0

Just wondering if someone could look at the following and give me some suggestions on how i can fix my problem.
(PROBLEM.... my background settings seem to be locked and computer has been running slower than normal) i have run virus softwear and come across limited problems and fixed what problems were there. i have also read similar posts and assume this is the best way for someone to help me,

regards Adamo.

the following is a logfile from hijack this, just run on my computer

Logfile of HijackThis v1.99.1
Scan saved at 11:25:17 AM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\csrss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS.0\system32\S24EvMon.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS.0\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS.0\system32\RegSrvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\On Screen Display\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS.0\AGRSMMSG.exe
C:\Program Files\Battery miser\batterymiser.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS.0\system32\mpcsr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~2.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\System32\alg.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\adam work\junk\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\On Screen Display\Hotkey.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [batterymiser] C:\Program Files\Battery miser\batterymiser.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [mpcsr] C:\WINDOWS.0\system32\mpcsr.exe
O4 - HKLM\..\Run: [mpcsrv] C:\WINDOWS.0\system32\mpcsrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~2.EXE -onlytray
O4 - HKLM\..\Run: [dmpnv.exe] C:\WINDOWS.0\system32\dmpnv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by136fd.bay136.hotmail.msn.com/resources/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CC1CA47-ACF9-4FD3-BF2B-B51499D60C45}: NameServer = 85.255.115.154,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{8949E308-5BEE-4906-A3BC-E432FF775FAF}: NameServer = 85.255.115.154,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9BB2E1A-0865-4E2F-A5D6-6286FA05DAF1}: NameServer = 85.255.115.154,85.255.112.67
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.154 85.255.112.67
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.154 85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.154 85.255.112.67
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

2
Contributors
9
Replies
10
Views
10 Years
Discussion Span
Last Post by gerbil
0

==Download fixwareout from http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe - and save it to your desktop.
Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish. After the fix follow the prompts. You will be asked to reboot your computer, and it may take longer than usual to load - this is normal.
Next check some settings....In control panel select the Network and Internet Connections , rclick on your default connection, usually local area connection for cable and dsl, and lclick on properties. Click the Networking tab. Dclick on the Internet Protocol (TCP/IP) item and select Obtain DNS servers automatically. Press OK twice to get out of the properties screen and reboot if it asks.
Now flush the DNS cache: Go Start > Run, type cmd and click OK.
In the command screen, type in cd\ and then press Enter. Now type in ipconfig /flushdns and then Enter. [space after ipconfig]. Type Exit.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Okay, please run HT again and repost with the fixwareout and combofix logs.

0

i have done what you suggested, i think i have all the logs you require here, they are in order of HT log, Fixwareout log then combofix log.

cheers, adamo

Logfile of HijackThis v1.99.1
Scan saved at 10:55:43 AM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)


Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS.0\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS.0\system32\RegSrvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\On Screen Display\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS.0\AGRSMMSG.exe
C:\Program Files\Battery miser\batterymiser.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS.0\system32\mpcsr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~2.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\explorer.exe
C:\WINDOWS.0\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\adam work\junk\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\On Screen Display\Hotkey.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [batterymiser] C:\Program Files\Battery miser\batterymiser.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [mpcsr] C:\WINDOWS.0\system32\mpcsr.exe
O4 - HKLM\..\Run: [mpcsrv] C:\WINDOWS.0\system32\mpcsrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~2.EXE -onlytray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by136fd.bay136.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.0\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS.0\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS.0\system32\S24EvMon.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


Username "Owner" - 2007-08-09 10:11:36 [Fixwareout edited 2007/07/05]


»»»»»Prerun check
HKLM\SOFTWARE\~\CurrentVersion\Run\ ="dmpnv"
HKLM\SOFTWARE\~\Winlogon\ "System"="kdcht.exe"


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.115.154 85.255.112.67" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4CC1CA47-ACF9-4FD3-BF2B-B51499D60C45}
"nameserver"="85.255.115.154,85.255.112.67" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8949E308-5BEE-4906-A3BC-E432FF775FAF}
"nameserver"="85.255.115.154,85.255.112.67" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A9BB2E1A-0865-4E2F-A5D6-6286FA05DAF1}
"nameserver"="85.255.115.154,85.255.112.67" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{48387CA1-7382-4163-8066-320B9DFE0B6D}
"DhcpNameServer"="85.255.115.154,85.255.112.67" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A9BB2E1A-0865-4E2F-A5D6-6286FA05DAF1}
"DhcpNameServer"="85.255.115.154,85.255.112.67" <Value cleared.


Successfully flushed the DNS Resolver Cache.



System was rebooted successfully.


»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B4D7C8CC39CA-89D9-FE24-E6F5-88BBF9D1{"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "2"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "3"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "4"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "5"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "6"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "8"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "9"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "10"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "11"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "12"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "13"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "14"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "huhmd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "15"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "16"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "17"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "18"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "19"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "20"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "21"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "22"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "25"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "vnpmd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "26"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "27"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "28"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "29"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "30"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "31"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "33"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "34"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "35"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "36"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "37"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "38"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "39"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "40"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "41"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "42"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "43"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "44"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "45"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "46"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "47"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "48"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "49"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "50"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "51"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "52"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "53"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "54"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "55"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "56"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "57"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "58"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "59"  Deleted
....
»»»»» Misc files.
C:\Documents and Settings\Owner\Application Data\Install.dat Deleted
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS.0\temp\kdcht.ren 65070 08/04/2004


»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"KeybdUtility"="\"C:\\Program Files\\On Screen Display\\Hotkey.exe\""
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"batterymiser"="C:\\Program Files\\Battery miser\\batterymiser.exe"
"NeroFilterCheck"="C:\\WINDOWS.0\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"mpcsr"="C:\\WINDOWS.0\\system32\\mpcsr.exe"
"mpcsrv"="C:\\WINDOWS.0\\system32\\mpcsrv.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~2.EXE -onlytray"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"ctfmon.exe"="C:\\WINDOWS.0\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»



ComboFix 07-08-09.3 - "Owner" 2007-08-09 10:49:38.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.215 [GMT 10:00]



(((((((((((((((((((((((((   Files Created from 2007-07-09 to 2007-08-09  )))))))))))))))))))))))))))))))



2007-08-09 10:32    51,200  --a------   C:\WINDOWS.0\nircmd.exe
2007-08-09 10:11    7,334   --a------   C:\dnsbak.reg
2007-07-25 14:01    <DIR>    d--------   C:\Program Files\VideoLAN
2007-07-18 21:45    <DIR>    d--------   C:\Radiation safety V2



((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-08-06 11:44    ---------   d--------   C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-07-25 13:25    ---------   d--------   C:\Program Files\LimeWire
2007-06-25 10:05    ---------   d--------   C:\Program Files\Google
2007-06-21 10:55    ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-05-17 01:12    86528   --a--c---   C:\WINDOWS.0\system32\dllcache\directdb.dll
2007-05-17 01:12    85504   --a--c---   C:\WINDOWS.0\system32\dllcache\wabimp.dll
2007-05-17 01:12    683520  --a--c---   C:\WINDOWS.0\system32\dllcache\inetcomm.dll
2007-05-17 01:12    683520  --a------   C:\WINDOWS.0\system32\inetcomm.dll
2007-05-17 01:12    510976  --a--c---   C:\WINDOWS.0\system32\dllcache\wab32.dll
2007-05-17 01:12    1314816 --a--c---   C:\WINDOWS.0\system32\dllcache\msoe.dll
2006-11-29 00:24    2834552 --a------   C:\Program Files\CDI Backup 20062811 142445.zip
2006-11-28 13:25    81920   --a------   C:\Program Files\CDI_Valuelists.CD3
2006-11-28 13:25    548864  --a------   C:\Program Files\CDI_Scheduled_Calls.CD3
2006-11-28 13:25    159744  --a------   C:\Program Files\CDI_SMS.CD3
2006-11-28 13:25    1482752 --a------   C:\Program Files\CDI_Listings.CD3
2006-11-28 13:25    139264  --a------   C:\Program Files\CDI_Letters.CD3
2006-11-28 13:25    1175552 --a------   C:\Program Files\CDI_Contacts.CD3
2006-11-28 13:25    1167360 --a------   C:\Program Files\CDI_Main_Menu.CD3
2006-11-22 20:15    94208   --a------   C:\Program Files\CDI_Goals.CD3
2006-11-22 20:09    3228    --a------   C:\Program Files\cd_mailmerge.mer
2006-11-13 15:34    94208   --a------   C:\Program Files\CDI_Mail_Merge_Fields.CD3
2006-11-13 15:34    90112   --a------   C:\Program Files\CDI_Trails.CD3
2006-11-13 15:34    811008  --a------   C:\Program Files\CDI_Ideal_Week.CD3
2006-11-13 15:34    77824   --a------   C:\Program Files\CDI_Call_Logging.CD3
2006-11-13 15:34    4067328 --a------   C:\Program Files\CDI_Solicitors.CD3
2006-11-13 15:34    376832  --a------   C:\Program Files\CDI_Results.CD3
2006-11-13 15:34    3321856 --a------   C:\Program Files\CDI_Postcodes.CD3
2006-11-13 15:34    176128  --a------   C:\Program Files\CDI_Quotes.CD3
2006-11-13 15:34    172032  --a------   C:\Program Files\CDI_Support.CD3
2006-11-13 15:34    163840  --a------   C:\Program Files\CDI_Agent_Fees.CD3
2006-11-13 15:34    159744  --a------   C:\Program Files\CDI_Inspections.CD3
2006-11-13 15:34    143360  --a------   C:\Program Files\CDI_Email.CD3
2006-11-13 15:34    118784  --a------   C:\Program Files\CDI_Trail_Activities.CD3
2006-11-13 15:34    114688  --a------   C:\Program Files\CDI_Templates.CD3
2006-11-12 02:12    563762  --a------   C:\Program Files\Complete Data PDF trails.zip
2006-11-12 02:11    219164  --a------   C:\Program Files\CD MS Word letters.zip
2005-12-02 10:30    4730880 --a------   C:\Program Files\Complete Data Individual.exe
2005-12-02 10:25    311296  --a------   C:\Program Files\DBConverter.dll
2005-12-02 10:24    733184  --a------   C:\Program Files\XMLEngine.dll
2005-12-02 10:24    102400  --a------   C:\Program Files\FML10.dll
2005-12-02 10:23    532480  --a------   C:\Program Files\ProofReader.dll
2005-12-02 10:22    380928  --a------   C:\Program Files\XText.dll
2005-12-02 10:22    2093056 --a------   C:\Program Files\FMRSRC.dll
2005-12-02 10:21    528384  --a------   C:\Program Files\XFC.dll
2005-12-02 10:21    393216  --a------   C:\Program Files\FMUserModel.dll
2005-12-02 10:21    110592  --a------   C:\Program Files\FMWrapper.dll
2005-12-02 10:20    438272  --a------   C:\Program Files\XDraw.dll
2005-12-02 10:18    425984  --a------   C:\Program Files\FMScript.dll
2005-12-02 10:17    41472   --a------   C:\Program Files\NSViews.dll
2005-12-02 10:17    241664  --a------   C:\Program Files\FMLayout.dll
2005-12-02 10:17    217088  --a------   C:\Program Files\XGrfx.dll
2005-12-02 10:17    126976  --a------   C:\Program Files\FMOLE.dll
2005-12-02 10:16    2260992 --a------   C:\Program Files\DBEngine.dll
2005-12-02 10:16    114688  --a------   C:\Program Files\MFCX.dll
2005-12-02 10:16    106496  --a------   C:\Program Files\XCore.dll
2005-12-02 10:14    450560  --a------   C:\Program Files\HBAM.dll
2005-12-02 10:13    1265664 --a------   C:\Program Files\Support.dll
2005-06-30 18:06    44900   --a------   C:\Program Files\FMP Acknowledgements.pdf
2005-05-17 14:05    847872  --a------   C:\Program Files\libeay32.dll
2005-05-17 14:05    159744  --a------   C:\Program Files\ssleay32.dll
2005-04-18 17:43    942080  --a------   C:\Program Files\omniORB4.dll
2005-04-18 17:43    16896   --a------   C:\Program Files\omnithread.dll
2005-04-18 17:43    1224192 --a------   C:\Program Files\omniDynamic4.dll
2005-02-28 10:33    1388544 --a------   C:\Program Files\xerces.dll
2005-02-28 10:32    94208   --a------   C:\Program Files\XalanTransformer.dll
2005-02-28 10:32    630784  --a------   C:\Program Files\XSLT.dll
2005-02-28 10:32    38912   --a------   C:\Program Files\XalanDOM.dll
2005-02-28 10:32    37376   --a------   C:\Program Files\DOMSupport.dll
2005-02-28 10:32    360448  --a------   C:\Program Files\XPath.dll
2005-02-28 10:32    24064   --a------   C:\Program Files\XalanExtensions.dll
2005-02-28 10:32    212992  --a------   C:\Program Files\PlatformSupport.dll
2005-02-28 10:32    188416  --a------   C:\Program Files\XercesParserLiaison.dll
2005-02-28 10:32    135168  --a------   C:\Program Files\XalanSourceTree.dll
2005-02-28 10:32    126976  --a------   C:\Program Files\XMLSupport.dll
2005-02-03 09:44    4479682 --a------   C:\Program Files\CD Individual User Guide.pdf
2004-11-17 13:03    21928   --a------   C:\Program Files\Complete Data Licence Agreement.pdf
2004-05-26 16:44    1170241 --a------   C:\Program Files\Mail Merge Guide.pdf
2003-03-18 20:12    1047552 --a------   C:\Program Files\MFC71u.dll
2003-03-18 19:14    499712  --a------   C:\Program Files\msvcp71.dll
2003-02-21 03:42    348160  --a------   C:\Program Files\msvcr71.dll
2001-08-23 05:00    1700352 --a------   C:\Program Files\GdiPlus.dll



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))



*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-09 20:10]
"KeybdUtility"="C:\Program Files\On Screen Display\Hotkey.exe" [2004-08-26 16:14]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-13 08:19]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-13 08:18]
"AGRSMMSG"="AGRSMMSG.exe" [2003-03-31 14:54 C:\WINDOWS.0\AGRSMMSG.exe]
"batterymiser"="C:\Program Files\Battery miser\batterymiser.exe" [2004-08-28 09:05]
"NeroFilterCheck"="C:\WINDOWS.0\system32\NeroCheck.exe" [2001-07-09 20:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-03-04 01:47]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 16:35]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36]
"mpcsr"="C:\WINDOWS.0\system32\mpcsr.exe" [2005-09-21 14:47]
"mpcsrv"="C:\WINDOWS.0\system32\mpcsrv.exe" [2005-09-30 11:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-29 16:34]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~2.exe" [2005-12-13 07:49]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-09 16:56]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-25 05:37]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 15:56]
"ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-04 22:00]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= C:\WINDOWS.0\system32\bmpsap.dll [2004-08-27 15:05 73728]



**************************************************************************


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-09 10:51:44
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden registry entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************


Completion time: 2007-08-09 10:52:27
C:\ComboFix-quarantined-files.txt ... 2007-08-09 10:52


--- E O F ---

Edited by happygeek: fixed formatting

0

Okayyy... first off, you seem to have two XP OS's on you C: drive...? You are booting into the first, windows.0, but I wager there is a Windows.1...?
Imesh. Do you like it? I leave that up to you.... remove via add/rmv pgms in control panel.... there is a O2 entry also...
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll

Right. Fix these with hijackthis:

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [mpcsr] C:\WINDOWS.0\system32\mpcsr.exe
O4 - HKLM\..\Run: [mpcsrv] C:\WINDOWS.0\system32\mpcsrv.exe

Delete these files:

C:\WINDOWS.0\system32\mpcsr.exe
C:\WINDOWS.0\system32\mpcsrv.exe

Unlocker 1.8.5 [-just in case you need it.]

==This one is a general purpose deleter, Unlocker 1.8.5:
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.

Now:

==Get CCleaner and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way.

Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.

[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs .. Note that CCleaner is also a free registry cleaner. Explore all its options, but skip the prefetch folder cleaning option. That one is unnecessary because windows automatically dumps old unused entries anyway, they can do no harm, and further, if there is no prefetch entry for an app you wish to load then your sys will just be a lil bit slower loading it. And an entry will then be generated anyway.]

Finally:

==GET AVG antispyware 7.5
Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
-press Apply all Actions and Save the log file. Post the log file.

... and that should be it.

Edited by happygeek: fixed formatting

0

genious! thats all i can say, all fixed!


thanks buddy, if your ever in melbourne australia send me a email, i owe you a couple of beers!

cheers adamo.

0

report as follows,
also avg found.....
trojan.wimad.a
dropper.small and additional medium level risks such as tracking cookies. i assume i should quarantine/delete all risk files found..

one last question i have is, should i remove one of the windows files that are on my computer, i have windows and windows.0 in my c:\
and what way would be the best way to remove if i have to?

thanks

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:02:27 PM 8/10/2007

+ Scan result:

HKU\S-1-5-21-1645522239-1606980848-1343024091-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : No action taken.
C:\QooBox\Quarantine\C\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL.vir -> Adware.IMeshBar : No action taken.
C:\System Volume Information\_restore{68E23236-10E2-499A-804D-4A012C4B499B}\RP729\A0068084.DLL -> Adware.IMeshBar : No action taken.
C:\System Volume Information\_restore{68E23236-10E2-499A-804D-4A012C4B499B}\RP676\A0058164.exe -> Dropper.Small : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[3].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\hn\Cookies\hn@search.msn[2].txt -> TrackingCookie.Msn : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\My Downloads\01 Track 1.wma -> Trojan.Wimad.a : No action taken.


::Report end

0

Orrite, do that, remove all those files that AVG quarantined.
=If everything is now working okay you should clear all your system restore points because some have been infected.... AVG may have cleaned them, but we cannot be sure it found everything. So go control panel > system > system restore tab, check Turn off sys res on all drives, Apply and OK. Do it all again but uncheck that box, Apply and OK.
[[a quick way in is Start > run, paste: control sysdm.cpl,,4 -and OK]]
=Because I cannot see your sys I do not know if you have duplicated My Documents folders - log into the unwanted windows OS and if there are files in its My Docs that you want copy them out to an std directory eg.. C:\Othersysfiles\ so that you can later access them -this is just in case.
Then if happy, simply log into the Windows that you wish to keep and go CP, System, Advanced, Startup n recovery Settings, press Edit. A notepad with your boot.ini files will open - be careful with it, if you make errors in it and hit save you may face problems..... if you like just post it here for guidance.
Keen to try it yourself? Okay, it will look something like this:

[boot loader]
timeout=20
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

-the idea is to set in the default= line the OS you wish to keep [in this example it is windows.0], and simply delete the line under [operating systems] representing the OS you wish to remove. And hit Save.
Next you start your sys and delete the Windows folder that you do not want.
Post your boot.ini file if at all unsure!!!

0

mostly all sweet now, just cant seem to get rid of 3 .dll files, shfolder.dll, qmgr.dll and winhttp.dll

i removed these files from the windows folder as they were the only files obstrcting me from deleting that folder, any suggestions to remove these? other than that, background is all fixed, only only one version of windows remains on my computer

adamo

0

==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
Just make sure your other windows directory has these files first...

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.