PDA

View Full Version : HP Laptop - XP - Virus infected



justinsg
14-03-2008, 07:35 PM
Hi there,

I have a HP Compaq 6170b Laptop running Windows XP Professional. It has somehow become infected by a virus of some kind (it may be malware or something).

I have run AVG/Symantec/Spybot scans, picking up and quarantining a few minor ones but there seems to be a larger one in there blocking lots of things happening.

The Symptoms are:
- Slow startup (after user logon - non network).
- Windows Explorer (the process) fails to start up 90% of the time
- Internet Explorer seems to have some bug (currently switched to Firefox)
- Symantec has since disabled or crashed because it won't run a simple scan!
- Generally slow computing

Can anyone help on this?

If all methods of removal fail, I am prepared to reset my computer to it's factory status using "HP Backup and Restore" on a separate partition.
If this turns out to be the case, can someone please tell me how to backup all my windows settings (Control Panel etc.) rather than writing them all down!


Thanks (in advance)
Justinsg

gary67
14-03-2008, 07:44 PM
Post a Hijack this log, download using the link in Speedy's signature put it in it's own folder first, do a scan then save and post the log here for someone to analyze.

Speedy Gonzales
14-03-2008, 07:45 PM
Get Trojan remover (http://www.simplysup.co.uk/download/dl/trsetup.exe) <-- direct link, install it, update it then click on scan.

Then select all options under utilities. This may restore things, so at least you can do something

If it wont install in normal windows, install it in safe mode.

And get hijackthis in my sig, if u can. Put it in its own folder, run it.

Then click on scan the system and save the log. Copy and paste the log here

If you go back to the factory settings, it resets everything. There's no point in giving you any settings

wainuitech
14-03-2008, 07:51 PM
First remove Nortons - remove it Via add/remove programs, then run the Norton Removal Tool (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039). If it wont come out Via Add/remove first simply use the removal tool to rip it out.

Next run spyware Doctor from my sig, run the full system scan, also download and run Super Antispyware (http://www.superantispyware.com/). Down load Nod32 (http://www.eset.com/download/index.php) - have a look at This Posting number 12 (http://pressf1.pcworld.co.nz/showthread.php?t=87883&page=2) for instructions on how to set Nod to scan better.


NOted speedy has also posted so between those programs should clean the Laptop.


Symantec has since disabled or crashed because it won't run a simple scan That alone will be more problems than its worth - Nortons is causing trouble.

justinsg
14-03-2008, 08:03 PM
Sorry can't easily download 'Trojan Remover' on dialup (1 byte/sec)
But, here's a log from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:55 p.m., on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\neville\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.1.10:8080
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterM odule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [BM499f8fde] Rundll32.exe "C:\WINDOWS\system32\tohiabcl.dll",s
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PIMphony.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spbl.co.nz
O17 - HKLM\Software\..\Telephony: DomainName = spbl.co.nz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spbl.co.nz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = spbl.co.nz
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10659 bytes

wainuitech
14-03-2008, 08:08 PM
That logs actually reasonably good - A few minor problems which hopefully speedy can point you in the right direction ( he's better at those) but remove Nortons - and you'll see an instant speed increase see post 4 above for removal tool.

Then repost a new Hijack log.

PS: what are the system spec's of the laptop - RAM / CPU

justinsg
14-03-2008, 08:15 PM
GRRRRR! It just froze (completely) while installing NOD32.
Looks OK after force restart (explorer.exe still not auto starting)

RAM: 1GB (phys) 1GB (virt)
CPU: 2.2 GHz


-----------
EDIT
-----------

Actually, it won't log on properly - Booting in safe mode logging on as admin...

Speedy Gonzales
14-03-2008, 08:18 PM
You dont need 2 AV programs, uninstall AVG / and or Nortons and get NOD32 or Avast Home.

Put hijackthis in its own folder first then run it again then tick these entries. Then tick fix checked

Close browser/s

These are safe, but dont have to be in startup

Yup It doesnt look like you've got anything nasty

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

This looks suss, I dont know what this is

O4 - HKLM\..\Run: Rundll32.exe "C:\WINDOWS\system32\tohiabcl.dll",s

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[B]Tick this or disable it in Spybot

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: PIMphony.lnk = ?

O4 - Global Startup: Bluetooth.lnk = ?

Uninstall all versions of Java, yours is out of date. Update is in my sig.

