Bdizzle08
2008-08-09, 04:56
Hi All!
I have virtumonde... I am also haveing some other issues. My Automatic updates will not turn on, even when following the microsoft instructions. Also My internet cookies al always off when ever I reopen Internet explorer!
Well Here's my HJT Log. Thanks in advanced for the help!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:58 PM, on 8/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\IE7\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM6cd9b65d] Rundll32.exe "C:\WINDOWS\system32\kbcnitgj.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-934222489-889063064-3638727846-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167501260515
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/insaniquarium/popcaploader_v6.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 6416 bytes
Hi Bdizzle08
1 - Rename HJT
Go to C:\Program Files\Trend Micro\HijackThis
Right click on HijackThis.exe and select Rename
Type in Finder.exe
Press the Enter key
2 - Scan With ComboFix
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use
Please visit this webpage for download links, and instructions for running ComboFix -
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says -
The Recovery Console was successfully installed.
Please continue as follows -
Close/Disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
3 - uninstall list
Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
5 - Status Check
Please reply with
1. the the ComboFix log (C:\ComboFix.txt)
2. the uninstall list
3. a fresh HijackThis log
description of any problems you are having with your PC
Thanks peku006
Bdizzle08
2008-08-13, 04:11
Here is everything you requested.
Thanks again!
ComboFix 08-08-12.01 - Brandon Miller 2008-08-12 19:44:58.1 - FAT32x86
Running from: C:\Documents and Settings\Brandon Miller\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Brandon Miller\Application Data\macromedia\Flash Player\#SharedObjects\SVMQ8TZA\interclick.com
C:\Documents and Settings\Brandon Miller\Application Data\macromedia\Flash Player\#SharedObjects\SVMQ8TZA\interclick.com\ud.sol
C:\Documents and Settings\Brandon Miller\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Brandon Miller\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\BM6cd9b65d.txt
C:\WINDOWS\BM6cd9b65d.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ajujapnw.ini
C:\WINDOWS\system32\aonmdlil.ini
C:\WINDOWS\system32\crdlarjc.ini
C:\WINDOWS\system32\dmhelyjn.dll
C:\WINDOWS\system32\hjpviosc.ini
C:\WINDOWS\system32\iomvrpvo.ini
C:\WINDOWS\system32\ksenmdor.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MnnVvyxx.ini
C:\WINDOWS\system32\MnnVvyxx.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nflrjirl.ini
C:\WINDOWS\system32\ooxjuxbd.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\vqivmxmw.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.
2008-08-26 21:18 . 2008-08-26 21:18 2,048 --a------ C:\WINDOWS\system32\ysbhvtsr.exe
2008-08-25 21:30 . 2008-08-25 21:30 <DIR> d--hs---- C:\FOUND.000
2008-08-24 22:29 . 2008-08-24 22:29 <DIR> d-------- C:\WINDOWS\system32\kBin02
2008-08-24 22:29 . 2008-08-24 22:29 <DIR> d-------- C:\Temp\epr1
2008-08-24 22:29 . 2008-08-24 22:29 <DIR> d-------- C:\Temp
2008-08-24 22:11 . 2008-08-24 22:11 8,840 --a------ C:\WINDOWS\SEC14E7.PNF
2008-08-24 22:04 . 2008-08-24 22:04 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-24 22:04 . 2008-08-24 22:04 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-24 22:04 . 2008-08-24 22:04 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-24 22:01 . 2008-08-24 22:01 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-24 21:53 . 2008-08-24 21:53 <DIR> d-------- C:\Documents and Settings\Brandon Miller\Application Data\Autodesk
2008-08-24 21:53 . 2008-08-24 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-08-24 21:53 . 2008-08-24 21:53 2,948 --a------ C:\WINDOWS\SEC4C.PNF
2008-08-24 21:50 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-08-24 21:14 . 2008-08-24 21:14 <DIR> d-------- C:\install
2008-08-23 19:19 . 2008-04-13 18:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-08-23 19:19 . 2008-04-13 18:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-08-23 19:19 . 2008-04-13 18:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-23 19:19 . 2008-04-13 18:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-23 19:19 . 2008-04-13 18:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-23 19:19 . 2008-04-13 18:12 291,328 --------- C:\WINDOWS\system32\qagentrt.dll
2008-08-23 19:19 . 2008-04-13 18:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-08-23 19:19 . 2008-04-13 18:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-08-23 19:19 . 2008-04-13 18:11 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-08-23 19:19 . 2008-04-13 18:12 176,640 --------- C:\WINDOWS\system32\napstat.exe
2008-08-23 19:17 . 2004-08-04 00:56 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-08-23 19:17 . 2004-08-10 20:00 286,792 --a------ C:\WINDOWS\system32\slextspk.dll
2008-08-23 19:17 . 2004-08-10 20:00 13,568 --a------ C:\WINDOWS\system32\drivers\wacompen.sys
2008-08-23 19:17 . 2004-08-10 20:00 12,672 --a------ C:\WINDOWS\system32\drivers\usb8023x.sys
2008-08-23 19:17 . 2008-04-13 18:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-08-23 19:17 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-08-23 19:17 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-08-23 19:17 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-08-23 19:17 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-08-23 19:15 . 2004-08-10 20:00 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-19 15:29 . 2008-08-19 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-19 15:18 . 2008-08-19 15:18 <DIR> d-------- C:\Program Files\Rhapsody
2008-08-09 20:17 . 2008-08-09 20:17 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-08-09 20:17 . 2008-08-09 20:17 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-08-09 20:16 . 2008-08-09 20:16 262,144 --a------ C:\ntuser.dat
2008-08-09 20:09 . 2008-08-09 20:09 2,048 --a------ C:\WINDOWS\system32\uhpjnegk.exe
2008-08-08 23:45 . 2008-08-08 23:45 2,048 --a------ C:\WINDOWS\system32\ghyqcmpl.exe
2008-08-07 22:39 . 2008-08-07 22:39 <DIR> d-------- C:\Program Files\CCleaner
2008-08-07 22:39 . 2008-08-07 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-07 22:20 . 2008-08-07 22:20 <DIR> d-------- C:\Program Files\Safer Networking
2008-08-07 21:42 . 2008-08-07 21:42 2,048 --a------ C:\WINDOWS\system32\vvxykaut.exe
2008-08-07 15:19 . 2008-08-07 15:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-07 15:19 . 2008-08-07 15:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-06 22:26 . 2008-08-06 22:26 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-06 21:46 . 2008-08-06 21:46 2,048 --a------ C:\WINDOWS\system32\wrikyjes.exe
2008-08-06 19:00 . 2008-08-06 19:01 2,048 --a------ C:\WINDOWS\system32\nvvlorwq.exe
2008-08-05 18:39 . 2008-08-05 18:39 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-05 14:37 . 2000-03-20 23:55 118,784 --a------ C:\WINDOWS\system32\vbalNCSM6.dll
2008-08-05 14:37 . 1999-03-25 23:00 101,888 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2008-08-05 14:37 . 2000-07-17 13:41 70,088 --a------ C:\WINDOWS\system32\Project2-1.ocx
2008-08-05 14:37 . 1999-02-19 07:54 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-08-05 14:37 . 2000-03-21 15:37 1,760 --a------ C:\WINDOWS\system32\objsafe.tlb
2008-08-05 14:37 . 2000-04-06 14:58 1,453 --a------ C:\WINDOWS\system32\Project2.INF
2008-08-05 14:36 . 2008-08-05 14:36 <DIR> d-------- C:\Program Files\eGames
2008-08-04 22:33 . 2008-08-04 22:33 294 ---hs---- C:\WINDOWS\system32\sthfgail.ini
2008-08-04 21:56 . 2008-08-04 21:56 45,316 --a------ C:\WINDOWS\RGI97.PNF
2008-08-04 19:09 . 2008-08-04 19:09 1,374 --a------ C:\WINDOWS\system32\wpa.bak
2008-08-04 16:20 . 2004-08-10 04:13 73,728 --a------ C:\WINDOWS\system32\dllcache\ehresja.dll
2008-08-04 16:20 . 2004-08-10 04:13 69,632 --a------ C:\WINDOWS\system32\dllcache\ehresko.dll
2008-08-04 16:20 . 2004-08-10 04:13 69,632 --a------ C:\WINDOWS\system32\dllcache\ehresfr.dll
2008-08-04 16:20 . 2004-08-10 04:13 69,632 --a------ C:\WINDOWS\system32\dllcache\ehresde.dll
2008-08-04 16:18 . 2004-08-10 06:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-08-04 16:17 . 2004-08-10 06:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-08-04 16:16 . 2004-08-10 06:00 10,096,640 --a------ C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-08-04 16:15 . 2004-08-10 06:00 480,256 --a------ C:\WINDOWS\system32\dllcache\cintsetp.exe
2008-08-04 16:14 . 2004-05-13 00:39 876,653 --a------ C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-08-04 16:13 . 2004-08-10 06:00 290,816 --a------ C:\WINDOWS\system32\dllcache\adsiis51.dll
2008-08-04 16:13 . 2004-08-10 06:00 275,968 --a------ C:\WINDOWS\system32\dllcache\certwiz.ocx
2008-08-04 16:13 . 2003-03-24 16:52 188,480 --a------ C:\WINDOWS\system32\dllcache\cfgwiz.exe
2008-08-04 16:13 . 2004-08-10 06:00 94,720 --a------ C:\WINDOWS\system32\dllcache\certmap.ocx
2008-08-04 16:13 . 2004-08-10 06:00 76,288 --a------ C:\WINDOWS\system32\dllcache\cnfgprts.ocx
2008-08-04 16:13 . 2004-08-10 06:00 43,520 --a------ C:\WINDOWS\system32\dllcache\admwprox.dll
2008-08-04 16:13 . 2003-03-24 16:52 20,540 --a------ C:\WINDOWS\system32\dllcache\author.dll
2008-08-04 16:13 . 2003-03-24 16:52 20,540 --a------ C:\WINDOWS\system32\dllcache\admin.dll
2008-08-04 16:13 . 2003-03-24 16:52 16,439 --a------ C:\WINDOWS\system32\dllcache\author.exe
2008-08-04 16:13 . 2003-03-24 16:52 16,439 --a------ C:\WINDOWS\system32\dllcache\admin.exe
2008-08-04 16:11 . 2008-08-04 16:11 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-08-04 16:11 . 2008-08-04 16:11 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-04 16:11 . 2008-08-04 16:11 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-04 16:11 . 2008-08-04 16:11 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-08-04 16:11 . 2008-08-04 16:11 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-04 16:11 . 2008-08-04 16:11 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-04 15:16 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-08-04 15:16 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-08-04 15:16 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-08-04 15:16 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-08-04 15:08 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-08-04 15:08 . 2001-08-17 13:51 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2008-08-04 15:06 . 2004-08-10 06:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-08-04 15:06 . 2004-08-10 06:00 24,661 --a------ C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-08-04 15:06 . 2004-08-10 06:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-08-04 15:06 . 2004-08-10 06:00 13,312 --a------ C:\WINDOWS\system32\dllcache\irclass.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-26 00:19 32,768 ------w C:\Program Files\2Wire
2007-09-15 20:53 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-08-05 19:44 3,820,104 ----a-w C:\Documents and Settings\Brandon Miller\gosetup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 04:46 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
"Search Protection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-06-26 05:01 111856]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-06-26 05:01 111856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-06-26 05:01 111856]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 23:54 16248320 C:\WINDOWS\RTHDCPL.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 12:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 18:12 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"winmgmt"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"aawservice"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\StubInstaller.exe"=
"C:\\Acer\\Empowering Technology\\Acer.Empowering.Framework.Launcher.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
- - - - ORPHANS REMOVED - - - -
BHO-{748D6EA8-CD59-4682-91E7-AF92F4F2D40E} - C:\WINDOWS\system32\byXQHyww.dll
BHO-{FA7B4D36-0503-4C7F-8D90-404D8DEC0CE0} - C:\WINDOWS\system32\xxyvVnnM.dll
ShellExecuteHooks-{748D6EA8-CD59-4682-91E7-AF92F4F2D40E} - C:\WINDOWS\system32\byXQHyww.dll
Notify-byXQHyww - byXQHyww.dll
MSConfigStartUp-Aim6 - C:\Program Files\AIM6\aim6.exe
MSConfigStartUp-BM6cd9b65d - C:\WINDOWS\system32\vvhmyakb.dll
MSConfigStartUp-MySpaceIM - C:\Program Files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
MSConfigStartUp-Yahoo! Pager - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Brandon Miller\Application Data\Mozilla\Firefox\Profiles\oeiz8uhx.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ffsearch.net/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 19:54:02
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\WINDOWS\EHOME\EHRECVR.EXE
C:\WINDOWS\EHOME\EHSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\PIF\{B8E1DD85-8582-4C61-B58F-2F227FCA9A08}\PIFSVC.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\PROGRAM FILES\RNAMFLER\NAOFSVC.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
C:\WINDOWS\EHOME\MCRDSVC.EXE
.
**************************************************************************
.
Completion time: 2008-08-12 19:56:30 - machine was rebooted [Brandon Miller]
ComboFix-quarantined-files.txt 2008-08-13 01:56:28
Pre-Run: 24,138,383,360 bytes free
Post-Run: 24,121,802,752 bytes free
257 --- E O F --- 2008-08-25 04:12:14
Unistall Log
Acer OrbiCam
Actiontec Gateway
Adobe Flash Player ActiveX
AMD Processor Driver
ATI Display Driver
avast! Antivirus
CA Yahoo! Anti-Spy (remove only)
CCleaner (remove only)
Digital Photo Navigator 1.5
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LimeWire 4.18.3
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Small Business Image Uploader
Microsoft Office Live Web Folder Connector
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
neroxml
PowerCinema NE for Everio
PowerDirector Express
PowerProducer
QuickConnect
QuickTime
Qwest QuickCare 2.0
RealArcade
Realtek High Definition Audio Driver
RegAlyzer
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy
Synaptics Pointing Device Driver
VCRedistSetup
Viewpoint Media Player
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Search Protection
Yahoo! Toolbar
And HJT Logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:07 PM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\finder.exe.exe
C:\WINDOWS\system32\notepad.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-21-934222489-889063064-3638727846-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-934222489-889063064-3638727846-1005\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User '?')
O4 - HKUS\S-1-5-21-934222489-889063064-3638727846-1005\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User '?')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167501260515
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 7376 bytes
Thanks!
Hi Bdizzle08
RECOVERY CONSOLE
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System
http://i51.photobucket.com/albums/f387/Katana_1970/KB310994.gif
Download the file & save it as it's originally named, next to ComboFix.exe.
http://img.photobucket.com/albums/v666/sUBs/RC1-4.gif
Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Drag the setup package onto ComboFix.exe and drop it.
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
At the next prompt, click 'Yes' to run the full ComboFix scan.
http://img.photobucket.com/albums/v706/ried7/RC_whatnext.gif
When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Thanks peku006
Hello!
Do you still need help
It has been three days since my last post.
Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?
Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!