\Common Files

2006-12-08 00:27 -------- d-------- C:\Program Files\Spybot - Search & Destroy

2006-12-07 23:49 -------- d-------- C:\Program Files\Common Files\Microsoft Shared

2006-12-07 15:42 -------- d-------- C:\Program Files\Symantec

2006-12-07 15:42 -------- d-------- C:\Program Files\Common Files\Symantec Shared

2006-12-07 09:01 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft

2006-12-07 07:51 -------- d-------- C:\Program Files\Norton SystemWorks

2006-12-04 01:39 -------- d-------- C:\Program Files\WarRock

2006-12-02 00:03 -------- d-------- C:\Program Files\MSN Messenger

2006-11-26 03:18 -------- d-------- C:\Program Files\SwiftSwitch

2006-11-19 18:01 -------- d-------- C:\Program Files\Internet Explorer

2006-11-16 14:02 -------- d-------- C:\Program Files\Common Files\InstallShield

2006-11-16 02:37 -------- d-------- C:\Program Files\Attribute Changer

2006-11-15 00:41 -------- d-------- C:\Documents and Settings\Administrator\Application Data\MegauploadToolbar

2006-11-13 03:58 -------- d-------- C:\Program Files\MegauploadToolbar

2006-11-10 21:08 24064 --a------ C:\WINDOWS\system32\drivers\ATITool.sys

2006-11-07 12:51 -------- d-------- C:\Program Files\QuickTime

2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll

2006-10-18 14:51 -------- d-------- C:\Program Files\VideoLAN

2006-10-15 02:02 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Hamachi

2006-10-15 02:00 -------- d-------- C:\Documents and Settings\Administrator\Application Data\vlc

2006-10-14 00:34 -------- d-------- C:\Program Files\Hero_Online

2006-10-13 20:41 65536 --a------ C:\WINDOWS\system32\nwwks.dll

2006-10-13 20:41 64000 --a------ C:\WINDOWS\system32\nwapi32.dll

2006-10-13 20:41 142336 --a------ C:\WINDOWS\system32\nwprovau.dll

2006-09-24 09:18 673546 --a------ C:\WINDOWS\unins000.exe

2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Gadwin PrintScreen 3.5"="\"C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe\" /nosplash"

"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

"PowerBar"=""

"TaskSwitchXP"="\"C:\\Program Files\\TaskSwitchXP\\TaskSwitchXP.exe\""

"Free Download Manager"="\"C:\\Program Files\\Free Download Manager\\fdm.exe\" -autorun"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

"SoundMan"="SOUNDMAN.EXE"

"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"InCD"="\"C:\\Program Files\\Ahead\\InCD\\InCD.exe\""

"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"

"RegistryMechanic"=""

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000000

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"TaskSwitchXP"="C:\\Program Files\\TaskSwitchXP\\TaskSwitchXP.exe"

"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\

53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\

65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\

79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00

"nlhr"=hex(2):52,75,6e,44,6c,6c,33,32,2e,65,78,65,20,25,53,79,73,74,65,6d,52,\

6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,41,64,76,50,61,63,6b,2e,44,6c,6c,\

2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,69,6f,6e,20,25,53,79,73,74,65,6d,\

52,6f,6f,74,25,5c,69,6e,66,5c,6e,6c,69,74,65,2e,69,6e,66,2c,43,00

"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\

33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"TaskSwitchXP"="C:\\Program Files\\TaskSwitchXP\\TaskSwitchXP.exe"

"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]

"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\

53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\

65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\

79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00

"nlhr"=hex(2):52,75,6e,44,6c,6c,33,32,2e,65,78,65,20,25,53,79,73,74,65,6d,52,\

6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,41,64,76,50,61,63,6b,2e,44,6c,6c,\

2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,69,6f,6e,20,25,53,79,73,74,65,6d,\

52,6f,6f,74,25,5c,69,6e,66,5c,6e,6c,69,74,65,2e,69,6e,66,2c,43,00

"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\

33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

"{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"="gloomily"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"=dword:00000001