Then reboot

justinsg
14-03-2008, 08:39 PM
Have fixed the entry on the DLL. Will update Java and remove unneccessary startup memory-hoggers when I have the time and safe environment!

PIMPhony is a VOip type application installed by me. Bluetooth.lnk is probably an obsolete link left behind in some configuration wizard.

This scan was done on an admin account in Safe Mode because normal doesn't work at the moment.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:01 p.m., on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterM odule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = [filtered].co.nz
O17 - HKLM\Software\..\Telephony: DomainName = spbl.co.nz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = [filtered].co.nz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = [filtered].co.nz
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9415 bytes

wainuitech
14-03-2008, 09:15 PM
Assuming you have taken out AVG AND Norton Via above instructions rerun HJT and tick/remove these: NORTONS and AVG must be removed as speedy said only ONE AV - Keep Nod32.

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


Get Ccleaner _ in my sig, install it and run it.

Was the Norton Removal tool Run ??


You also need to remove the other items on start up that speedy suggested --- Hows it running Now ??

Pancake
15-03-2008, 10:01 AM
You have a Vundo infection in your registry....

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.

Please visit this webpage for download links, and instructions for running the tool (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)


When the tool is finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a security analyst.

justinsg
15-03-2008, 01:24 PM
I am currently working through the last two posts: Downloading ComboFix and removing Norton.

I have a question for Pancake:
I don't have a floppy drive on this laptop (or a usb one) so do i need to install the XP Recovery Console? I have a HP restore partition which can restore my PC to it's factory state.

NOTE
The version of Symantec I have is:
"Symantec Client Security 2006"

Should I get rid of this and keep AVG? (these are the only two on my HD, not nod32)

Also, Spybot S & D just asked me this:

Category: System startup global entry
Change: Value Changed
Entry: BM499f8fde
Old Data: Rundll32.exe "C:WINDOWS\system32\tohaibcl.dll",s
New Data: Rundll32.exe "C:WINDOWS\system32\bcvgfuls.dll",s

should i accept or deny?

wainuitech
15-03-2008, 02:57 PM
Nortons is what could as I mentioned before causing most of your problems in fact you even said it your self.

Symantec has since disabled or crashed because it won't run a simple scan!
You'll find when you remove Nortons the PC should run a lot better. - use that removal tool and it will do a betetr job of removing

Its also been mentioned a couple of times - ONLY 1 ANTIVIRUS.

AVG is Crap - got a customers PC in the workshop right now - HAD AVG said it was clean - Nod is currently scanning and at 54% has located and deleted 19 infections.

Pancake
15-03-2008, 05:50 PM
I have a question for Pancake:
I don't have a floppy drive on this laptop (or a usb one) so do i need to install the XP Recovery Console? I have a HP restore partition which can restore my PC to it's factory state.

You wont need a disc of any kind.Its an automatic install.Just carry on and install the Recovery Console ..:thumbs:

