Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Infection?-Long gap between login and desktop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Katana » October 27th, 2007, 8:47 am

Download and Run ComboFix

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Unread postby ELevy » October 30th, 2007, 6:30 pm

ComboFix 07-10-22.7 - Emanuel 2007-10-30 17:44:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.733 [GMT -4:00]
Running from: C:\Documents and Settings\Emanuel\Desktop\Anti-Malware\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\{3F241~1
C:\Program Files\Common Files\{7F241~1
C:\WINDOWS\system32\LMIinit.dll
C:\WINDOWS\system32\pskill.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_COM+_MESSAGES


((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.

2007-10-30 17:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-26 09:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-26 08:28 <DIR> d-------- C:\Deckard
2007-10-22 15:21 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-22 12:04 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-10-22 11:27 <DIR> d-------- C:\Program Files\a-squared Free
2007-10-18 10:52 <DIR> d-------- C:\Documents and Settings\Emanuel\My Do
2007-10-18 10:35 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software
2007-10-18 10:35 <DIR> d-------- C:\Program Files\Common Files\Intuit
2007-10-18 10:35 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll
2007-10-18 10:35 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2007-10-18 09:20 <DIR> d-------- C:\Documents and Settings\Emanuel\Application Data\GrabIt
2007-10-18 09:12 <DIR> d-------- C:\Program Files\GrabIt
2007-10-16 09:56 <DIR> d-------- C:\Program Files\Winamp
2007-10-16 09:56 <DIR> d-------- C:\Documents and Settings\Emanuel\Application Data\Winamp
2007-10-16 09:22 278,528 --a------ C:\WINDOWS\system32\XXCOPY.EXE
2007-10-16 09:22 230,377 --a------ C:\WINDOWS\system32\XXCOPY16.EXE
2007-10-16 09:22 49,152 --a------ C:\WINDOWS\system32\XXPBAR.EXE
2007-10-16 09:22 1,436 --a------ C:\WINDOWS\system32\UIXXCOPY.BAT
2007-10-15 19:30 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-12 13:40 <DIR> d-------- C:\sorted music
2007-10-12 12:46 <DIR> d-------- C:\Program Files\OPAL Network
2007-10-12 12:46 <DIR> d-------- C:\Program Files\Common Files\Sagekey Software
2007-10-12 12:46 <DIR> d-------- C:\Program Files\Access 97 Runtime
2007-10-12 10:50 <DIR> d-------- C:\Program Files\Replay Music 2
2007-10-12 10:50 <DIR> d-------- C:\Program Files\Replay Music
2007-10-12 10:50 41,984 --a------ C:\WINDOWS\system32\APTRRNTm.dll
2007-10-12 10:50 36,864 --a------ C:\WINDOWS\system32\APTRRNTl.dll
2007-10-10 14:36 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-10 14:29 <DIR> d-------- C:\Program Files\CCleaner
2007-10-10 14:25 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-05 14:57 46,338,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-05 14:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-05 14:54 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-10-05 14:54 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-05 14:08 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-05 11:58 <DIR> d-------- C:\Documents and Settings\Emanuel\Application Data\SlySoft
2007-10-05 11:51 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2007-10-05 11:49 <DIR> d-------- C:\Program Files\SlySoft
2007-10-05 11:48 <DIR> d-------- C:\Program Files\Amazon DVD Shrinker
2007-10-05 11:47 <DIR> d-------- C:\WINDOWS\Bifrost
2007-09-28 10:37 <DIR> d-------- C:\Documents and Settings\Emanuel\Application Data\Audacity
2007-09-22 13:54 <DIR> d-------- C:\Kiswin
2007-09-22 13:54 <DIR> d-------- C:\Documents and Settings\Emanuel\.terminfo
2007-09-21 14:47 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-21 14:44 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-21 13:57 <DIR> d-------- C:\Program Files\WinPcap
2007-09-20 15:39 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-09-20 14:03 <DIR> d-------- C:\Program Files\SpiralFrog
2007-09-17 21:49 <DIR> d-------- C:\Program Files\PandoraBrowse
2007-09-17 21:15 <DIR> d-------- C:\Documents and Settings\Emanuel\.oboesync
2007-09-17 21:13 <DIR> d-------- C:\Program Files\MP3tunes
2007-09-14 09:51 <DIR> d-------- C:\Documents and Settings\Emanuel\Application Data\GTek
2007-09-02 00:57 491,520 --a------ C:\lame_enc.dll
2007-09-01 23:40 <DIR> d-------- C:\Program Files\ShufflePlay2
2007-09-01 23:40 249,856 --------- C:\WINDOWS\Setup1.exe
2007-09-01 23:40 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 21:54 --------- d-----w C:\Program Files\PeerGuardian2
2007-10-30 21:52 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\VMware
2007-10-30 21:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2007-10-30 21:49 544,052 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-30 21:40 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\AVG7
2007-10-26 17:56 --------- d-----w C:\Program Files\Azureus
2007-10-26 12:59 --------- d-----w C:\Program Files\InsideCAT3
2007-10-26 12:59 --------- d-----w C:\Program Files\DivX
2007-10-22 21:17 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-10-22 15:14 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\AdobeUM
2007-10-18 23:31 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\Azureus
2007-10-18 17:24 --------- d-----w C:\Program Files\Quicken
2007-10-18 14:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-16 23:32 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\VMware
2007-10-16 00:27 --------- d-----w C:\Program Files\Rhapsody
2007-10-12 14:50 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-12 13:18 --------- d-----w C:\Program Files\Audacity
2007-10-11 14:44 --------- d-----w C:\Program Files\LogMeIn
2007-10-11 14:40 --------- d-----w C:\Program Files\Google
2007-10-11 14:40 --------- d-----w C:\Program Files\GizmoPlugin
2007-10-11 14:39 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-11 14:37 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-10-11 10:41 --------- d-----w C:\Program Files\QuickPar
2007-10-05 12:47 --------- d-----w C:\Program Files\Apple Software Update
2007-10-05 12:46 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-05 12:31 --------- d-----w C:\Program Files\HP
2007-09-24 21:38 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\U3
2007-09-21 15:39 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\Media Player Classic
2007-09-21 13:14 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\Thinstall
2007-09-14 13:53 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\Apple Computer
2007-09-02 02:54 --------- d-----w C:\Program Files\RSSoft
2007-08-31 17:37 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\DivX
2007-08-31 14:49 --------- d-----w C:\Program Files\Executive Software
2007-08-30 03:21 --------- d-----w C:\Program Files\PartyGaming
2007-08-30 03:13 --------- d-----w C:\Program Files\Siber Systems
2007-08-28 17:18 --------- d-----w C:\Program Files\Magic MP3 Tagger
2007-08-22 13:12 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 13:12 658,944 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 13:12 615,424 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 13:12 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 13:12 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 13:12 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 13:12 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 13:12 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 13:12 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 13:12 3,058,176 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 13:12 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 13:12 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 13:12 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 13:12 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 13:12 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 13:12 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 13:12 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 13:12 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:30 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-14 14:40 55,831 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-08-14 14:40 5,804 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-08-09 00:34 1,721,712 ----a-w C:\WINDOWS\system32\inetclnt.dll
2007-08-08 20:30 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2007-08-02 22:11 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-08-02 22:11 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-27 19:49 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 19:49 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
2007-07-26 03:06 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 02:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-07-26 02:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 02:53 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-07-26 02:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-07-26 02:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-07-26 02:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-07-26 02:53 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-07-26 02:50 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 02:50 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 02:50 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-07-26 02:50 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 02:50 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-07-26 02:50 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 02:50 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-07-26 02:50 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 02:50 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-07-26 02:50 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-07-26 02:50 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-07-26 02:50 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2005-07-14 18:31:20 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 00:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 16:50]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 11:57]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 17:26]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 13:23]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 20:45]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" []
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"LogMeIn GUI"="C:\Program Files\LogMeIn\LogMeInSystray.exe" [2006-10-06 19:55]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:00 C:\WINDOWS\system32\bthprops.cpl]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-26 08:18]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2005-07-26 17:52]
"SpiralFrog"="C:\Program Files\SpiralFrog\Spiralfrog.exe" [2007-09-14 08:58]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 18:29]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"VisualTooltip"="C:\Program Files\VisualTooltip\VisualToolTip.exe" []
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-19 08:19]

C:\Documents and Settings\Emanuel\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-08-14 09:42 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Emanuel^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=C:\Documents and Settings\Emanuel\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\manager]
"C:\Windows\System32\drivers\setup\manager.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

R2 Gizmo Plugin;Gizmo VoIP Service;"C:\Program Files\GizmoPlugin\GizmoPlugin.exe"
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\RaInfo.sys
R2 vmserverdWin32;VMware Registration Service;C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S2 COM+ System Manager;COM+ System Application Manage;C:\Program Files\Common Files\System\Dllhost.exe
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys
S3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;C:\WINDOWS\system32\Drivers\IMT0521.sys
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55f9bd8a-84b6-11db-992f-0014a5ef0629}]
AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c73ca7a-7e99-11db-9928-0014a5ef0629}]
AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b2d99d6-687c-11dc-99d7-0016d443950d}]
AutoRun\command - F:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{86BD9109-A930-850A-C400-CB85C0CEC5E1}]
C:\WINDOWS\Bifrost\Marcel s
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 17:52:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????H????|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-30 17:56:13 - machine was rebooted
.
--- E O F ---
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby Katana » October 30th, 2007, 6:54 pm

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code: Select all
    File::
    C:\Windows\System32\drivers\setup\manager.exe
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\manager]
    
    

  • Save this as CFScript.txt and place it on your desktop.
    Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please post the ComboFix log along with a fresh HJT log in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

combofix

Unread postby ELevy » October 30th, 2007, 7:37 pm

ComboFix 07-10-22.7 - Emanuel 2007-10-30 19:31:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.781 [GMT -4:00]
Running from: C:\Documents and Settings\Emanuel\Desktop\Anti-Malware\ComboFix.exe
Command switches used :: C:\Documents and Settings\Emanuel\Desktop\Anti-Malware\CFScript.txt
* Created a new restore point

FILE::
C:\Windows\System32\drivers\setup\manager.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.

2007-10-30 17:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-26 09:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-26 08:28 <DIR> d-------- C:\Deckard
2007-10-22 15:21 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-22 12:04 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-10-22 11:27 <DIR> d-------- C:\Program Files\a-squared Free
2007-10-18 10:52 <DIR> d-------- C:\Documents and Settings\Emanuel\My Do
2007-10-18 10:35 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software
2007-10-18 10:35 <DIR> d-------- C:\Program Files\Common Files\Intuit
2007-10-18 10:35 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll
2007-10-18 10:35 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2007-10-18 09:20 <DIR> d-------- C:\Documents and Settings\Emanuel\Application Data\GrabIt
2007-10-18 09:12 <DIR> d-------- C:\Program Files\GrabIt
2007-10-16 09:56 <DIR> d-------- C:\Program Files\Winamp
2007-10-16 09:56 <DIR> d-------- C:\Documents and Settings\Emanuel\Application Data\Winamp
2007-10-16 09:22 278,528 --a------ C:\WINDOWS\system32\XXCOPY.EXE
2007-10-16 09:22 230,377 --a------ C:\WINDOWS\system32\XXCOPY16.EXE
2007-10-16 09:22 49,152 --a------ C:\WINDOWS\system32\XXPBAR.EXE
2007-10-16 09:22 1,436 --a------ C:\WINDOWS\system32\UIXXCOPY.BAT
2007-10-15 19:30 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-12 13:40 <DIR> d-------- C:\sorted music
2007-10-12 12:46 <DIR> d-------- C:\Program Files\OPAL Network
2007-10-12 12:46 <DIR> d-------- C:\Program Files\Common Files\Sagekey Software
2007-10-12 12:46 <DIR> d-------- C:\Program Files\Access 97 Runtime
2007-10-12 10:50 <DIR> d-------- C:\Program Files\Replay Music 2
2007-10-12 10:50 <DIR> d-------- C:\Program Files\Replay Music
2007-10-12 10:50 41,984 --a------ C:\WINDOWS\system32\APTRRNTm.dll
2007-10-12 10:50 36,864 --a------ C:\WINDOWS\system32\APTRRNTl.dll
2007-10-10 14:36 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-10 14:29 <DIR> d-------- C:\Program Files\CCleaner
2007-10-10 14:25 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-05 14:57 46,376,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-05 14:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-05 14:54 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-10-05 14:54 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-05 14:08 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-05 11:58 <DIR> d-------- C:\Documents and Settings\Emanuel\Application Data\SlySoft
2007-10-05 11:51 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2007-10-05 11:49 <DIR> d-------- C:\Program Files\SlySoft
2007-10-05 11:48 <DIR> d-------- C:\Program Files\Amazon DVD Shrinker
2007-10-05 11:47 <DIR> d-------- C:\WINDOWS\Bifrost
2007-09-28 10:37 <DIR> d-------- C:\Documents and Settings\Emanuel\Application Data\Audacity
2007-09-22 13:54 <DIR> d-------- C:\Kiswin
2007-09-22 13:54 <DIR> d-------- C:\Documents and Settings\Emanuel\.terminfo
2007-09-21 14:47 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-21 14:44 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-21 13:57 <DIR> d-------- C:\Program Files\WinPcap
2007-09-20 15:39 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-09-20 14:03 <DIR> d-------- C:\Program Files\SpiralFrog
2007-09-17 21:49 <DIR> d-------- C:\Program Files\PandoraBrowse
2007-09-17 21:15 <DIR> d-------- C:\Documents and Settings\Emanuel\.oboesync
2007-09-17 21:13 <DIR> d-------- C:\Program Files\MP3tunes
2007-09-14 09:51 <DIR> d-------- C:\Documents and Settings\Emanuel\Application Data\GTek
2007-09-02 00:57 491,520 --a------ C:\lame_enc.dll
2007-09-01 23:40 <DIR> d-------- C:\Program Files\ShufflePlay2
2007-09-01 23:40 249,856 --------- C:\WINDOWS\Setup1.exe
2007-09-01 23:40 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 23:34 --------- d-----w C:\Program Files\PeerGuardian2
2007-10-30 21:52 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\VMware
2007-10-30 21:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2007-10-30 21:49 544,052 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-30 21:40 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\AVG7
2007-10-26 17:56 --------- d-----w C:\Program Files\Azureus
2007-10-26 12:59 --------- d-----w C:\Program Files\InsideCAT3
2007-10-26 12:59 --------- d-----w C:\Program Files\DivX
2007-10-22 21:17 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-10-22 15:14 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\AdobeUM
2007-10-18 23:31 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\Azureus
2007-10-18 17:24 --------- d-----w C:\Program Files\Quicken
2007-10-18 14:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-16 23:32 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\VMware
2007-10-16 00:27 --------- d-----w C:\Program Files\Rhapsody
2007-10-12 14:50 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-12 13:18 --------- d-----w C:\Program Files\Audacity
2007-10-11 14:44 --------- d-----w C:\Program Files\LogMeIn
2007-10-11 14:40 --------- d-----w C:\Program Files\Google
2007-10-11 14:40 --------- d-----w C:\Program Files\GizmoPlugin
2007-10-11 14:39 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-11 14:37 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-10-11 10:41 --------- d-----w C:\Program Files\QuickPar
2007-10-05 12:47 --------- d-----w C:\Program Files\Apple Software Update
2007-10-05 12:46 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-05 12:31 --------- d-----w C:\Program Files\HP
2007-09-24 21:38 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\U3
2007-09-21 15:39 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\Media Player Classic
2007-09-21 13:14 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\Thinstall
2007-09-14 13:53 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\Apple Computer
2007-09-02 02:54 --------- d-----w C:\Program Files\RSSoft
2007-08-31 17:37 --------- d-----w C:\Documents and Settings\Emanuel\Application Data\DivX
2007-08-31 14:49 --------- d-----w C:\Program Files\Executive Software
2007-08-30 03:21 --------- d-----w C:\Program Files\PartyGaming
2007-08-30 03:13 --------- d-----w C:\Program Files\Siber Systems
2007-08-28 17:18 --------- d-----w C:\Program Files\Magic MP3 Tagger
2007-08-22 13:12 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 13:12 658,944 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 13:12 615,424 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 13:12 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 13:12 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 13:12 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 13:12 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 13:12 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 13:12 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 13:12 3,058,176 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 13:12 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 13:12 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 13:12 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 13:12 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 13:12 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 13:12 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 13:12 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 13:12 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:30 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-14 14:40 55,831 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-08-14 14:40 5,804 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-08-09 00:34 1,721,712 ----a-w C:\WINDOWS\system32\inetclnt.dll
2007-08-08 20:30 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2007-08-02 22:11 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-08-02 22:11 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-27 19:49 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 19:49 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
2007-07-26 03:06 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 02:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-07-26 02:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 02:53 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-07-26 02:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-07-26 02:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-07-26 02:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-07-26 02:53 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-07-26 02:50 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 02:50 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 02:50 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-07-26 02:50 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 02:50 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-07-26 02:50 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 02:50 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-07-26 02:50 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 02:50 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-07-26 02:50 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-07-26 02:50 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-07-26 02:50 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2005-07-14 18:31:20 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 00:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 16:50]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 11:57]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 17:26]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 13:23]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 20:45]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" []
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"LogMeIn GUI"="C:\Program Files\LogMeIn\LogMeInSystray.exe" [2006-10-06 19:55]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:00 C:\WINDOWS\system32\bthprops.cpl]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-26 08:18]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2005-07-26 17:52]
"SpiralFrog"="C:\Program Files\SpiralFrog\Spiralfrog.exe" [2007-09-14 08:58]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 18:29]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"VisualTooltip"="C:\Program Files\VisualTooltip\VisualToolTip.exe" []
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-19 08:19]

C:\Documents and Settings\Emanuel\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-08-14 09:42 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Emanuel^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=C:\Documents and Settings\Emanuel\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

R2 Gizmo Plugin;Gizmo VoIP Service;"C:\Program Files\GizmoPlugin\GizmoPlugin.exe"
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\RaInfo.sys
R2 vmserverdWin32;VMware Registration Service;C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S2 COM+ System Manager;COM+ System Application Manage;C:\Program Files\Common Files\System\Dllhost.exe
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys
S3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;C:\WINDOWS\system32\Drivers\IMT0521.sys
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55f9bd8a-84b6-11db-992f-0014a5ef0629}]
AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c73ca7a-7e99-11db-9928-0014a5ef0629}]
AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b2d99d6-687c-11dc-99d7-0016d443950d}]
AutoRun\command - F:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{86BD9109-A930-850A-C400-CB85C0CEC5E1}]
C:\WINDOWS\Bifrost\Marcel s
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 19:34:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????H????|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-30 19:36:27
C:\ComboFix2.txt ... 2007-10-30 17:56
.
--- E O F ---
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

hijack this

Unread postby ELevy » October 30th, 2007, 7:38 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:20 PM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\GizmoPlugin\GizmoPlugin.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm61.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emanuel\Desktop\Anti-Malware\elevy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.faces.com/Common/Controls/Ac ... oader3.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C7625C1-35A7-44FD-8C0B-31698B88F545}: Domain = levy.lan
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14372 bytes
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby Katana » October 30th, 2007, 8:05 pm

Please click Start > Run and type in: services.msc
Click OK
In the Services window find: COM+ System Manager
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete "COM+ System Manager"
Click: OK

Please post a fresh HJT log in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby ELevy » October 31st, 2007, 11:22 am

katana wrote:Please click Start > Run and type in: services.msc
Click OK
In the Services window find: COM+ System Manager
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK


Please post a fresh HJT log in your reply.


I don't see COM+ System Manager I see

COM+ Event System
COM+ System Application
COM+ System Application Manage
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby Katana » October 31st, 2007, 1:41 pm

COM+ System Application Manage Is the one :)

Still use this though
Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete "COM+ System Manager"
Click: OK
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby ELevy » October 31st, 2007, 2:17 pm

the sc delete did not work


C:\Documents and Settings\Emanuel>sc delete "COM+ System Manager"
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


C:\Documents and Settings\Emanuel>


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:50 PM, on 10/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\GizmoPlugin\GizmoPlugin.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emanuel\Desktop\Anti-Malware\elevy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.faces.com/Common/Controls/Ac ... oader3.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C7625C1-35A7-44FD-8C0B-31698B88F545}: Domain = levy.lan
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14165 bytes
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby Katana » October 31st, 2007, 2:21 pm

It is gone From the HJT log though :)

How are things running now ?
Are you still having the delay at login ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby ELevy » October 31st, 2007, 2:37 pm

It is running much better, The delay is reduced now.

What was I infected with?
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby Katana » October 31st, 2007, 3:11 pm

ELevy wrote:What was I infected with?

To be totally honest, I have no idea what the problem was :shock:
The couple of things we have deleted were not active and would not have affected your machines performance.
The only thing I can think of is that we have freed some space up when DSS did disk cleanup.

You need to look at either moving some files to different storage or deleting them as you are desperately short on space.
If there isn't 15% available for the page file, etc., XP will kind of choke at bootup.

Congratulations your logs look clean :D

Let's see if I can help you keep it that way

First lets tidy up :D

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Image
  • When shown the disclaimer, Select "2"
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.


Also PLEASE read this article

So How Did I Get Infected In The First Place

If you can see a program in the must have section that you have never seen or used then get it!

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby ELevy » October 31st, 2007, 3:20 pm

I did the combofix /u did not get the disclaimer screen but it said it has been uninstalled.

I do appreciate the help
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby Katana » October 31st, 2007, 3:24 pm

:occasion5: you are good to go :)
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby Gary R » November 8th, 2007, 7:24 am

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware