locked out of bios among other things

**kestsj** · 2010-01-07, 11:19

hi i'm Kest I would like to thank you in advance

i am getting errors concernig C:|windows\system 32\notepade.dll

and

c:\docum~1\kest\nload.ddl

virus the opachki and the one that i though was from windows

I have hade the pc for a year but only got it on line a month ago

i did lots i shouldn't have erased programs cleaned registry loaded progrrams one that helped restore safemode i can't get into my bios screen

It's not my natur to ask for help even when i should and just made things worse

this was done while logged in as kest

only logged into administrator after attack

i would be fine with deleting the kest user profile completely and hopeful start with a new user name when all is better

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:18 AM, on 1/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cherry\CDI\cdi.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Cherry\CDI\cdimsrclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [DLA] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CDIMSRClient] "C:\Program Files\Cherry\CDI\cdimsrclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\cdi.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7746 bytes

HI

I did post before and am waiting for a response

but have a question.

there was a complete registry saved last april when i inherited this computer

i've seen it i wouldn't know what to do with it if i could find it again

i just got this computer on line at the end of the year and made mistakes and do promise, to be more "pc" about what i put on my pc

could we use those restore points?

what's a tag?

kest

hope it wan;t bad idea but i did cancel my mcfee and such when i get it in my acc0unt or next check i can make a donation

although i could afford $20 (i'll do that next) until i can afford more or just small donations here in there and you can help me with all this stuff i don't understand think

http://forums.spybot.info/showthread...highlight=bios

I'm new at this forum thing and having trouble finding and then staying in my thread

i waited a couple of days for a respone to first post and after the second i went to dinner and then 4 hours later it was alot to read and now i must go to bed

I am resending first scan as friend tried battery removal to enter bios

i did find i was using th chdrv command in cmd i does work and i can get into task manager and set up

after battry sound is great but getting errors at boot

drivers not found
maste
1 sprial ata sata-2
1 parallett ata p-0ata-2 pri iee master
1 parallett ata pata- pri iee slave

I promise to abide by all the rules and do follow advice

won't do anything til told

i did as was asked with cookies i think

i may have accidently tried repliing to a thread thjat was not mine i apologize as i said i am new at forum navigation

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:04 AM, on 1/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cherry\CDI\cdi.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Cherry\CDI\cdimsrclient.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [CDIMSRClient] "C:\Program Files\Cherry\CDI\cdimsrclient.exe"
O4 - HKLM\..\Run: [DLA] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\cdi.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7651 bytes

i did download next 2 programs you asked but since i cant find me i don't know what to do with them

i am going to bed but will work on next step first thing in am

don't know what to do with the cmd command i lost internet for a bit while it was opening the other one is as follows but i'm assuming you need them from same time frame

please limit the number of threads for me to read at first i was understanding there was over 130 and was very overwhelmed but maybe i read it wrong

i will pely to you first thread first in the morning

please bare with me as i am learning this forum thing

writting down time of this thread in hopes of finding it again although i found my lat post but it was closed of course

**kestsj** · 2010-01-08, 22:16

I am willing to take this slowly i do work in a few hours anf then work 2 twelve hour shifts sat and sunday so i won't be here to need to use my pc other then working on this fix

I do appreciat your patients

as i said i have download next to suggested progams but not really sure what to do with them

I've book marked my post so i can find it i am use to using google chrome but since logged as administrator and not user account having trouble finding it

Kest S J

**tashi** · 2010-01-08, 22:46

kestsj, you need to read the forum FAQ as further posts/topics will not be merged.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Please do not start more than one topic for the same computer, during the same period. It will either be removed, closed or merged with your original thread.

Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count. For that reason we may merge such posts but please do not count on it.

So you may need this.

The Waiting Room
Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days

Best regards.

**peku006** · 2010-01-16, 15:32

Hi kestsj

Sorry for the delay , if you still need help post a new hjt log

Thanks peku006

**kestsj** · 2010-01-17, 21:55

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:38 PM, on 1/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cherry\CDI\cdi.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SDistTest\SDistTestSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Cherry\CDI\cdimsrclient.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [CDIMSRClient] "C:\Program Files\Cherry\CDI\cdimsrclient.exe"
O4 - HKLM\..\Run: [DLA] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\cdi.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SpybotSnD Distributed Testing (SDisTestService) - Safer Networking Limited - C:\Program Files\SDistTest\SDistTestSvc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7932 bytes

**peku006** · 2010-01-18, 11:01

Hi kestsj

1 - Download and Run ComboFix

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/comb...o-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.

2 - Status Check
Please reply with

1. the ComboFix log(C:\ComboFix.txt)

Thanks peku006

**kestsj** · 2010-01-18, 12:45

Thank you

Here is my log. when runing fix and system rebooted i still got one of the four errors i normally get when my starting up "error loading" ? dll i can check since i normally get 4 i didn't look to see which it was i waited a bit then clicked ok and didn't get other 3

i thought i was running home edition but from what i see its proffessional, although do believe it was home edition before i inherited it.

i would be fine with bring the system back before i put it online about 3 weeks ago or at the time it came to my possesion last april.

I only used it for gaming and have the disks of any i'd want back on :or will be purchasing the one i want back on

thanks again

ComboFix 10-01-17.02 - Kest 01/18/2010 3:05.1.1 - x86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{65D5B9CA-7B04-4604-9D00-4C4D14BA49A3}\setup.msi
c:\recycled\Dc2
c:\recycled\Dc3
c:\recycled\NPROTECT
c:\recycler\NPROTECT
c:\windows\EventSystem.log
c:\windows\Fonts\usps4cb.ttf
c:\windows\system\oeminfo.ini
c:\windows\system32\Cache
c:\windows\system32\notepad.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 )))))))))))))))))))))))))))))))
.

2010-01-16 06:49 . 2010-01-16 06:53 209 ----a-w- c:\windows\system32\nvUnsupRes.dat
2010-01-15 10:09 . 2010-01-15 10:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-01-11 12:43 . 2010-01-11 12:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2010-01-08 22:12 . 2010-01-18 11:14 -------- d-----w- c:\program files\SDistTest
2010-01-08 08:16 . 2010-01-08 08:16 293376 ----a-w- C:\sejnxh52.exe
2010-01-08 04:31 . 2010-01-08 04:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-01-07 08:46 . 2010-01-07 08:46 -------- d-----w- c:\documents and settings\Kest\Local Settings\Application Data\Help
2010-01-07 08:16 . 2010-01-07 08:17 -------- d-----w- c:\program files\ERUNT
2010-01-06 23:57 . 2010-01-06 23:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-06 23:06 . 2010-01-06 23:06 -------- d-----w- c:\program files\Trend Micro
2010-01-06 21:52 . 2010-01-06 21:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-01-06 20:34 . 2010-01-06 20:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-01-06 20:09 . 2010-01-06 20:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-01-06 20:09 . 2010-01-06 20:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-01-06 10:34 . 2010-01-06 10:37 -------- d-----w- c:\windows\system32\NtmsData
2010-01-05 19:28 . 2010-01-05 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-01-05 19:28 . 2010-01-05 19:47 -------- d-----w- c:\program files\RegCure
2010-01-05 10:51 . 2010-01-05 10:51 152576 ----a-w- c:\documents and settings\Kest\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-01-05 10:32 . 2010-01-05 10:34 -------- d-----w- c:\documents and settings\Kest\Application Data\vlc
2010-01-05 10:03 . 2010-01-05 10:20 -------- d-----w- c:\program files\IDT
2010-01-05 09:44 . 2010-01-05 09:44 -------- d-----w- c:\program files\Common Files\Cherry
2010-01-05 09:44 . 2010-01-05 09:44 -------- d-----w- c:\program files\Cherry
2010-01-05 03:43 . 2010-01-05 03:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-05 01:12 . 2010-01-05 01:12 -------- d-----w- c:\documents and settings\Kest\Local Settings\Application Data\Apple
2010-01-05 01:09 . 2010-01-05 01:09 -------- d-----w- c:\documents and settings\Kest\Application Data\Windows Search
2010-01-05 00:46 . 2010-01-05 00:46 -------- d-----w- c:\documents and settings\Kest\Application Data\Windows Desktop Search
2010-01-05 00:45 . 2010-01-05 07:23 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-05 00:42 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-01-05 00:42 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-01-05 00:42 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-01-01 08:00 . 2007-11-28 23:38 40056 ----a-w- c:\windows\system32\NicInst.dll
2010-01-01 08:00 . 2007-08-07 01:28 28272 ----a-w- c:\windows\system32\NicCo2.dll
2010-01-01 07:48 . 2010-01-01 07:48 -------- d-----w- C:\cabs
2009-12-30 08:34 . 2009-12-30 08:34 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2009-12-29 19:16 . 2009-12-29 19:16 -------- d-----w- c:\documents and settings\Kest\Application Data\Office Genuine Advantage
2009-12-29 18:15 . 2009-12-29 18:15 -------- d-----w- c:\program files\7-Zip
2009-12-29 18:15 . 2009-12-29 18:15 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-12-29 18:01 . 2009-12-29 18:02 -------- d-----w- c:\documents and settings\Kest\Application Data\DriverCure
2009-12-29 18:01 . 2010-01-17 09:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2009-12-29 18:01 . 2009-12-29 18:01 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-29 18:01 . 2009-12-29 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-12-29 18:01 . 2009-12-29 18:01 -------- d-----w- c:\program files\ParetoLogic
2009-12-29 11:25 . 2009-12-29 17:32 -------- d-----w- c:\documents and settings\Kest\Application Data\dvdcss
2009-12-29 08:05 . 2009-12-16 22:42 43008 ----a-w- c:\documents and settings\Kest\Application Data\Mozilla\Firefox\Profiles\fwbz9bvw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-29 08:05 . 2009-12-16 22:42 872960 ----a-w- c:\documents and settings\Kest\Application Data\Mozilla\Firefox\Profiles\fwbz9bvw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-29 08:05 . 2009-12-16 22:42 340480 ----a-w- c:\documents and settings\Kest\Application Data\Mozilla\Firefox\Profiles\fwbz9bvw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-29 08:05 . 2009-12-16 22:41 346624 ----a-w- c:\documents and settings\Kest\Application Data\Mozilla\Firefox\Profiles\fwbz9bvw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-29 07:36 . 2009-12-29 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-12-26 11:22 . 2009-12-26 11:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-26 09:57 . 2009-12-26 09:57 -------- d-----w- c:\program files\Veoh Networks
2009-12-26 09:27 . 2009-12-26 09:27 -------- d-----w- c:\program files\VideoLAN
2009-12-26 08:15 . 2009-12-26 11:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-26 08:11 . 2008-11-20 19:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-12-26 08:11 . 2008-11-20 19:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-12-26 08:11 . 2009-12-26 08:11 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-12-26 08:08 . 2009-12-29 08:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-25 21:00 . 2009-12-25 21:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-12-25 21:00 . 2009-12-29 18:22 -------- d-----w- c:\documents and settings\Kest\Local Settings\Application Data\AskToolbar
2009-12-25 10:21 . 2009-12-25 10:21 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-25 10:20 . 2009-12-25 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-12-25 10:08 . 2009-12-25 10:20 -------- d-----w- c:\documents and settings\Kest\Application Data\Error Fix
2009-12-25 10:08 . 2009-12-25 10:20 -------- d-----w- c:\program files\Error Fix
2009-12-24 23:31 . 2009-12-24 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-12-24 22:55 . 2009-12-24 22:55 -------- d-----w- c:\program files\Ask.com
2009-12-24 22:54 . 2010-01-07 07:06 -------- d-----w- c:\documents and settings\Kest\Application Data\uTorrent
2009-12-24 22:46 . 2009-12-25 10:22 -------- d-----w- c:\program files\The_Pirate_Bay
2009-12-24 22:16 . 2009-12-24 22:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-24 21:46 . 2009-09-06 07:09 126976 ------w- c:\windows\system32\dllcache\ftpsvc2.dll
2009-12-24 21:45 . 2009-05-21 18:46 268288 ------w- c:\windows\system32\dllcache\httpext.dll
2009-12-24 21:44 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-24 21:44 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-24 21:43 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-12-24 21:42 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-24 21:33 . 2009-12-26 08:19 -------- d-----w- c:\documents and settings\Kest\Local Settings\Application Data\Temp
2009-12-24 21:33 . 2010-01-05 00:36 -------- d-----w- c:\documents and settings\Kest\Local Settings\Application Data\Google
2009-12-24 21:32 . 2009-12-24 21:33 -------- d-----w- c:\documents and settings\Kest\Local Settings\Application Data\Deployment
2009-12-23 06:12 . 2009-12-23 06:12 26624 ----a-w- c:\windows\AkumaUn.EXE
2009-12-23 00:10 . 2009-12-23 00:10 -------- d-----w- c:\documents and settings\Kest\Local Settings\Application Data\Left Behind Games
2009-12-19 17:35 . 2008-04-13 19:45 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2009-12-19 17:35 . 2008-04-13 19:45 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys
2009-12-19 17:35 . 2001-08-17 20:19 3712 ----a-w- c:\windows\system32\drivers\ctljystk.sys
2009-12-19 17:35 . 2001-08-17 20:19 3712 ----a-w- c:\windows\system32\dllcache\ctljystk.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 01:57 . 2006-07-03 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-08 01:57 . 2006-07-03 16:46 -------- d-----w- c:\program files\McAfee
2010-01-07 05:27 . 2009-04-08 16:22 -------- d-----w- c:\documents and settings\Kest\Application Data\ErrorFix
2010-01-07 00:56 . 2010-01-06 20:08 64488 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 23:36 . 2006-07-03 16:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 11:04 . 2009-04-02 12:47 -------- d-----w- c:\program files\ErrorFix
2010-01-05 10:52 . 2006-07-03 16:31 -------- d-----w- c:\program files\Java
2010-01-05 08:51 . 2007-01-19 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-05 08:44 . 2007-02-15 17:18 -------- d-----w- c:\program files\Common Files\Macromedia
2010-01-05 01:14 . 2009-04-08 16:22 -------- d-----w- c:\documents and settings\Kest\Application Data\Skype
2010-01-05 00:49 . 2009-04-03 13:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-05 00:36 . 2007-02-06 16:37 -------- d-----w- c:\program files\Google
2010-01-05 00:34 . 2006-07-03 16:35 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-01-01 22:33 . 2006-07-03 16:47 -------- d-----w- c:\program files\Roxio
2010-01-01 08:16 . 2006-07-03 16:33 -------- d-----w- c:\program files\Intel
2009-12-24 22:16 . 2008-03-18 17:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-23 00:09 . 2009-12-23 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-12-07 09:53 . 2009-07-19 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-12-06 16:15 . 2009-12-06 16:15 -------- d-----w- c:\program files\Common Files\3DO Shared
2009-12-06 16:14 . 2009-12-06 08:53 -------- d-----w- c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor
2009-12-06 16:14 . 2009-12-06 16:14 -------- d-----w- c:\program files\Lionhead Studios Ltd
2009-12-06 16:14 . 2009-12-06 16:14 -------- d-----w- c:\program files\CyberLink
2009-12-04 18:05 . 2009-12-04 18:05 32768 ----a-r- c:\documents and settings\Kest\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\icon.exe
2009-12-04 18:05 . 2006-10-15 02:29 -------- d-----w- c:\program files\MSXML 4.0
2009-12-03 04:05 . 2009-12-03 04:05 14336 ----a-w- c:\windows\system32\drivers\PN31Snoop.sys
2009-12-02 05:18 . 2006-07-03 16:38 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-11-24 01:20 . 2009-11-24 01:20 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-24 01:20 . 2009-11-24 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-24 01:17 . 2009-11-24 01:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-24 01:16 . 2009-11-24 01:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-21 15:51 . 2006-02-28 19:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 01:24 . 2009-07-20 22:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-29 07:45 . 2006-02-28 19:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-02-28 19:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 19:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-02-28 19:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-26 08:10 . 2009-12-26 08:10 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-06 14:41 . 2007-01-31 03:33 88 -csh--r- c:\windows\system32\96BBF0DB9A.sys
2009-04-06 14:41 . 2007-01-31 03:33 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MsnMsgr"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-12-02 26112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-26 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CDIMSRClient"="c:\program files\Cherry\CDI\cdimsrclient.exe" [2007-08-23 53303]
"DLA"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-12-02 26112]
"SunJavaUpdateSched"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-12-02 26112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"RestrictRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\RhinoSoft.com\\FTP Voyager\\FTPVoyager.exe"=
"c:\\Program Files\\RhinoSoft.com\\FTP Voyager\\FVScheduler.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trillian\\TRILLIAN.EXE"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/18/2009 12:51 PM 721904]
R2 Cherry Device Interface;Cherry Device Interface;c:\program files\Cherry\CDI\cdi.exe [9/27/2007 2:49 PM 585774]
R2 SDisTestService;SpybotSnD Distributed Testing;c:\program files\SDistTest\SDistTestSvc.exe [1/8/2010 2:12 PM 907680]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/26/2009 12:11 AM 133104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/26/2009 12:09 AM 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2010-01-17 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-01-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-26 08:08]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 08:11]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 08:11]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2896933599-541926595-3474671492-1023Core.job
- c:\documents and settings\Kest\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-24 21:33]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2896933599-541926595-3474671492-1023UA.job
- c:\documents and settings\Kest\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-24 21:33]

2010-01-16 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-01-17 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-01-16 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-18 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-07 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-02 22:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kest\Application Data\Mozilla\Firefox\Profiles\fwbz9bvw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_US&q=
FF - component: c:\documents and settings\Kest\Application Data\Mozilla\Firefox\Profiles\fwbz9bvw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Kest\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1808.5272\npCIDetect14.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-notepad - c:\windows\system32\notepad.dll
HKLM-Run-nwiz - nwiz.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Heroes of Might and Magic IV - c:\program files\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 03:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spez.sys hal.dll >>UNKNOWN [0x8ACE6938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e66cb8
\Driver\atapi -> atapi.sys @ 0xb7dfbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb7d04bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d11a21
SendHandler -> NDIS.sys @ 0xb7cef87b
user & kernel MBR OK
copy of MBR has been found in sector 8 !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\GTGina.dll

- - - - - - - > 'explorer.exe'(3496)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\RhinoSoft.com\FTP Voyager\ftpshext.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\snmp.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-18 03:20:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-18 11:20

Pre-Run: 36,218,970,112 bytes free
Post-Run: 37,959,540,736 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 97958B4F25A6D27EA019782245EE1980

**peku006** · 2010-01-18, 13:02

Hi kestsj

1- Download and run OTM

Download OTM by Old Timer and save it to your Desktop.

Double-click OTM.exe to run it.
Paste the following code under the area. Do not include the word Code.

Code:

:Files
C:\sejnxh52.exe

:Commands

[emptytemp]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it in your next reply.

2 - Download and Run Malwarebytes' Anti-Malware

Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
Alternate download sites available here or here.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
- If an update is found, the program will automatically update itself.
- Press the OK button to close that box and continue.
- Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.

On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the OTM. log
2. the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log

Thanks peku006

**kestsj** · 2010-01-18, 16:20

the mbam file was to long to send over 1000 a lot to do with errorfix

also came up with error while running it that said to report 732(12007,0)

here is the begining of that scan it was to big to send all

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/18/2010 5:57:16 AM
mbam-log-2010-01-18 (05-57-13).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 235661
Time elapsed: 44 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 68
Files Infected: 1998

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Kest\Application Data\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kest\Application Data\ErrorFix\Backups (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kest\Application Data\ErrorFix\Backups\2009-04-06 08-54-280 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kest\Applicatio

and the other two:

All processes killed
========== FILES ==========
C:\sejnxh52.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 159 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 72693546 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Kest
->Temp folder emptied: 229535 bytes
->Temporary Internet Files folder emptied: 1663506 bytes
->Java cache emptied: 21375116 bytes
->FireFox cache emptied: 50127718 bytes
->Google Chrome cache emptied: 457615926 bytes
->Apple Safari cache emptied: 348967 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3831704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48833 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35466 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 580.00 mb

OTM by OldTimer - Version 3.1.6.0 log created on 01182010_041754

Files moved on Reboot...

Registry entries deleted on Reboot...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:28 AM, on 1/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cherry\CDI\cdi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SDistTest\SDistTestSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Cherry\CDI\cdimsrclient.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [CDIMSRClient] "C:\Program Files\Cherry\CDI\cdimsrclient.exe"
O4 - HKLM\..\Run: [DLA] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany, www.cherry.de - C:\Program Files\Cherry\CDI\cdi.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SpybotSnD Distributed Testing (SDisTestService) - Safer Networking Limited - C:\Program Files\SDistTest\SDistTestSvc.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://images.adam4adam.com/upload/4...f49cb4a0_1.jpg

--
End of file - 8268 bytes

**peku006** · 2010-01-18, 17:06

Hi kestsj

It seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.

Please reply with

a fresh HijackThis log
description of any problems you are having with your PC

Thanks peku006

Thread: locked out of bios among other things

Thread Tools

Display

locked out of bios among other things

Thank you

here is my new log

2 of 3

Posting Permissions