justinsg
16-03-2008, 10:44 AM
ComboFix 08-03-14.4 - Administrator 2008-03-16 12:26:17.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.738 [GMT 12:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
C:\WINDOWS\BM499f8fde.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\agagceil.dll
C:\WINDOWS\system32\bcvgfuls.dll
C:\WINDOWS\system32\bosuibfx.dll
C:\WINDOWS\system32\ceagcnbp.dll
C:\WINDOWS\system32\ctqgqvqd.dll
C:\WINDOWS\system32\gnfusxkk.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\kkcgocno.dll
C:\WINDOWS\system32\mmdludsl.dll
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\svdpcqto.dll
C:\WINDOWS\system32\talbgpsa.dll
C:\WINDOWS\system32\tohiabcl.dll
C:\WINDOWS\system32\uepsbupt.dll
C:\WINDOWS\system32\urqronm.dll
C:\WINDOWS\system32\wpdxbwky.dll
C:\WINDOWS\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-14 20:36 . 2008-03-14 20:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Alcatel PIMphony
2008-03-14 20:36 . 2008-03-14 20:36 <DIR> d-------- C:\Documents and Settings\Administrator\A4902Logs
2008-03-14 20:05 . 2008-03-14 20:05 <DIR> d-------- C:\Program Files\ESET
2008-03-14 20:05 . 2008-03-14 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-03-12 18:23 . 2004-08-03 22:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-12 18:23 . 2004-08-03 22:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-12 18:14 . 2008-03-12 18:17 <DIR> d-------- C:\Program Files\Audacity
2008-03-12 14:13 . 2008-03-12 14:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-12 14:13 . 2008-03-12 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 13:04 . 2008-03-12 15:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-11 19:14 . 2008-03-11 19:14 <DIR> d-------- C:\MicrosoftSysinternals
2008-03-11 11:06 . 2008-03-15 13:03 <DIR> d-------- C:\Documents and Settings\user\Application Data\AVG7
2008-03-11 09:38 . 2008-03-11 09:38 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-03-11 09:31 . 2008-03-16 11:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-11 09:30 . 2008-03-11 09:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-11 09:30 . 2008-03-11 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-11 08:52 . 2008-03-11 08:52 <DIR> d-------- C:\user
2008-03-11 07:48 . 2008-03-11 09:29 1,318,043 --ahs---- C:\WINDOWS\system32\yaykissn.ini
2008-03-10 15:31 . 2008-03-11 07:47 1,317,923 --ahs---- C:\WINDOWS\system32\fdebcepe.ini
2008-03-10 12:14 . 2008-03-10 15:30 1,307,621 --ahs---- C:\WINDOWS\system32\dpqsgwjs.ini
2008-03-10 11:02 . 2008-03-10 11:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-03-10 10:49 . 2008-03-10 10:49 0 --a------ C:\WINDOWS\VPC32.INI
2008-03-10 09:39 . 2008-03-10 10:47 1,308,101 --ahs---- C:\WINDOWS\system32\bpfagtvl.ini
2008-03-07 07:53 . 2008-03-10 09:34 1,307,981 --ahs---- C:\WINDOWS\system32\uqcetapr.ini
2008-03-07 07:36 . 2008-03-07 07:50 1,306,977 --ahs---- C:\WINDOWS\system32\tijhtooy.ini
2008-03-06 10:15 . 2008-03-07 07:31 1,307,554 --ahs---- C:\WINDOWS\system32\sebuxihl.ini
2008-03-03 19:40 . 2008-03-03 19:40 <DIR> d-------- C:\Program Files\InterVideo Information Service
2008-03-03 19:40 . 2008-03-03 19:40 <DIR> d-------- C:\Program Files\Common Files\Ulead
2008-03-03 19:40 . 2006-05-11 17:41 654 --------- C:\WINDOWS\remove.iss
2008-03-03 19:39 . 2008-03-03 19:39 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-03-02 15:53 . 2008-03-02 15:53 0 --a------ C:\WINDOWS\pcfriend.INI
2008-03-02 15:52 . 1999-09-28 03:15 78,848 --a------ C:\WINDOWS\system32\INLOADER.DLL
2008-02-29 19:07 . 2006-10-07 16:31 221,184 --a------ C:\WINDOWS\system32\rspencr330.ocx
2008-02-29 19:07 . 2004-11-14 04:27 212,992 --a------ C:\WINDOWS\system32\wodShellMenu.dll
2008-02-29 18:56 . 2008-02-29 18:56 <DIR> d-------- C:\Documents and Settings\user\Application Data\InstallShield Installation Information
2008-02-29 18:56 . 2008-02-29 18:56 <DIR> d-------- C:\Documents and Settings\user\Application Data\FirstClass
2008-02-29 18:56 . 2001-05-03 06:36 4,710 --a------ C:\WINDOWS\system32\fc.ico
2008-02-29 18:56 . 1996-02-26 18:15 2,528 --a------ C:\WINDOWS\FCIC.INI
2008-02-22 20:24 . 2008-03-15 18:19 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-02-22 20:21 . 2008-03-10 11:10 <DIR> d-------- C:\Program Files\CCleaner
2008-02-20 19:33 . 2008-02-20 19:37 <DIR> d-------- C:\Program Files\Pcsx2_0.9.4
2008-02-17 12:05 . 2008-03-11 19:03 <DIR> d-------- C:\Program Files\pebuilder3110a
2008-02-17 10:15 . 2008-02-17 10:16 <DIR> d-------- C:\Program Files\nLite
2008-02-16 12:32 . 2008-02-16 12:32 <DIR> d-------- C:\Program Files\Electronic Arts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-15 22:18 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-03-15 01:04 --------- d-----w C:\Documents and Settings\user\Application Data\Alcatel PIMphony
2008-03-12 03:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 07:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 06:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-03 07:39 --------- d-----w C:\Program Files\InterVideo
2008-03-01 07:44 --------- d-----w C:\Documents and Settings\user\Application Data\dvdcss
2008-02-11 01:35 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-10 07:13 --------- d-----w C:\Documents and Settings\user\Application Data\Blueberry
2008-02-10 06:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Blueberry
2008-02-10 06:14 2,944 ----a-w C:\WINDOWS\system32\drivers\bbcap.sys
2008-02-10 06:14 --------- d-----w C:\Documents and Settings\user\Application Data\LogSys
2008-02-10 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogSys
2008-02-09 02:11 --------- d-----w C:\Program Files\Project64 1.6
2008-01-29 07:33 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-01-29 07:32 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-29 07:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-29 07:26 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-24 08:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-24 08:20 --------- d-----w C:\Program Files\FileMaker
2008-01-24 08:04 --------- d-----w C:\Program Files\Java
2008-01-21 01:54 --------- d-----w C:\Documents and Settings\user\Application Data\MapInfo
2008-01-21 01:52 --------- d-----w C:\Documents and Settings\administrator.SPBL\Application Data\MapInfo
2008-01-21 01:49 --------- d-----w C:\Program Files\MapInfo
2008-01-21 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MapInfo
2008-01-21 01:45 --------- d-----w C:\Documents and Settings\administrator.STAFF\Application Data\PC Suite
2008-01-20 05:52 --------- d-----w C:\Program Files\AnvSoft
2008-01-17 10:43 --------- d-----w C:\Program Files\Samsung
2008-01-17 10:42 --------- d-----w C:\Documents and Settings\user\Application Data\DataCast
2007-10-30 06:23 604 ---ha-w C:\Program Files\STLL Notifier
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-20 08:26 484904]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 04:36 872448]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-14 02:12 729088]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-09 03:38 331552]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-10 10:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 01:36 827392]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-19 09:50 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-19 09:50 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-19 09:50 138008]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-12 08:21 472632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-03 11:17 163840]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-23 05:12 17920]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-21 11:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-10 12:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-10 06:23 697976]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 18:11 49152]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 10:52 57344]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 01:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 01:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 01:00 455168]
"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 14:28 124928]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-04-26 07:29 237568]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 19:36 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 16:34 213936]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-11 09:42 579072]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 01:00 59392]
"Temporary Explorer FIX"="C:\WINDOWS\explorer.exe" [2007-06-13 22:23 1033216]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 07:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-11 09:30 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 20:48 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
PIMphony.lnk - C:\Program Files\Alcatel_PIMphony\aocphone.exe [2007-09-24 09:41:06 2844000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 04:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Alcatel_PIMphony\\aocwiz.exe"=
"C:\\Program Files\\Alcatel_PIMphony\\uaproc.exe"=
"C:\\Program Files\\Alcatel_PIMphony\\abers.exe"=
"C:\\Program Files\\Alcatel_PIMphony\\appdiag\\appdiag.exe"=
"C:\\Program Files\\Alcatel_PIMphony\\aocphone.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.S YS [2006-09-20 04:58]
S1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2008-02-10 18:14]
S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfw tdir.sys [2007-12-21 07:21]
S2 ASBroker;Logon Session Broker;C:\WINDOWS\System32\svchost.exe [2004-08-04 20:00]
S2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 20:00]
S2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-09 03:38]
S2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 07:05]
S3 PVSUSB;Parallels USB Device Driver;C:\WINDOWS\system32\Drivers\PvsUsb.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 12:29:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\p dfcDispatcher]
"ImagePath"="C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.
Completion time: 2008-03-16 12:31:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-16 00:31:23
.
2008-03-05 19:50:26 --- E O F ---

Pancake
16-03-2008, 11:17 AM
Ok.You should see an improvement after this...


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:




Killall::

File::
C:\WINDOWS\system32\yaykissn.ini
C:\WINDOWS\system32\fdebcepe.ini
C:\WINDOWS\system32\dpqsgwjs.ini
C:\WINDOWS\system32\bpfagtvl.ini
C:\WINDOWS\system32\uqcetapr.ini
C:\WINDOWS\system32\tijhtooy.ini
C:\WINDOWS\system32\sebuxihl.ini

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MsmqIntCert"=-




Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

justinsg
16-03-2008, 11:48 AM
ComboFix 08-03-14.4 - Administrator 2008-03-16 13:25:36.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.748 [GMT 12:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and

Settings\Administrator\Desktop\CFScript.txt

FILE ::
C:\WINDOWS\system32\bpfagtvl.ini
C:\WINDOWS\system32\dpqsgwjs.ini
C:\WINDOWS\system32\fdebcepe.ini
C:\WINDOWS\system32\sebuxihl.ini
C:\WINDOWS\system32\tijhtooy.ini
C:\WINDOWS\system32\uqcetapr.ini
C:\WINDOWS\system32\yaykissn.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions

)))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bpfagtvl.ini
C:\WINDOWS\system32\dpqsgwjs.ini
C:\WINDOWS\system32\fdebcepe.ini
C:\WINDOWS\system32\sebuxihl.ini
C:\WINDOWS\system32\tijhtooy.ini
C:\WINDOWS\system32\uqcetapr.ini
C:\WINDOWS\system32\yaykissn.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16

)))))))))))))))))))))))))))))))
.

2008-03-14 20:36 . 2008-03-14 20:36 <DIR> d--------

C:\Documents and Settings\Administrator\Application Data\Alcatel PIMphony
2008-03-14 20:36 . 2008-03-14 20:36 <DIR> d--------

C:\Documents and Settings\Administrator\A4902Logs
2008-03-14 20:05 . 2008-03-14 20:05 <DIR> d--------

C:\Program Files\ESET
2008-03-14 20:05 . 2008-03-14 20:05 <DIR> d--------

C:\Documents and Settings\All Users\Application Data\ESET
2008-03-12 18:23 . 2004-08-03 22:07 59,264 --a------

C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-12 18:23 . 2004-08-03 22:07 59,264 --a------

C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-12 18:14 . 2008-03-12 18:17 <DIR> d--------

C:\Program Files\Audacity
2008-03-12 14:13 . 2008-03-12 14:13 <DIR> d--------

C:\Program Files\Spybot - Search & Destroy
2008-03-12 14:13 . 2008-03-12 14:59 <DIR> d--------

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 13:04 . 2008-03-12 15:11 <DIR> d--------

C:\Program Files\Spyware Doctor
2008-03-11 19:14 . 2008-03-11 19:14 <DIR> d--------

C:\MicrosoftSysinternals
2008-03-11 11:06 . 2008-03-15 13:03 <DIR> d--------

C:\Documents and Settings\user\Application Data\AVG7
2008-03-11 09:38 . 2008-03-11 09:38 <DIR> d--------

C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-03-11 09:31 . 2008-03-16 11:20 <DIR> d--------

C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-11 09:30 . 2008-03-11 09:30 <DIR> d--------

C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-11 09:30 . 2008-03-11 19:11 <DIR> d--------

C:\Documents and Settings\All Users\Application Data\avg7
2008-03-11 08:52 . 2008-03-11 08:52 <DIR> d--------

C:\user
2008-03-10 11:02 . 2008-03-10 11:02 <DIR> d--------

C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-03-10 10:49 . 2008-03-10 10:49 0 --a------

C:\WINDOWS\VPC32.INI
2008-03-03 19:40 . 2008-03-03 19:40 <DIR> d--------

C:\Program Files\InterVideo Information Service
2008-03-03 19:40 . 2008-03-03 19:40 <DIR> d--------

C:\Program Files\Common Files\Ulead
2008-03-03 19:40 . 2006-05-11 17:41 654 ---------

C:\WINDOWS\remove.iss
2008-03-03 19:39 . 2008-03-03 19:39 <DIR> d--------

C:\Program Files\Common Files\InterVideo
2008-03-02 15:53 . 2008-03-02 15:53 0 --a------

C:\WINDOWS\pcfriend.INI
2008-03-02 15:52 . 1999-09-28 03:15 78,848 --a------

C:\WINDOWS\system32\INLOADER.DLL
2008-02-29 19:07 . 2006-10-07 16:31 221,184 --a------

C:\WINDOWS\system32\rspencr330.ocx
2008-02-29 19:07 . 2004-11-14 04:27 212,992 --a------

C:\WINDOWS\system32\wodShellMenu.dll
2008-02-29 18:56 . 2008-02-29 18:56 <DIR> d--------

C:\Documents and Settings\user\Application Data\InstallShield Installation

Information
2008-02-29 18:56 . 2008-02-29 18:56 <DIR> d--------

C:\Documents and Settings\user\Application Data\FirstClass
2008-02-29 18:56 . 2001-05-03 06:36 4,710 --a------

