PDA

View Full Version : Help!!!!! Trojan



ACKS
10-04-2008, 07:49 PM
Hi guys i need help getting rid of a trojan,i think i have a Trojandownloader.xs my older sister said she clicked a pop up etc.......:annoyed: so can any one help me???.

gary67
10-04-2008, 08:18 PM
Try trojan remover from Speedys sig

vitalstatistix
10-04-2008, 08:18 PM
Download and run Trojan from Speedy's sig

Speedy Gonzales
10-04-2008, 09:06 PM
Or get hijackthis in my sig, put it in its own folder run it. Then click on scan the system and save a log. Copy and paste the log here

We may have to get Pancake and get him to tell acks to get Combofix

ACKS
10-04-2008, 09:47 PM
Thanx for the replys guys, Tryed trojan remover and no luck

Hers the log file

Logfile of HijackThis v1.99.1
Scan saved at 8:05:12 p.m., on 9/04/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIC AP.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\ffijtjky\rcpetqxm.exe
C:\ProgramData\lolcrali\dqrgvavq.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Meryl\Desktop\hijackthis_sfx.rar\HijackTh is.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIC AP.EXE /FU "C:\Windows\TEMP\E_SF10D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ffijtjky] C:\ProgramData\ffijtjky\rcpetqxm.exe
O4 - HKCU\..\Run: [fvAQcaf3vw] C:\ProgramData\lolcrali\dqrgvavq.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [alebqgmd] C:\ProgramData\alebqgmd\khmzyzat.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Pancake
10-04-2008, 10:02 PM
You have some more bugs in there as well..


Please download SDFix from here (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

=================================


Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a security analyst.

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Speedy Gonzales
10-04-2008, 10:04 PM
Get the file Pancake posted first

Put HJT in its own folder first (may pay to get the updated version too).

Its now up to 2.02

Then tick these then tick fix checked

Close browser/s

What version of Windows is this?

May pay to disable system restore before you do this

C:\ProgramData\ffijtjky\rcpetqxm.exe

C:\ProgramData\lolcrali\dqrgvavq.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ffijtjky] C:\ProgramData\ffijtjky\rcpetqxm.exe

O4 - HKCU\..\Run: [fvAQcaf3vw] C:\ProgramData\lolcrali\dqrgvavq.exe

O4 - HKCU\..\Run: [alebqgmd] C:\ProgramData\alebqgmd\khmzyzat.exe

O13 - Gopher Prefix:

Uninstall ALL versions of Sun Java, yours is out of date. Link is in my sig

ACKS
10-04-2008, 10:57 PM
You have some more bugs in there as well..


Please download SDFix from here (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

=================================


Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a security analyst.

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
Pan Cake i could not run the bat file in safe mode could only run the catchme file? what should i do?:horrified

Speedy Gonzales
11-04-2008, 07:52 AM
Follow what I posted then. Then reboot, then see if those files disappear

Post another log after (update HJT first)

ACKS
11-04-2008, 09:16 AM
Follow what I posted then. Then reboot, then see if those files disappear

Post another log after (update HJT first)


These Items where not in the scan i did:

O4 - HKCU\..\Run: [ffijtjky] C:\ProgramData\ffijtjky\rcpetqxm.exe

O4 - HKCU\..\Run: [fvAQcaf3vw] C:\ProgramData\lolcrali\dqrgvavq.exe

O4 - HKCU\..\Run: [alebqgmd] C:\ProgramData\alebqgmd\khmzyzat.exe


Oh and I'm running Vista
and i could not finish Pancakes steps.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:10, on 2008-04-11
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIC AP.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIC AP.EXE /FU "C:\Windows\TEMP\E_SF10D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8201 bytes

Pancake
11-04-2008, 10:06 AM
Sorry.My fault.I forgot SDFix does not run with Vista.We will still need the Combofix to be run.

ACKS
11-04-2008, 11:21 AM
Sorry.My fault.I forgot SDFix does not run with Vista.We will still need the Combofix to be run.
Wow i ran combfix and my desk top and icons are back to normal :clap :clap

Dose that mean everything is ok now??



ComboFix 08-04-08.7 - Meryl 2008-04-11 11:13:52.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.332 [GMT 12:00]
Running from: C:\Users\Meryl\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Meryl\AppData\Roaming\macromedia\Flash Player\#SharedObjects\B8VG2D57\iforex.com
C:\Users\Meryl\AppData\Roaming\macromedia\Flash Player\#SharedObjects\B8VG2D57\iforex.com\Emerp\Ev ents\flash_object.swf\user_data.sol
C:\Users\Meryl\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ifo rex.com
C:\Users\Meryl\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ifo rex.com\settings.sol
C:\Users\Meryl\Desktopblackbird.jpg
C:\Users\Meryl\DesktopEditorFKWP1.5.exe
C:\Users\Meryl\DesktopEditorFKWP2.0.exe
C:\Users\Meryl\Desktopfilemanagerclient.exe
C:\Users\Meryl\Desktopfkwp1.5.exe
C:\Users\Meryl\Desktopfkwp2.0.exe
C:\Users\Meryl\Desktopfwebd.exe
C:\Users\Meryl\DesktopFWebdEditor.exe
C:\Users\Meryl\DesktopTrojan.Win32.BlackBird.exe
C:\Users\Meryl\Desktopvirii

.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-10 20:44 --------- d-----w C:\Program Files\Trend Micro
2008-04-10 09:23 --------- d---a-w C:\ProgramData\TEMP
2008-04-09 19:01 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 11:12 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-09 10:54 --------- d-----w C:\Program Files\iTunes
2008-04-09 10:54 --------- d-----w C:\Program Files\iPod
2008-04-09 10:52 --------- d-----w C:\ProgramData\Apple Computer
2008-04-09 10:52 --------- d-----w C:\Program Files\QuickTime
2008-04-09 10:49 --------- d-----w C:\Program Files\Apple Software Update
2008-04-09 10:48 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-09 08:42 --------- d-----w C:\Program Files\CCleaner
2008-04-09 08:40 --------- d-----w C:\Program Files\RegistrySmart
2008-04-09 07:23 --------- d-----w C:\Users\Meryl\AppData\Roaming\RegistrySmart
2008-04-08 20:12 --------- d-----w C:\ProgramData\Lavasoft
2008-04-08 20:11 --------- d-----w C:\Program Files\Lavasoft
2008-04-08 20:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-08 12:05 --------- d-----w C:\Users\Meryl\AppData\Roaming\DivX
2008-04-08 12:04 --------- d-----w C:\ProgramData\alebqgmd
2008-04-08 12:01 --------- d-----w C:\Program Files\DivX
2008-04-08 12:01 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-08 11:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-08 10:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-08 10:37 --------- d-----w C:\ProgramData\lolcrali
2008-04-08 10:37 --------- d-----w C:\ProgramData\ffijtjky
2008-04-04 19:36 --------- d-----w C:\Users\Meryl\AppData\Roaming\toshiba
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-27 05:19 --------- d-----w C:\Program Files\Windows Live
2008-03-27 05:07 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-27 05:07 --------- d-----w C:\Program Files\Windows Live Favorites
2008-03-27 04:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-27 03:59 --------- d-----w C:\ProgramData\WLInstaller
2008-03-23 20:03 737,280 ----a-w C:\Windows\iun6002.exe
2008-03-23 20:03 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-03-23 15:52 --------- d-----w C:\Users\Meryl\AppData\Roaming\Apple Computer
2008-03-23 15:50 --------- d-----w C:\Program Files\Bonjour
2008-03-23 15:47 --------- d-----w C:\ProgramData\Apple
2008-03-23 11:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-23 11:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 11:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-23 11:02 --------- d-----w C:\ProgramData\UDL
2008-03-23 11:02 --------- d-----w C:\Program Files\epson
2008-03-23 10:57 --------- d-----w C:\ProgramData\EPSON
2008-03-22 20:30 --------- d-----w C:\ProgramData\Roaming
2008-03-22 20:30 --------- d-----w C:\ProgramData\Intel
2008-03-22 20:30 --------- d-----w C:\Program Files\Intel
2008-03-22 20:29 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_0100 0.Wdf
2008-03-22 20:29 --------- d-----w C:\Program Files\ltmoh
2008-03-22 20:28 0 --sha-r C:\Windows\system32\drivers\1179_TOSHIBA_Satellite M200_S3A6130D004_PSMC3A-06N008.MRK
2008-03-22 20:28 --------- d-----w C:\Program Files\Synaptics
2008-03-22 14:46 174 --sha-w C:\Program Files\desktop.ini
2008-03-22 14:41 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-22 14:41 --------- d-----w C:\Program Files\Windows Defender
2008-03-22 14:41 --------- d-----w C:\Program Files\Windows Calendar
2008-03-22 13:45 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-22 13:45 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-22 13:45 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-22 13:45 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-22 13:45 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-22 13:45 299,008 ----a-w C:\Windows\System32\wlansec.dll
2008-03-22 13:45 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-22 13:45 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-03-22 13:45 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-22 13:45 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-22 13:45 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-03-22 13:45 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-22 13:45 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-03-22 13:44 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-22 13:44 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-22 13:43 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-22 13:43 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-22 13:38 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-22 13:38 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-22 13:38 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-22 13:37 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-22 13:37 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-22 13:37 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-22 13:37 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-22 13:37 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-22 13:36 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-22 13:36 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-03-22 13:36 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-22 13:36 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-22 13:36 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-22 13:36 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-03-22 13:36 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-22 13:36 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-22 13:36 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-03-22 13:35 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-22 13:35 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-22 13:35 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-22 13:35 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-22 13:35 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-22 13:35 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-03-22 13:35 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-22 13:35 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-23 01:27 1232896]
"TOSCDSPD"="TOSCDSPD.EXE" []
"EPSON Stylus CX5500 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIC AP.exe" [2007-03-01 18:01 180736]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-03 00:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 00:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-23 01:39 1006264]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-03-29 17:32 138008]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-03-29 17:32 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-03-29 17:32 133912]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 19:50 4399104 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 17:36 835584]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 23:16 411768]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 11:46 448632]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-03-23 14:41 538744]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-03-21 17:23 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{B25A6774-39DC-4FDF-B117-9BA99C35A4B8}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EABA27EC-76F7-4E6D-9007-D0C592BEABCF}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{AA7095A3-3B98-454F-B637-70C6E18D654F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C832B586-8BCF-476C-8437-CE76ABB8299C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{01DB2E6C-DF28-4CB7-978B-6A16764D64FE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FF9D4EF7-2AF3-42C1-A5E7-075C31C0EC1E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-03-29 17:50]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-03-29 17:52]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-26 16:55]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 17:11]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-06 16:24]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-19 06:50]
R3 UVCFTR;UVCFTR;C:\Windows\system32\DRIVERS\UVCFTR_S .SYS [2007-03-12 21:47]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-10 05:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 05:07:26 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-09 19:01:16 C:\Windows\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
"2008-04-10 09:29:14 C:\Windows\Tasks\User_Feed_Synchronization-{9CCB7EAC-D03B-4223-A612-5CBD4348EB19}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 11:15:54
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-04-11 11:16:27
ComboFix-quarantined-files.txt 2008-04-10 23:16:24
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
.
2008-04-09 11:13:02 --- E O F ---

Pancake
11-04-2008, 12:08 PM
Ok.Thats good.All looks normal now.All the malware has gone so you should be fine now.....


This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below and click OK.




ComboFix /u

ACKS
11-04-2008, 12:32 PM
Ok.Thats good.All looks normal now.All the malware has gone so you should be fine now.....


This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below and click OK.
:punk Thanx so mucccchhhhh for all your help guys yous are a life safer :crying .

Pancake
11-04-2008, 12:36 PM
No probs..glad to help