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"NoSharedDocuments"=dword:00000001

"ClearRecentDocsOnExit"=dword:00000001

"NoRecentDocsMenu"=dword:00000001

"NoRecentDocsHistory"=dword:00000001

"NoInstrumentation"=dword:00000001

"NoSMHelp"=dword:00000001

"DisableCAD"=dword:00000000

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

"NoInternetOpenWith"=dword:00000001

"DisableCAD"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDesktopCleanupWizard"=dword:00000001

"ForceClassicControlPanel"=dword:00000001

"NoRemoteRecursiveEvents"=dword:00000001

"MemCheckBoxInRunDlg"=dword:00000001

"DisableCAD"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"NoSharedDocuments"=dword:00000001

"ClearRecentDocsOnExit"=dword:00000001

"NoRecentDocsMenu"=dword:00000001

"NoRecentDocsHistory"=dword:00000001

"NoInstrumentation"=dword:00000001

"NoSMHelp"=dword:00000001

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"NoSharedDocuments"=dword:00000001

"ClearRecentDocsOnExit"=dword:00000001

"NoRecentDocsMenu"=dword:00000001

"NoRecentDocsHistory"=dword:00000001

"NoInstrumentation"=dword:00000001

"NoSMHelp"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

"gloomily"="{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ccApp"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"mcusrmgr"=dword:00000002

"mctskshd.exe"=dword:00000002

"McRedirector"=dword:00000002

"McProxy"=dword:00000002

"mcpromgr"=dword:00000002

"McNASvc"=dword:00000002

"mcmispupdmgr"=dword:00000002

"McLogManagerService"=dword:00000002

"McAfee HackerWatch Service"=dword:00000002

"CLTNetCnService"=dword:00000002

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

Completion time: 06-12-14 18:39:53.87

C:\ComboFix.txt ... 06-12-14 18:39

Share this post


Link to post
Share on other sites

Hi,AnDyTaN

 

First thing you should do is remove all Anti-Virus scanners and keep

just one and then just keep it updated,running more then one is asking

for problems and it's also a big slow down.

 

 

Click here to download SmitfraudFix (by S!Ri). Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

( Do not run it Yet )

 

 

Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.

 

Reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.

 

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.

Select option #2 - Clean by typing 2 and press Enter.

Wait for the tool to complete and disk cleanup to finish.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

 

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

 

When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.

 

Please post the newrapport.txt log along with a new HijackThis Log in your next reply.

 

 

Once in Safe Mode and you do the above get this here done.

 

 

Run HijackThis

Scan and when it finishes, put a check mark only next to these following items : (if present)

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

 

R3 - Default URLSearchHook is missing

 

O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

 

O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - (no file)

 

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

 

O21 - SSODL: gloomily - {9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f} - C:\WINDOWS\system32\mlraakb.dll

 

O23 - Service: ODBC service - Unknown owner - C:\WINDOWS\system32\odbc.exe (file missing)

O23 - Service: Win Common module - Unknown owner - C:\WINDOWS\system32\servicemp.exe (file missing)

 

Close all browsers and any open Windows, making sure that only HijackThis is open

Click Fix Checked

Close HijackThis

 

 

 

Then do a reboot come back here with all logfiles.

 

Gogo ;)

Share this post


Link to post
Share on other sites

Ok here's the Rapport log

 

SmitFraudFix v2.65

 

Scan done at 20:06:41.46, Thu 12/14/2006

Run from C:\Documents and Settings\Administrator\Desktop\Antivirus stuff\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix ran in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"="gloomily"

 

[HKEY_CLASSES_ROOT\CLSID\{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}\InProcServer32]

@="C:\WINDOWS\system32\mlraakb.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}\InProcServer32]

@="C:\WINDOWS\system32\mlraakb.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"="gloomily"

 

[HKEY_CLASSES_ROOT\CLSID\{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}\InProcServer32]

@="C:\WINDOWS\system32\mlraakb.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}\InProcServer32]