C:\WINDOWS\system32\fc.ico
2008-02-29 18:56 . 1996-02-26 18:15 2,528 --a------

C:\WINDOWS\FCIC.INI
2008-02-22 20:24 . 2008-03-15 18:19 <DIR> d--------

C:\Program Files\Mozilla Firefox 3 Beta 3
2008-02-22 20:21 . 2008-03-10 11:10 <DIR> d--------

C:\Program Files\CCleaner
2008-02-20 19:33 . 2008-02-20 19:37 <DIR> d--------

C:\Program Files\Pcsx2_0.9.4
2008-02-17 12:05 . 2008-03-11 19:03 <DIR> d--------

C:\Program Files\pebuilder3110a
2008-02-17 10:15 . 2008-02-17 10:16 <DIR> d--------

C:\Program Files\nLite
2008-02-16 12:32 . 2008-02-16 12:32 <DIR> d--------

C:\Program Files\Electronic Arts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report

)))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-16 01:31 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-03-15 01:04 --------- d-----w C:\Documents and

Settings\user\Application Data\Alcatel PIMphony
2008-03-12 03:11 --------- d---a-w C:\Documents and Settings\All

Users\Application Data\TEMP
2008-03-11 07:00 --------- d--h--w C:\Program Files\InstallShield Installation

Information
2008-03-11 06:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-03 07:39 --------- d-----w C:\Program Files\InterVideo
2008-03-01 07:44 --------- d-----w C:\Documents and

Settings\user\Application Data\dvdcss
2008-02-11 01:35 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-10 07:13 --------- d-----w C:\Documents and

Settings\user\Application Data\Blueberry
2008-02-10 06:15 --------- d-----w C:\Documents and Settings\All

Users\Application Data\Blueberry
2008-02-10 06:14 2,944 ----a-w C:\WINDOWS\system32\drivers\bbcap.sys
2008-02-10 06:14 --------- d-----w C:\Documents and

Settings\user\Application Data\LogSys
2008-02-10 06:14 --------- d-----w C:\Documents and Settings\All

Users\Application Data\LogSys
2008-02-09 02:11 --------- d-----w C:\Program Files\Project64 1.6
2008-01-29 07:33 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-01-29 07:32 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-29 07:27 --------- d-----w C:\Documents and Settings\All

Users\Application Data\Microsoft Help
2008-01-29 07:26 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-24 08:22 --------- d-----w C:\Documents and Settings\All

Users\Application Data\FLEXnet
2008-01-24 08:20 --------- d-----w C:\Program Files\FileMaker
2008-01-24 08:04 --------- d-----w C:\Program Files\Java
2008-01-21 01:54 --------- d-----w C:\Documents and

Settings\user\Application Data\MapInfo
2008-01-21 01:52 --------- d-----w C:\Documents and

Settings\administrator.STAFF\Application Data\MapInfo
2008-01-21 01:49 --------- d-----w C:\Program Files\MapInfo
2008-01-21 01:49 --------- d-----w C:\Documents and Settings\All

Users\Application Data\MapInfo
2008-01-21 01:45 --------- d-----w C:\Documents and

Settings\administrator.STAFF\Application Data\PC Suite
2008-01-20 05:52 --------- d-----w C:\Program Files\AnvSoft
2008-01-17 10:43 --------- d-----w C:\Program Files\Samsung
2008-01-17 10:42 --------- d-----w C:\Documents and

Settings\user\Application Data\DataCast
2007-10-30 06:23 604 ---ha-w C:\Program Files\STLL Notifier
.

((((((((((((((((((((((((((((( snapshot@2008-03-16_12.31.13.96

)))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-15 23:19:05 83,788 ----a-w

C:\WINDOWS\system32\perfc009.dat
+ 2008-03-16 00:50:49 83,788 ----a-w

C:\WINDOWS\system32\perfc009.dat
- 2008-03-15 23:19:05 461,396 ----a-w

C:\WINDOWS\system32\perfh009.dat
+ 2008-03-16 00:50:49 461,396 ----a-w

C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points

))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common

Files\LightScribe\LightScribeControlPanel.exe" [2007-04-20 08:26 484904]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe"

[2007-01-06 04:36 872448]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"

[2006-07-14 02:12 729088]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-09 03:38

331552]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security

Manager\PTHOSTTR.exe" [2007-01-10 10:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13

01:36 827392]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-19 09:50 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-19 09:50 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-19 09:50 138008]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless

Assistant\HPWAMain.exe" [2007-05-12 08:21 472632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[2007-09-25 00:11 132496]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch

Buttons\QlbCtrl.exe" [2007-05-03 11:17 163840]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-23

05:12 17920]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-21 11:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-10 12:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-10 06:23 697976]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"

[2005-02-17 18:11 49152]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe"

[2007-05-03 10:52 57344]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 01:00

208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe"

[2004-08-05 01:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe"

[2004-08-05 01:00 455168]
"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe"

[2007-01-24 14:28 124928]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[2006-11-21 17:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe"

[2006-04-26 07:29 237568]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30

19:36 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"ISUSPM"="C:\Program Files\Common

Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 16:34 213936]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-11 09:42 579072]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05

01:00 59392]
"Temporary Explorer FIX"="C:\WINDOWS\explorer.exe" [2007-06-13 22:23

1033216]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21

07:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-11 09:30 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 20:48 53760

C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
PIMphony.lnk - C:\Program Files\Alcatel_PIMphony\aocphone.exe [2007-09-24

09:41:06 2844000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explo

rer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellex

ecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=

C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows

nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 04:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security

center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security

center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\Authori

zedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Alcatel_PIMphony\\aocwiz.exe"=
"C:\\Program Files\\Alcatel_PIMphony\\uaproc.exe"=
"C:\\Program Files\\Alcatel_PIMphony\\abers.exe"=
"C:\\Program Files\\Alcatel_PIMphony\\appdiag\\appdiag.exe"=
"C:\\Program Files\\Alcatel_PIMphony\\aocphone.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.S YS [2006-09-20

04:58]
S1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2008-02-10 18:14]
S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfw tdir.sys [2007-12-21

07:21]
S2 ASBroker;Logon Session Broker;C:\WINDOWS\System32\svchost.exe

[2004-08-04 20:00]
S2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe

[2004-08-04 20:00]
S2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF

Complete\pdfsvc.exe [2007-05-09 03:38]
S2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL

Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S3 ASPI;Advanced SCSI Programming Interface

Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 07:05]
S3 PVSUSB;Parallels USB Device

Driver;C:\WINDOWS\system32\Drivers\PvsUsb.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed

components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
************************************************** **********

**************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

http://www.gmer.net
Rootkit scan 2008-03-16 13:37:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** **********

**************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\p dfcDispatcher]
"ImagePath"="C:\Program Files\PDF Complete\pdfsvc.exe

/startedbyscm:66B66708-40E2BE4D-pdfcService"
.
Completion time: 2008-03-16 13:39:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-16 01:39:55
ComboFix2.txt 2008-03-16 00:31:26
.
2008-03-05 19:50:26 --- E O F ---

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:01 p.m., on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterM odule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = staff.co.nz
O17 - HKLM\Software\..\Telephony: DomainName = staff.co.nz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = staff.co.nz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = staff.co.nz
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9415 bytes

Pancake
16-03-2008, 12:04 PM
Just this last main bits to fix and you are done.....


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

Reboot.......

=====================================




Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:




Killall::

File::
C:\WINDOWS\VPC32.INI
C:\WINDOWS\pcfriend.INI



Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

justinsg
16-03-2008, 01:09 PM
OK done that:

[to make this post more readable i have uploaded the log files to a web server]

Here are the links:

http://justinsgfiles.freehostia.com/combofix.txt
http://justinsgfiles.freehostia.com/hijackthis.txt

Pancake
16-03-2008, 01:19 PM
Ok.Thats it.You are all cleaned....done.:D


This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below and click OK.




ComboFix /u

justinsg
16-03-2008, 01:47 PM
Speedy Gonzales

Wainuitech

Pancake (especially)




THANK YOU
THANK YOU
THANK YOU

I can't say enough

Speedy Gonzales
16-03-2008, 01:50 PM
No worries

Pancake
16-03-2008, 02:08 PM
Your welcome.

wainuitech
16-03-2008, 02:28 PM
As above no worries - hope all is well now :thumbs:

Pancake
16-03-2008, 03:20 PM
Just one point I would like to make here and that is not to take HJT as gospel.Todays makers of malware are very clever at hiding files.Even removing them from HJT leaves many others that are still acitve,in this case,45.I think its high time that PC World had its own dedicated forum for removing malware.