Help Please

View previous topic View next topic Go down

Help Please

Post by Arfurpoole on 30th December 2009, 10:51 am

Hello There , Just new on here looking for some help , i am posting a hijack this and a combofix log below , Xp Media Center Edition with sp3 , Malwarebytes etc wont run , just shuts down , browser redirecting to various rouge scanners , nightmare , tried running Avira and Malwarebytes with Hdd hooked up to another machine and although they removed quite a lot the main infection still seems to be doing its thing , manyb thanks in advance for any / all help.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:27, on 30/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
D:\Documents and Settings\Ben.SN127392920300.000\Desktop\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - [You must be registered and logged in to see this link.]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [You must be registered and logged in to see this link.]
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9dd773c4e3598) (gupdate1c9dd773c4e3598) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 8118 bytes


ComboFix 09-12-29.05 - Ben 30/12/2009 9:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.572 [GMT 0:00]
Running from: J:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2159247930-3087464286-4252778850-500
c:\windows\kb913800.exe
c:\windows\system32\Thumbs.db
d:\documents and settings\Ben\Start Menu\Programs\Download programs.url
d:\documents and settings\Ben\Start Menu\Programs\Games.url
d:\documents and settings\Ben\Start Menu\Programs\Translator.url
d:\documents and settings\Ben\Start Menu\Programs\Videos.url
d:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon
d:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon\domains.txt
d:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon\log.txt
d:\documents and settings\LocalService\Application Data\NetMon
d:\documents and settings\LocalService\Application Data\NetMon\domains.txt
d:\documents and settings\LocalService\Application Data\NetMon\log.txt
D:\x.dat
D:\z.dat

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.

2009-12-30 09:43 . 2009-12-30 09:43 -------- d-sh--w- d:\documents and settings\Ben.SN127392920300.000\PrivacIE
2009-12-29 20:51 . 2009-12-29 20:51 -------- d-----w- d:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-29 20:50 . 2009-12-29 20:50 -------- d-sh--w- d:\documents and settings\Administrator\IETldCache
2009-12-29 20:42 . 2009-12-29 20:42 -------- d-sh--w- d:\documents and settings\Ramsey.SN127392920300\IECompatCache
2009-12-29 20:40 . 2009-12-29 20:40 -------- d-sh--w- d:\documents and settings\Ramsey.SN127392920300\IETldCache
2009-12-29 20:38 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-29 20:38 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 20:17 . 2008-04-14 00:12 26624 ----a-w- d:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-29 20:15 . 2009-12-29 20:15 -------- d-sh--w- d:\documents and settings\Ben.SN127392920300.000\IECompatCache
2009-12-29 20:15 . 2009-12-29 20:15 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache
2009-12-29 20:15 . 2009-12-29 20:15 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache
2009-12-29 20:15 . 2009-12-29 20:15 -------- d-sh--w- d:\documents and settings\Ben.SN127392920300.000\IETldCache
2009-12-29 20:08 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-29 20:08 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-29 20:07 . 2009-12-29 20:07 -------- d-----w- c:\windows\ie8updates
2009-12-29 20:07 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-12-29 20:06 . 2009-12-29 20:07 -------- dc-h--w- c:\windows\ie8
2009-12-29 20:00 . 2009-12-29 20:00 -------- d-----w- d:\documents and settings\Ben.SN127392920300.000\Application Data\Windows Desktop Search
2009-12-29 20:00 . 2009-12-29 20:32 -------- d-----w- c:\program files\Windows Desktop Search
2009-12-29 20:00 . 2009-12-29 20:00 -------- d-----w- c:\windows\system32\GroupPolicy
2009-12-29 19:59 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2009-12-29 19:59 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2009-12-29 19:59 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2009-12-29 19:59 . 2009-12-29 19:59 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-29 19:57 . 2009-12-29 19:57 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-29 19:57 . 2009-12-29 19:57 -------- d-----w- c:\windows\system32\LogFiles
2009-12-29 17:32 . 2009-12-29 17:32 -------- d-----w- d:\documents and settings\Ramsey.SN127392920300\Application Data\Malwarebytes
2009-12-29 17:13 . 2009-12-29 17:13 -------- d-----w- d:\documents and settings\Ben.SN127392920300.000\Application Data\Malwarebytes
2009-12-29 17:13 . 2009-12-29 20:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-29 17:13 . 2009-12-29 17:13 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-29 16:07 . 2009-12-29 16:07 -------- d-----w- c:\program files\CCleaner
2009-12-21 21:10 . 2009-12-21 21:10 -------- d-----w- d:\documents and settings\Ramsey.SN127392920300\Application Data\AVG8
2009-12-04 17:53 . 2009-12-04 17:53 -------- d-----w- C:\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 20:49 . 2009-11-21 15:36 670720 ----a-w- d:\documents and settings\All Users\Application Data\Cast ping base frag\long mess.exe
2009-12-29 20:35 . 2009-11-21 15:36 -------- d-----w- d:\documents and settings\All Users\Application Data\Cast ping base frag
2009-12-29 17:04 . 2008-06-16 21:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-29 16:57 . 2006-10-20 04:13 77672 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-29 16:54 . 2008-06-16 21:39 -------- d-----w- c:\program files\Norton Internet Security
2009-12-29 01:19 . 2009-07-27 14:43 -------- d-----w- d:\documents and settings\Ben.SN127392920300.000\Application Data\Spotify
2009-12-21 17:40 . 2008-06-17 21:51 -------- d-----w- c:\program files\Google
2009-12-19 14:08 . 2008-07-05 17:23 39 ----a-w- d:\documents and settings\Ben.SN127392920300.000\jagex_runescape_preferences.dat
2009-12-19 14:08 . 2009-10-07 22:39 69 ----a-w- d:\documents and settings\Ben.SN127392920300.000\jagex_runescape_preferences2.dat
2009-12-16 22:58 . 2009-11-17 01:35 79488 ----a-w- d:\documents and settings\Ben.SN127392920300.000\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-05 16:17 . 2008-07-12 20:02 5024 ----a-w- d:\documents and settings\Ben.SN127392920300.000\Application Data\wklnhst.dat
2009-12-03 17:14 . 2008-06-17 21:51 -------- d-----w- d:\documents and settings\All Users\Application Data\Google Updater
2009-11-23 18:00 . 2009-10-29 18:03 -------- d-----w- d:\documents and settings\All Users\Application Data\EPSON
2009-11-21 15:51 . 2004-09-10 13:56 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 15:37 . 2009-03-13 21:38 -------- d-----w- d:\documents and settings\Ramsey.SN127392920300\Application Data\title admin defy
2009-11-21 15:37 . 2009-11-21 15:37 299008 ----a-w- d:\documents and settings\Ramsey.SN127392920300\Application Data\title admin defy\Cool send wave.exe
2009-11-21 15:36 . 2009-03-13 21:38 315392 ----a-w- d:\documents and settings\Ramsey.SN127392920300\Application Data\title admin defy\OneFlapPlatformThird.exe
2009-11-21 15:36 . 2009-11-21 15:36 669184 ----a-w- d:\documents and settings\Ramsey.SN127392920300\Application Data\title admin defy\dzarxiht.exe
2009-11-06 21:07 . 2009-11-06 01:54 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-06 01:53 . 2008-07-05 17:00 -------- d-----w- c:\program files\Windows Live
2009-11-06 01:53 . 2008-10-22 15:54 -------- d-----w- c:\program files\Windows Live Toolbar
2009-11-06 01:52 . 2009-11-06 01:52 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-06 01:48 . 2009-11-06 01:48 -------- d-----w- c:\program files\Microsoft
2009-11-06 01:47 . 2009-11-06 01:47 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-06 00:13 . 2009-11-06 00:13 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-30 14:48 . 2009-04-11 00:37 1 ----a-w- d:\documents and settings\Ben.SN127392920300.000\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-29 07:45 . 2004-09-10 13:57 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-09-10 13:57 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-09-10 13:57 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 22:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-09-10 13:57 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-09-10 13:57 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-09-10 13:57 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 14:57 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 14:57 . 2004-09-10 13:57 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 14:56 . 2004-09-10 13:57 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 07:53 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Ben.SN127392920300.000^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=d:\documents and settings\Ben.SN127392920300.000\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Ben.SN127392920300.000^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=d:\documents and settings\Ben.SN127392920300.000\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
2005-10-20 05:15 102400 ----a-w- c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 13:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON S21 Series]
2008-09-12 15:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFAE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 13:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-06-02 07:59 5451536 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 09:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-09-17 23:55 13574144 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-09-17 23:55 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-09-17 23:55 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
2006-01-30 08:56 1978368 ----a-w- c:\apps\Softex\OmniPass\scureapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-10 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-10 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-06-16 21:34 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-18 13:27 16207872 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 17:04 2879488 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2005-10-18 11:14 557056 ----a-w- c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-18 21:36 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
2004-10-04 12:03 310272 ----a-w- c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06/11/2009 01:53 54752]
S2 gupdate1c9dd773c4e3598;Google Update Service (gupdate1c9dd773c4e3598);c:\program files\Google\Update\GoogleUpdate.exe [25/05/2009 20:27 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [29/12/2009 20:38 38224]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Base frag grid bows - d:\documents and settings\All Users\Application Data\Cast ping base frag\Axis Mix.exe
MSConfigStartUp-camp browse - d:\docume~1\BENSN1~1.000\APPLIC~1\TITLEA~1\That Gram.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-30 10:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\wininet.dll
c:\apps\Softex\OmniPass\opxpgina.dll
.
Completion time: 2009-12-30 10:02:56
ComboFix-quarantined-files.txt 2009-12-30 10:02

Pre-Run: 30,100,303,872 bytes free
Post-Run: 30,061,993,984 bytes free

- - End Of File - - 2CA676FCEB91C4A18FC44F05F96E94BB

Arfurpoole
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-12-30
OS OS : Xp Media Center Ed Sp3
Points Points : 25388
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help Please

Post by Belahzur on 30th December 2009, 8:31 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help Please

Post by Arfurpoole on 31st December 2009, 8:43 am

Hi There , Did that but no difference im afraid , still just the same , Think i'm just gonna Reinstall the op system , Thank you just the same.

Arfurpoole
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-12-30
OS OS : Xp Media Center Ed Sp3
Points Points : 25388
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum