Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Slow start up and freezing

  1. #11
    Junior Member
    Join Date
    Apr 2007
    Posts
    17

    Default

    Yes, used my thumb drive but I scanned it first and nothing came up, I take it I got it from that again... can I clean the thumb drive or just bin it?

    DDS (Ver_09-03-16.01) - NTFSx86
    Run by CTD at 0:46:02.96 on Fri 03/27/2009
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.758.285 [GMT -12:00]

    AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning disabled* (Updated)

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Documents and Settings\CTD\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
    DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221087931671
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237106076968
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ctd\applic~1\mozilla\firefox\profiles\6vzp189g.default\
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-10 114768]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-6-27 61424]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-10 20560]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-9-10 138680]
    S3 aswArKrn;aswArKrn;\??\c:\docume~1\ctd\locals~1\temp\aswarkrn.sys --> c:\docume~1\ctd\locals~1\temp\aswArKrn.sys [?]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-9-10 254040]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-9-10 352920]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-14 38496]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]

    =============== Created Last 30 ================

    2009-03-26 10:06 <DIR> --d----- c:\documents and settings\ctd\Tracing
    2009-03-26 10:02 <DIR> --d----- c:\program files\Microsoft
    2009-03-26 10:01 <DIR> --d----- c:\program files\Windows Live SkyDrive
    2009-03-26 09:56 <DIR> --d----- c:\program files\common files\Windows Live
    2009-03-24 10:12 410,984 a------- c:\windows\system32\deploytk.dll
    2009-03-24 10:12 73,728 a------- c:\windows\system32\javacpl.cpl
    2009-03-24 09:50 <DIR> --d----- c:\documents and settings\ctd\.SunDownloadManager
    2009-03-23 08:36 <DIR> a-dshr-- C:\cmdcons
    2009-03-23 08:31 161,792 a------- c:\windows\SWREG.exe
    2009-03-23 08:31 98,816 a------- c:\windows\sed.exe
    2009-03-20 07:41 <DIR> --d-h--- c:\windows\$hf_mig$
    2009-03-19 16:29 <DIR> --d----- c:\documents and settings\ctd\.housecall6.6
    2009-03-19 09:41 <DIR> --d----- c:\windows\SHELLNEW
    2009-03-19 07:44 <DIR> --d----- c:\docume~1\ctd\applic~1\PCToolsFirewallPlus
    2009-03-19 07:40 <DIR> --d----- c:\program files\common files\PC Tools
    2009-03-18 19:35 <DIR> --d----- c:\program files\Trend Micro
    2009-03-14 21:05 <DIR> --d----- c:\docume~1\ctd\applic~1\Malwarebytes
    2009-03-14 21:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-03-14 21:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-14 21:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-03-14 21:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-03-14 20:54 <DIR> --d----- c:\program files\Secunia
    2009-03-14 20:29 <DIR> --ds---- c:\documents and settings\ctd\UserData
    2009-03-08 07:55 <DIR> --d----- C:\lj1015
    2009-03-06 12:38 <DIR> --d----- c:\program files\Cool PDF Reader
    2009-03-06 12:28 <DIR> --d----- c:\docume~1\ctd\applic~1\PDF reDirect

    ==================== Find3M ====================

    2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
    2009-01-29 11:47 20,632 a------- c:\windows\system32\dopdfmn6.dll
    2009-01-29 11:47 18,072 a------- c:\windows\system32\dopdfmi6.dll

    ============= FINISH: 0:46:33.67 ===============





    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/10/2008 10:16:33 AM
    System Uptime: 3/26/2009 8:25:33 PM (4 hours ago)

    Motherboard: Quanta | | 308F
    Processor: Intel(R) Pentium(R) M processor 1.73GHz | U1 | 1729/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 23 GiB total, 14.371 GiB free.
    D: is FIXED (NTFS) - 33 GiB total, 23.591 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Modem
    Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_3080103C&REV_03\3&B1BFB68&0&F3
    Manufacturer:
    Name: PCI Modem
    PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_3080103C&REV_03\3&B1BFB68&0&F3
    Service:

    ==== System Restore Points ===================

    RP1: 3/23/2009 8:31:44 AM - System Checkpoint
    RP2: 3/23/2009 8:32:35 AM - ComboFix created restore point
    RP3: 3/24/2009 9:19:46 AM - ComboFix created restore point
    RP4: 3/24/2009 9:52:00 AM - Removed Java(TM) 6 Update 7
    RP5: 3/24/2009 10:10:28 AM - Installed Java(TM) 6 Update 12
    RP6: 3/26/2009 10:02:38 AM - Removed Windows Live installer

    ==== Installed Programs ======================

    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe After Effects CS3 Presets
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Reader 8.1.3
    Adobe Setup
    Adobe Shockwave Player 11
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    AlphaCam
    AlphaCam Viewer
    Any Video Converter 2.6.2
    Apple Mobile Device Support
    Apple Software Update
    Applian FLV Player
    Audacity 1.2.6
    avast! Antivirus
    Belarc Advisor 7.2
    Bonjour
    BS.Player FREE
    Canon iP3300
    CCleaner (remove only)
    Choice Guard
    Conexant AC-Link Audio
    Cool PDF Reader 2.0
    CyberLink PowerDVD 8
    Desktop Calendar 0.42b
    Dev-C++ 5 beta 9 release (4.9.9.2)
    doPDF 6.2 printer
    EfreeBuy Folder Icon Version 3.00
    EVEREST Home Edition v2.20
    Flash Decompiler Gold 2.0.4.1204
    Free Video to JPG Converter version 1.4
    Free Video to Mp3 Converter version 3.1
    FreeRIP v3.091
    Gadwin PrintScreen
    Google Earth
    GSpot Codec Information Appliance
    GTK+ Runtime 2.12.8 rev a (remove only)
    HijackThis 2.0.2
    honestech Video Editor
    HP Integrated Module with Bluetooth wireless technology
    Icons from File 3.32
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    iTunes Sync
    Java(TM) 6 Update 12
    K-Lite Codec Pack 4.2.5 (Basic)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0
    Microsoft Application Error Reporting
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2005 Redistributable
    MJ 1.09
    Mozilla Firefox (3.0.7)
    MSN Messenger 7.5
    MSVCRT
    PDF Settings
    Pidgin
    PowerDVD
    QuickTime
    Realtek AC'97 Audio
    ScreenPrint32 v3.5
    Secunia PSI
    Segoe UI
    Software Update for Web Folders
    Spybot - Search & Destroy
    SpywareBlaster 4.1
    TagScanner 5.0 build 525
    Texas Instruments PCIxx21/x515 drivers.
    TIxx21/x515
    Uninstall 1.0.0.1
    Update for Windows XP (KB894391)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    WinPatrol 2008
    WinRAR archiver
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    3/23/2009 8:28:54 AM, error: Service Control Manager [7023] - The Support Network service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
    3/23/2009 8:21:53 AM, error: Tcpip [4198] - The system detected an address conflict for IP address 172.16.0.200 with the system having network hardware address 00:11:95:BB:4F:5E. The local interface has been disabled.
    3/23/2009 8:18:16 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0015004CD44F. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    3/20/2009 2:58:09 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    3/20/2009 2:00:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Firewall Plus service to connect.
    3/20/2009 12:44:55 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -68511 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|172.16.0.172:123->207.46.232.182:123) is working properly.
    3/20/2009 10:43:28 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -68557 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|172.16.0.172:123->207.46.232.182:123) is working properly.
    3/20/2009 7:10:23 AM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2009 7:10:23 AM, error: Service Control Manager [7023] - The avast! Web Scanner service terminated with the following error: Cannot create a file when that file already exists.
    3/20/2009 7:10:23 AM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/20/2009 7:10:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
    3/20/2009 7:07:49 AM, error: Dhcp [1002] - The IP address lease 172.16.0.172 for the Network Card with network address 00C09FD96934 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    3/23/2009 8:47:00 AM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
    3/25/2009 9:58:29 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    ==== End Of File ===========================

  2. #12
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi


    Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
    • Run Spybot-S&D in Advanced Mode
    • If it is not already set to do this, go to the Mode menu
      select
      Advanced Mode
    • On the left hand side, click on Tools
    • Then click on the Resident icon in the list
    • Uncheck
      Resident TeaTimer
      and OK any prompts.
    • Restart your computer



    Disable WinPatrol's realtime protection.
    • Right-click the running icon of Winpatrol in the system tray
    • Choose exit. It will automatically restart at next boot.