@="C:\WINDOWS\system32\mlraakb.dll"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

Lastly the Hijackthis log

 

Logfile of HijackThis v1.99.1

Scan saved at 8:12:55 PM, on 12/14/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\ATITool\ATITool.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\NOTEPAD2.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrator\Desktop\Antivirus stuff\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - (no file)

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [inCD] "C:\Program Files\Ahead\InCD\InCD.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [TaskSwitchXP] "C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe"

O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: gloomily - {9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f} - C:\WINDOWS\system32\mlraakb.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IWin service - Unknown owner - C:\WINDOWS\system32\iwinapp.exe (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ODBC service - Unknown owner - C:\WINDOWS\system32\odbc.exe (file missing)

O23 - Service: Win Common module - Unknown owner - C:\WINDOWS\system32\servicemp.exe (file missing)

Share this post


Link to post
Share on other sites

Yea i did,after that i went back to normal mode and click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" I then went back to safe mode and ran Hijackthis and checked all the followings that you stated.I restarted and went back to normal mode, looks like the critical system error popup is gone for good now! ;) Anyway here's the logfile

 

Logfile of HijackThis v1.99.1

Scan saved at 8:21:58 PM, on 12/14/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\ATITool\ATITool.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Documents and Settings\Administrator\Desktop\Antivirus stuff\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [inCD] "C:\Program Files\Ahead\InCD\InCD.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [TaskSwitchXP] "C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe"

O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IWin service - Unknown owner - C:\WINDOWS\system32\iwinapp.exe (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Share this post


Link to post
Share on other sites

Hey,AnDyTaN

 

Sorry about that it's just you move to fast for me. :)

 

 

Next

 

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

 

Next, let's clean your restore points and set a new one

 

 

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

 

1. Turn off System Restore.

* On the Desktop, right-click My Computer.

* Click Properties.

* Click the System Restore tab.

* CHECK Turn off System Restore.

* Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.

* On the Desktop, right-click My Computer.

* Click Properties.

* Click the System Restore tab.

* UN-Check Turn off System Restore.

* Click Apply, and then click OK.

 

System Restore will now be active again.

 

 

Then create a new restore point once you have System Restore back on.

To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.

When the System Restore Utility opens, click "Create a Restore Point" then click Next.

Enter a name for this Restore Point, and click Create.

 

 

Clean out your Temporary Internet files.

Internet Explorer

Close Internet Explorer and close any instances of Windows Explorer.

Click Start -> Control Panel and then double-click Internet Options.

On the General tab, click Delete Files under Temporary Internet Files.

In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.

On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.

Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.

Click OK.

 

Firefox (In case you also have Firefox installed)

Open Firefox and go to Tools -> Options.

Click Privacy in the menu on the left side of the Options window.

Click the Clear button located to the right of each option (History, Cookies, Cache).

Click OK to close the Options window.

Alternatively, you can clear all information stored while browsing by clicking Clear All.

A confirmation dialog box will be shown before clearing the information.

 

 

Make your Internet Explorer more secure - This can be done by following these simple instructions:

1. From within Internet Explorer click on the Tools menu and then click on Options.

2. Click once on the Security tab

3. Click once on the Internet icon so it becomes highlighted.

4. Click once on the Custom Level button.

a. Change the Download signed ActiveX controls to Prompt

b. Change the Download unsigned ActiveX controls to Disable

c . Change the Initialize and script ActiveX controls not marked as safe to Disable

d. Change the Installation of desktop items to Prompt

e. Change the Launching programs and files in an IFRAME to Prompt

f. Change the Navigate sub-frames across different domains to Prompt

g. When all these settings have been made, click on the OK button.

h. If it prompts you as to whether or not you want to save the settings, press the Yes button.

5. Next press the Apply button and then the OK to exit the Internet Properties page.

 

 

And last have a look at the great info at this site by Mr,Tk

So how did I get infected in the first place

 

 

Gogo ;)

Share this post


Link to post
Share on other sites
Sign in to follow this