Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Malware/Virus infection need help.

  • 18-08-2009 9:57am
    #1
    68 lost souls
    Registered Users, Registered Users 2 Posts: 3,999 ✭✭✭


    Hi,

    I recently got a malware warning when I connected to a site which had had its servers hacked, the computer restarted and ever since I have been experiencing problems.

    Everytime I turn on the computer I get a malware warning and a red circle with a white X appears on my system tray. Then McAfee will have an issue, at the moment its Buffer Overflow Blocked for a process located at C:\windows\system32\Services.exe it has been about braviax.exe aswel at times.

    At one point when windows started before I opened any programes it gave a dialog box about an error report for word98 but I use 2003 so that confused me.

    Here is a HiJack this report

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:48:36, on 18/08/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\system32\braviax.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Solidworks\swScheduler\swBOEngine.exe
    C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
    C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\hpzipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet

    Publisher\FNPLicensingService.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\HtmlDlg.Exe
    C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

    Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -

    C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program

    Files\alot\bin\alot.dll
    O3 - Toolbar: SpeedBit Video Converter - {0329E7D6-6F54-462D-93F6-F5C3118BADF2}

    - C:\Program Files\SpeedBit Video Converter\Toolbar\SpeedBit_Video_Converter.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage

    Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program

    Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed

    VirusScan\Agent\Splash.exe
    O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program

    Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program

    Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat

    8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM]

    C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

    C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video

    Accelerator\VideoAccelerator.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common

    Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP

    Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

    Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

    -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

    9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [braviax] braviax.exe
    O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program

    Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows

    Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe

    /windowsstart /startifwork
    O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program

    Files\Uniblue\SpyEraser\SpyEraser.exe" -m
    O4 - HKCU\..\RunOnce: [Shockwave Updater]

    C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0

    (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.0.3705; .NET CLR

    1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.1; .NET CLR

    3.0.04506.30)" -"http://www.miniclip.com/games/max-speed/en/"
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

    'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program

    Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

    (User 'Default user')
    O4 - Startup: ikowin32.exe
    O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program

    Files\Solidworks\swScheduler\swBOEngine.exe
    O4 - Startup: Yahoo! Widgets.lnk = C:\Program

    Files\Yahoo!\Widgets\YahooWidgets.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

    Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program

    Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows

    Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy

    Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program

    Files\DAP\dapextie.htm
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program

    Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Add to Google Photos Screensa&ver -

    res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program

    Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Check &Spelling - res://C:\Program

    Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Convert link target to Adobe PDF -

    res://C:\Program Files\Adobe\Acrobat

    8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF -

    res://C:\Program Files\Adobe\Acrobat

    8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF -

    res://C:\Program Files\Adobe\Acrobat

    8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF -

    res://C:\Program Files\Adobe\Acrobat

    8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

    Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF -

    res://C:\Program Files\Adobe\Acrobat

    8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program

    Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program

    Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program

    Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program

    Files\ieSpell\wikipedia.HTM
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program

    Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} -

    C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} -

    C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options -

    {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

    C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -

    {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

    Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} -

    C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer -

    {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: virusscanasap.4sure.it
    O15 - Trusted Zone: http://*.mcafee.com (HKLM)
    O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
    O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
    O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
    O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
    O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
    O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
    O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

    http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/

    qtplugin.cab
    O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) -

    http://www.bebo.com/files/BeboUploader.5.1.4.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -

    C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -

    http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

    http://www3.snapfish.ie/SnapfishActivia.cab
    O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) -

    http://virusscanasap.4sure.it/U4/ENU/VS40/bin/myCioAgt.20060601165154.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

    http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/

    win/QuickTimeInstaller.exe
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

    http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

    http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -

    http://download.shockwave.com/pub/otoy/OTOYAX.cab
    O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} (Bonusprint Image Uploader

    Version 4.5 Control) -

    http://webalbum.bonusprint.com/euipc01/downloads//ImageUploader4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} -

    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

    http://zone.msn.com/bingame/popcaploader_v10.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) -

    http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -

    http://h30155.www3.hp.com/ediags/hpfix/sj/en/check/qdiagh.cab?326
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) -

    http://www.mypix.com/ie/uk/importer/ImageUploader4.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex

    Control) - https://secure.logmein.com/activex/RACtrl.cab
    O16 - DPF: {FD47E0E7-D528-4D72-9386-E608448119C6} -

    http://www.superstarracing.net/miniclip/ChatRepublicPlayer.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -

    C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: cru629.dat
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program

    Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common

    Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Backbone Service (BBDemon) - Autodesk - (no file)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour

    Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program

    Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

    C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed

    VirusScan\VScan\EngineServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program

    Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program

    Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Update Service (gupdate1ca0887fd17c5e2)

    (gupdate1ca0887fd17c5e2) - Google Inc. - C:\Program

    Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel

    Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallShield Licensing Service - Macrovision

    - C:\Program Files\Common Files\InstallShield

    Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,

    Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common

    Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program

    Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common

    Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program

    Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McShield - McAfee, Inc. -

    C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. -

    C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee,

    Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program

    Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program

    Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. -

    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program

    Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 18686 bytes


    And here is Rooster

    Rooter.exe (v1.0.2) by Eric_71
    .
    SeDebugPrivilege granted successfully ...
    .
    Windows XP . (5.1.2600) Service Pack 3
    [32_bits] - x86 Family 6 Model 15 Stepping 6, GenuineIntel
    .
    [wscsvc] (Security Center) RUNNING (state:4)
    [SharedAccess] RUNNING (state:4)
    Windows Firewall -> Disabled !
    .
    Internet Explorer 8.0.6001.18702
    Mozilla Firefox 3.0.11 (en-GB)
    .
    C:\ [Fixed-NTFS] .. ( Total:293 Go - Free:105 Go )
    D:\ [CD_Rom]
    F:\ [Removable]
    G:\ [Removable]
    H:\ [Removable]
    I:\ [Removable]
    J:\ [Removable]
    .
    Scan : 11:01.30
    Path : C:\Documents and Settings\Frank\My Documents\My Completed Downloads\Rooter.exe
    User : Frank ( Administrator -> YES )
    .
    \\ Processes
    .
    Locked [System Process] (0)
    ______ System (4)
    ______ \SystemRoot\System32\smss.exe (720)
    ______ \??\C:\WINDOWS\system32\csrss.exe (792)
    ______ \??\C:\WINDOWS\system32\winlogon.exe (816)
    ______ C:\WINDOWS\system32\services.exe (860)
    ______ C:\WINDOWS\system32\lsass.exe (872)
    ______ C:\WINDOWS\system32\svchost.exe (1024)
    ______ C:\WINDOWS\system32\svchost.exe (1108)
    ______ C:\WINDOWS\System32\svchost.exe (1148)
    ______ C:\WINDOWS\system32\svchost.exe (1296)
    ______ C:\WINDOWS\system32\spoolsv.exe (1572)
    ______ C:\WINDOWS\Explorer.EXE (2004)
    ______ C:\WINDOWS\ehome\ehtray.exe (212)
    ______ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (224)
    ______ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (280)
    ______ C:\WINDOWS\stsystra.exe (288)
    ______ C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe (308)
    ______ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (304)
    ______ C:\WINDOWS\system32\RUNDLL32.EXE (412)
    ______ C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (440)
    ______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (448)
    ______ C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (472)
    ______ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (484)
    ______ C:\Program Files\Java\jre6\bin\jusched.exe (500)
    ______ c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe (568)
    ______ C:\WINDOWS\system32\braviax.exe (616)
    ______ C:\WINDOWS\system32\ctfmon.exe (612)
    ______ C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (712)
    ______ C:\Program Files\DAP\DAP.EXE (704)
    ______ C:\Program Files\DNA\btdna.exe (784)
    ______ C:\Program Files\FinePixViewer\QuickDCF.exe (1004)
    ______ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (1044)
    ______ C:\Program Files\Windows Desktop Search\WindowsSearch.exe (1156)
    ______ C:\Program Files\Solidworks\swScheduler\swBOEngine.exe (1768)
    ______ C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe (1804)
    ______ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe (1968)
    ______ C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE (2796)
    ______ C:\WINDOWS\system32\svchost.exe (2856)
    ______ C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (2920)
    ______ C:\Program Files\Bonjour\mDNSResponder.exe (2932)
    ______ C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (3012)
    ______ C:\WINDOWS\system32\CTsvcCDA.exe (3124)
    ______ C:\WINDOWS\eHome\ehRecvr.exe (3144)
    ______ C:\WINDOWS\eHome\ehSched.exe (3160)
    ______ C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (3172)
    ______ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (3424)
    ______ C:\Program Files\Java\jre6\bin\jqs.exe (3444)
    ______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (3484)
    ______ C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (3900)
    ______ C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (3944)
    ______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (3968)
    ______ C:\Program Files\McAfee\MPF\MPFSrv.exe (3992)
    ______ C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (4012)
    ______ C:\WINDOWS\system32\nvsvc32.exe (1508)
    ______ C:\WINDOWS\system32\hpzipm12.exe (1376)
    ______ C:\WINDOWS\system32\PnkBstrA.exe (192)
    ______ C:\WINDOWS\system32\svchost.exe (1348)
    ______ C:\WINDOWS\system32\svchost.exe (1416)
    ______ C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe (1652)
    ______ C:\Program Files\Viewpoint\Common\ViewpointService.exe (1696)
    ______ C:\WINDOWS\ehome\mcrdsvc.exe (1232)
    ______ C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe (2224)
    ______ C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (2760)
    ______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (3612)
    ______ C:\WINDOWS\system32\dllhost.exe (3820)
    ______ C:\WINDOWS\system32\svchost.exe (4332)
    ______ C:\WINDOWS\System32\alg.exe (4492)
    ______ C:\WINDOWS\eHome\ehmsas.exe (4900)
    ______ C:\WINDOWS\System32\svchost.exe (5304)
    ______ C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe (6020)
    ______ C:\Program Files\Windows Live\Messenger\usnsvc.exe (4428)
    ______ C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (1172)
    ______ C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (3336)
    ______ C:\Program Files\McAfee\Managed VirusScan\Agent\HtmlDlg.Exe (4228)
    ______ C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe (5272)
    ______ C:\WINDOWS\system32\wbem\wmiprvse.exe (708)
    ______ C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (4892)
    ______ C:\WINDOWS\system32\NOTEPAD.EXE (2568)
    ______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (3932)
    ______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (2556)
    ______ C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe (216)
    ______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (6648)
    ______ C:\Documents and Settings\Frank\My Documents\My Completed Downloads\Rooter.exe (6976)
    .
    \\ Device\Harddisk0\
    .
    \Device\Harddisk0 [Sectors : 63 x 512 Bytes]
    .
    \Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:57544704)
    \Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:57576960 | Length:314937745920)
    \Device\Harddisk0\Partition3 (Start_Offset:315003548160 | Length:4984519680)
    .
    \\ Scheduled Tasks
    .
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\Tasks\desktop.ini
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    C:\WINDOWS\Tasks\SA.DAT
    C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
    C:\WINDOWS\Tasks\SpeedOptimizer Startup.job
    .
    \\ Registry
    .
    .
    \\ Files & Folders
    .

    .
    \\ Scan completed at 11:01.45
    .
    C:\Rooter$\Rooter_1.txt - (18/08/2009 | 11:01.45).c


Comments

  • #2
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi

    Please download The Comedian.exe to your desktop
    • Double click the program to run it. It will only take a few minutes to run.
    • It will do a series of tasks and tell you when each one is finished.
    • You will be prompted to press any key after each step
    • Once it is finished, you can delete it.



    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
    1. If you are using Firefox, make sure that your download settings are as follows:
      • Tools->Options->Main tab
      • Set to "Always ask me where to Save the files".
    2. During the download, rename Combofix to Combo-Fix as follows:

      CF_download_FF.gif

      CF_download_rename.gif

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    7. Double click on combo-Fix.exe & follow the prompts.
    8. When finished, it will produce a report for you.
    9. Please post the "C:\Combo-Fix.txt" for further review.
    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


  • #3
    68 lost souls
    Registered Users, Registered Users 2 Posts: 3,999 ✭✭✭68 lost souls


    Hi,

    thanks for the reply I have everything ready to go but at the point of running combo fix and I cant turn off my McAffee Total Protection Service, I cant find the option to do so anywhere. Should I restart my computer in safe mode and then run combo fix or do you know how to turn off the virus scan?

    I appreciate the help.


  • #4
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    no you can just run combofix anyway in normal mode


  • #5
    68 lost souls
    Registered Users, Registered Users 2 Posts: 3,999 ✭✭✭68 lost souls


    Right ran it and left it to run. Then I came back and the computer had restarted. Logged in and had the combofix window open saying prepairing log file to not open any processes until combofix has finished but obviously cause I logged in all the startup programs began. I close dall the programs I could and then after a few minutes of no change on the combofix screen it said that it could not find the correct file to create the log and then stopped so I tried to run it again and it said cannot rename combofix to combo-fix please use another name so I deleted that version and downloaded it again and I get the same message now. Basicly I cant get the combofix log cause I cant get it to run.

    EDIT: I forgot to mention it changed my background image. No idea why or how but when windows reloaded it had changed.


  • #6
    68 lost souls
    Registered Users, Registered Users 2 Posts: 3,999 ✭✭✭68 lost souls


    Ok so I changed the name to ComboFix.exe and it ran here is the report. Again thanks a million for the help.

    ComboFix 09-08-10.06 - Frank 18/08/2009 14:40.2.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1586 [GMT 1:00]
    Running from: c:\documents and settings\Frank\Desktop\ComboFix.exe
    AV: Total Protection Service *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}
    FW: Total Protection Service *disabled* {259FBE35-46BE-45F3-8F2F-4DB67BBBC614}
    * Resident AV is active

    .
    The following files were disabled during the run:
    c:\windows\TEMP\logishrd\LVPrcInj01.dll


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    .
    ---- Previous Run
    .
    c:\documents and settings\All Users\Start Menu\Programs\Windows Live Messenger .lnk
    c:\documents and settings\Frank\Application Data\alot\Button_0\Button_0.xml
    c:\documents and settings\Frank\Application Data\alot\Button_0\Button_0.xml.backup
    c:\documents and settings\Frank\Application Data\alot\Button_1\Button_1.xml
    c:\documents and settings\Frank\Application Data\alot\Button_1\Button_1.xml.backup
    c:\documents and settings\Frank\Application Data\alot\Button_10\Button_10.xml
    c:\documents and settings\Frank\Application Data\alot\Button_10\Button_10.xml.backup
    c:\documents and settings\Frank\Application Data\alot\Button_11\Button_11.xml
    c:\documents and settings\Frank\Application Data\alot\Button_11\Button_11.xml.backup
    c:\documents and settings\Frank\Application Data\alot\Button_2\Button_2.xml
    c:\documents and settings\Frank\Application Data\alot\Button_2\Button_2.xml.backup
    c:\documents and settings\Frank\Application Data\alot\Button_3\Button_3.xml
    c:\documents and settings\Frank\Application Data\alot\Button_3\Button_3.xml.backup
    c:\documents and settings\Frank\Application Data\alot\Button_4\Button_4.xml
    c:\documents and settings\Frank\Application Data\alot\Button_4\Button_4.xml.backup
    c:\documents and settings\Frank\Application Data\alot\Button_5\Button_5.xml
    c:\documents and settings\Frank\Application Data\alot\Button_5\Button_5.xml.backup
    c:\documents and settings\Frank\Application Data\alot\Button_6\Button_6.xml
    c:\documents and settings\Frank\Application Data\alot\Button_6\Button_6.xml.backup
    c:\documents and settings\Frank\Application Data\alot\Button_7\Button_7.xml
    c:\documents and settings\Frank\Application Data\alot\Button_7\Button_7.xml.backup
    c:\documents and settings\Frank\Application Data\alot\Button_8\Button_8.xml
    c:\documents and settings\Frank\Application Data\alot\Button_8\Button_8.xml.backup
    c:\documents and settings\Frank\Application Data\alot\Button_9\Button_9.xml
    c:\documents and settings\Frank\Application Data\alot\Button_9\Button_9.xml.backup
    c:\documents and settings\Frank\Application Data\alot\configurator\configurator.xml
    c:\documents and settings\Frank\Application Data\alot\configurator\configurator.xml.backup
    c:\documents and settings\Frank\Application Data\alot\postInstallLayout\postInstallLayout.xml
    c:\documents and settings\Frank\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
    c:\documents and settings\Frank\Application Data\alot\products\products.xml
    c:\documents and settings\Frank\Application Data\alot\products\products.xml.backup
    c:\documents and settings\Frank\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Button_2\images\default_282_alot_map_widget_default.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Button_3\images\default_275_alot_maps_maptravel.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Button_4\images\default_283_alot_maps_weather.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Button_4\images\nclear.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Button_5\images\default_276_alot_ref_mrkt_world_travel_guides.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Shared\domains.dat
    c:\documents and settings\Frank\Application Data\alot\Resources\Shared\images\alot_brand.png
    c:\documents and settings\Frank\Application Data\alot\Resources\Shared\images\spinner.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Shared\images\widget_caption.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
    c:\documents and settings\Frank\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
    c:\documents and settings\Frank\Application Data\alot\TimerManager\TimerManager.xml
    c:\documents and settings\Frank\Application Data\alot\TimerManager\TimerManager.xml.backup
    c:\documents and settings\Frank\Application Data\alot\toolbar.xml
    c:\documents and settings\Frank\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
    c:\documents and settings\Frank\Application Data\alot\Updater\Updater.xml
    c:\documents and settings\Frank\Application Data\alot\Updater\Updater.xml.backup
    c:\documents and settings\Frank\Application Data\wiaserva.log
    c:\documents and settings\Frank\Start Menu\Programs\Startup\ikowin32.exe
    c:\program files\alot\alotUninst.exe
    c:\program files\alot\bin\alot.dll
    c:\windows\braviax.exe
    c:\windows\COUPON~1.OCX
    c:\windows\CouponPrinter.ocx
    c:\windows\Downloaded Program Files\popcaploader.dll
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\Installer\1f2a5ee.msp
    c:\windows\Installer\31f58d0.msp
    c:\windows\Installer\36893f1.msp
    c:\windows\Installer\36893f4.msp
    c:\windows\kb913800.exe
    c:\windows\system32\braviax.exe
    c:\windows\system32\drivers\bc21debe.sys
    c:\windows\TEMP\logishrd\LVPrcInj01.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \Service_bc21debe


    ((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
    .

    2009-08-18 12:34 . 2009-08-18 13:18
    d-s---w- C:\Combo-Fix
    2009-08-18 11:46 . 2009-08-18 11:47
    d
    w- c:\program files\ERUNT
    2009-08-18 10:01 . 2009-08-18 10:01
    d
    w- C:\Rooter$
    2009-08-18 09:41 . 2009-08-18 09:41
    d
    w- c:\documents and settings\All Users\Application Data\Uniblue
    2009-08-18 09:41 . 2009-08-18 09:41
    d
    w- c:\documents and settings\Frank\Application Data\Uniblue
    2009-08-18 09:41 . 2009-07-06 03:10 20232 ----a-w- c:\windows\system32\AntiSpyNative64.exe
    2009-08-18 09:41 . 2009-07-06 03:10 16648 ----a-w- c:\windows\system32\AntiSpyNative32.exe
    2009-08-18 01:18 . 2009-08-18 01:18
    d-sh--w- c:\documents and settings\Administrator\IETldCache
    2009-08-18 01:07 . 2009-08-18 01:07 26686 ----a-w- c:\documents and settings\Frank\msword98.exe
    2009-08-18 01:07 . 2009-08-18 01:07 26686 ----a-w- c:\windows\system32\msword98.exe
    2009-08-15 18:46 . 2005-07-26 01:20 32359 ----a-w- c:\windows\system32\RdCi1061.dll
    2009-08-15 18:46 . 2005-07-26 01:20 217088 ----a-w- c:\windows\system32\RDDP1061.DAT
    2009-08-15 18:46 . 2005-06-01 06:56 4088 ----a-w- c:\windows\system32\RD3T1061.DAT
    2009-08-15 18:46 . 2009-08-15 18:46
    d
    w- c:\program files\RdDrv001
    2009-08-15 18:46 . 2005-07-26 01:22 174834 ----a-w- c:\windows\system32\drivers\Rdwm1061.sys
    2009-08-15 18:46 . 2005-07-26 01:20 81920 ----a-w- c:\windows\system32\rdas1061.dll
    2009-08-13 11:53 . 2009-07-10 13:27 1315328
    w- c:\windows\system32\dllcache\msoe.dll
    2009-08-10 20:27 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Frank\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-08-10 20:27 . 2009-08-10 20:27
    d
    w- c:\program files\Common Files\Adobe AIR
    2009-08-10 20:26 . 2009-08-10 20:26 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2009-08-10 20:26 . 2009-08-10 20:26
    d
    w- c:\documents and settings\All Users\Application Data\NOS
    2009-08-10 20:26 . 2009-08-10 20:26
    d
    w- c:\program files\NOS
    2009-08-10 20:09 . 2006-01-23 09:09 131072 ----a-w- c:\windows\system32\mtrcom32.dll
    2009-08-10 20:09 . 2002-06-03 16:50 118784 ----a-w- c:\windows\system32\Faxmng32.dll
    2009-08-10 20:09 . 2002-06-03 16:49 954368 ----a-w- c:\windows\system32\Faxcpp32.dll
    2009-08-10 20:09 . 2002-05-24 14:28 40960 ----a-w- c:\windows\system32\Twscan32.dll
    2009-08-05 09:01 . 2009-08-05 09:01 204800
    w- c:\windows\system32\dllcache\mswebdvd.dll
    2009-08-04 15:45 . 2009-08-04 15:45
    d
    w- c:\windows\system32\custom matrices
    2009-08-04 15:45 . 2009-08-04 15:46
    d
    w- c:\windows\system32\C2MP
    2009-08-04 15:45 . 2009-08-04 15:45
    d
    w- c:\windows\system32\QuickTime
    2009-08-01 12:09 . 2009-08-01 12:09
    d
    w- c:\documents and settings\Frank\Local Settings\Application Data\Temp
    2009-07-27 18:18 . 2009-07-27 18:18
    d
    w- c:\documents and settings\Frank\Local Settings\Application Data\PunkBuster
    2009-07-27 17:59 . 2009-07-27 17:59
    d-sh--w- c:\documents and settings\Frank\IECompatCache
    2009-07-27 17:58 . 2009-07-27 17:58
    d-sh--w- c:\documents and settings\Frank\PrivacIE
    2009-07-27 17:56 . 2009-07-27 17:56
    d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2009-07-27 17:56 . 2009-07-27 17:56
    d-sh--w- c:\documents and settings\Frank\IETldCache
    2009-07-27 17:51 . 2009-07-01 07:08 101376
    w- c:\windows\system32\dllcache\iecompat.dll
    2009-07-27 17:51 . 2009-07-27 17:51
    d
    w- c:\windows\ie8updates
    2009-07-27 17:51 . 2009-07-03 17:09 12800
    w- c:\windows\system32\dllcache\xpshims.dll
    2009-07-27 17:51 . 2009-07-03 17:09 246272
    w- c:\windows\system32\dllcache\ieproxy.dll
    2009-07-27 17:50 . 2009-07-27 17:51
    dc-h--w- c:\windows\ie8
    2009-07-20 21:07 . 2009-07-20 21:07
    d
    w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2009-07-19 15:45 . 2009-07-19 15:45
    d
    w- c:\program files\Common Files\Skype

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-18 13:54 . 2007-01-09 03:25
    d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-08-18 13:54 . 2009-04-24 21:15
    d
    w- c:\program files\DNA
    2009-08-18 13:54 . 2009-04-24 21:15
    d
    w- c:\documents and settings\Frank\Application Data\DNA
    2009-08-18 13:54 . 2008-12-25 12:35 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2009-08-18 13:54 . 2008-12-25 12:35 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
    2009-08-18 13:11 . 2008-10-04 19:19
    d
    w- c:\program files\SpeedBit Video Accelerator
    2009-08-18 09:41 . 2008-10-12 19:05
    d
    w- c:\program files\Uniblue
    2009-08-11 10:14 . 2007-08-24 13:05 139904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-08-11 10:14 . 2007-08-24 13:04 189744 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-08-10 20:33 . 2007-07-16 22:43
    d
    w- c:\program files\Common Files\Adobe
    2009-08-10 20:11 . 2009-08-10 20:06 766 ----a-r- c:\documents and settings\Frank\Application Data\Microsoft\Installer\{E08EC542-BC5F-4F26-BBB9-E426BA007A31}\Uninstall.exe_E08EC542BC5F4F26BBB9E426BA007A31.exe
    2009-08-10 20:11 . 2009-08-10 20:06 2166 ----a-r- c:\documents and settings\Frank\Application Data\Microsoft\Installer\{E08EC542-BC5F-4F26-BBB9-E426BA007A31}\USBDriver.exe_E08EC542BC5F4F26BBB9E426BA007A31.exe
    2009-08-10 20:11 . 2009-08-10 20:06 2166 ----a-r- c:\documents and settings\Frank\Application Data\Microsoft\Installer\{E08EC542-BC5F-4F26-BBB9-E426BA007A31}\ARPPRODUCTICON.exe
    2009-08-10 20:09 . 2009-08-10 20:04
    d
    w- c:\program files\LifeScan
    2009-08-10 20:09 . 2007-01-09 03:17
    d--h--w- c:\program files\InstallShield Installation Information
    2009-08-10 20:06 . 2009-08-10 20:06
    d
    w- c:\program files\OneTouch USB Driver
    2009-08-05 09:01 . 2005-08-16 04:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-04 15:30 . 2007-01-10 19:12
    d
    w- c:\program files\FinePixViewer
    2009-08-02 10:38 . 2008-03-20 00:46
    d
    w- c:\program files\Microsoft Silverlight
    2009-07-27 18:19 . 2007-08-24 13:04 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
    2009-07-19 15:47 . 2007-02-28 18:42
    d
    w- c:\program files\Google
    2009-07-19 15:45 . 2007-03-23 17:32
    d
    r- c:\program files\Skype
    2009-07-19 15:45 . 2007-03-23 17:32
    d
    w- c:\documents and settings\All Users\Application Data\Skype
    2009-07-19 15:45 . 2007-03-23 17:32
    d
    w- c:\documents and settings\Frank\Application Data\Skype
    2009-07-17 19:01 . 2005-08-16 04:18 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-13 22:43 . 2005-08-16 04:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-09 23:49 . 2009-07-09 23:49
    d
    w- c:\documents and settings\All Users\Application Data\Chat Republic Games
    2009-07-09 22:53 . 2008-12-06 09:25 83456 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
    2009-07-09 22:22 . 2009-07-09 22:20
    d
    w- c:\program files\PersonalAV
    2009-07-03 17:09 . 2005-08-16 04:18 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-06-22 16:28 . 2009-05-05 17:04 138872 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
    2009-06-21 17:43 . 2009-06-21 17:43
    d
    w- c:\documents and settings\All Users\Application Data\kinoma
    2009-06-21 17:43 . 2009-06-21 17:43
    d
    w- c:\program files\DIFX
    2009-06-21 17:43 . 2009-06-21 17:43
    d
    w- c:\program files\Sony
    2009-06-21 17:43 . 2009-06-21 17:43
    d
    w- c:\program files\Common Files\Sony Shared
    2009-06-20 18:28 . 2009-06-20 18:28 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2009-06-16 14:36 . 2005-08-16 04:18 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:36 . 2005-08-16 04:18 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-14 15:21 . 2009-06-14 15:21 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
    2009-06-14 15:21 . 2009-06-14 15:21 256512 ----a-w- c:\windows\system32\ff_kernelDeint.dll
    2009-06-14 15:21 . 2009-06-14 15:21 237056 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
    2009-06-12 12:31 . 2005-08-16 04:18 80896 ----a-w- c:\windows\system32\tlntsess.exe
    2009-06-12 12:31 . 2005-08-16 04:18 76288 ----a-w- c:\windows\system32\telnet.exe
    2009-06-10 14:13 . 2005-08-16 04:18 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 08:19 . 2005-08-16 04:37 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 06:14 . 2005-08-16 04:18 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-03 19:09 . 2005-08-16 04:18 1291264 ----a-w- c:\windows\system32\quartz.dll
    2009-04-25 19:51 . 2009-04-25 19:51 317987 ----a-w- c:\program files\setuplog.txt
    2007-05-10 02:17 . 2007-05-10 02:17 1166848 ----a-w- c:\program files\MCEKaraokePlugin.msi
    2007-05-03 15:32 . 2007-05-03 15:32 434 ----a-w- c:\program files\setup_bs.exe
    2007-04-10 11:12 . 2007-04-10 11:12 5805656 ----a-w- c:\program files\Firefox Setup 2.0.0.3.exe
    2007-01-11 17:27 . 2007-01-11 17:27 251 ----a-w- c:\program files\wt3d.ini
    2007-01-10 18:34 . 2007-01-10 18:33 5460480 ----a-w- c:\program files\epson19840eu.exe
    2009-05-11 13:20 . 2007-01-14 00:10 168 --sh--r- c:\windows\system32\F6E99119E5.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
    "DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-12-06 3114496]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-24 342848]
    "Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2009-07-06 1431816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
    "MVS Splash"="c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe" [2009-04-13 468288]
    "McAfee Managed Services Tray"="c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" [2009-04-13 87360]
    "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
    "SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-10-04 2705008]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-12 185872]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
    "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-20 282624]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Frank\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    SolidWorks Task Scheduler Engine.lnk - c:\program files\Solidworks\swScheduler\swBOEngine.exe [2008-4-17 488728]
    Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2007-1-10 282624]
    HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
    HP Image Zone Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
    Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
    backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqw.exe"=
    "c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqwded.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
    "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
    "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Logging]
    "LogSuccessfulConnections"= 0 (0x0)
    "LogDroppedPackets"= 0 (0x0)
    "LogFileSize"= 0 (0x0)
    "LogFilePath"=

    R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [24/04/2007 17:52 16688]
    R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [16/05/2008 03:03 14144]
    R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [10/01/2007 15:57 175704]
    R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [04/10/2008 20:19 35584]
    R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
    R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [03/05/2008 20:50 30152]
    R3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [06/04/2007 14:16 9344]
    R3 RDID1061;EDIROL UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [15/08/2009 19:46 174834]
    R3 WLD675;3Com 3CRDAG675 Wireless LAN PCI Adapter;c:\windows\system32\drivers\wld675f.sys [10/01/2007 16:27 328032]
    S2 BBDemon;Backbone Service; [x]
    S2 gupdate1ca0887fd17c5e2;Google Update Service (gupdate1ca0887fd17c5e2);c:\program files\Google\Update\GoogleUpdate.exe [19/07/2009 16:45 133104]
    S3 3Com_A02;3com Driver;c:\windows\system32\DRIVERS\3C254G50.sys --> c:\windows\system32\DRIVERS\3C254G50.sys [?]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [10/08/2009 21:26 66056]
    S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [29/07/2008 18:40 17536]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 15:45]

    2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 15:45]

    2009-08-18 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-11-11 07:29]

    2009-08-18 c:\windows\Tasks\Uniblue SpyEraser Nag.job
    - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-08-18 03:10]

    2009-08-18 c:\windows\Tasks\Uniblue SpyEraser.job
    - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-08-18 03:10]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.0.04506.30)
    HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe


    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
    Trusted Zone: 4sure.it \virusscanasap
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD47E0E7-D528-4D72-9386-E608448119C6} - hxxp://www.superstarracing.net/miniclip/ChatRepublicPlayer.cab
    FF - ProfilePath - c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\bqgth9ld.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/ig
    FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
    FF - component: c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\bqgth9ld.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFExternalAlert.dll
    FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
    FF - plugin: c:\program files\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-18 14:55
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'explorer.exe'(8416)
    c:\windows\system32\WININET.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Microsoft Office\OFFICE11\msohev.dll
    .
    Other Running Processes
    .
    c:\program files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    c:\windows\system32\CTSVCCDA.EXE
    c:\windows\ehome\ehrecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
    c:\program files\Windows Desktop Search\WindowsSearchIndexer.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\McAfee\HackerWatch\HWAPI.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\McAfee\MPF\MpfSrv.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\HPZipm12.exe
    c:\windows\system32\PnkBstrA.exe
    c:\progra~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
    c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\windows\system32\dllhost.exe
    c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
    c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Windows Live\Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-18 15:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-18 14:06

    Pre-Run: 120,167,366,656 bytes free
    Post-Run: 120,178,671,616 bytes free

    450 --- E O F --- 2009-08-13 22:28


  • Advertisement
  • #7
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi

    Please download OTM
    • Save it to your desktop.
    • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      :Processes

:Services

:Reg

:Files
c:\windows\system32\AntiSpyNative64.exe
c:\windows\system32\AntiSpyNative32.exe
c:\documents and settings\Frank\msword98.exe
c:\windows\system32\msword98.exe
c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
:Commands
[purity]
[emptytemp]
[Reboot]
    • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM and reboot your PC.
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.
    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
      [*]Click on My Computer under Scan.
      [*]Once the scan is complete, it will display the results. Click on View Scan Report.
      [*]You will see a list of infected items there. Click on Save Report As....
      [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


    5. #8
      68 lost souls
      Registered Users, Registered Users 2 Posts: 3,999 ✭✭✭68 lost souls


      Ok on the last bit there. The kaspersky site is in russian and I cant understand it. At the bottom of what I think there are 2 buttons which I assume are acceptor decline and it seems the accept button is greyed out. Here are the logs from the other steps.

      OTM

      All processes killed
      ========== PROCESSES ==========
      ========== SERVICES/DRIVERS ==========
      ========== REGISTRY ==========
      ========== FILES ==========
      c:\windows\system32\AntiSpyNative64.exe moved successfully.
      c:\windows\system32\AntiSpyNative32.exe moved successfully.
      c:\documents and settings\Frank\msword98.exe moved successfully.
      c:\windows\system32\msword98.exe moved successfully.
      LoadLibrary failed for c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
      c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll NOT unregistered.
      c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: Administrator
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 67 bytes

      User: All Users

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes

      User: Frank
      ->Temp folder emptied: 666180 bytes
      ->Temporary Internet Files folder emptied: 73165884 bytes
      ->Java cache emptied: 54548972 bytes
      ->FireFox cache emptied: 76405626 bytes
      ->Google Chrome cache emptied: 9842142 bytes

      User: LocalService
      ->Temp folder emptied: 0 bytes
      File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      ->Temporary Internet Files folder emptied: 49286 bytes

      User: McAfeeMVSUser
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 67 bytes

      User: NetworkService
      ->Temp folder emptied: 0 bytes
      File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      ->Temporary Internet Files folder emptied: 32835 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 19569 bytes
      %systemroot%\System32 .tmp files removed: 14959633 bytes
      File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
      Windows Temp folder emptied: 109080 bytes
      RecycleBin emptied: 0 bytes

      Total Files Cleaned = 219.19 mb


      OTM by OldTimer - Version 3.0.0.6 log created on 08182009_173653

      Files moved on Reboot...
      DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
      C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
      File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

      Registry entries deleted on Reboot...


      Mbam Log

      Malwarebytes' Anti-Malware 1.40
      Database version: 2650
      Windows 5.1.2600 Service Pack 3

      18/08/2009 18:09:15
      mbam-log-2009-08-18 (18-09-15).txt

      Scan type: Quick Scan
      Objects scanned: 117226
      Time elapsed: 9 minute(s), 59 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 1
      Registry Values Infected: 0
      Registry Data Items Infected: 4
      Folders Infected: 1
      Files Infected: 4

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Folders Infected:
      C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

      Files Infected:
      C:\WINDOWS\system32\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\PersonalAV\pav.exe.tmp1 (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
      C:\Program Files\PersonalAV\pav.exe.tmp4 (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
      C:\Program Files\PersonalAV\pav.exe.tmp7 (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.


    6. #9
      idunnoutellme
      Closed Accounts Posts: 390 ✭✭idunnoutellme


      i saw braviax.exe in the list there - I have the same thing on my computer and can't get rid of it and i get the same red sign with white X in it, let me know if that all worked for ya


    7. #10
      ActorSeeksJob
      Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


      do this instead

      Please click here to download AVP Tool by Kaspersky.
      • Save it to your desktop.
      • Reboot your computer into SafeMode.
        You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
        Use your up arrow key to highlight SafeMode then hit enter        .
      • Double click the setup file to run it.
      • Click Next to continue.
      • It will by default install it to your desktop folder.Click Next.
      • Hit ok at the prompt for scanning in Safe Mode.
      • It will then open a box There will be a tab that says Automatic scan.
      • Under Automatic scan make sure these are checked.

        [*] System Memory
        [*]Startup Objects
        [*]Disk Boot Sectors.
        [*]My Computer.
        [*]Also any other drives (Removable that you may have)
        • Then click on Scan at the to right hand Corner.
        • It will automatically Neutralize any objects found.
        • If some objects are left unneutralized then click the button that says Neutralize all
        • If it says it cannot be Neutralized then chooose The delete option when prompted.
        • After that is done click on the reports button at the bottom and save it to file name it Kas.
        • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

          Note: This tool will self uninstall when you close it so please save the log before closing it.


      • #11
        68 lost souls
        Registered Users, Registered Users 2 Posts: 3,999 ✭✭✭68 lost souls


        According to the AVP tool there are no Virus/Malware detedtec so I think its gone. Only problem I have no is that McAfee says that the "Total Protection Security company key is invalid" but it is valid and was working fine before this mess started.

        Thanks for the help on the first problem. Any advice on my new one?


      • Advertisement
      • #12
        68 lost souls
        Registered Users, Registered Users 2 Posts: 3,999 ✭✭✭68 lost souls


        I think it might just actually need renewal.


      • #13
        ActorSeeksJob
        Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        post a new HJT log


      • #14
        68 lost souls
        Registered Users, Registered Users 2 Posts: 3,999 ✭✭✭68 lost souls


        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 01:41:41, on 20/08/2009
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.18702)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\ehome\ehtray.exe
        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
        C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
        C:\WINDOWS\stsystra.exe
        C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
        C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
        C:\Program Files\Java\jre6\bin\jusched.exe
        c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
        C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
        C:\Program Files\DAP\DAP.EXE
        C:\Program Files\DNA\btdna.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\FinePixViewer\QuickDCF.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\Windows Desktop Search\WindowsSearch.exe
        C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
        C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
        C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
        C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
        C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
        C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
        C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
        C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
        C:\WINDOWS\system32\CTsvcCDA.exe
        C:\WINDOWS\eHome\ehRecvr.exe
        C:\WINDOWS\eHome\ehSched.exe
        C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
        C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
        C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\McAfee\MPF\MPFSrv.exe
        C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\hpzipm12.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\WINDOWS\system32\PnkBstrB.exe
        C:\WINDOWS\system32\svchost.exe
        C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
        C:\Program Files\Viewpoint\Common\ViewpointService.exe
        C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
        C:\WINDOWS\system32\dllhost.exe
        C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
        C:\WINDOWS\eHome\ehmsas.exe
        C:\WINDOWS\System32\svchost.exe
        C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
        C:\Program Files\Windows Live\Messenger\usnsvc.exe
        C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
        C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
        O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
        O3 - Toolbar: SpeedBit Video Converter - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Converter\Toolbar\SpeedBit_Video_Converter.dll
        O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
        O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
        O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
        O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
        O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
        O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
        O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
        O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
        O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
        O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
        O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
        O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
        O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\Solidworks\swScheduler\swBOEngine.exe
        O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
        O4 - Global Startup: Exif Launcher.lnk = ?
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
        O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
        O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
        O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
        O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
        O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
        O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
        O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
        O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
        O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
        O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
        O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
        O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
        O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
        O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
        O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
        O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
        O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
        O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
        O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
        O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
        O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
        O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
        O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
        O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\WINDOWS\system32\shdocvw.dll
        O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\WINDOWS\system32\shdocvw.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O15 - Trusted Zone: virusscanasap.4sure.it
        O15 - Trusted Zone: http://*.mcafee.com (HKLM)
        O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
        O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
        O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
        O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
        O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
        O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
        O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
        O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
        O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
        O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
        O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.ie/SnapfishActivia.cab
        O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.4sure.it/U4/ENU/VS40/bin/myCioAgt.20060601165154.cab
        O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
        O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
        O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
        O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} (Bonusprint Image Uploader Version 4.5 Control) - http://webalbum.bonusprint.com/euipc01/downloads//ImageUploader4.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
        O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/sj/en/check/qdiagh.cab?326
        O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/ie/uk/importer/ImageUploader4.cab
        O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
        O16 - DPF: {FD47E0E7-D528-4D72-9386-E608448119C6} - http://www.superstarracing.net/miniclip/ChatRepublicPlayer.cab
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
        O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
        O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
        O23 - Service: Backbone Service (BBDemon) - Autodesk - (no file)
        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
        O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
        O23 - Service: Google Update Service (gupdate1ca0887fd17c5e2) (gupdate1ca0887fd17c5e2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
        O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
        O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
        O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
        O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
        O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
        O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
        O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
        O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
        O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
        O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
        O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
        O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
        O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

        --
        End of file - 18232 bytes


      • #15
        ActorSeeksJob
        Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Your logs are clean


        Follow these steps to uninstall Combofix and tools used in the removal of malware
        • Click START then RUN
        • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
          CF_Cleanup.png


        • Download OTC to your desktop and run it
        • Click Yes to beginning the Cleanup process and remove these components, including this application.
        • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.


        Below I have included a number of recommendations for how to protect your computer against malware infections.
        • Keep Windows updated by regularly checking their website at :
          http://windowsupdate.microsoft.com/
          This will ensure your computer has always the latest security updates available installed on your computer.

        • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

        • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

        • Make Internet Explorer more secure
          • Click Start > Run
          • Type Inetcpl.cpl & click OK
          • Click on the Security tab
          • Click Reset all zones to default level
          • Make sure the Internet Zone is selected & Click Custom level
          • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
          • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
        • TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

        • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

        • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
          secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
          blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
          Here


          If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
          • NoScript - for blocking ads and other potential website attacks
          • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

        • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

        • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

        • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

        • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

        • Please read my guide on how to prevent malware and about safe computing here
        Thank you for your patience, and performing all of the procedures requested.


      • #16
        68 lost souls
        Registered Users, Registered Users 2 Posts: 3,999 ✭✭✭68 lost souls


        Thanks for all the help IOll run through a lot of your suggestions alright. Already have Firefox and google chrome installed but for some reason I keep finding my way back to ie.

        Thinking of changing my scanner from mcAfee, possibly to avg or something.


      • #17
        pete looni
        Closed Accounts Posts: 3 pete looni


        I think you should ignore all the marketing replies you have been receiving from antivirus program dealers.

        If you really want to get rid of little nasties, then U need to do it by hand or get a decent non-windows scanner.

        I recommend backup all your files, then either buy a new hardrive and start all over again with all original os and driver discs, or else run a serious multi-sweep wiper/randomiser over your old hard drive. Also flush the bios and pull out the battery for a good 24 hours, and/or pin the bios memory eraser just to be sure.

        good luck ! Would like to know how it turns out if u email me?


      Advertisement