Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My computer(PC) doesn't switch on, on normal mode.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 4th, 2008, 10:08 am

PLz help me becuz i can't use the normal mode to use my PC. I can only use the Safe MODES. Plz help me, i'm really scared. :pale:


This is my HijackThis log, plz remember that this is from the SAFE MODE:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:04 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [SpybotDeletingA5280] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2472] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2838] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1415] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [PremiumBooster.exe] C:\Program Files\Premium Booster\PremiumBooster.exe /clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.cricinfo.com
O15 - Trusted Zone: http://www.google.ae
O15 - Trusted Zone: http://www.vr4network.com
O15 - Trusted Zone: http://www.vr4upload100.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLa ... uncher.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1979666718
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11167 bytes
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm
Advertisement
Register to Remove

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 4th, 2008, 10:41 am

The spyware, or watever you call it has been destroyed!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! lol
anyways, I can't get on to normal mode plz help me this is my HijackThis log from Safe Mode:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:23 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [SpybotDeletingA5280] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2472] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2838] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1415] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [PremiumBooster.exe] C:\Program Files\Premium Booster\PremiumBooster.exe /clear
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.cricinfo.com
O15 - Trusted Zone: http://www.google.ae
O15 - Trusted Zone: http://www.vr4network.com
O15 - Trusted Zone: http://www.vr4upload100.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLa ... uncher.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1979666718
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11118 bytes
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby Katana » February 7th, 2008, 9:46 am

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.





Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofi ... e-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 7th, 2008, 10:52 am

I apologise for keep going on and for posting another post(SmitfraudCCoreSerives is slowing My PC)because like I said I'm new I don't know anything about this website and its forums.. I had to repair my Windows XP so I did that. This is My COMBOFIX log as requested(from normal mode, becuase I repaired the windows):

ComboFix 08-02.05.3 - Hamza 2008-02-07 18:22:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.167 [GMT 4:00]
Running from: D:\Installing programs\downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\atapii.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\Documents and Settings\Hamza\Application Data\macromedia\Flash Player\#SharedObjects\LS6HYFKL\iforex.com
C:\Documents and Settings\Hamza\Application Data\macromedia\Flash Player\#SharedObjects\LS6HYFKL\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Hamza\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Hamza\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\temp\tn3
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\hosts
C:\WINDOWS\system32\drivers\atapii.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\installer.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ATAPII
-------\atapii


((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-07 17:40 . 2008-02-07 17:40 <DIR> d-------- C:\kav
2008-02-07 17:13 . 2008-02-07 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-07 17:12 . 2008-02-07 17:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-07 16:51 . 2008-02-07 16:51 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-07 16:50 . 2008-02-07 16:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 16:12 . 2008-02-07 16:12 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-02-07 16:12 . 2008-02-07 16:12 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-02-07 16:12 . 2008-02-07 16:12 <DIR> d-------- C:\Documents and Settings\Hamza\Application Data\SiteAdvisor
2008-02-07 16:12 . 2008-02-07 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-07 16:12 . 2008-02-07 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-07 16:06 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-02-06 19:53 . 2008-02-06 19:53 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-02-06 19:26 . 2005-06-21 16:43 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-02-06 19:01 . 2004-08-04 16:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-02-06 19:00 . 2004-08-04 16:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-02-06 18:59 . 2004-08-04 16:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-06 18:58 . 2004-08-04 16:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-06 18:57 . 2004-08-04 16:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-06 18:56 . 2004-08-04 16:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2008-02-06 18:56 . 2004-08-04 16:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
2008-02-06 18:56 . 2004-08-04 16:00 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
2008-02-06 18:56 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2008-02-06 18:56 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2008-02-06 18:56 . 2003-03-24 16:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2008-02-06 18:56 . 2003-03-24 16:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2008-02-06 18:55 . 2008-02-06 18:55 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-06 17:47 . 2004-08-04 16:00 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2008-02-05 22:06 . 2008-02-05 22:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-05 17:22 . 2008-02-05 17:22 <DIR> d-------- C:\Program Files\ACW
2008-02-04 16:10 . 2008-02-07 05:44 2,518 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-04 16:09 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-04 16:09 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-04 16:09 . 2008-02-02 00:55 83,456 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-04 16:09 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-04 16:09 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-04 16:09 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-04 16:09 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-02 09:52 . 2008-02-02 09:52 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-02-01 20:10 . 2008-02-01 20:10 70,129 --a------ C:\AVG7QT.DAT
2008-02-01 19:58 . 2008-02-07 08:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-01 19:58 . 2008-02-01 19:58 <DIR> d-------- C:\Documents and Settings\Hamza\Application Data\AVG7
2008-02-01 19:58 . 2008-02-01 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-01 15:08 . 2008-02-01 15:08 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-02-01 15:07 . 2008-02-01 15:07 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-01 15:07 . 2008-02-01 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-01 15:07 . 2008-02-01 15:11 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-02-01 15:06 . 2008-02-01 15:06 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-02-01 12:32 . 2008-02-01 12:32 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-01 11:48 . 2008-02-01 11:48 <DIR> d-------- C:\Program Files\Premium Booster
2008-02-01 11:43 . 2008-02-01 11:43 <DIR> d-------- C:\Program Files\Advanced Registry Doctor
2008-02-01 11:08 . 2008-02-07 16:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-31 17:45 . 2008-01-31 17:45 <DIR> d-------- C:\Program Files\SpeedFan
2008-01-31 17:45 . 2008-01-31 17:45 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-01-31 16:20 . 2008-01-31 16:20 <DIR> d--hs---- C:\FOUND.000
2008-01-31 15:31 . 2008-01-31 15:31 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-01-31 15:31 . 2008-01-31 15:31 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-01-29 20:31 . 2008-01-29 20:31 <DIR> d-------- C:\Program Files\filesubmit
2008-01-24 18:14 . 2008-01-24 18:14 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-18 15:21 . 2008-01-18 15:21 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-01-14 15:00 . 2008-01-14 15:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-13 18:44 . 2008-01-31 16:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-13 18:44 . 2008-01-13 18:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-13 18:16 . 2008-01-13 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-01-13 18:16 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-13 18:16 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-01-13 18:16 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-01-13 18:16 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-01-13 18:13 . 2008-01-13 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 13:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-07 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-07 06:59 --------- d-----w C:\Program Files\FlyFF Resource Manager
2008-02-07 02:44 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-06 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-15 05:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 01:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 14:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-03 07:51 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-03 07:51 286,720 ----a-w C:\WINDOWS\Setup1.exe
2007-12-21 09:58 --------- d-----w C:\Program Files\Security Task Manager
2007-12-21 09:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-21 08:57 --------- d-----w C:\Program Files\Abexo
2007-12-17 13:26 --------- d-----w C:\Program Files\MSBuild
2007-12-17 13:26 --------- d-----w C:\Program Files\Microsoft Works
2007-12-17 13:25 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-17 13:19 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-12-17 13:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-12 11:48 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-12 11:48 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-12 11:48 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-06 06:05 30,601 ----a-w C:\Documents and Settings\Hamza\x.exe
2006-10-05 17:12 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-07-03 17:28 40 ----a-w C:\Documents and Settings\Hamza\language.dat
2006-02-17 11:01 19,328 ----a-w C:\Documents and Settings\Hamza\Application Data\GDIPFONTCACHEV1.DAT
2005-08-28 14:44 17,144 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-01 15:08 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{0BF43445-2F28-4351-9252-17FE6E806AA0}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-01 15:08 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 14:50 155648]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 14:13 180269]
"ClientGW"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 09:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 11:11 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-06 20:41 579072]
"SoundMan"="SOUNDMAN.EXE" [2003-04-25 04:53 54784 C:\WINDOWS\SOUNDMAN.EXE]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-05 01:03 36640]
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" [2006-11-07 15:11 2500096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-02 08:57 219136]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

C:\Documents and Settings\Hamza\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-26 11:44:09 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-11-26 20:51:38 389120]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"STI Simulator"=2 (0x2)
"StarWindService"=2 (0x2)
"SLService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"aawservice"=2 (0x2)

R3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46]
S3 PIXMCV;JVC Communication PIX-MCV Driver;C:\WINDOWS\system32\Drivers\pixmcvc.sys [2003-12-05 17:39]
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 16:09]
S3 XDva024;XDva024;C:\WINDOWS\system32\XDva024.sys []
S3 XDva031;XDva031;C:\WINDOWS\system32\XDva031.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14325854-14bc-11db-858e-b3c2d0892867}]
\Shell\AutoRun\command - wscript.exe VirusRemoval.vbs
\Shell\open\Command - wscript.exe VirusRemoval.vbs

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 18:34:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2008-02-07 18:40:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 14:40:01
.
2008-02-07 11:00:48 --- E O F ---



and this is my HijackThis log(as requested):



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:32 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.cricinfo.com
O15 - Trusted Zone: http://www.google.ae
O15 - Trusted Zone: http://www.vr4network.com
O15 - Trusted Zone: http://www.vr4upload100.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLa ... uncher.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1979666718
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11041 bytes


like I said that the SmitfraudCCoreServices was destroyed but it comes back each time I restart the PC and the Zedo popups are also annoying me.

Thanks for the response.
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby Katana » February 7th, 2008, 12:08 pm

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

The following program/s are regarded as either "Rogue", being bundled with "Adware" or having dubious reputations

NoAdware5.0 << Used to be listed as Rogue


I recommend that you remove Via Add/Remove Programs



Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\Documents and Settings\Hamza\x.exe
Click Submit/Send File
Please post back, to let me know the results.

If Virustotal is too busy please try Jotti

SD Fix

DownloadSDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • Virus Total Results
  • SD Fix Log
  • Malwarebytes' Anti-Malware Log
  • Kaspersky Log
  • How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 9th, 2008, 5:33 am

Sorry for the delay.

couldn't open virustotal and used jotti for the scan.


File: x.exe
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: b4fca8a5b1b357bf9e2b7a279827b8b4
Packers detected: -
Bit9 reports: No threat detected (more info)
Scan taken on 07 Feb 2008 17:31:56 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing



SDFix log:


SDFix: Version 1.138

Run by Hamza on Thu 02/07/2008 at 09:03 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 21:13:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:42,7d,55,30,40,b4,98,7d,82,65,57,2e,ed,db,64,38,45,ed,9b,81,de,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:42,7d,55,30,40,b4,98,7d,82,65,57,2e,ed,db,64,38,45,ed,9b,81,de,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Memory Management\PrefetchParameters]
"VideoInitTime"=dword:00000167
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Watchdog\Display]
"ShutdownCount"=dword:0000044e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Epoch]
"Epoch"=dword:00002cf0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:42,7d,55,30,40,b4,98,7d,82,65,57,2e,ed,db,64,38,45,ed,9b,81,de,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS]
"StateIndex"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit"=dword:0003a8ed
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit"=dword:0003a8ed
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit"=dword:0003a8ed
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit"=dword:0003a8ed
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000005c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"RefCount"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43EA1B6F-718A-F56C-D730-741D9A122733}]
"bbbcgokdgaaanagheifafemooapijgmfccon"=hex:61,61,00,00
"abbcgokdgaaanagheiabepcmpacdhhjong"=hex:61,61,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Tue 4 Jul 2006 17,344,752 A..H. --- "C:\Program Files\EPSON\PrinterDriverTemp\SC43\avg71free_394a763.exe"
Mon 25 Sep 2006 1,362,977 A..H. --- "C:\Program Files\EPSON\PrinterDriverTemp\SC43\BitLord_1.01.exe"
Sat 21 Oct 2006 15,926,792 A..H. --- "C:\Program Files\EPSON\PrinterDriverTemp\SC43\DivXInstaller.exe"
Sun 1 Oct 2006 2,675,245 A..H. --- "C:\Program Files\EPSON\PrinterDriverTemp\SC43\isobuster_all_lang.zip"
Thu 21 Sep 2006 155,648 A..H. --- "C:\Program Files\EPSON\PrinterDriverTemp\SC43\NAVDwnld.exe"
Tue 3 Oct 2006 155,648 A..H. --- "C:\Program Files\EPSON\PrinterDriverTemp\SC43\NPFDwnld.exe"
Sat 14 Oct 2006 19,666,504 A..H. --- "C:\Program Files\EPSON\PrinterDriverTemp\SC43\QuickTimeInstaller.exe"
Wed 17 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0089cd1ec7c03d0a52caa6b6ea801507\BIT1.tmp"
Tue 18 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp"
Tue 18 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1.tmp"
Tue 18 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT5.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Tue 18 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT4.tmp"
Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT1.tmp"
Tue 18 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT6.tmp"
Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"
Tue 18 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT2.tmp"
Thu 7 Feb 2008 147,879 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\download\BIT33.tmp"
Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\download\BIT135.tmp"
Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\download\BIT12B.tmp"
Thu 7 Feb 2008 42,051 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1950380ad27a186ad7b25c1e483494eb\download\BIT14F.tmp"
Thu 7 Feb 2008 878,289 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2abaeb659824de5967ddf7181c6befdb\download\BIT12F.tmp"
Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\download\BIT131.tmp"
Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cc8107fde988bba1481bb736cc96c29\download\BIT156.tmp"
Thu 7 Feb 2008 1,209,830 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5379e5c681c265eb176cf4ee378a3a96\download\BIT133.tmp"
Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6b5f9b6e24a379bdb34ad3589556de3e\download\BIT37.tmp"
Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6f0fd10fc234123bcdf54ebca4b84cbd\download\BIT34.tmp"
Thu 7 Feb 2008 329,003 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\download\BIT136.tmp"
Wed 19 Apr 2006 708,414 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\download\BIT7.tmp"
Thu 7 Feb 2008 367,218 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\download\BITB.tmp"
Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c23140ab2b4cffaee396a230df8b1229\download\BIT39.tmp"
Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ca6c24ab62fe8433c5d63bb11a2e5a2c\download\BIT14C.tmp"
Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\download\BIT14.tmp"
Thu 7 Feb 2008 160,083 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d424e8f655073b64c82b6f4f138d5f7e\download\BIT14A.tmp"
Thu 7 Feb 2008 597,936 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d820fbd6e1527bc9c51d0c3b240b96fd\download\BIT2E.tmp"
Thu 7 Feb 2008 303,355 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d8816d09f86abbe0c321ddc90d5c0948\download\BIT2F.tmp"
Thu 7 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ee52836d5c671146809a1dc54498be1f\download\BIT36.tmp"
Thu 7 Feb 2008 136,969 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f040a43a7788e207ef67f26bf9f0471f\download\BIT153.tmp"

Finished!



HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:53 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.cricinfo.com
O15 - Trusted Zone: http://www.google.ae
O15 - Trusted Zone: http://www.vr4network.com
O15 - Trusted Zone: http://www.vr4upload100.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLa ... uncher.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1979666718
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10240 bytes



lol this is the anti-malware log. and guess what, the anti-viruses couldn't detect that x.exe file but this one has detected it and deleted it lol:


Malwarebytes' Anti-Malware 1.02
Database version: 325

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 88245
Time elapsed: 3 hour(s), 18 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Hamza\x.exe (Heuristic.Malware) -> Quarantined and deleted successfully.



I thought that after the "x.exe" file deteting I should give you an updated log from HijackThis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:22 AM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.cricinfo.com
O15 - Trusted Zone: http://www.google.ae
O15 - Trusted Zone: http://www.vr4network.com
O15 - Trusted Zone: http://www.vr4upload100.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLa ... uncher.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1979666718
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10121 bytes



Due to some internet problems with the ISP regarding the line between the middle east and the europe I couldn't use the Kaspersky Virus scan becuz it would stop at the update 10%.

hope these logs help you and me.
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby Katana » February 9th, 2008, 7:10 am

hamzah95 wrote:lol this is the anti-malware log. and guess what, the anti-viruses couldn't detect that x.exe file but this one has detected it and deleted it lol:


That's because the program is designed by people on the front line, rather than a big company :lol:

That's looking clean now, are you still getting popups ?

Please try Kaspersky again, or alternatively try


TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan << LINK
  • Under Scan Now click the Full Scan button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.

Installed Programs
Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 9th, 2008, 7:38 am

Nope, i'm not getting any popups. thanks.

I'm running the totalscan and the Kaspersky scan at the moment.

these are the softwares installed on my PC:


µTorrent
7-Zip 4.20
Active Security Monitor 2.0.0.18
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
BiniQDU
BitLord 1.1
Browser Optimizer Rightonadz
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Drug Lord 2
EAX Unified
EPSON Printer Software
Feeding Frenzy 2
FlyFF Resource Manager
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Video Player
Gutterball 2
HijackThis 2.0.2
HyperCam 2
ImageMixer
Intel Application Accelerator
Intel(R) Extreme Graphics Driver
IsoBuster 1.9.1
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
Kaspersky Online Scanner
KRyLack Password Recovery
LimeWire PRO 4.12.6
Magic Ball 2 New Worlds
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
Microsoft .NET Framework 2.0
Microsoft DirectX SDK (November 2007)
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Logo
MicroStaff WINASPI
MSN Music Assistant
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero - Burning Rom
Nero 7 Premium
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Updater
On2 VP7 Personal Edition
pak.zip
Picture Package Music Transfer
Premium Booster
Quake 3 Arena Demo
QuickTime
RealPlayer
Realtek AC'97 Audio
ronaldo screensaver
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Task Manager 1.7e
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Snooker147 & Poolster (Shareware Demo) 1.3
Snooker147 1.0 (Shareware)
Sony Picture Utility
Sony USB Driver
SpeedFan (remove only)
Spybot - Search & Destroy 1.4
Symantec Technical Support Web Controls
Update for Outlook 2007 Junk Email Filter (kb943597)
VideoCAM GF112
VP6 Decoder
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
WinZip
XMLinst
XviD MPEG-4 Video Codec
Yahoo! Browser Services
Yahoo! Messenger
ZoneAlarm Spy Blocker

Lets just hope that the Kaspersky works properly. I have about 450000+ files on my PC and I think it'll take alot of time.
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 9th, 2008, 9:37 pm

these are my scans:
TotalScan:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-02-10 05:36:03
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Anti-Virus 7.0.1.321 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\signingmodule.signingmodule
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\signingmodule.signingmodule.1
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\signingmodule.signingmodule
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\signingmodule.signingmodule.1
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\altnet signing module.exe
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@atdmt[3].txt
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{2F52FFE5-5FC7-4DC0-B286-C2B5BC7D1057}\RP11\A0001090.exe
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Hamza\Local Settings\Temporary Internet Files\Content.IE5\VN57V5GW\SDFix[1].exe[SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Hamza\Desktop\SDFix.exe[SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@com[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@statcounter[3].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@advertising[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@zedo[3].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@zedo[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@searchportal.information[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@cgi-bin[1].txt
00367121 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Hamza\Cookies\hamza@90594700[2].txt
00517584 Application/SuperFast HackTools No 0 Yes No C:\System Volume Information\_restore{2F52FFE5-5FC7-4DC0-B286-C2B5BC7D1057}\RP11\A0001092.exe
01162707 HackTool/KillProcWin.A HackTools No 0 No No C:\Documents and Settings\Hamza\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat[simple_killw.exe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{2F52FFE5-5FC7-4DC0-B286-C2B5BC7D1057}\RP7\A0000478.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{2F52FFE5-5FC7-4DC0-B286-C2B5BC7D1057}\RP7\A0000501.EXE
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{2F52FFE5-5FC7-4DC0-B286-C2B5BC7D1057}\RP7\A0000537.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 No No D:\System Volume Information\_restore{2F52FFE5-5FC7-4DC0-B286-C2B5BC7D1057}\RP8\A0000959.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No D:\Installing programs\downloads\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No D:\Installing programs\downloads\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No D:\System Volume Information\_restore{2F52FFE5-5FC7-4DC0-B286-C2B5BC7D1057}\RP8\A0000959.exe[327882R2FWJFW\nircmd.cfexe]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{2F52FFE5-5FC7-4DC0-B286-C2B5BC7D1057}\RP11\A0001091.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{2F52FFE5-5FC7-4DC0-B286-C2B5BC7D1057}\RP7\A0000499.sys
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
D:\Special Downloads\softwares\NOOB_KILLER.by.Leerz.zip[NOOB_KILLER.by.Leerz.exe]
;===================================================================================================================================================================================




Kaspersky Scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 10, 2008 5:35:48 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/02/2008
Kaspersky Anti-Virus database records: 555870
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 66152
Number of viruses found: 2
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 07:13:39

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Hamza\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Hamza\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Hamza\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\Hamza\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Hamza\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\Hamza\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Hamza\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Hamza\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Hamza\Local Settings\History\History.IE5\MSHist012008020920080210\index.dat Object is locked skipped
C:\Documents and Settings\Hamza\Local Settings\Temp\~DF49D2.tmp Object is locked skipped
C:\Documents and Settings\Hamza\Local Settings\Temp\~DF6BFF.tmp Object is locked skipped
C:\Documents and Settings\Hamza\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Hamza\ntuser.dat Object is locked skipped
C:\Documents and Settings\Hamza\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Panda Security\TotalScan\236314226c9ad433b8db8cef0a7b9149PSK_NAMES Object is locked skipped
C:\Program Files\Panda Security\TotalScan\236314226c9ad433b8db8cef0a7b9149PSK_NAMES2 Object is locked skipped
C:\System Volume Information\_restore{2F52FFE5-5FC7-4DC0-B286-C2B5BC7D1057}\RP10\A0001074.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{2F52FFE5-5FC7-4DC0-B286-C2B5BC7D1057}\RP10\A0001074.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{2F52FFE5-5FC7-4DC0-B286-C2B5BC7D1057}\RP10\A0001074.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{2F52FFE5-5FC7-4DC0-B286-C2B5BC7D1057}\RP11\A0001091.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{2F52FFE5-5FC7-4DC0-B286-C2B5BC7D1057}\RP12\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C942723C-2802-43BA-A97B-63344385EA4B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Installing programs\downloads\FlyFF Resource Manager.rar/FlyFF_Resource_Manager__Setup_/FlyFF Resource Manager (Setup).exe/stream/data0009 Infected: Backdoor.Win32.Hupigon.asnq skipped
D:\Installing programs\downloads\FlyFF Resource Manager.rar/FlyFF_Resource_Manager__Setup_/FlyFF Resource Manager (Setup).exe/stream Infected: Backdoor.Win32.Hupigon.asnq skipped
D:\Installing programs\downloads\FlyFF Resource Manager.rar/FlyFF_Resource_Manager__Setup_/FlyFF Resource Manager (Setup).exe Infected: Backdoor.Win32.Hupigon.asnq skipped
D:\Installing programs\downloads\FlyFF Resource Manager.rar RAR: infected - 3 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


hope these help.
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby Katana » February 9th, 2008, 10:25 pm

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

µTorrent
BitLord 1.1
LimeWire PRO 4.12.6


I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.


Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    
    File::
    C:\Documents and Settings\Hamza\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat
    D:\Installing programs\downloads\FlyFF Resource Manager.rar
    
    Driver::
    XDva024
    XDva031
    Registry::
    [-hkey_local_machine\software\classes\signingmodule.signingmodule]
    [-hkey_local_machine\software\classes\signingmodule.signingmodule.1]
    [-hkey_classes_root\signingmodule.signingmodule]
    [-hkey_classes_root\signingmodule.signingmodule.1]
    [-hkey_local_machine\software\classes\appid\altnet signing module.exe]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ClientGW"=-
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14325854-14bc-11db-858e-b3c2d0892867}]
    ADS::

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Your Java and Adobe is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java and Adobe components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u4 from http://java.sun.com/javase/downloads/index.jsp
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Update Adobe Acrobat Reader
  • Please go to this link Adobe Acrobat Reader Download Link
  • Cllick Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Now close all windows, including your browser.
Double click on the Java installation that you downloaded and follow the prompts.

Remove Programs
Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
  • Adobe Reader 7.0.9
  • J2SE Runtime Environment 5.0 Update 11
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
Now close the Control Panel.

Reboot your machine.

How are things runing now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 10th, 2008, 1:28 pm

here is the ComboFix log:

ComboFix 08-02.05.3 - Administrator 2008-02-10 21:11:51.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.363 [GMT 4:00]
Running from: C:\Documents and Settings\Hamza_2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hamza_2\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Documents and Settings\Hamza\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat
D:\Installing programs\downloads\FlyFF Resource Manager.rar
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Hamza\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat
D:\Installing programs\downloads\FlyFF Resource Manager.rar

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_XDVA024
-------\LEGACY_XDVA031
-------\XDva024
-------\XDva031




((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-10 21:09 . 2008-02-10 21:09 <DIR> d-------- C:\Documents and Settings\Administrator\ContentWatch
2008-02-10 18:24 . 2008-02-10 18:24 <DIR> d-------- C:\Documents and Settings\Hamza_2\Application Data\KRyLack Password Recovery
2008-02-10 18:17 . 2008-02-10 18:17 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\SiteAdvisor
2008-02-10 18:17 . 2008-02-10 18:17 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Sereniti
2008-02-10 18:05 . 2008-02-10 18:05 <DIR> dr-h----- C:\Documents and Settings\Hamza_2\Application Data\yahoo!
2008-02-10 17:44 . 2008-02-10 17:44 <DIR> d-------- C:\Documents and Settings\Hamza_2\Application Data\SiteAdvisor
2008-02-10 17:44 . 2008-02-10 17:44 <DIR> d-------- C:\Documents and Settings\Hamza_2\Application Data\Sereniti
2008-02-10 17:41 . 2008-02-10 17:41 <DIR> d-------- C:\Documents and Settings\LocalService\ContentWatch
2008-02-10 17:38 . 2008-02-10 17:38 <DIR> d-------- C:\Program Files\ContentWatch
2008-02-10 17:38 . 2008-02-10 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ContentWatch
2008-02-10 17:37 . 2008-02-10 17:37 <DIR> d-------- C:\Documents and Settings\Hamza\ContentWatch
2008-02-09 15:30 . 2008-02-09 15:32 <DIR> d-------- C:\Program Files\Panda Security
2008-02-07 21:35 . 2008-02-07 21:35 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-07 21:35 . 2008-02-07 21:35 <DIR> d-------- C:\Documents and Settings\Hamza\Application Data\Malwarebytes
2008-02-07 21:35 . 2008-02-07 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-07 21:00 . 2008-02-07 21:01 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-07 20:55 . 2008-02-07 21:23 <DIR> d-------- C:\SDFix
2008-02-07 19:35 . 2008-02-07 20:12 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-07 19:35 . 2008-02-07 19:35 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-07 19:34 . 2008-02-07 19:34 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-07 19:34 . 2008-02-10 21:05 3,033,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-07 19:34 . 2008-02-10 21:05 126,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-07 19:34 . 2008-02-10 21:05 43,796 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-07 19:34 . 2008-02-10 21:05 14,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-07 18:18 . 2004-08-04 12:00 388,608 --a------ C:\kmd.exe
2008-02-07 17:40 . 2008-02-07 17:40 <DIR> d-------- C:\kav
2008-02-07 17:13 . 2008-02-10 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-07 17:12 . 2008-02-07 17:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-07 16:12 . 2008-02-07 16:12 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-02-07 16:12 . 2008-02-07 16:12 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-02-07 16:12 . 2008-02-08 11:25 <DIR> d-------- C:\Documents and Settings\Hamza\Application Data\SiteAdvisor
2008-02-07 16:12 . 2008-02-10 04:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-07 16:12 . 2008-02-07 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-06 19:53 . 2008-02-06 19:53 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-02-06 19:26 . 2005-06-21 16:43 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-02-06 19:01 . 2004-08-04 16:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-02-06 19:00 . 2004-08-04 16:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-02-06 18:59 . 2004-08-04 16:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-06 18:58 . 2004-08-04 16:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-06 18:57 . 2004-08-04 16:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-06 18:56 . 2004-08-04 16:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2008-02-06 18:56 . 2004-08-04 16:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
2008-02-06 18:56 . 2004-08-04 16:00 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
2008-02-06 18:56 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2008-02-06 18:56 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2008-02-06 18:56 . 2003-03-24 16:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2008-02-06 18:56 . 2003-03-24 16:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2008-02-06 18:55 . 2008-02-06 18:55 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-06 17:47 . 2004-08-04 16:00 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2008-02-05 22:06 . 2008-02-05 22:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-05 17:22 . 2008-02-05 17:22 <DIR> d-------- C:\Program Files\ACW
2008-02-04 16:10 . 2008-02-07 05:44 2,518 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-04 16:09 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-04 16:09 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-04 16:09 . 2008-02-02 00:55 83,456 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-04 16:09 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-04 16:09 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-04 16:09 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-04 16:09 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-02 09:52 . 2008-02-02 09:52 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-02-01 20:10 . 2008-02-01 20:10 70,129 --a------ C:\AVG7QT.DAT
2008-02-01 19:58 . 2008-02-07 08:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-01 19:58 . 2008-02-01 19:58 <DIR> d-------- C:\Documents and Settings\Hamza\Application Data\AVG7
2008-02-01 19:58 . 2008-02-07 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-01 15:08 . 2008-02-01 15:08 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-02-01 15:07 . 2008-02-01 15:07 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-01 15:07 . 2008-02-01 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-01 15:07 . 2008-02-01 15:11 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-02-01 15:06 . 2008-02-01 15:06 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-02-01 12:32 . 2008-02-01 12:32 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-01 11:48 . 2008-02-01 11:48 <DIR> d-------- C:\Program Files\Premium Booster
2008-02-01 11:43 . 2008-02-01 11:43 <DIR> d-------- C:\Program Files\Advanced Registry Doctor
2008-02-01 11:08 . 2008-02-07 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-31 17:45 . 2008-02-07 19:46 <DIR> d-------- C:\Program Files\SpeedFan
2008-01-31 17:45 . 2008-01-31 17:45 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-01-31 16:20 . 2008-01-31 16:20 <DIR> d--hs---- C:\FOUND.000
2008-01-31 15:31 . 2008-01-31 15:31 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-01-31 15:31 . 2008-01-31 15:31 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-01-29 20:31 . 2008-01-29 20:31 <DIR> d-------- C:\Program Files\filesubmit
2008-01-24 18:14 . 2008-01-24 18:14 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-18 15:21 . 2008-01-18 15:21 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-01-14 15:00 . 2008-01-14 15:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-13 18:44 . 2008-01-31 16:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-13 18:44 . 2008-01-13 18:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-13 18:16 . 2008-01-13 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-01-13 18:16 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-13 18:16 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-01-13 18:16 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-01-13 18:16 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-01-13 18:13 . 2008-01-13 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 15:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-07 06:59 --------- d-----w C:\Program Files\FlyFF Resource Manager
2008-01-03 07:51 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-03 07:51 286,720 ----a-w C:\WINDOWS\Setup1.exe
2007-12-21 09:58 --------- d-----w C:\Program Files\Security Task Manager
2007-12-21 09:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-21 08:57 --------- d-----w C:\Program Files\Abexo
2007-12-17 20:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-17 20:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-17 13:26 --------- d-----w C:\Program Files\MSBuild
2007-12-17 13:26 --------- d-----w C:\Program Files\Microsoft Works
2007-12-17 13:25 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-17 13:19 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-12-17 13:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-13 09:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-12-12 11:48 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-12 11:48 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2006-10-05 17:12 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-07-03 17:28 40 ----a-w C:\Documents and Settings\Hamza\language.dat
2006-02-17 11:01 19,328 ----a-w C:\Documents and Settings\Hamza\Application Data\GDIPFONTCACHEV1.DAT
2005-08-28 14:44 17,144 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-01 15:08 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{0BF43445-2F28-4351-9252-17FE6E806AA0}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" [2006-09-13 10:52 10752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 14:50 155648]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 14:13 180269]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SoundMan"="SOUNDMAN.EXE" [2003-04-25 04:53 54784 C:\WINDOWS\SOUNDMAN.EXE]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-05 01:03 36640]
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" [2006-11-07 15:11 2500096]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
"cwcptray"="C:\Program Files\ContentWatch\Internet Protection\cwtray.exe" [2007-10-17 09:42 403456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

C:\Documents and Settings\Hamza\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-26 11:44:09 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-11-26 20:51:38 389120]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"STI Simulator"=2 (0x2)
"StarWindService"=2 (0x2)
"SLService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"aawservice"=2 (0x2)

S2 CwAltaService20;ContentWatch;C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe [2007-10-17 09:42]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46]
S3 PIXMCV;JVC Communication PIX-MCV Driver;C:\WINDOWS\system32\Drivers\pixmcvc.sys [2003-12-05 17:39]
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 16:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83867412-188a-11da-8373-806d6172696f}]
\Shell\AutoRun\command - E:\automenu.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 21:21:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-10 21:22:01
ComboFix-quarantined-files.txt 2008-02-10 17:21:45
ComboFix2.txt 2008-02-07 14:40:29
.
2008-02-10 16:54:22 --- E O F ---






the start up is still slow.
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby Katana » February 10th, 2008, 1:49 pm

Do you use a USB drive at all ?


Flash Disinfector by sUBs
Please downloadFlash_Disinfector.exe by sUBs and save it to your desktop:


* Double-click Flash_Disinfector.exe to run it.
* Follow any prompts that may appear.
* Wait until the program has finished scanning, then please exit the program.
The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.


Please restart your computer.


Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"=-
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83867412-188a-11da-8373-806d6172696f}]
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 11th, 2008, 8:47 am

I had a flash drive but it broke lol
and this is my new Combo fix log:


ComboFix 08-02.05.3 - Administrator 2008-02-11 16:30:32.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.371 [GMT 4:00]
Running from: C:\Documents and Settings\Hamza_2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hamza_2\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-10 21:09 . 2008-02-10 21:09 <DIR> d-------- C:\Documents and Settings\Administrator\ContentWatch
2008-02-10 18:24 . 2008-02-10 18:24 <DIR> d-------- C:\Documents and Settings\Hamza_2\Application Data\KRyLack Password Recovery
2008-02-10 18:17 . 2008-02-10 18:17 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\SiteAdvisor
2008-02-10 18:17 . 2008-02-10 18:17 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Sereniti
2008-02-10 18:05 . 2008-02-10 18:05 <DIR> dr-h----- C:\Documents and Settings\Hamza_2\Application Data\yahoo!
2008-02-10 17:44 . 2008-02-10 17:44 <DIR> d-------- C:\Documents and Settings\Hamza_2\Application Data\SiteAdvisor
2008-02-10 17:44 . 2008-02-10 17:44 <DIR> d-------- C:\Documents and Settings\Hamza_2\Application Data\Sereniti
2008-02-10 17:41 . 2008-02-10 17:41 <DIR> d-------- C:\Documents and Settings\LocalService\ContentWatch
2008-02-10 17:38 . 2008-02-10 17:38 <DIR> d-------- C:\Program Files\ContentWatch
2008-02-10 17:38 . 2008-02-10 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ContentWatch
2008-02-10 17:37 . 2008-02-10 17:37 <DIR> d-------- C:\Documents and Settings\Hamza\ContentWatch
2008-02-10 16:47 . 2004-08-04 12:00 388,608 --a------ C:\kmd.exe
2008-02-09 15:30 . 2008-02-09 15:32 <DIR> d-------- C:\Program Files\Panda Security
2008-02-07 21:35 . 2008-02-07 21:35 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-07 21:35 . 2008-02-07 21:35 <DIR> d-------- C:\Documents and Settings\Hamza\Application Data\Malwarebytes
2008-02-07 21:35 . 2008-02-07 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-07 21:00 . 2008-02-07 21:01 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-07 20:55 . 2008-02-07 21:23 <DIR> d-------- C:\SDFix
2008-02-07 19:35 . 2008-02-07 20:12 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-07 19:35 . 2008-02-07 19:35 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-07 19:34 . 2008-02-07 19:34 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-07 19:34 . 2008-02-11 16:06 3,159,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-07 19:34 . 2008-02-11 16:06 136,224 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-07 19:34 . 2008-02-11 16:06 45,476 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-07 19:34 . 2008-02-11 16:06 14,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-07 17:40 . 2008-02-07 17:40 <DIR> d-------- C:\kav
2008-02-07 17:13 . 2008-02-11 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-07 17:12 . 2008-02-07 17:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-07 16:12 . 2008-02-07 16:12 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-02-07 16:12 . 2008-02-07 16:12 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-02-07 16:12 . 2008-02-08 11:25 <DIR> d-------- C:\Documents and Settings\Hamza\Application Data\SiteAdvisor
2008-02-07 16:12 . 2008-02-11 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-07 16:12 . 2008-02-07 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-06 19:53 . 2008-02-06 19:53 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-02-06 19:26 . 2005-06-21 16:43 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-02-06 19:01 . 2004-08-04 16:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-02-06 19:00 . 2004-08-04 16:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-02-06 18:59 . 2004-08-04 16:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-06 18:58 . 2004-08-04 16:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-06 18:57 . 2004-08-04 16:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-06 18:56 . 2004-08-04 16:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2008-02-06 18:56 . 2004-08-04 16:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
2008-02-06 18:56 . 2004-08-04 16:00 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
2008-02-06 18:56 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2008-02-06 18:56 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2008-02-06 18:56 . 2003-03-24 16:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2008-02-06 18:56 . 2003-03-24 16:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2008-02-06 18:55 . 2008-02-06 18:55 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-06 18:54 . 2008-02-06 18:54 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-06 17:47 . 2004-08-04 16:00 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2008-02-05 22:06 . 2008-02-05 22:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-05 17:22 . 2008-02-05 17:22 <DIR> d-------- C:\Program Files\ACW
2008-02-04 16:10 . 2008-02-07 05:44 2,518 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-04 16:09 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-04 16:09 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-04 16:09 . 2008-02-02 00:55 83,456 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-04 16:09 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-04 16:09 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-04 16:09 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-04 16:09 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-02 09:52 . 2008-02-02 09:52 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-02-01 20:10 . 2008-02-01 20:10 70,129 --a------ C:\AVG7QT.DAT
2008-02-01 19:58 . 2008-02-07 08:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-01 19:58 . 2008-02-01 19:58 <DIR> d-------- C:\Documents and Settings\Hamza\Application Data\AVG7
2008-02-01 19:58 . 2008-02-07 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-01 15:08 . 2008-02-01 15:08 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-02-01 15:07 . 2008-02-01 15:07 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-01 15:07 . 2008-02-01 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-01 15:07 . 2008-02-01 15:11 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-02-01 15:06 . 2008-02-01 15:06 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-02-01 12:32 . 2008-02-01 12:32 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-01 11:48 . 2008-02-01 11:48 <DIR> d-------- C:\Program Files\Premium Booster
2008-02-01 11:43 . 2008-02-01 11:43 <DIR> d-------- C:\Program Files\Advanced Registry Doctor
2008-02-01 11:08 . 2008-02-07 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-31 17:45 . 2008-02-07 19:46 <DIR> d-------- C:\Program Files\SpeedFan
2008-01-31 17:45 . 2008-01-31 17:45 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-01-31 16:20 . 2008-01-31 16:20 <DIR> d--hs---- C:\FOUND.000
2008-01-31 15:31 . 2008-01-31 15:31 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-01-31 15:31 . 2008-01-31 15:31 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-01-29 20:31 . 2008-01-29 20:31 <DIR> d-------- C:\Program Files\filesubmit
2008-01-24 18:14 . 2008-01-24 18:14 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-18 15:21 . 2008-01-18 15:21 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-01-14 15:00 . 2008-01-14 15:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-13 18:44 . 2008-01-31 16:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-13 18:44 . 2008-01-13 18:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-13 18:16 . 2008-01-13 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-01-13 18:16 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-13 18:16 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-01-13 18:16 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-01-13 18:16 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-01-13 18:13 . 2008-01-13 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 15:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-07 06:59 --------- d-----w C:\Program Files\FlyFF Resource Manager
2008-01-03 07:51 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-03 07:51 286,720 ----a-w C:\WINDOWS\Setup1.exe
2007-12-21 09:58 --------- d-----w C:\Program Files\Security Task Manager
2007-12-21 09:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-21 08:57 --------- d-----w C:\Program Files\Abexo
2007-12-17 20:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-17 20:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-17 13:26 --------- d-----w C:\Program Files\MSBuild
2007-12-17 13:26 --------- d-----w C:\Program Files\Microsoft Works
2007-12-17 13:25 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-17 13:19 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-12-17 13:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-13 09:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-12-12 11:48 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-12 11:48 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2006-10-05 17:12 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-07-03 17:28 40 ----a-w C:\Documents and Settings\Hamza\language.dat
2006-02-17 11:01 19,328 ----a-w C:\Documents and Settings\Hamza\Application Data\GDIPFONTCACHEV1.DAT
2005-08-28 14:44 17,144 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-01 15:08 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{0BF43445-2F28-4351-9252-17FE6E806AA0}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" [2006-09-13 10:52 10752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 14:50 155648]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 14:13 180269]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SoundMan"="SOUNDMAN.EXE" [2003-04-25 04:53 54784 C:\WINDOWS\SOUNDMAN.EXE]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-05 01:03 36640]
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" [2006-11-07 15:11 2500096]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
"cwcptray"="C:\Program Files\ContentWatch\Internet Protection\cwtray.exe" [2007-10-17 09:42 403456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

C:\Documents and Settings\Hamza\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-26 11:44:09 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-11-26 20:51:38 389120]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"STI Simulator"=2 (0x2)
"StarWindService"=2 (0x2)
"SLService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"aawservice"=2 (0x2)

S2 CwAltaService20;ContentWatch;C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe [2007-10-17 09:42]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46]
S3 PIXMCV;JVC Communication PIX-MCV Driver;C:\WINDOWS\system32\Drivers\pixmcvc.sys [2003-12-05 17:39]
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 16:09]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 16:40:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-11 16:40:47
ComboFix-quarantined-files.txt 2008-02-11 12:40:31
ComboFix2.txt 2008-02-10 17:22:01
ComboFix3.txt 2008-02-07 14:40:29
.
2008-02-10 17:42:36 --- E O F ---
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby Katana » February 11th, 2008, 9:01 am

Your log's look clean now, have you tried normal mode ?
Please describe what happens in detail
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 11th, 2008, 9:24 am

katana wrote:Your log's look clean now, have you tried normal mode ?
Please describe what happens in detail


if u haven't noticed, I said:

hamzah95 wrote:I had to repair my Windows XP so I did that. This is My COMBOFIX log as requested(from normal mode, becuase I repaired the windows).


so my windows is working properly(in normal mode), but when it startups, it goes to the windows xp logo and jams for about 1min and then it continues.


And anyway to disable NETNANNY without the real password?
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware