1.11M Members

Boot up problem

 
0
 

Hi, for a while now my computer has been going a slow and acting wierd. Some times when i use a windows shortcut key such as ctrl + C explorer will restart or when im in a folder and right click it will restart but only every once in and a while. Then when i boot it up at the screen where its all black and theres a dash that flashes it takes at least 2 minutes which is a lot longer than it used to and then it will go to the windows splash screen and act normally. Then it goes to my log on screen but before it goes there its blank and stays there for along time before showing the log on screen. Its also a little slow when logging on after explorer loads. I have posted a hijackthis log below. Any help would be appreciated, Thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:24 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer2.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.212.29.70:6588
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer2.exe
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:\Program Files\ConnectionServices\ConnectionServices.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Glwcick Class - {BDF4E4DF-B6BB-4ECE-8CD9-1880DEC7B82F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Registration Brothers In Arms.LNK = C:\Documents and Settings\Green\Desktop\New Folder (3)\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149550927593
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36E0607A-7608-42E8-A37C-B762491C2426}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3BBCB58-9107-4336-89A2-15FC5F127074}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{C452D6C8-892A-4324-AE70-C9886BEB4F1C}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O20 - AppInit_DLLs: C:\WINDOWS\system32\prai.dll
O20 - Winlogon Notify: PermissionResearch - C:\WINDOWS\system32\prls.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10196 bytes

 
0
 

I did a registry cleaning and some other stuff heres the hijackthis report.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:18 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer2.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.212.29.70:6588
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer2.exe
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:\Program

Files\ConnectionServices\ConnectionServices.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Glwcick Class - {BDF4E4DF-B6BB-4ECE-8CD9-1880DEC7B82F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh

Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149550927593
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36E0607A-7608-42E8-A37C-B762491C2426}: NameServer =

85.255.116.50,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3BBCB58-9107-4336-89A2-15FC5F127074}: NameServer =

85.255.116.50,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{C452D6C8-892A-4324-AE70-C9886BEB4F1C}: NameServer =

85.255.116.50,85.255.112.86
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O20 - AppInit_DLLs: C:\WINDOWS\system32\prai.dll
O20 - Winlogon Notify: PermissionResearch - C:\WINDOWS\system32\prls.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust

Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust

Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust

Antivirus\InoTask.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9679 bytes

 
0
 

You write like you are not in the Ukraine, so...
==Download fixwareout from http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe - and save it to your desktop.
Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish. After the fix follow the prompts. You will be asked to reboot your computer, and it may take longer than usual to load - this is normal.

Only if your Internet connection is now not working perform this.... In control panel select the Network and Internet Connections , rclick on your default connection, usually local area connection for cable and dsl, and lclick on properties. Click the Networking tab. Dclick on the Internet Protocol (TCP/IP) item and select Obtain DNS servers automatically. Press OK twice to get out of the properties screen and reboot if it asks.

FIX CHECKED ENTRIES....!!
Start Hijackthis, do a Scan Only and place checkmarks against all of the following, and then press Fix Checked:
O2 - BHO: Glwcick Class - {BDF4E4DF-B6BB-4ECE-8CD9-1880DEC7B82F} - (no file)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{36E0607A-7608-42E8-A37C-B762491C2426}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3BBCB58-9107-4336-89A2-15FC5F127074}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{C452D6C8-892A-4324-AE70-C9886BEB4F1C}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O20 - AppInit_DLLs: C:\WINDOWS\system32\prai.dll
O20 - Winlogon Notify: PermissionResearch - C:\WINDOWS\system32\prls.dll
Good. Now...
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

Okay, please run HT again and repost with the fixwareout log and the Combofix log.

 
0
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:48 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.212.29.70:6588
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149550927593
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7721 bytes

Username "Green" - 05/14/2008 19:33:27 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.50 85.255.112.86" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{36E0607A-7608-42E8-A37C-B762491C2426}
"nameserver"="85.255.116.50,85.255.112.86" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A3BBCB58-9107-4336-89A2-15FC5F127074}
"nameserver"="85.255.116.50,85.255.112.86" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C452D6C8-892A-4324-AE70-C9886BEB4F1C}
"nameserver"="85.255.116.50,85.255.112.86" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{36E0607A-7608-42E8-A37C-B762491C2426}
"DhcpNameServer"="85.255.116.50,85.255.112.86" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{BD82609A-923B-4AE8-83A3-33F96FCBB190}
"DhcpNameServer"="85.255.116.50,85.255.112.86" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C452D6C8-892A-4324-AE70-C9886BEB4F1C}
"DhcpNameServer"="85.255.116.50,85.255.112.86" <Value cleared.

Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
"SoundMan"="SOUNDMAN.EXE"
"StormCodec_Helper"="\"C:\\Program Files\\Ringz Studio\\Storm Codec\\StormSet.exe\" /S /opti"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="\"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

ComboFix 08-05-12.1 - Green 2008-05-14 19:54:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1095 [GMT -5:00]
Running from: C:\Documents and Settings\Green\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\deskbar
C:\Program Files\deskbar\deskbar.dll
C:\Program Files\deskbar\icons.bmp
C:\Program Files\deskbar\inst.bat
C:\Program Files\deskbar\mbback.bmp
C:\Program Files\deskbar\mbbigopen.bmp
C:\Program Files\deskbar\mbclose.bmp
C:\Program Files\deskbar\mbfwd.bmp
C:\Program Files\deskbar\mblogo.bmp
C:\Program Files\deskbar\mbsep.bmp
C:\Program Files\deskbar\options.html
C:\Program Files\deskbar\softomate.gif
C:\Program Files\deskbar\version.txt
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\tigen001.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\cfg32o.dll
C:\WINDOWS\cfg32r.dll
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\system32\bang-006.ico
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\prls.dll
C:\WINDOWS\system32\tpuninstall.exe
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm

.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-14 19:32 . 2008-05-14 19:43 <DIR> d-------- C:\fixwareout
2008-05-13 18:02 . 2008-05-13 18:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-05 20:05 . 2008-05-05 20:05 <DIR> d-------- C:\Program Files\vixy.net
2008-05-05 19:31 . 2008-05-05 20:00 <DIR> d-------- C:\Downloads
2008-04-30 17:55 . 2008-04-30 17:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-30 17:55 . 2008-04-30 17:55 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-23 18:32 . 2008-04-23 18:33 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{C7F18430-E561-4213-B311-85908A54007B}
2008-04-20 22:26 . 2008-04-20 22:26 <DIR> d-------- C:\Program Files\CCleaner
2008-04-20 15:16 . 2008-04-23 19:23 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-04-20 12:31 . 2008-04-20 12:36 <DIR> d-------- C:\Program Files\ABC Amber Text Converter
2008-04-20 12:21 . 2008-04-20 12:21 327,680 --a------ C:\WINDOWS\system32\dvdauthor.ocx
2008-04-19 23:54 . 2008-04-19 23:54 <DIR> d-------- C:\Documents and Settings\Green\Application Data\ATI
2008-04-19 20:44 . 2008-04-19 20:44 <DIR> d-------- C:\ATI
2008-04-19 19:39 . 2008-04-19 19:39 <DIR> d-------- C:\Documents and Settings\Green\Application Data\Gearbox Software
2008-04-19 19:10 . 2008-04-19 19:10 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-16 17:14 . 2008-04-16 17:14 233,472 --a------ C:\WINDOWS\system32\viscomdvdimg.dll
2008-04-15 20:23 . 2008-04-15 20:23 0 --a------ C:\WINDOWS\Irremote.ini
2008-04-15 20:00 . 2008-04-15 20:06 <DIR> d-------- C:\temp\CheetahAudio
2008-04-15 20:00 . 2008-04-15 20:00 <DIR> d-------- C:\temp
2008-04-15 19:54 . 2008-04-15 19:54 <DIR> d-------- C:\Program Files\Cheetah Burner
2008-04-15 19:54 . 2005-11-14 05:23 1,228,800 --a------ C:\WINDOWS\system32\FoxBurner.ocx
2008-04-15 19:54 . 2003-12-17 16:00 1,208,320 --a------ C:\WINDOWS\system32\PTxSCP.ocx
2008-04-15 19:54 . 2007-07-31 12:57 1,164,728 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2008-04-15 19:54 . 2004-02-08 15:53 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2008-04-15 19:54 . 2005-01-19 00:44 454,656 --a------ C:\WINDOWS\system32\FoxDVDImager.ocx
2008-04-15 19:54 . 2002-03-25 03:03 380,928 --a------ C:\WINDOWS\system32\CDRipperX.ocx
2008-04-15 19:54 . 2005-01-19 00:18 323,584 --a------ C:\WINDOWS\system32\FoxImager.dll
2008-04-15 19:54 . 2007-04-06 00:08 196,608 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2008-04-15 19:54 . 2003-08-19 04:31 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2008-04-15 19:43 . 2008-04-23 19:22 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-04-15 19:15 . 2008-04-15 19:15 <DIR> d-------- C:\Documents and Settings\Green\Application Data\CDBurnerXP_Soft
2008-04-15 18:57 . 2008-04-23 19:11 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 22:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 22:42 --------- d-----w C:\Documents and Settings\Green\Application Data\AdobeUM
2008-05-12 00:22 --------- d-----w C:\Program Files\mIRC
2008-05-08 03:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-07 00:28 --------- d-----w C:\Documents and Settings\Green\Application Data\LimeWire
2008-05-06 01:00 --------- d-----w C:\Documents and Settings\Green\Application Data\Orbit
2008-04-30 03:41 --------- d-----w C:\Program Files\ConnectionServices
2008-04-29 03:47 --------- d-----w C:\Program Files\Opera
2008-04-22 02:24 --------- d-----w C:\Program Files\EasyBurning
2008-04-22 02:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 23:32 --------- d-----w C:\Program Files\Yahoo!
2008-04-20 01:47 --------- d-----w C:\Program Files\ATI Technologies
2008-04-16 01:28 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-16 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-10 00:35 --------- d-----w C:\Documents and Settings\Green\Application Data\Nero
2008-04-10 00:30 --------- d-----w C:\Program Files\Nero
2008-03-30 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-03-21 02:58 --------- d-----w C:\Program Files\FLV Player
2008-03-20 02:33 --------- d-----w C:\Program Files\Microsoft Reader
2008-03-17 23:51 --------- d-----w C:\Program Files\MagicISO
2008-03-17 20:07 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-17 20:07 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-17 18:54 --------- d-----w C:\Program Files\Kristanix
2008-03-16 00:41 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-03-15 20:35 --------- d-----w C:\Documents and Settings\Green\Application Data\Xfire
2008-03-15 20:34 --------- d-----w C:\Program Files\Xfire
2007-12-27 02:39 22,328 ----a-w C:\Documents and Settings\Green\Application Data\PnkBstrK.sys
2007-09-27 01:40 458,752 ----a-w C:\Program Files\AVSVideoToolsTrial.exe
2006-08-24 21:25 20,632 ----a-w C:\Documents and Settings\Green\Application Data\GDIPFONTCACHEV1.DAT
2006-10-12 21:32 3,072 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-10-12 21:32 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2005-05-13 23:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 17:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 03:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-08 01:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 18:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 16:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 19:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14 504080]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 13:30 97357]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-01-29 19:13 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 07:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Brandon\Start Menu\Programs\Startup\
Killindex.lnk - C:\WINDOWS\system32\cmd.exe [2004-08-04 07:00:00 388608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Green^Start Menu^Programs^Startup^Think-Adz.lnk]
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-04-20 12:10 50792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-04-10 09:15 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 08:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-04-20 12:10 50792 C:\Program Files\Common Files\AOL\1148587091\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Documents and Settings\\Green\\Desktop\\New Folder\\Limewire\\LimeWire.exe"=
"F:\\Games\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"F:\\Games\\Unreal Tournament\\Unreal Tournament\\UnrealTournament\\System\\UnrealTournament.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19812:TCP"= 19812:TCP:BitComet 19812 TCP
"19812:UDP"= 19812:UDP:BitComet 19812 UDP
"1620:UDP"= 1620:UDP:Windows Media Format SDK (firefox.exe)
"1621:UDP"= 1621:UDP:Windows Media Format SDK (firefox.exe)
"6112:TCP"= 6112:TCP:6112
"6113:TCP"= 6113:TCP:6113
"6114:TCP"= 6114:TCP:6114
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 ACEDRV06;ACEDRV06;C:\WINDOWS\system32\drivers\ACEDRV06.sys [2006-12-28 17:59]
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-20 20:37]
S3 MaplomL;MaplomL;C:\WINDOWS\system32\drivers\MaplomL.sys [2008-01-04 16:05]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-10-16 00:11]
S3 psdriver;psdriver;C:\Program Files\psdriver\psdriver.sys []
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-24 20:19]
S3 XDva006;XDva006;C:\WINDOWS\system32\XDva006.sys []
S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys []
S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoplay.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 02:45:46 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-21 17:24:34 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 20:06:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2008-05-14 20:25:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 01:25:04

Pre-Run: 25,512,640,512 bytes free
Post-Run: 25,563,234,304 bytes free

257 --- E O F --- 2008-05-14 21:01:34

 
0
 

JGR, just one obvious pest to remove: searchbar.findthewebsiteyouneed.com
Fix this entry with hijackthis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
Good, now a clean..
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
...and a Spyware scan:
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
-press Apply all Actions and Save the log file. Post the log file.
...with your comments, please?

 
0
 

Ok well i got the spyware program but couldnt really find an area called quarantine so i just deleted them. I then restarted my computer and it took even longer after explorer loaded for the icons and taskbar to load... I had some custom themes and thought that was the probelm when i use shortcut keys and right click so i uninstalled them and it still does it. well i hoped that helped some, here's the report from the AVG program.

"General properties" ""
"Report name" "Complete Test"
"Start time" "5/15/2008 7:04:53 PM"
"End time" "5/15/2008 11:44:39 PM (total: 4:39:45.5 hrs)"
"Launch method" "Scanning launched manually"
"Scanning result" "Threats found"
"Report status" "Scanning completed successfully"
" " ""
"Object summary" ""
"Scanned" "216881"
"Threats Found" "9"
"Cleaned" "0"
"Moved to vault" "0"
"Deleted" "8"
"Errors" "0"
"C:\Documents and Settings\Green\Desktop\New Folder\Rars\GameMaker67.rar:\GameMaker6.1.rar:\crack.exe" "Trojan horse Generic5.HCE" "Infected, Embedded object, Deleted"
"C:\Documents and Settings\Green\Desktop\New Folder\Rars\GameMaker67.rar" "Trojan horse Generic5.HCE" "Infected, Archive"
"C:\w77uxb8v9.exe" "" "Deleted"
"C:\Documents and Settings\Green\Desktop\Keygen.exe" "" "Deleted"
"C:\Program Files\Common Files\fmmm\fmmma.exe" "" "Deleted"
"C:\Program Files\Common Files\fmmm\fmmmp.exe" "" "Deleted"
"C:\Program Files\ConnectionServices\ConnectionServices.dll" "" "Deleted"
"C:\WINDOWS\system32vypqj.exe" "" "Deleted"
"C:\WINDOWS\Uninstall.exe" "" "Deleted"
"C:\WINDOWS\system32\vypqj.exe" "" "Deleted"

 
0
 

AVG Quarantine.... that is a setting, explained in this line:
-under Scanner/ Settings please change the Default Action from Recommended Actions to QUARANTINE, and run the complete system scan.
What that change does is force AVG to save the suspect files in a safe so you can review them before deleting or restoring them; otherwise AVG will apply its inbuilt Rec. Actions which generally for detections is deletion.
Not preaching here, but cracks n stuff.... if I wrote a tasty bit of software and wanted payment for it I would be annoyed at folks bypassing me with cracks. So, being a software writer, I would push out my own cracks... and they would be bad. Loaded. Pestware, adware, the lot, to put folks off downloading stuff to beat my software. Writers do that.
And if you earn a living by loading trojans with adware for payment, well cracks are just another way to get ppl to accept your trojans and execute them.
Best you run this virus scan [CClean first]:
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/homeusers/solutions/activescan/?
-for the free online virus scan select the link Scan your PC, then Register [otherwise there will be no disinfection, merely detection] with a valid email and follow through.
Post the log it produces here.

 
0
 

I did the ccleaner before i did the online scan but i dont think it got the other users on my computer though. When i copy and pasted the results it looked a little wierd so I also attached it in my reply.


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-19 15:59:30
PROTECTIONS: 1
MALWARE: 68
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.524 7.5.524 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029331 adware/bookedspace Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
00047660 adware/sqwire Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\tsa
00099612 adware/ipbill Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}
00125533 Adware/Sqwire Adware No 0 Yes No C:\Program Files\Common Files\fmmm\fmmmd\fmmmc.dll
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Green\Cookies\green@atdmt[2].txt
00145083 adware/mirar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
00145083 adware/mirar Adware No 1 Yes No HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta\https
00145083 adware/mirar Adware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}
00145083 adware/mirar Adware No 1 Yes No HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}
00145083 adware/mirar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
00145083 adware/mirar Adware No 1 Yes No hkey_local_machine\software\classes\nn_bar_dummy.nn_bardummy.1
00145083 adware/mirar Adware No 1 Yes No hkey_local_machine\software\classes\nn_bar_dummy.nn_bardummy
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.tradedoubler.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.mediaplex.com/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.clickbank.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.com.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[counter.hitslink.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Green\Cookies\green@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[ad.yieldmanager.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.bs.serving-sys.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[www.burstbeacon.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[server.iad.liveperson.net/hc/42739635]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[server.iad.liveperson.net/hc/76931915]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[hc2.humanclick.com/]
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[hc2.humanclick.com/hc/49044919]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.zedo.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.adrevolver.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[searchportal.information.com/]
00222340 Adware/Sqwire Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP556\A0148395.exe
00222376 Adware/Sqwire Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP556\A0148392.exe
00222405 Adware/Sqwire Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148193.exe
00222405 Adware/Sqwire Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\tsuninst.exe.vir
00262580 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148189.exe
00262580 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148196.exe
00262580 Adware/Zenosearch Adware No 0 Yes No C:\QooBox\Quarantine\C\TIGEN001.exe.vir
00262580 Adware/Zenosearch Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\dwdsregt.exe.vir
00262580 Adware/Zenosearch Adware No 0 Yes No C:\WINDOWS\system32\ordsregn.exe
00276655 Adware/NewAds Adware No 0 Yes No C:\WINDOWS\system32\kfaflghp.dll
00286207 Adware/BookedSpace Adware No 0 Yes No C:\WINDOWS\cfg32.exe
00286207 Adware/BookedSpace Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148199.exe
00286207 Adware/BookedSpace Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\cfg32a.exe.vir
00293079 Spyware/7r7t Spyware No 1 Yes No C:\WINDOWS\srvcjfoias.exe
00293079 Spyware/7r7t Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\tpuninstall.exe.vir
00293079 Spyware/7r7t Spyware No 1 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148192.exe
00302188 Adware/ActiveSearch Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148185.dll
00302188 Adware/ActiveSearch Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Deskbar\deskbar.dll.vir
00303646 Adware/DigInk Adware No 0 No No C:\WINDOWS\srvvjkbzix.exe[TagASaurus.exe]
00305469 Adware/Mirar Adware No 1 Yes No C:\WINDOWS\876056.exe
00319551 Adware/DigInk Adware No 0 No No C:\WINDOWS\srvvjkbzix.exe[Sos28.exe]
00324322 Adware/NewAds Adware No 0 Yes No C:\WINDOWS\system32\BattyRun2.dll
00333957 Adware/BookedSpace Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148197.dll
00333957 Adware/BookedSpace Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\cfg32o.dll.vir
00335213 Adware/BookedSpace Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\cfg32r.dll.vir
00335213 Adware/BookedSpace Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148198.dll
00335420 Adware/BookedSpace Adware No 0 Yes No C:\WINDOWS\stub_mm1.exe
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\fixwareout\FindT\nircmd.exe
00375120 Adware/Borlander Adware No 0 Yes No C:\Program Files\Ringz Studio\Storm Codec\stormupd.dll
00504757 Adware/PurityScan Adware No 0 No No C:\WINDOWS\srvcjfoias.exe[PSDream.exe]
00527287 Adware/WebHancer Adware No 0 Yes No C:\WINDOWS\whCC-MTHREE.exe
00597660 Adware/BookedSpace Adware No 0 Yes No C:\WINDOWS\cfg32p.dll
00747431 Spyware/LinkReplacer Spyware No 1 Yes No C:\WINDOWS\system32drei.exe
00751900 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP556\A0148382.exe
00756242 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\WINDOWS\srvvjkbzix.exe[uni_7eh.exe]
00769879 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\WINDOWS\srvvjkbzix.exe[109uninst.exe]
00773544 Adware/BookedSpace Adware No 0 Yes No C:\WINDOWS\vlcfkcdp.exe
00774185 Spyware/LinkReplacer Spyware No 1 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP556\A0148396.exe
00774185 Spyware/LinkReplacer Spyware No 1 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP556\A0148398.exe
00788432 Adware/BookedSpace Adware No 0 Yes No C:\WINDOWS\stub_mm6.exe
01078863 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\Game_Maker7\DrXJ.exe
01078863 Generic Trojan Virus/Trojan No 0 No No C:\Program Files\Game_Maker7\crack.exe[DrXJ.exe]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148253.exe[327882R2FWJFW\NirCmdC.cfexe]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Green\Desktop\New Folder\Rars\Scanning Programs\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148216.EXE
02186720 Adware/BookedSpace Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP556\A0148397.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148207.sys
02888154 Adware/Adband Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148187.exe
02888154 Adware/Adband Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\ISM\ism.exe.vir
02916576 Spyware/MarketScore Spyware No 1 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148191.dll
02916576 Spyware/MarketScore Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\prls.dll.vir
02924197 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP556\A0148394.exe
02925267 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\DAEMON Tools Pro\Patch.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location L
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description L
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Attachments ActiveScan.txt (30.7KB)
 
0
 

Thanks for attaching that log, JG, it does make it easier to read.
Delete C:\QOOBOX folder.

==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as fixkey.reg, as type "all files", to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Open with, Registry editor....

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}]

[-hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\tsa]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta\https]

[-HKEY_CLASSES_ROOT\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}]

[-HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}]

[-hkey_local_machine\software\classes\nn_bar_dummy.nn_bardummy.1]

[-hkey_local_machine\software\classes\nn_bar_dummy.nn_bardummy]

==Download killbox from here:- http://www.downloads.subratam.org/KillBox.zip -unzip it onto your desktop.
Dclick killbox to start it.
>Highlight the pathnames in the following block and copy them into clipboard [press Ctrl+C] [ or rclick, copy...]:-

C:\Program Files\Common Files\fmmm\fmmmd\fmmmc.dll
C:\WINDOWS\system32\ordsregn.exe
C:\WINDOWS\system32\kfaflghp.dll
C:\WINDOWS\cfg32.exe
C:\WINDOWS\srvcjfoias.exe
C:\WINDOWS\srvvjkbzix.exe[TagASaurus.exe]
C:\WINDOWS\876056.exe
C:\WINDOWS\srvvjkbzix.exe[Sos28.exe]
C:\WINDOWS\system32\BattyRun2.dll
C:\WINDOWS\stub_mm1.exe
C:\Program Files\Ringz Studio\Storm Codec\stormupd.dll
C:\WINDOWS\srvcjfoias.exe[PSDream.exe]
C:\WINDOWS\whCC-MTHREE.exe
C:\WINDOWS\cfg32p.dll
C:\WINDOWS\system32drei.exe
C:\WINDOWS\srvvjkbzix.exe[uni_7eh.exe]
C:\WINDOWS\srvvjkbzix.exe[109uninst.exe]
C:\WINDOWS\vlcfkcdp.exe
C:\WINDOWS\stub_mm6.exe
C:\Program Files\Game_Maker7\DrXJ.exe
C:\Program Files\Game_Maker7\crack.exe[DrXJ.exe]

-in killbox, go File menu, choose Paste from clipboard.
Select "Delete on reboot", "Unregister dll before deleting" if available, click the "all files" .
Click the red and white X button, click Yes on the reboot prompt, click OK if a pendingfilerenameoperation box opens. [do not be concerned if it says it cannot find a file...]
If your computer does not reboot please restart it manually.

==You must clear all your system restore points because some have been infected.... you do this by toggling System Restore Off then On again. So go control panel > system > system restore tab, check Turn off sys res on all drives, Apply and OK. Do it all again but uncheck that box, Apply and OK.
[[a quick way in is Start > run, paste: control sysdm.cpl,,4 -and OK]]
Now make a fresh, clean restore point: Start > programs > accessories > system tools > system restore and create a restore point now!!
[[the quick way to System Restore is Start > run, paste: %systemroot%\system32\restore\rstrui.exe -and OK]]
Say how things are now.

 
0
 

I did all that and things are still the same :(

 
0
 

Okay, let's try a tool which targets other malware. You did have quite a variety there.
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file to install the application and ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything is checked, and click Remove Selected.
Post the Notepad log [it is also saved under Logs tab in MBAM].
And now re-run Combofix, please, and post that log also.

 
0
 

Malwarebytes' Anti-Malware 1.12
Database version: 794

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 283284
Time elapsed: 2 hour(s), 26 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8cb0d898-a6a2-48c3-bbd7-862f85b18d46} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{431d251c-b43a-47d7-b4f4-07a101b432d6} (Adware.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\ConnectionServices (Adware.BHO) -> No action taken.

Files Infected:
C:\Documents and Settings\Green\Desktop\New Folder\Rars\crle_1.91 by www.ewares.org\Craagle.exe (Adware.Craagle) -> No action taken.
C:\Program Files\Common Files\fmmm\fmmmd\class-barrel (Malware.Trace) -> No action taken.
C:\Program Files\Common Files\fmmm\fmmmd\vocabulary (Malware.Trace) -> No action taken.
C:\Program Files\ConnectionServices\Uninstall.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\tcb.pmw (Malware.Trace) -> No action taken.

Start Time= Wed 05/28/2008 22:07:46.25

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-05-28 21:01:08 ( .D... ) "C:\Program Files\RM-X Player V5.2"
2008-05-28 14:19:18 ( .D... ) "C:\Documents and Settings\Green\Application Data\Malwarebytes"
2008-05-28 14:18:56 ( .D... ) "C:\Program Files\Malwarebytes' Anti-Malware"
2008-05-26 22:00:42 51 ( A.... ) "C:\smp.bat"
2008-05-26 21:32:16 ( .D... ) "C:\Program Files\AllToAVI"
2008-05-26 21:27:46 34308 ( A.... ) "C:\WINDOWS\system32\BASSMOD.dll"
2008-05-26 17:05:14 107888 ( A.... ) "C:\WINDOWS\system32\CmdLineExt.dll"
2008-05-26 17:05:14 ( .D.HR ) "C:\Documents and Settings\Green\Application Data\SecuROM"
2008-05-25 20:29:20 ( .D... ) "C:\Documents and Settings\Green\Application Data\DVD Flick"
2008-05-25 19:58:54 ( .D... ) "C:\Program Files\DVD Flick"
2008-05-20 17:00:10 ( .D... ) "C:\Program Files\Orange Box"
2008-05-18 21:40:22 ( .D... ) "C:\Program Files\Panda Security"
2008-05-15 18:59:04 ( .D... ) "C:\Program Files\Grisoft"
2008-05-13 18:02:02 ( .D... ) "C:\Program Files\Trend Micro"
2008-05-12 20:53:20 524288 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe"
2008-05-12 20:53:16 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2008-05-12 20:51:10 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2008-05-12 20:51:10 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2008-05-12 20:50:16 196608 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2008-05-12 20:50:16 81920 ( A.... ) "C:\WINDOWS\system32\dpl100.dll"
2008-05-12 20:50:12 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll"
2008-05-12 20:50:12 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll"
2008-05-12 20:50:12 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll"
2008-05-12 20:50:12 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll"
2008-05-12 20:50:10 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll"
2008-05-12 20:50:10 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll"
2008-05-12 20:50:08 831488 ( A.... ) "C:\WINDOWS\system32\divx_xx0a.dll"
2008-05-12 20:50:08 823296 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll"
2008-05-12 20:50:08 823296 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll"
2008-05-12 20:50:08 802816 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll"
2008-05-12 20:50:06 682496 ( A.... ) "C:\WINDOWS\system32\DivX.dll"
2008-05-12 20:49:28 161096 ( A.... ) "C:\WINDOWS\system32\DivXCodecVersionChecker.exe"
2008-05-12 20:49:02 12288 ( A.... ) "C:\WINDOWS\system32\DivXWMPExtType.dll"
2008-05-09 16:35:04 16863864 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2008-05-07 22:54:34 103736 ( A.... ) "C:\WINDOWS\system32\PnkBstrB.exe"
2008-04-20 22:26:58 ( .D... ) "C:\Program Files\CCleaner"
2008-04-20 12:31:46 ( .D... ) "C:\Program Files\ABC Amber Text Converter"
2008-04-19 23:54:10 ( .D... ) "C:\Documents and Settings\Green\Application Data\ATI"
2008-04-19 19:39:34 ( .D... ) "C:\Documents and Settings\Green\Application Data\Gearbox Software"
2008-04-19 19:11:00 ( .D... ) "C:\Program Files\Ubisoft"
2008-04-16 17:14:02 233472 ( A.... ) "C:\WINDOWS\system32\viscomdvdimg.dll"
2008-04-15 19:54:50 ( .D... ) "C:\Program Files\Cheetah Burner"
2008-04-15 19:43:10 ( .D... ) "C:\Program Files\Blaze Media Pro"
2008-04-15 19:15:44 ( .D... ) "C:\Documents and Settings\Green\Application Data\CDBurnerXP_Soft"
2008-04-14 22:00:32 ( .D... ) "C:\Program Files\EasyBurning"
2008-04-09 19:35:44 ( .D... ) "C:\Documents and Settings\Green\Application Data\Nero"
2008-04-09 19:30:58 ( .D... ) "C:\Program Files\Common Files\Nero"
2008-03-30 19:24:46 ( .D... ) "C:\Documents and Settings\Green\Application Data\Mozilla"
2008-03-27 03:12:54 151583 ( A.... ) "C:\WINDOWS\system32\msjint40.dll"
2008-03-24 23:50:58 838432 ( A.... ) "C:\WINDOWS\system32\mswdat10.dll"
2008-03-24 23:50:58 621344 ( A.... ) "C:\WINDOWS\system32\mswstr10.dll"
2008-03-24 23:50:58 355104 ( A.... ) "C:\WINDOWS\system32\msxbde40.dll"
2008-03-24 23:50:56 264992 ( A.... ) "C:\WINDOWS\system32\mstext40.dll"
2008-03-24 23:50:52 559904 ( A.... ) "C:\WINDOWS\system32\msrepl40.dll"
2008-03-24 23:50:50 322336 ( A.... ) "C:\WINDOWS\system32\msrd3x40.dll"
2008-03-24 23:50:48 432928 ( A.... ) "C:\WINDOWS\system32\msrd2x40.dll"
2008-03-24 23:50:46 355104 ( A.... ) "C:\WINDOWS\system32\mspbde40.dll"
2008-03-24 23:50:44 219936 ( A.... ) "C:\WINDOWS\system32\msltus40.dll"
2008-03-24 23:50:42 248608 ( A.... ) "C:\WINDOWS\system32\msjtes40.dll"
2008-03-24 23:50:42 60192 ( A.... ) "C:\WINDOWS\system32\msjter40.dll"
2008-03-24 23:50:40 355112 ( A.... ) "C:\WINDOWS\system32\msjetoledb40.dll"
2008-03-24 23:50:34 1516568 ( A.... ) "C:\WINDOWS\system32\msjet40.dll"
2008-03-24 23:50:30 326432 ( A.... ) "C:\WINDOWS\system32\msexcl40.dll"
2008-03-24 23:50:28 518944 ( A.... ) "C:\WINDOWS\system32\msexch40.dll"
2008-03-19 04:47:00 1845248 ( A.... ) "C:\WINDOWS\system32\win32k.sys"
2008-03-17 15:07:38 139264 ( A.... ) "C:\WINDOWS\War3Unin.exe"
2008-03-01 18:36:30 3591680 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2008-03-01 08:06:32 826368 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2008-03-01 08:06:30 1159680 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2008-03-01 08:06:30 671232 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2008-03-01 08:06:30 233472 ( A.... ) "C:\WINDOWS\system32\webcheck.dll"
2008-03-01 08:06:30 105984 ( A.... ) "C:\WINDOWS\system32\url.dll"
2008-03-01 08:06:30 102912 ( A.... ) "C:\WINDOWS\system32\occache.dll"
2008-03-01 08:06:30 44544 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2008-03-01 08:06:28 478208 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2008-03-01 08:06:28 193024 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2008-03-01 08:06:26 459264 ( A.... ) "C:\WINDOWS\system32\msfeeds.dll"
2008-03-01 08:06:26 267776 ( A.... ) "C:\WINDOWS\system32\iertutil.dll"
2008-03-01 08:06:26 52224 ( A.... ) "C:\WINDOWS\system32\msfeedsbs.dll"
2008-03-01 08:06:26 27648 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2008-03-01 08:06:24 6066176 ( A.... ) "C:\WINDOWS\system32\ieframe.dll"
2008-03-01 08:06:24 44544 ( A.... ) "C:\WINDOWS\system32\iernonce.dll"
2008-03-01 08:06:22 384512 ( A.... ) "C:\WINDOWS\system32\iedkcs32.dll"
2008-03-01 08:06:22 383488 ( A.... ) "C:\WINDOWS\system32\ieapfltr.dll"
2008-03-01 08:06:22 347136 ( A..H. ) "C:\WINDOWS\system32\dxtmsft.dll"
2008-03-01 08:06:22 230400 ( A.... ) "C:\WINDOWS\system32\ieaksie.dll"
2008-03-01 08:06:22 214528 ( A..H. ) "C:\WINDOWS\system32\dxtrans.dll"
2008-03-01 08:06:22 153088 ( A.... ) "C:\WINDOWS\system32\ieakeng.dll"
2008-03-01 08:06:22 133120 ( A..H. ) "C:\WINDOWS\system32\extmgr.dll"
2008-03-01 08:06:22 63488 ( A.... ) "C:\WINDOWS\system32\icardie.dll"
2008-03-01 08:06:20 124928 ( A..H. ) "C:\WINDOWS\system32\advpack.dll"
2008-02-29 03:55:24 70656 ( A.... ) "C:\WINDOWS\system32\ie4uinit.exe"
2007-09-26 20:40:04 458752 ( A.... ) "C:\Program Files\AVSVideoToolsTrial.exe"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
"SoundMan"="SOUNDMAN.EXE"
"StormCodec_Helper"="\"C:\\Program Files\\Ringz Studio\\Storm Codec\\StormSet.exe\" /S /opti"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AdobeUpdater"="C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000001
"HideStartupScripts"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
"backup"="C:\\WINDOWS\\pss\\Orbit.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ORBITD~1\\orbitdm.exe /H"
"item"="Orbit"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Green^Start Menu^Programs^Startup^Think-Adz.lnk]
"backup"="C:\\WINDOWS\\pss\\Think-Adz.lnkStartup"
"location"="Startup"
"item"="Think-Adz"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDetect"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSyncU"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DTProAgent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Pro\\DTProAgent.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DLD"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1148587091\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeInSystray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QTTask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VeohClient"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=dword:00000002


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

Completion time: Wed 05/28/2008 22:14:34.28
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

 
0
 

Hello, JG... a couple of problems with those logs:
MBAM - this step was missed: "Make sure that everything is checked, and click Remove Selected." Malware and adware were detected but not quarantined.
Combofix - the top half of the log is missing.

 
0
 

Sorry for the previous mistakes. I re-did the malware scan again and deleted the files then I re-did the combofix and posted it, I also attached the log file incase its hard to read.


ComboFix 08-05-29.1 - Green 2008-05-31 17:09:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015 [GMT -5:00]
Running from: C:\Documents and Settings\Green\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\smp.bat
C:\WINDOWS\system32\mdm.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.

2008-05-29 12:16 . 2008-05-29 12:16 <DIR> d-------- C:\sUBs
2008-05-29 12:16 . 2008-05-29 12:16 683 --a------ C:\Combo.bat
2008-05-28 21:01 . 2008-05-28 21:07 <DIR> d-------- C:\Program Files\RM-X Player V5.2
2008-05-28 14:19 . 2008-05-28 14:19 <DIR> d-------- C:\Documents and Settings\Green\Application Data\Malwarebytes
2008-05-28 14:18 . 2008-05-28 14:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 14:18 . 2008-05-28 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 14:18 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 14:18 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-27 00:32 . 2008-05-27 00:32 <DIR> d-------- C:\Documents and Settings\Freeloader
2008-05-26 22:09 . 2008-05-26 22:11 0 --a------ C:\output.avi
2008-05-26 21:32 . 2008-05-27 10:00 <DIR> d-------- C:\Program Files\AllToAVI
2008-05-26 17:05 . 2008-05-26 17:05 <DIR> dr-h----- C:\Documents and Settings\Green\Application Data\SecuROM
2008-05-25 20:29 . 2008-05-28 10:46 <DIR> d-------- C:\Documents and Settings\Green\Application Data\DVD Flick
2008-05-25 19:58 . 2008-05-25 19:58 <DIR> d-------- C:\Program Files\DVD Flick
2008-05-25 19:58 . 2000-05-19 17:56 81,920 --a------ C:\WINDOWS\system32\mbmouse.ocx
2008-05-25 19:58 . 2000-11-05 15:27 36,864 --a------ C:\WINDOWS\system32\trayicon.ocx
2008-05-20 17:00 . 2008-05-20 17:00 <DIR> d-------- C:\Program Files\Orange Box
2008-05-20 15:53 . 2008-05-20 17:27 <DIR> d-------- C:\!KillBox
2008-05-19 16:33 . 2008-05-19 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-18 21:40 . 2008-05-18 21:41 <DIR> d-------- C:\Program Files\Panda Security
2008-05-15 17:58 . 2008-05-15 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-14 19:32 . 2008-05-14 19:43 <DIR> d-------- C:\fixwareout
2008-05-13 18:02 . 2008-05-13 18:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-12 20:53 . 2008-05-12 20:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-12 20:51 . 2008-05-12 20:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-12 20:51 . 2008-05-12 20:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-12 20:49 . 2008-05-12 20:49 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-12 20:49 . 2008-05-12 20:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-12 20:49 . 2008-05-12 20:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-04-23 18:32 . 2008-04-23 18:33 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{C7F18430-E561-4213-B311-85908A54007B}
2008-04-20 22:26 . 2008-04-20 22:26 <DIR> d-------- C:\Program Files\CCleaner
2008-04-20 12:31 . 2008-04-20 12:36 <DIR> d-------- C:\Program Files\ABC Amber Text Converter
2008-04-20 12:21 . 2008-04-20 12:21 327,680 --a------ C:\WINDOWS\system32\dvdauthor.ocx
2008-04-19 23:54 . 2008-04-19 23:54 <DIR> d-------- C:\Documents and Settings\Green\Application Data\ATI
2008-04-19 20:44 . 2008-04-19 20:44 <DIR> d-------- C:\ATI
2008-04-19 19:39 . 2008-04-19 19:39 <DIR> d-------- C:\Documents and Settings\Green\Application Data\Gearbox Software
2008-04-19 19:10 . 2008-04-19 19:10 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-16 17:14 . 2008-04-16 17:14 233,472 --a------ C:\WINDOWS\system32\viscomdvdimg.dll
2008-04-15 20:23 . 2008-04-15 20:23 0 --a------ C:\WINDOWS\Irremote.ini
2008-04-15 20:00 . 2008-04-15 20:06 <DIR> d-------- C:\temp\CheetahAudio
2008-04-15 20:00 . 2008-04-15 20:00 <DIR> d-------- C:\temp
2008-04-15 19:54 . 2008-04-15 19:54 <DIR> d-------- C:\Program Files\Cheetah Burner
2008-04-15 19:54 . 2005-11-14 05:23 1,228,800 --a------ C:\WINDOWS\system32\FoxBurner.ocx
2008-04-15 19:54 . 2003-12-17 16:00 1,208,320 --a------ C:\WINDOWS\system32\PTxSCP.ocx
2008-04-15 19:54 . 2007-07-31 12:57 1,164,728 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2008-04-15 19:54 . 2004-02-08 15:53 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2008-04-15 19:54 . 2005-01-19 00:44 454,656 --a------ C:\WINDOWS\system32\FoxDVDImager.ocx
2008-04-15 19:54 . 2002-03-25 03:03 380,928 --a------ C:\WINDOWS\system32\CDRipperX.ocx
2008-04-15 19:54 . 2005-01-19 00:18 323,584 --a------ C:\WINDOWS\system32\FoxImager.dll
2008-04-15 19:54 . 2007-04-06 00:08 196,608 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2008-04-15 19:54 . 2003-08-19 04:31 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2008-04-15 19:43 . 2008-04-23 19:22 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-04-15 19:15 . 2008-04-15 19:15 <DIR> d-------- C:\Documents and Settings\Green\Application Data\CDBurnerXP_Soft
2008-04-15 18:57 . 2008-04-23 19:11 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 22:00 . 2008-05-15 19:06 <DIR> d-------- C:\Program Files\EasyBurning
2008-04-10 21:48 . 2008-04-10 21:48 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-09 19:35 . 2008-04-09 19:35 <DIR> d-------- C:\Documents and Settings\Green\Application Data\Nero
2008-04-09 19:30 . 2008-04-15 20:28 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-09 19:30 . 2008-04-15 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-02 20:56 . 2008-04-02 20:56 4,096 --a------ C:\WINDOWS\system32\crash

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 02:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-26 22:05 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-26 18:45 --------- d-----w C:\Program Files\MagicISO
2008-05-24 18:42 --------- d-----w C:\Program Files\DivX
2008-05-22 16:29 --------- d-----w C:\Documents and Settings\Green\Application Data\LimeWire
2008-05-16 04:44 --------- d-----w C:\Program Files\Common Files\fmmm
2008-05-13 22:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 22:42 --------- d-----w C:\Documents and Settings\Green\Application Data\AdobeUM
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 00:22 --------- d-----w C:\Program Files\mIRC
2008-05-08 03:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-08 03:54 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-06 01:00 --------- d-----w C:\Documents and Settings\Green\Application Data\Orbit
2008-04-29 03:47 --------- d-----w C:\Program Files\Opera
2008-04-21 23:32 --------- d-----w C:\Program Files\Yahoo!
2008-04-20 01:47 --------- d-----w C:\Program Files\ATI Technologies
2008-03-30 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 20:07 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-17 20:07 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 11:59 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-21 01:57 54,608 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-02-20 06:51 282,624 ---ha-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ---ha-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-09 15:28 323,584 ----a-w C:\WINDOWS\system32\AudioGenie2.dll
2007-12-27 02:39 22,328 ----a-w C:\Documents and Settings\Green\Application Data\PnkBstrK.sys
2007-09-27 01:40 458,752 ----a-w C:\Program Files\AVSVideoToolsTrial.exe
2006-08-24 21:25 20,632 ----a-w C:\Documents and Settings\Green\Application Data\GDIPFONTCACHEV1.DAT
2006-10-12 21:32 3,072 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-10-12 21:32 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2005-05-13 23:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 17:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 03:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-07-14 18:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 16:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 19:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14 504080]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 13:30 97357]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-01-29 19:13 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 07:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Brandon\Start Menu\Programs\Startup\
Killindex.lnk - C:\WINDOWS\system32\cmd.exe [2004-08-04 07:00:00 388608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Green^Start Menu^Programs^Startup^Think-Adz.lnk]
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-04-20 12:10 50792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-04-10 09:15 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-04-20 12:10 50792 C:\Program Files\Common Files\AOL\1148587091\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Documents and Settings\\Green\\Desktop\\New Folder\\Limewire\\LimeWire.exe"=
"F:\\Games\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"F:\\Games\\Unreal Tournament\\Unreal Tournament\\UnrealTournament\\System\\UnrealTournament.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\launch4j-tmp\\JDownloader.exe"=
"C:\\WINDOWS\\system32\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19812:TCP"= 19812:TCP:BitComet 19812 TCP
"19812:UDP"= 19812:UDP:BitComet 19812 UDP
"1620:UDP"= 1620:UDP:Windows Media Format SDK (firefox.exe)
"1621:UDP"= 1621:UDP:Windows Media Format SDK (firefox.exe)
"6112:TCP"= 6112:TCP:6112
"6113:TCP"= 6113:TCP:6113
"6114:TCP"= 6114:TCP:6114
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 ACEDRV06;ACEDRV06;C:\WINDOWS\system32\drivers\ACEDRV06.sys [2006-12-28 17:59]
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-20 20:37]
S3 MaplomL;MaplomL;C:\WINDOWS\system32\drivers\MaplomL.sys [2008-01-04 16:05]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-10-16 00:11]
S3 psdriver;psdriver;C:\Program Files\psdriver\psdriver.sys []
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-24 20:19]
S3 XDva006;XDva006;C:\WINDOWS\system32\XDva006.sys []
S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys []
S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoplay.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-19 21:14:59 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-21 17:24:34 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 17:13:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-31 17:24:57
ComboFix-quarantined-files.txt 2008-05-31 22:24:07

Pre-Run: 9,333,637,120 bytes free
Post-Run: 11,885,195,264 bytes free

243 --- E O F --- 2008-05-28 21:13:37

Attachments ComboFix.txt (16.44KB)
 
0
 

You might get rid of these files and folder...
D:\SETUP.EXE
E:\autoplay.exe
-these two were on plug-in media.
C:\Program Files\Common Files\fmmm

Does it start easily into Safe Mode?

 
0
 

well I booted it in safe mode and it started fine. Then I booted it normally and it started fine, but sometimes when i right click or use a shortcut key explorer still restarts :(

 
0
 

Uh, nvm I restarted my computer again and it is still messed up when it boots up :(

 
0
 

JG, it is starting to look like a piece of your legitimate software has gone bad. Something needs to be reinstalled, most likely one of the softwares that appears in your rclick context menu, perhaps it also has some shortcut keys assigned to it.
I'd go offline and start with the AV service, and then move onto the others. Explorer reads the contextmeuhandler reg keys when it loads; a bad one could be stalling it.

 
0
 

At work when computers take a long time to boot or load, then I use the following software and it cleans the computer up really good.

Ad-Aware 2008 home edition - http://www.lavasoft.com/index.php
Superantispyware - http://superantispyware.com/index.html
Spybot Search & Destroy - http://www.safer-networking.org/en/home/index.html
Trojan Remover - http://www.simplysup.com/

All these software is free. The trojan remover is a 30 day trial, but with all the functions of the full version. For cleaning your machine it's pretty good.

You
This article has been dead for over six months: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article