    Please have the thumbdrive plugged in during the fixing operation.

    Then download & run ComboFix like you did before. Post back its report & a fresh dds log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #13
    Junior Member
    Join Date
    Apr 2007
    Posts
    17

    Default

    Hi, I can't boot the computer up now - I am getting:

    NTLDR is missing

  4. #14
    Junior Member
    Join Date
    Apr 2007
    Posts
    17

    Default

    OK I fixed the boot up problem - here are the logs. Thanks

    ComboFix 09-03-22.01 - CTD 2009-03-27 12:33:10.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.758.491 [GMT -12:00]
    Running from: c:\documents and settings\CTD\Desktop\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning disabled* (Updated)
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    g:\recycler\desktop.ini
    g:\recycler\FINDER.DAT

    .
    ((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 )))))))))))))))))))))))))))))))
    .

    2009-03-27 12:31 . 2009-03-27 12:32 <DIR> d-------- C:\32788R22FWJFW
    2009-03-26 10:06 . 2009-03-26 20:35 <DIR> d-------- c:\documents and settings\CTD\Tracing
    2009-03-26 10:02 . 2009-03-26 10:02 <DIR> d-------- c:\program files\Microsoft
    2009-03-26 10:01 . 2009-03-26 10:01 <DIR> d-------- c:\program files\Windows Live SkyDrive
    2009-03-26 09:56 . 2009-03-26 09:56 <DIR> d-------- c:\program files\Common Files\Windows Live
    2009-03-24 10:12 . 2009-03-24 10:11 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-03-24 10:12 . 2009-03-24 10:11 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-03-24 09:50 . 2009-03-24 10:00 <DIR> d-------- c:\documents and settings\CTD\.SunDownloadManager
    2009-03-20 07:41 . 2009-03-20 07:41 <DIR> d--h----- c:\windows\$hf_mig$
    2009-03-19 16:29 . 2009-03-20 11:46 <DIR> d-------- c:\documents and settings\CTD\.housecall6.6
    2009-03-19 09:41 . 2009-03-19 09:42 <DIR> d-------- c:\windows\SHELLNEW
    2009-03-19 07:44 . 2009-03-19 07:44 <DIR> d-------- c:\documents and settings\CTD\Application Data\PCToolsFirewallPlus
    2009-03-19 07:40 . 2009-03-20 14:03 <DIR> d-------- c:\program files\Common Files\PC Tools
    2009-03-18 19:35 . 2009-03-18 19:35 <DIR> d-------- c:\program files\Trend Micro
    2009-03-14 21:05 . 2009-03-14 21:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-14 21:05 . 2009-03-14 21:05 <DIR> d-------- c:\documents and settings\CTD\Application Data\Malwarebytes
    2009-03-14 21:05 . 2009-03-14 21:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-14 21:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-14 21:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-03-14 20:54 . 2009-03-14 20:54 <DIR> d-------- c:\program files\Secunia
    2009-03-14 20:29 . 2009-03-14 20:29 <DIR> d---s---- c:\documents and settings\CTD\UserData
    2009-03-08 07:55 . 2009-03-08 07:55 <DIR> d-------- C:\lj1015
    2009-03-06 12:38 . 2009-03-06 12:38 <DIR> d-------- c:\program files\Cool PDF Reader
    2009-03-06 12:28 . 2009-03-06 12:30 <DIR> d-------- c:\documents and settings\CTD\Application Data\PDF reDirect
    2009-03-01 21:12 . 2009-03-01 21:12 <DIR> d-------- c:\documents and settings\Administrator

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-27 05:29 --------- d-----w c:\documents and settings\CTD\Application Data\.purple
    2009-03-27 00:08 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-03-27 00:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-26 22:00 --------- d-----w c:\program files\Windows Live
    2009-03-24 22:10 --------- d-----w c:\program files\Java
    2009-03-21 02:02 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-03-20 04:46 --------- d-----w c:\documents and settings\CTD\Application Data\gtk-2.0
    2009-03-19 07:27 --------- d-----w c:\program files\Mozilla Sunbird
    2009-03-15 08:47 --------- d-----w c:\program files\SpywareBlaster
    2009-03-13 22:54 --------- d-----w c:\documents and settings\CTD\Application Data\Any Video Converter
    2009-02-17 08:54 --------- d-----w c:\program files\FreeRIP3
    2009-02-17 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\FreeRIP
    2009-02-17 02:37 --------- d-----w c:\documents and settings\CTD\Application Data\McGraw-HillLicensing
    2009-02-17 01:31 --------- d-----w c:\program files\Gadwin Systems
    2009-02-07 06:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
    2009-02-06 04:09 --------- d-----w c:\program files\Flash Decompiler Gold
    2009-02-05 21:27 --------- d-----w c:\documents and settings\LocalService\Application Data\Softland
    2009-02-05 21:25 --------- d-----w c:\program files\Softland
    2009-01-31 03:43 --------- d-----w c:\program files\Desktop Calendar
    2009-01-29 23:47 20,632 ----a-w c:\windows\system32\dopdfmn6.dll
    2009-01-29 23:47 18,072 ----a-w c:\windows\system32\dopdfmi6.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-23_ 8.44.16.92 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-21 08:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
    + 2009-03-26 22:06:47 80,395 ----a-r c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
    + 2009-03-26 22:01:17 62,304 ----a-r c:\windows\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}\IconWlc.exe
    - 2008-06-10 13:21:01 135,168 ----a-w c:\windows\system32\java.exe
    + 2009-03-24 22:11:12 144,792 ----a-w c:\windows\system32\java.exe
    - 2008-06-10 13:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
    + 2009-03-24 22:11:13 144,792 ----a-w c:\windows\system32\javaw.exe
    - 2008-06-10 14:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
    + 2009-03-24 22:11:13 148,888 ----a-w c:\windows\system32\javaws.exe
    + 2009-03-28 00:30:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_154.dat
    + 2009-03-28 00:29:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5b4.dat
    + 2007-11-07 08:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
    + 2007-11-07 13:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
    + 2007-11-07 13:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-24 148888]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-12-23 569405]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-10 114768]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-10 20560]
    S3 aswArKrn;aswArKrn;\??\c:\docume~1\CTD\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\CTD\LOCALS~1\Temp\aswArKrn.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-03-14 38496]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc93676-8c11-11dd-83e2-00c09fd96934}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    FF - ProfilePath - c:\documents and settings\CTD\Application Data\Mozilla\Firefox\Profiles\6vzp189g.default\
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-27 12:40:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf]
    "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd]
    "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfSvc]
    "ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
    "ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf]
    "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd]
    "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfSvc]
    "ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfSvc]
    "ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
    "ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
    .
    Completion time: 2009-03-27 12:45:30
    ComboFix-quarantined-files.txt 2009-03-28 00:45:19
    ComboFix2.txt 2009-03-24 21:42:04
    ComboFix3.txt 2009-03-23 20:46:56

    Pre-Run: 15,480,037,376 bytes free
    Post-Run: 15,474,876,416 bytes free

    162




    DDS (Ver_09-03-16.01) - NTFSx86
    Run by CTD at 12:48:46.57 on Fri 03/27/2009
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.758.474 [GMT -12:00]

    AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning disabled* (Updated)

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\CTD\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
    DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221087931671
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237106076968
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ctd\applic~1\mozilla\firefox\profiles\6vzp189g.default\
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-10 114768]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-6-27 61424]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-10 20560]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-9-10 138680]
    S3 aswArKrn;aswArKrn;\??\c:\docume~1\ctd\locals~1\temp\aswarkrn.sys --> c:\docume~1\ctd\locals~1\temp\aswArKrn.sys [?]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-9-10 254040]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-9-10 352920]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-14 38496]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]

    =============== Created Last 30 ================

    2009-03-26 10:06 <DIR> --d----- c:\documents and settings\ctd\Tracing
    2009-03-26 10:02 <DIR> --d----- c:\program files\Microsoft
    2009-03-26 10:01 <DIR> --d----- c:\program files\Windows Live SkyDrive
    2009-03-26 09:56 <DIR> --d----- c:\program files\common files\Windows Live
    2009-03-24 10:12 410,984 a------- c:\windows\system32\deploytk.dll
    2009-03-24 10:12 73,728 a------- c:\windows\system32\javacpl.cpl
    2009-03-24 09:50 <DIR> --d----- c:\documents and settings\ctd\.SunDownloadManager
    2009-03-23 08:36 <DIR> a-dshr-- C:\cmdcons
    2009-03-23 08:31 161,792 a------- c:\windows\SWREG.exe
    2009-03-23 08:31 98,816 a------- c:\windows\sed.exe
    2009-03-20 07:41 <DIR> --d-h--- c:\windows\$hf_mig$
    2009-03-19 16:29 <DIR> --d----- c:\documents and settings\ctd\.housecall6.6
    2009-03-19 09:41 <DIR> --d----- c:\windows\SHELLNEW
    2009-03-19 07:44 <DIR> --d----- c:\docume~1\ctd\applic~1\PCToolsFirewallPlus
    2009-03-19 07:40 <DIR> --d----- c:\program files\common files\PC Tools
    2009-03-18 19:35 <DIR> --d----- c:\program files\Trend Micro
    2009-03-14 21:05 <DIR> --d----- c:\docume~1\ctd\applic~1\Malwarebytes
    2009-03-14 21:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-03-14 21:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-14 21:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-03-14 21:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-03-14 20:54 <DIR> --d----- c:\program files\Secunia
    2009-03-14 20:29 <DIR> --ds---- c:\documents and settings\ctd\UserData
    2009-03-08 07:55 <DIR> --d----- C:\lj1015
    2009-03-06 12:38 <DIR> --d----- c:\program files\Cool PDF Reader
    2009-03-06 12:28 <DIR> --d----- c:\docume~1\ctd\applic~1\PDF reDirect

    ==================== Find3M ====================

    2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
    2009-01-29 11:47 20,632 a------- c:\windows\system32\dopdfmn6.dll
    2009-01-29 11:47 18,072 a------- c:\windows\system32\dopdfmi6.dll

    ============= FINISH: 12:49:11.45 ===============





    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/10/2008 10:16:33 AM
    System Uptime: 3/27/2009 12:27:53 PM (0 hours ago)

    Motherboard: Quanta | | 308F
    Processor: Intel(R) Pentium(R) M processor 1.73GHz | U1 | 1729/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 23 GiB total, 14.428 GiB free.
    D: is FIXED (NTFS) - 33 GiB total, 23.591 GiB free.
    E: is CDROM ()
    G: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Modem
    Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_3080103C&REV_03\3&B1BFB68&0&F3
    Manufacturer:
    Name: PCI Modem
    PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_3080103C&REV_03\3&B1BFB68&0&F3
    Service:

    ==== System Restore Points ===================

    RP1: 3/23/2009 8:31:44 AM - System Checkpoint
    RP2: 3/23/2009 8:32:35 AM - ComboFix created restore point
    RP3: 3/24/2009 9:19:46 AM - ComboFix created restore point
    RP4: 3/24/2009 9:52:00 AM - Removed Java(TM) 6 Update 7
    RP5: 3/24/2009 10:10:28 AM - Installed Java(TM) 6 Update 12
    RP6: 3/26/2009 10:02:38 AM - Removed Windows Live installer

    ==== Installed Programs ======================

    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe After Effects CS3 Presets
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Reader 8.1.3
    Adobe Setup
    Adobe Shockwave Player 11
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    AlphaCam
    AlphaCam Viewer
    Any Video Converter 2.6.2
    Apple Mobile Device Support
    Apple Software Update
    Applian FLV Player
    Audacity 1.2.6
    avast! Antivirus
    Belarc Advisor 7.2
    Bonjour
    BS.Player FREE
    Canon iP3300
    CCleaner (remove only)
    Choice Guard
    Conexant AC-Link Audio
    Cool PDF Reader 2.0
    CyberLink PowerDVD 8
    Desktop Calendar 0.42b
    Dev-C++ 5 beta 9 release (4.9.9.2)
    doPDF 6.2 printer
    EfreeBuy Folder Icon Version 3.00
    EVEREST Home Edition v2.20
    Flash Decompiler Gold 2.0.4.1204
    Free Video to JPG Converter version 1.4
    Free Video to Mp3 Converter version 3.1
    FreeRIP v3.091
    Gadwin PrintScreen
    Google Earth
    GSpot Codec Information Appliance
    GTK+ Runtime 2.12.8 rev a (remove only)
    HijackThis 2.0.2
    honestech Video Editor
    HP Integrated Module with Bluetooth wireless technology
    Icons from File 3.32
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    iTunes Sync
    Java(TM) 6 Update 12
    K-Lite Codec Pack 4.2.5 (Basic)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0
    Microsoft Application Error Reporting
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2005 Redistributable
    MJ 1.09
    Mozilla Firefox (3.0.7)
    MSN Messenger 7.5
    MSVCRT
    PDF Settings
    Pidgin
    PowerDVD
    QuickTime
    Realtek AC'97 Audio
    ScreenPrint32 v3.5
    Secunia PSI
    Segoe UI
    Software Update for Web Folders
    Spybot - Search & Destroy
    SpywareBlaster 4.1
    TagScanner 5.0 build 525
    Texas Instruments PCIxx21/x515 drivers.
    TIxx21/x515
    Uninstall 1.0.0.1
    Update for Windows XP (KB894391)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    WinPatrol 2008
    WinRAR archiver
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    3/20/2009 7:10:23 AM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/20/2009 7:10:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
    3/20/2009 7:07:49 AM, error: Dhcp [1002] - The IP address lease 172.16.0.172 for the Network Card with network address 00C09FD96934 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    3/20/2009 7:10:23 AM, error: Service Control Manager [7023] - The avast! Web Scanner service terminated with the following error: Cannot create a file when that file already exists.
    3/20/2009 7:10:23 AM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2009 9:26:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Firewall Plus service to connect.
    3/20/2009 9:42:12 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    3/20/2009 10:43:28 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -68557 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|172.16.0.172:123->207.46.232.182:123) is working properly.
    3/20/2009 12:44:55 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -68511 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|172.16.0.172:123->207.46.232.182:123) is working properly.
    3/20/2009 2:00:50 PM, error: Service Control Manager [7023] - The Support Network service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
    3/20/2009 2:01:58 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0015004CD44F. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    3/23/2009 8:21:53 AM, error: Tcpip [4198] - The system detected an address conflict for IP address 172.16.0.200 with the system having network hardware address 00:11:95:BB:4F:5E. The local interface has been disabled.
    3/23/2009 8:47:00 AM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
    3/25/2009 9:58:29 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    ==== End Of File ===========================

  5. #15
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Ok. Now please run Kaspersky online scanner again and post back its report.


    Disable WinPatrol's realtime protection.
    • Right-click the running icon of Winpatrol in the system tray
    • Choose exit. It will automatically restart at next boot.


    Start hjt, do a system scan, check (if found):
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -

    Close browsers and fix checked.

    Post a fresh hjt log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #16
    Junior Member
    Join Date
    Apr 2007
    Posts
    17

    Default

    Hi, thanks and again, and logs as asked for:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Monday, March 30, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Monday, March 30, 2009 05:37:39
    Records in database: 1985943
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Files scanned: 91232
    Threat name: 1
    Infected objects: 1
    Suspicious objects: 0
    Duration of the scan: 02:33:13


    File name / Threat name / Threats count
    C:\Qoobox\Quarantine\C\WINDOWS\system32\_wynfgczs_.dll.zip Infected: Net-Worm.Win32.Kido.ih 1

    The selected area was scanned.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:49:45 PM, on 3/30/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1221087931671
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1237106076968
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

    --
    End of file - 6555 bytes

  7. #17
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    That looks pretty good now. How's the system running?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #18
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •