Another Help Topic

**SOFIIMajor** · 2009-01-20, 02:40

The HJT log is from a friends PC.
He is unable to access the internet to get to any pages.
Also he can not install Spybot Search & Destroy because it can not verify files.
We managed to get AVG installed. No detection updates were possible, no connection. Started a scan and it started detecting many trojans but stalled and failed to complete the scan.

Any help will be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:48 AM, on 1/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\winlogin.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\winlogun.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Mike\winlogon.exe
O4 - HKLM\..\Run: [Ixatu] rundll32.exe "C:\WINDOWS\ihuciluvunebur.dll",e
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Mike\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [jsg8jfgfdfhfhf] C:\DOCUME~1\Mike\LOCALS~1\Temp\winlogun.exe
O4 - HKLM\..\Run: [Rbiqesi] rundll32.exe "C:\WINDOWS\Fjohuzik.dll",e
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Mike\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\DOCUME~1\Mike\LOCALS~1\Temp\winlogun.exe
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Mike\LOCALS~1\Temp\csrssc.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174095000359
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/G...onGameHost.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {b0c6c9fe-ebad-45e4-a505-2ef21fbc09fe} - (no file)
O20 - AppInit_DLLs: xefvuo.dll,wqflvz.dll,ffbodv.dll,avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (lvprcsrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9643 bytes

**Blade81** · 2009-01-23, 23:35

Hi there,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

**SOFIIMajor** · 2009-01-24, 20:35

Again this is a friends PC and he is currently out of town.
So, the response will be delayed til the beginning of the week.
If this is a problem let me know.

**Blade81** · 2009-01-25, 10:24

Thanks for the heads up. Shall keep the topic open

**SOFIIMajor** · 2009-01-26, 04:00

As requested ComboFix was ran. Many problems with it.
At the beginning of the scan it found rootkits. Don't know if they were fixed or what their names were but the PC rebooted after that. Then ComboFix started scanning on the reboot and errorred and rebooted PC. PC went into convulsive reboots with ComboFix error. Booted the PC in SAFE mode. ComboFix then started scanning and completed and rebooted the PC into NORMAL mode. The log files for the SAFE scan was not captured. As soon as the PC booted into NORMAL mode ComboFix began another scan and completed successfully. PC rebooted. Again the log file was not captured or even presented for save. After the reboot PC performance improved immensely.

At this point Spybot Search & Destroy was successfully installed and updated.
AVG8 was able to update. MalwareBytes updated. WEB access was possible.
Ran HJT and still had issues so SS&D, MAB, and AGV scans were performed.
HJT cleaned up good after that but still had issues.

So, ComboFix was ran again and HJT.
The following log files are after everything above was performed.
Sorry that we deviated from policy but I figured we needed to get the best, cleanest possible logs to you for analysis.

ComboFix 09-01-21.04 - Mike 2009-01-25 16:58:25.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1527 [GMT -8:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Norton AntiVirus *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Microsoft Common
c:\program files\Microsoft Common\svchost.exe
c:\windows\system32\ap\
c:\windows\system32\brgidv.dll
c:\windows\system32\drivers\854fa03f.sys
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\jccbaxsi.dll
c:\windows\system32\kwave.sys
c:\windows\system32\lUDeOqss.ini
c:\windows\system32\lUDeOqss.ini2
c:\windows\system32\mvslprvo.dll
c:\windows\system32\ovrplsvm.ini
c:\windows\system32\pac.txt
c:\windows\system32\ssqOeDUl.dll
I:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_854fa03f

((((((((((((((((((((((((( Files Created from 2008-12-26 to 2009-01-26 )))))))))))))))))))))))))))))))
.

2009-01-25 17:06 . 2009-01-25 17:06 722,944 --a------ c:\documents and settings\Mike\msiexec.exe
2009-01-25 17:05 . 2009-01-25 17:05 297,472 --a------ c:\windows\system32\jkkIYpoO.dll
2009-01-25 17:05 . 2009-01-25 17:05 372 --ahs---- c:\windows\system32\OopYIkkj.ini2
2009-01-25 17:05 . 2009-01-25 17:06 372 --ahs---- c:\windows\system32\OopYIkkj.ini
2009-01-25 17:04 . 2009-01-25 17:04 48,128 --a------ c:\windows\system32\ljJDWQKc.dll
2009-01-25 13:25 . 2009-01-25 13:25 297,472 --a------ c:\windows\system32\yayyYSKa.dll
2009-01-25 13:20 . 2009-01-25 13:20 376,832 --a------ c:\documents and settings\Mike\Application Data\msiexec.exe
2009-01-25 13:20 . 2009-01-25 13:20 47,616 --a------ c:\windows\system32\opnnMfET.dll
2009-01-25 01:02 . 2009-01-25 01:02 <DIR> d-------- c:\documents and settings\Mike\Application Data\Malwarebytes
2009-01-25 01:00 . 2009-01-25 13:52 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-25 00:53 . 2009-01-25 00:57 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-25 00:53 . 2009-01-25 00:53 <DIR> d-------- c:\documents and settings\Mike\Application Data\AVGTOOLBAR
2009-01-25 00:53 . 2009-01-25 00:53 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-25 00:53 . 2009-01-25 00:53 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-24 23:45 . 2009-01-24 23:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-24 23:35 . 2009-01-24 23:35 <DIR> d-------- c:\documents and settings\Mike\Application Data\Ipswitch
2009-01-24 23:33 . 2009-01-24 23:33 297,472 --a------ c:\windows\system32\xxyvwXND.dll
2009-01-24 23:24 . 2009-01-24 23:24 49,664 --a------ c:\windows\system32\tuvVMeCr.dll
2009-01-24 23:02 . 2009-01-24 23:02 49,664 --a------ c:\windows\system32\wvUnOFXr.dll
2009-01-24 22:58 . 2009-01-24 22:58 49,664 --a------ c:\windows\system32\efcBtrQG.dll
2009-01-24 22:54 . 2009-01-24 22:54 40,960 --a------ c:\documents and settings\Mike\kujkQBgh.exe
2009-01-24 22:53 . 2008-04-13 16:12 578,560 --a------ c:\windows\system32\yyyyyyyyyyyy
2009-01-24 22:53 . 2009-01-24 22:53 49,664 --a------ c:\windows\system32\geBssPJB.dll
2009-01-24 22:12 . 2009-01-24 22:12 40,960 --a------ c:\documents and settings\Mike\mvLlSDhjY.exe
2009-01-24 22:12 . 2009-01-24 22:12 0 --a------ c:\windows\mqcd.dbt
2009-01-24 22:11 . 2009-01-24 22:11 77,312 --a------ c:\windows\system32\f3g.e
2009-01-24 22:11 . 2009-01-24 22:11 49,664 --a------ c:\windows\system32\xxyywULC.dll
2009-01-24 22:11 . 2009-01-24 22:11 32,768 --a------ c:\windows\system32\zd.zag
2009-01-24 22:11 . 2009-01-24 22:11 32,768 --a------ c:\windows\system32\f2djq.as
2009-01-24 22:11 . 2009-01-24 22:11 28,672 --a------ c:\windows\system32\do8d.sr
2009-01-24 22:11 . 2009-01-24 22:11 28,672 --a------ c:\windows\system32\dedwf.lp
2009-01-24 22:03 . 2009-01-24 23:24 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-24 22:02 . 2009-01-24 22:02 49,664 --a------ c:\windows\system32\opnmMeCu.dll
2009-01-24 21:51 . 2009-01-24 21:51 49,664 --a------ c:\windows\system32\byXPHaXo.dll
2009-01-24 21:44 . 2008-04-13 16:12 578,560 --a------ c:\windows\system32\aaaa
2009-01-24 21:44 . 2009-01-24 21:44 49,664 --a------ c:\windows\system32\byXRigEX.dll
2009-01-24 21:44 . 2009-01-24 21:44 40,960 --a------ c:\documents and settings\Panther\qWHmncvbL.exe
2009-01-24 21:43 . 2009-01-24 21:43 255,488 --a------ c:\documents and settings\Panther\msiexec.exe
2009-01-24 21:39 . 2008-06-13 21:19 <DIR> d-------- c:\documents and settings\Panther\Application Data\Apple Computer
2009-01-24 21:39 . 2009-01-25 05:55 <DIR> d-------- c:\documents and settings\Panther
2009-01-24 21:37 . 2009-01-25 01:15 <DIR> d-------- c:\documents and settings\Mike\Application Data\cogad
2009-01-24 21:36 . 2009-01-24 21:36 <DIR> d-------- c:\temp\tmp90
2009-01-24 21:36 . 2009-01-24 22:33 <DIR> d-------- C:\Temp
2009-01-24 21:36 . 2008-04-13 16:12 578,560 --a------ c:\windows\system32\cccc
2009-01-24 21:36 . 2009-01-24 23:24 143,360 --a------ c:\windows\system32\azton.mt
2009-01-24 21:36 . 2009-01-24 23:24 143,360 --a------ C:\expi.exe
2009-01-24 21:36 . 2009-01-24 21:36 49,664 --a------ c:\windows\system32\nnnlKbAq.dll
2009-01-24 21:36 . 2009-01-24 23:24 41,984 --a------ C:\ktbfsqs.exe
2009-01-24 21:36 . 2009-01-24 23:24 2 --a------ C:\-723899670
2009-01-24 20:54 . 2009-01-24 20:54 21,446 --a------ c:\windows\system32\sf.ico
2009-01-24 20:54 . 2009-01-24 20:54 13,942 --a------ c:\windows\system32\m3.ico
2009-01-24 20:54 . 2009-01-24 20:54 3,100 --a------ c:\windows\ios.dat
2009-01-24 20:41 . 2009-01-24 20:41 98,304 --a------ c:\windows\system32\hhsa.dll
2009-01-24 20:34 . 2009-01-24 20:34 46,592 --a------ c:\windows\system32\ipv6sp.dll
2009-01-24 20:34 . 2009-01-24 20:34 119 --a------ c:\windows\system32\ak
2009-01-24 20:28 . 2009-01-24 20:28 <DIR> d-------- c:\program files\TeamViewer
2009-01-23 22:29 . 2009-01-23 22:34 153 --a------ c:\windows\cavscan.INI
2009-01-23 21:18 . 2009-01-25 01:38 <DIR> d-------- c:\program files\Opera
2009-01-23 03:02 . 2009-01-23 03:02 49,664 --a------ c:\windows\system32\ddcCUkkI.dll
2009-01-23 01:35 . 2009-01-24 20:32 7 --a------ c:\windows\system32\nar.bin
2009-01-23 01:05 . 2009-01-23 01:05 <DIR> d-------- c:\program files\ABBYY FineReader 5.0 Sprint
2009-01-23 01:04 . 2009-01-24 23:36 <DIR> d-------- c:\program files\Dl_cats
2009-01-23 00:59 . 2004-08-23 06:40 143,360 -ra------ c:\windows\system32\dlbucoin.dll
2009-01-23 00:59 . 2004-08-23 06:42 131,072 -ra------ c:\windows\system32\dlbusnls.dll
2009-01-23 00:57 . 2009-01-23 00:59 <DIR> d-------- c:\program files\Dell Photo AIO Printer 942
2009-01-23 00:35 . 2009-01-25 17:06 <DIR> d-------- c:\documents and settings\Mike\Application Data\Xfire
2009-01-23 00:20 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-23 00:20 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-23 00:19 . 2009-01-25 01:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-23 00:19 . 2009-01-23 00:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-22 23:44 . 2009-01-22 23:44 8,688 --a------ c:\windows\system32\btw3a.sys
2009-01-22 23:34 . 2009-01-22 23:34 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-01-22 23:33 . 2009-01-22 23:34 <DIR> d-------- c:\program files\COMODO
2009-01-22 23:33 . 2009-01-22 23:33 <DIR> d-------- c:\program files\AskBarDis
2009-01-22 23:33 . 2009-01-23 14:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2009-01-22 23:33 . 2009-01-22 23:33 143,096 --a------ c:\windows\system32\guard32.dll
2009-01-22 23:33 . 2009-01-22 23:33 99,216 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-01-22 23:33 . 2009-01-22 23:33 31,504 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-01-22 22:26 . 2007-12-10 14:53 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-01-22 22:26 . 2007-12-10 14:53 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-01-22 22:26 . 2007-12-10 14:53 41,864 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-01-22 22:26 . 2007-12-10 14:53 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-01-22 22:25 . 2009-01-22 22:27 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-22 22:25 . 2009-01-22 22:25 <DIR> d-------- c:\documents and settings\Mike\Application Data\PC Tools
2009-01-22 22:04 . 2009-01-22 23:46 <DIR> d-------- c:\program files\Unlocker
2009-01-22 22:04 . 2009-01-22 22:52 <DIR> d-------- c:\program files\nLite
2009-01-22 21:43 . 2009-01-22 21:43 <DIR> d-------- c:\documents and settings\Mike\Application Data\TeamViewer
2009-01-22 21:42 . 2009-01-22 21:42 <DIR> d-------- c:\documents and settings\Mike\temp
2009-01-22 17:18 . 2009-01-22 17:18 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-01-20 12:23 . 2009-01-20 13:04 0 --a------ c:\windows\system32\drivers\c6271ddd.sys
2009-01-20 12:02 . 2009-01-20 12:02 <DIR> d-------- c:\windows\system32\xp2
2009-01-20 12:02 . 2009-01-24 21:37 <DIR> d-------- c:\windows\system32\UZ
2009-01-19 02:00 . 2008-12-16 21:55 195,096 --a------ c:\windows\system32\lvci11901262.dll
2009-01-19 02:00 . 2009-01-25 17:03 0 --a------ c:\windows\system32\drivers\logiflt.iad
2009-01-19 00:41 . 2009-01-19 00:42 <DIR> d-------- c:\program files\CCleaner
2009-01-18 22:40 . 2009-01-18 23:40 354,557 --a------ c:\windows\system32\apx
2009-01-18 22:40 . 2009-01-18 23:40 7,070 --a------ c:\windows\system32\ap
2009-01-18 22:04 . 2009-01-25 17:03 0 --a------ c:\windows\system32\drivers\lvuvc.hs
2009-01-18 22:02 . 2009-01-25 17:04 13,678 --a------ c:\windows\system32\wpa.dbl
2009-01-18 18:21 . 2009-01-18 18:22 135,168 --a------ c:\windows\ihuciluvunebur.dll
2009-01-18 18:09 . 2009-01-25 13:20 <DIR> d-------- c:\windows\system32\m3V02
2009-01-18 18:09 . 2008-12-16 18:53 51,712 ---hs---- c:\documents and settings\Panther\winlogon.exe
2009-01-18 18:09 . 2008-12-16 18:53 51,712 ---hs---- c:\documents and settings\Mike\winlogon.exe
2009-01-18 18:09 . 2009-01-24 21:36 41,984 --a------ c:\windows\Fjohuzik.dll
2009-01-18 18:09 . 2009-01-20 01:04 0 --a------ c:\windows\system32\drivers\444376d9.sys
2009-01-09 18:49 . 2009-01-25 14:10 202,008 --a------ c:\windows\system32\PnkBstrB.exe
2009-01-09 18:49 . 2009-01-25 14:11 139,096 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-01-09 18:21 . 2009-01-09 18:49 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-01-07 21:20 . 2009-01-09 18:49 22,328 --a------ c:\documents and settings\Mike\Application Data\PnkBstrK.sys
2009-01-07 21:19 . 2009-01-09 18:49 682,280 --a------ c:\windows\system32\pbsvc.exe
2009-01-07 20:53 . 2009-01-23 02:00 <DIR> d-------- c:\program files\Soldier of Fortune II - Double Helix GOLD
2008-12-28 15:45 . 2008-12-28 15:45 268 --ah----- C:\sqmdata03.sqm
2008-12-28 15:45 . 2008-12-28 15:45 244 --ah----- C:\sqmnoopt03.sqm
2008-12-28 15:11 . 2008-12-28 15:11 268 --ah----- C:\sqmdata02.sqm
2008-12-28 15:11 . 2008-12-28 15:11 244 --ah----- C:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 00:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-25 09:55 --------- d-----w c:\program files\Common
2009-01-25 09:36 --------- d-----w c:\documents and settings\Mike\Application Data\teamspeak2
2009-01-25 08:53 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-25 06:24 14,336 ----a-w c:\windows\system32\svchost.exe
2009-01-25 02:14 --------- d-----w c:\program files\Project64 1.6
2009-01-25 01:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-24 06:11 --------- d-s---w c:\program files\Xfire
2009-01-23 08:18 --------- d-----w c:\program files\Java
2009-01-23 08:09 --------- d-----w c:\program files\Hewlett-Packard
2009-01-19 10:01 --------- d-----w c:\program files\Common Files\LogiShrd
2009-01-19 09:59 --------- d-----w c:\program files\Logitech
2009-01-19 09:59 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-01-19 07:42 147,456 ----a-w c:\windows\system32\vbzip10.dll
2009-01-15 21:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-06 05:29 --------- d-----w c:\program files\Xtreme Desktop
2009-01-06 05:27 --------- d-----w c:\program files\PSP Max Media Manager
2009-01-06 05:27 --------- d-----w c:\documents and settings\Mike\Application Data\Datel
2009-01-06 05:25 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-06 05:25 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-26 04:07 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-24 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-24 21:08 --------- d-----w c:\program files\Yahoo!
2008-12-24 21:07 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-24 19:21 --------- d-----w c:\program files\MySpace
2008-12-17 06:02 23,832 ----a-w c:\windows\system32\drivers\lvuvcflt.sys
2008-12-17 06:01 6,364,440 ----a-w c:\windows\system32\drivers\lvuvc.sys
2008-12-17 06:01 432,664 ----a-w c:\windows\system32\LVUI2RC.dll
2008-12-17 06:01 41,752 ----a-w c:\windows\system32\drivers\LVUSBSta.sys
2008-12-17 06:00 768,024 ----a-w c:\windows\system32\drivers\lvrs.sys
2008-12-17 06:00 494,104 ----a-w c:\windows\system32\LVUI2.dll
2008-12-17 05:58 25,624 ----a-w c:\windows\system32\drivers\LVPr2Mon.sys
2008-12-17 05:55 416,280 ----a-w c:\windows\system32\lvcodec2.dll
2008-12-17 05:50 13,584 ----a-w c:\windows\system32\drivers\iKeyLgFT.dll
2008-12-17 05:38 85,302 ----a-w c:\windows\system32\drivers\LVFeL002.cfg
2008-12-17 05:38 69,592 ----a-w c:\windows\system32\drivers\LVFaL000.cfg
2008-12-17 05:38 227,172 ----a-w c:\windows\system32\drivers\LVFeL000.cfg
2008-12-17 05:38 146,680 ----a-w c:\windows\system32\drivers\LVFeL001.cfg
2008-12-17 05:37 29,562 ----a-w c:\windows\system32\Repository.reg
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-04 15:18 43,520 ----a-w c:\windows\system32\drivers\fetnd5bv.sys
2008-09-14 15:17 128 ----a-w c:\documents and settings\Mike\index.exe
2007-04-30 02:49 87,608 ----a-w c:\documents and settings\Mike\Application Data\ezpinst.exe
2007-04-30 02:49 47,360 ----a-w c:\documents and settings\Mike\Application Data\pcouffin.sys
2007-03-17 09:16 24,192 ----a-w c:\documents and settings\Mike\usbsermptxp.sys
2007-03-17 09:16 22,768 ----a-w c:\documents and settings\Mike\usbsermpt.sys
2001-09-29 00:00 164,864 ----a-w c:\documents and settings\Uninstall\UNWISE.EXE
2008-09-07 16:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090720080908\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-24_23.16.02.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-25 07:05:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-25 22:45:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-25 07:05:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-25 22:45:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-25 07:05:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-25 22:45:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-13 17:39:24 142,592 -c--a-w c:\windows\system32\dllcache\aec.sys
- 2009-01-25 06:24:36 6,656 ----a-w c:\windows\system32\drivers\61883.sys
+ 2008-04-13 19:46:20 48,128 ----a-w c:\windows\system32\drivers\61883.sys
- 2009-01-25 05:44:43 6,656 ----a-w c:\windows\system32\drivers\aec.sys
+ 2008-04-13 17:39:24 142,592 ----a-w c:\windows\system32\drivers\aec.sys
+ 2009-01-25 08:53:46 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2008-12-17 05:59:28 109,080 ----a-w c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2009-01-26 01:03:45 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2125196d-e708-4898-bd28-ad1256834b99}]
2009-01-25 17:06 129536 --a------ c:\windows\system32\kjpzvw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2009-01-25 13:20 47616 --a------ c:\windows\system32\opnnMfET.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D57AF196-998A-4706-83D8-D125A5023EC5}]
2009-01-25 17:05 297472 --a------ c:\windows\system32\jkkIYpoO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-13 1695232]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-01-22 278264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-02-03 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-09 69632]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-01-22 1796856]
"Windows Logon Applicationedc"="c:\documents and settings\Mike\winlogon.exe" [2008-12-16 51712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-25 1261336]
"Microsoft Windows Installer"="c:\documents and settings\Mike\Application Data\msiexec.exe" [2009-01-25 376832]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-01-22 2993488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-12 66864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\opnnMfET.dll" [2009-01-25 47616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccukki]
2009-01-23 03:02 49664 c:\windows\system32\ddcCUkkI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnmfet]
2009-01-25 13:20 47616 c:\windows\system32\opnnMfET.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\jkkIYpoO

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\incdpass.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-25 97928]
R1 cmdguard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-01-22 99216]
R1 cmdhlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-01-22 31504]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-25 231704]
S1 437631de;437631de;c:\windows\system32\drivers\437631de.sys --> c:\windows\system32\drivers\437631de.sys [?]
S1 444376d9;444376d9;c:\windows\system32\drivers\444376d9.sys [2009-01-18 0]
S1 78a5de2;78a5de2;c:\windows\system32\drivers\78a5de2.sys --> c:\windows\system32\drivers\78a5de2.sys [?]
S1 8753fdca;8753fdca;c:\windows\system32\drivers\8753fdca.sys --> c:\windows\system32\drivers\8753fdca.sys [?]
S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys [?]
S1 c6271ddd;c6271ddd;c:\windows\system32\drivers\c6271ddd.sys [2009-01-20 0]
S1 glaide32;glaide32;\??\c:\windows\system32\drivers\glaide32.sys --> c:\windows\system32\drivers\glaide32.sys [?]
S3 mbamswissarmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-01-23 38496]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-22 747912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\dvdcheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0281eeac-3fcd-11dc-bcaf-00115b572d65}]
\Shell\AutoRun\command - F:\BSAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfb52f3f-bdf7-11dd-bdf8-00115b572d65}]
\shell\autorun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\shell\explore\command - J:\system.exe
\shell\open\command - J:\system.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2009-01-21 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#7700#MY38F123HPK5.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 13:57]

2009-01-26 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2003-08-20 13:23]

2009-01-26 c:\windows\Tasks\qlkkxeyl.job
- c:\windows\system32\ljJDWQKc.dll [2009-01-25 17:04]
.
- - - - ORPHANS REMOVED - - - -

BHO-{a4fd39fc-2970-488b-a8c3-f32b1408e1b4} - c:\windows\system32\ssqOeDUl.dll

.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\e42i9ouh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 17:04:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

c:\windows\system32\ljJDWQKc.dll 48128 bytes executable
c:\windows\system32\OopYIkkj.ini 372 bytes
c:\windows\system32\OopYIkkj.ini2 372 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-1606980848-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-776561741-1606980848-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:63,c3,72,be,a6,ff,5d,08,55,06,75,03,66,f5,66,9f,0f,ed,c1,9a,07,b1,43,
b0,13,6f,90,81,48,b9,5c,5a,ab,3d,5b,05,ef,f5,bf,12,b8,e6,06,0c,c8,83,27,32,\
"??"=hex:15,91,86,1b,ed,f0,ef,8d,d1,d9,b2,06,5f,83,ff,86

[HKEY_USERS\S-1-5-21-776561741-1606980848-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:ef,e3,cf,93,5b,d1,11,53,9c,de,26,14,06,bd,3f,88,42,64,8c,72,56,
29,26,ee,85,3d,d1,13,60,35,5a,c6,d1,2e,73,5e,8b,03,d0,27,01,7f,3c,ca,4d,dc,\
"rkeysecu"=hex:3c,fe,78,f7,26,47,cd,af,1a,55,22,74,c2,be,05,ac
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\opnnMfET.dll

- - - - - - - > 'explorer.exe'(3812)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\gifrqtpu.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-01-25 17:11:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-26 01:11:25
ComboFix2.txt 2009-01-25 21:26:11
ComboFix3.txt 2009-01-25 07:19:18

Pre-Run: 153,389,064,192 bytes free
Post-Run: 153,361,666,048 bytes free

401 --- E O F --- 2009-01-15 21:00:54

***************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:52 PM, on 1/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\FUCK VIRUSES.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: {99b43865-21da-82db-8984-807ed6915212} - {2125196d-e708-4898-bd28-ad1256834b99} - C:\WINDOWS\system32\kjpzvw.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\opnnMfET.dll
O2 - BHO: (no name) - {D57AF196-998A-4706-83D8-D125A5023EC5} - C:\WINDOWS\system32\jkkIYpoO.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Mike\winlogon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Mike\Application Data\msiexec.exe
O4 - HKLM\..\Run: [d4da2a45] rundll32.exe "C:\WINDOWS\system32\gifrqtpu.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174095000359
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/G...onGameHost.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: ddccukki - C:\WINDOWS\SYSTEM32\ddcCUkkI.dll
O20 - Winlogon Notify: opnnmfet - C:\WINDOWS\SYSTEM32\opnnMfET.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdagent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (lvprcsrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB (pnkbstrb) - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8114 bytes

**Blade81** · 2009-01-26, 08:14

Hi

Seems like there're still bad things left.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

Driver::
437631de
444376d9
78a5de2
8753fdca
c6271ddd
glaide32

File::
c:\documents and settings\Mike\msiexec.exe
c:\windows\system32\jkkIYpoO.dll
c:\windows\system32\OopYIkkj.ini2
c:\windows\system32\OopYIkkj.ini
c:\windows\system32\ljJDWQKc.dll
c:\windows\system32\yayyYSKa.dll
c:\documents and settings\Mike\Application Data\msiexec.exe
c:\windows\system32\opnnMfET.dll
c:\windows\system32\xxyvwXND.dll
c:\windows\system32\tuvVMeCr.dll
c:\windows\system32\wvUnOFXr.dll
c:\windows\system32\efcBtrQG.dll
c:\documents and settings\Mike\kujkQBgh.exe
c:\windows\system32\yyyyyyyyyyyy
c:\windows\system32\geBssPJB.dll
c:\documents and settings\Mike\mvLlSDhjY.exe
c:\windows\mqcd.dbt
c:\windows\system32\f3g.e
c:\windows\system32\xxyywULC.dll
c:\windows\system32\zd.zag
c:\windows\system32\f2djq.as
c:\windows\system32\do8d.sr
c:\windows\system32\dedwf.lp
c:\windows\system32\opnmMeCu.dll
c:\windows\system32\byXPHaXo.dll
c:\windows\system32\aaaa
c:\windows\system32\byXRigEX.dll
c:\documents and settings\Panther\qWHmncvbL.exe
c:\documents and settings\Panther\msiexec.exe
c:\windows\system32\cccc
c:\windows\system32\azton.mt
C:\expi.exe
c:\windows\system32\nnnlKbAq.dll
C:\ktbfsqs.exe
C:\-723899670
c:\windows\system32\sf.ico
c:\windows\system32\m3.ico
c:\windows\ios.dat
c:\windows\system32\hhsa.dll
c:\windows\system32\ipv6sp.dll
c:\windows\system32\ak
c:\windows\system32\ddcCUkkI.dll
c:\windows\system32\nar.bin
c:\windows\system32\drivers\c6271ddd.sys
c:\windows\system32\apx
c:\windows\system32\ap
c:\windows\ihuciluvunebur.dll
c:\documents and settings\Panther\winlogon.exe
c:\documents and settings\Mike\winlogon.exe
c:\windows\Fjohuzik.dll
c:\windows\system32\drivers\444376d9.sys
c:\windows\system32\kjpzvw.dll
c:\windows\system32\drivers\437631de.sys
c:\windows\system32\drivers\78a5de2.sys
J:\system.exe
c:\windows\Tasks\qlkkxeyl.job
c:\windows\system32\drivers\glaide32.sys

Folder::
c:\documents and settings\Mike\Application Data\cogad
c:\temp\tmp90
c:\windows\system32\xp2
c:\windows\system32\UZ
c:\windows\system32\m3V02

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2125196d-e708-4898-bd28-ad1256834b99}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D57AF196-998A-4706-83D8-D125A5023EC5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Installer"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccukki]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnmfet]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfb52f3f-bdf7-11dd-bdf8-00115b572d65}]

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.

Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.

Thread: Another Help Topic

Thread Tools

Display

Hybrid View

Another Help Topic

Posting Permissions