Please help me with this hijackthis log...

Discussion in 'Windows - Virus and spyware problems' started by hakuron, Sep 9, 2008.

  1. hakuron

    hakuron Member

    Joined:
    Jan 7, 2006
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    16
    @2oldgeek

    well i have disabled the McAfee WSC Integration, McAfee Task Scheduler and McAfee SecurityCenter using the services.msc. but for some reason, the mcafee icon is still on the bottom right hand corner of the screen.

    I have no problems with the ATF-Cleaner.exe.

    After I ran the Malwarebytes' Anti-Malware, it says that there are few malwares that can't be removed, it told me to restart the computer and it will remove it. I did that, but on the typing the password part, it froze after i typed the password to log-in to windows. so i forced shut it again, but it worked the second time.

    and the combofix thing, i got the same problem as last time. the nircmd.com thing.

    btw, when i paste the combofix /u in the box, it says windows can't file the combofix file. i guess i deleted it???

    so yea, this is the latest update on my computer, but at least the worm problem is getting better. the linking to other pages are gone, the computer is faster, and i could actually click on the links that you gave me for the .exe s because most of the time it will just say page not found, so i have to use my other computer to download them and transfer them to this computer. thanks :)

    here are my logs:

    Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:52:18 PM, on 9/18/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Lavasoft\Personal Firewall\lpfw.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\tsnpstd3.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\FlashGet\FlashGet.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Dell Wireless\PRISMCFG.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: (no name) - {491AF6C5-21F2-46E1-C653-3DF529127D7B} - C:\WINDOWS\wcidBHO.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {85CF4327-68DE-1974-B32E-766E84A9706C} - C:\WINDOWS\wcidBHO.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [Personal Firewall] C:\Program Files\Lavasoft\Personal Firewall\lpfw.exe /waitservice
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Lavasoft\PERSON~1\wl_hook.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Personal Firewall Service (LavasoftFirewall) - Agnitum Ltd. - C:\Program Files\Lavasoft\Personal Firewall\lpfw.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 10666 bytes


    Malwarebytes

    Malwarebytes' Anti-Malware 1.28
    Database version: 1170
    Windows 5.1.2600 Service Pack 2

    9/18/2008 3:16:24 PM
    mbam-log-2008-09-18 (15-16-24).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 159536
    Time elapsed: 1 hour(s), 6 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 12
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 4
    Files Infected: 49

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\TypeLib\{6a8a50ea-91e6-4325-ac66-a94ce9c5a28e} (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8d4c1db9-858d-4048-9869-9188dcf2bed7} (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{232de810-25e4-4d59-b91c-ec1ab2759253} (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{b130cddd-d5c5-428d-9322-d9896cc20304} (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{48413ad5-c4fb-4139-b9ec-e2e81f669b8a} (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9b3b6152-725c-423f-8fd5-90e4fb67d33c} (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{d44f08e1-3c00-41a8-8a36-7ff7d3f08c15} (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{90abcbc0-8d4a-4094-820d-152780f49d4f} (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3a14dc54-d801-419c-9c44-b9982d9a949b} (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adware away v2.2.8.9_is1 (Rogue.AdwareAway) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: system32\ -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files\Adware Away (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\backup (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\OtherTools (Rogue.AdwareAway) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\Adware Away\ab_old.reg (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\activex.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\AdAway.chm (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\AdAway.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\AdAway.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\autorun.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\Customize.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\EProcess.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\fa.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\FixForV8.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\global.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\hosts.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\iebhotoolbar.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\iedlls.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\iepage.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\ierestriction.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\ietoolbarbutton.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\ieurlprefix.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\ieurlsearchhook.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\keylogger.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\ListDlls.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\LSP.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\OtherNormal.dat (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\overall.log (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\piracy.txt (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\process.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\service.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\sharedresource.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\shellextensions.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\sporder.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\unins000.dat (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Program Files\Adware Away\unins000.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Adware Away.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Uninstall.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\User Manual.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\OtherTools\FixForV8.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\OtherTools\ListDlls.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\casino1.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\casino2.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\casino3.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
    C:\Documents and Settings\Vicky Chan\Desktop\Adware Away.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.


    and i can't find the c:\comboFix.txt


    thank you very much

    hakuron
     
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    @hakuron,

    Malwarebytes’ removed a lot of infection. Your HJT log still shows signs of infection.

    Also McAfee shows to still be running.

    You must stop McAfee before we can run ComboFix which is necessary to clean the infection still remaining in your machine.

    Download and run this un-installer from McAfee and hopefully it will be able to get rid of all the mcafee stuff so we can finish cleaning up….

    http://tools.mcafeehelp.com/doc.php?siteid=1&docid=419397


    after running the mcafee un-installer, post a fresh HJT Log.

    2OG
     
  3. hakuron

    hakuron Member

    Joined:
    Jan 7, 2006
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    16
  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    @hakuron,

    Welllllllllll, I guess they have lost their server because it worked for me yesterday. Maybe they’ll be back up soon and we can try it.

    I really would like to get rid of that McAfee, if possible, but it can wait. Hehe

    Here is something we can try. I have been searching for a reason that windows was rejecting the ComboFix file and maybe this will do the trick:

    Download -> COM File Association Fix

    Download the ZIP and open it. Extract the REG file to your desktop and double click it. Answer yes to the import prompt.


    After running the above Fix please delete any copy of ComboFix you may have left.

    Then go through these instructions again and, hopefully, it will work this time.



    1. Download Combo fix from one of these locations.
    * IMPORTANT !!! Place combofix.exe on your Desktop

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://subs.geekstogo.com/ComboFix.exe

    2. Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.




    [​IMG]


    3. Combo will begin to run DO NOTHING while this is happening.
    • It will kill a few processes and disconnect you from the internet.
    • If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
    • This needs to be done so the program can work most efficiently for you.
    Do not attempt to use the internet or anything else while it's doing its job for you.

    If when it's completed you can not get on the internet just reboot the computer

    Post the log from comboFix for me located in
    c:\comboFix.txt


    2OG
     
  5. hakuron

    hakuron Member

    Joined:
    Jan 7, 2006
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    16
    @2oldgeek

    Sorry to tell you this but when i run the COM File Association Fix, the 'same window cannot open this file : xp_com_fix_reg and ask me what kind of program i should use to open it' window appeared again ! i'm sure this new is really frustrating to you, as i am too :p

    hakuron
     
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    @hakuron,

    It is frustrating since I don’t have my hands on it and my crystal ball is really fuzzy. ;)

    I must be out of town a few days and will be thinking about it but in the mean time, I believe you may consider a re-format/re-install of your OS as a last resort, of curse.


    2OG
     
  7. hakuron

    hakuron Member

    Joined:
    Jan 7, 2006
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    16
    @2oldgeek

    really? wow, that would be terrible if i really have to reformat the computer... but i guess if it doesn't bother me too much, i could just leave it just like this??? or will it get worse over time?

    have a safe trip

    hakuron
     
  8. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    I'm sorry for intruding, but your problem can be fixed manually, hakuron. Another sorry to 2oldgeek, if I'm messing up your thread. Normally, I would tell you first, but apparently, you're out of town... :(

    This might take some trial and error, but perhaps it can be done.

    First, download REG File Association Fix. Unzip this file only. Do not run it yet.

    Go to Start, Run, and type in regedit. Click on OK. If this step does not work, look below. **

    Click on File, Import, and navigate to xp_regfile.reg. Click on Open. Restart your computer.

    Now, run the COM File Association Fix and reboot. I'll leave the rest for 2oldgeek.

    Best Regards :D

    **Download this tool ( http://www.softpedia.com/get/Security/Security-Related/RRT-Remove-Ristrictions-Tool.shtml ) and enable regedit. You might have to reboot for the changes to take effect.
     
  9. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    @hakuron,

    Step through the instructions that cdavfrew posted and let me know what happens….

    If you don’t understand something, please ask..

    @cdavfrew,
    Tnx, sounds like that might work or at least narrow it down. :)
     
  10. hakuron

    hakuron Member

    Joined:
    Jan 7, 2006
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    16
    @2oldgeek and cdavfrew

    well i ran the REG File Association Fix that cdavfrew has suggested. and it ran smoothly. then i tried to run the combofix file. this time no nircmd window popped up, so it ran smoothly also (asking me to click 'yes') and it restarted the computer. so far so good, but after i typed my password to log-on to windows, i can't see any icons(start buttons, toolbar, clock, icons on the desktop..etc). i can only see my desktop wallpaper. so i tried to force shut it off and turn it back on, but the same thing happened. but i know the computer works because i tried to press crtl+alt+delete and the window task manager pops up. but yea, as far as i can see, i can't use my computer because there aren't an icons for me to click. but the good news is that remember i told you about a weird window that pops up everytime before i type my password? that window didn't pop up anymore !!

    please tell me what to do next so that i can finally use my cleaned computer. :) can't wait

    thank you very much

    hakuron
     
  11. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    @ hakuron,

    I don’t have much time but here is something to try…

    Since you have your Task Manager:

    Hit CTrl+Alt+Delete to open Task Manager:
    Choose the Application Tab at the top.
    Click the "New Task..." button.
    Type explorer.exe and hit enter.

    Hopefully this will return your desktop and icons.

    If ComboFix ran successfully please post the Log located at c:\comboFix.txt

    2OG
     
  12. hakuron

    hakuron Member

    Joined:
    Jan 7, 2006
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    16
    @2oldgeek

    wow, after i typed explorer.exe, the icons appeared magically !! thank you so much. oh here's the log file. btw i've replaced my name with XXXXXXX :) and one last question, do i have to type explorer.exe everytime my computer starts? or is it a one time thing?

    ComboFix 08-10-07.06 - XXXXXXXX 2008-10-07 20:55:57.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.950.852.1033.18.608 [GMT -7:00]
    Running from: C:\Documents and Settings\XXXXXXXX\desktop\combofix.exe
    Command switches used :: /killall
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    C:\WINDOWS\system32\tdsspopup.dll
    C:\WINDOWS\system32\tdsspopup1.url
    C:\WINDOWS\system32\tdsspopup2.url
    C:\WINDOWS\system32\tdsspopup3.url

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV
    -------\Service_TDSSserv


    ((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
    .

    2008-10-04 17:11 . 2008-10-04 17:11 <DIR> d-------- C:\Program Files\ConvertHelper
    2008-10-04 15:10 . 2008-10-04 15:10 <DIR> d-------- C:\Documents and Settings\XXXXXXXX\dwhelper
    2008-10-03 13:01 . 2008-10-03 13:01 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-10-03 13:00 . 2008-10-03 13:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-09-19 21:51 . 2008-10-07 20:01 <DIR> d-------- C:\Documents and Settings\XXXXXXXXX\Application Data\skypePM
    2008-09-19 21:51 . 2008-09-19 21:51 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-09-19 21:38 . 2008-09-19 21:38 <DIR> d-------- C:\Program Files\Common Files\Skype
    2008-09-18 14:05 . 2008-09-18 14:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-18 14:05 . 2008-09-18 14:05 <DIR> d-------- C:\Documents and Settings\XXXXXXXX\Application Data\Malwarebytes
    2008-09-18 14:05 . 2008-09-18 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-18 14:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-18 14:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-17 15:38 . 2008-09-17 16:31 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-09-09 00:12 . 2008-09-09 00:12 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-08 22:59 . 2008-09-08 22:59 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2008-09-08 21:14 . 2008-09-08 21:14 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Lavasoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-08 03:51 --------- d-----w C:\Documents and Settings\XXXXXXXX\Application Data\OpenOffice.org2
    2008-10-08 03:43 37,624 ----a-w C:\Documents and Settings\XXXXXXXXX\Application Data\wklnhst.dat
    2008-10-08 03:40 --------- d-----w C:\Documents and Settings\XXXXXXXX\Application Data\Skype
    2008-10-06 06:15 --------- d-----w C:\Program Files\FlashGet
    2008-10-05 05:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
    2008-10-01 06:50 --------- d-----w C:\Documents and Settings\XXXXXXXXXX\Application Data\dvdcss
    2008-09-25 08:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-25 08:13 --------- d-----w C:\Documents and Settings\XXXXXXXXXX\Application Data\Samsung
    2008-09-24 23:42 --------- d-----w C:\Documents and Settings\XXXXXXXXXX\Application Data\HP
    2008-09-12 01:32 --------- d-----w C:\Program Files\BitComet
    2008-09-09 05:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-09-06 20:08 --------- d-----w C:\Program Files\Citrix
    2008-09-06 20:07 61,224 ----a-w C:\Documents and Settings\XXXXXXXXX\GoToAssistDownloadHelper.exe
    2008-09-06 19:43 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-09-06 19:41 --------- d-----w C:\Documents and Settings\XXXXXXXXXX\Application Data\AdobeUM
    2006-02-21 05:20 87,088 ----a-w C:\Documents and Settings\XXXXXXXXXX\Application Data\GDIPFONTCACHEV1.DAT
    2005-05-14 00:12 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 18:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
    2005-10-14 04:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
    2005-10-08 02:14 308,224 --sha-w C:\WINDOWS\system32\avisynth.dll
    2005-07-14 19:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 22:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
    2006-04-27 17:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
    2005-02-28 20:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
    2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
    .
    Code:
    <pre>
    ----a-w         2,328,733 2006-12-16 07:39:14  C:\Program Files\BitComet\Downloads\WinXMedia DVD AVI MP3 MP4 MPEG iPod PSP Video Audio Converter Ripper\WinXMedia DVD Audio Ripper\WinXMedia DVD Audio Ripper .exe
    </pre>

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
    "Personal Firewall"="C:\Program Files\Lavasoft\Personal Firewall\lpfw.exe" [2005-11-03 91648]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [N/A]
    "CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2006-04-12 20480]
    "tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 90112]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 229952]
    "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 827392]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 C:\WINDOWS\stsystra.exe]
    "MAIHIME_ACCESSORY_STARTUP"="" [N/A]
    "MAIHIME_CALENDAR_STARTUP"="" [N/A]

    C:\Documents and Settings\XXXXXXX\Start Menu\Programs\Startup\
    OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-02-18 122880]
    Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [2006-02-07 917611]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-09-06 13:07 10536 C:\Program Files\Citrix\GoToAssist\516\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "C:\\Program Files\\mIRC\\mirc.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Media Center Diagnostic Kit\\MCDiag.exe"=
    "C:\\Program Files\\Media Center Diagnostic Kit\\MCEHostRemote.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "32670:TCP"= 32670:TCP:Azureus port
    "6881:TCP"= 6881:TCP:bt1
    "6882:TCP"= 6882:TCP:bt2
    "6883:TCP"= 6883:TCP:bt3
    "6884:TCP"= 6884:TCP:bt4
    "6885:TCP"= 6885:TCP:bt5
    "25456:TCP"= 25456:TCP:BitComet 25456 TCP
    "25456:UDP"= 25456:UDP:BitComet 25456 UDP

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R1 VFILT;Lavasoft Firewall Kernel Driver;C:\Program Files\Lavasoft\Personal Firewall\kernel\FILTNT.SYS [2005-11-03 117408]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 ehMonitor;Media Center Monitor Service;C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe [2005-09-07 49336]
    R3 ADBLOCK.DLL;Lavasoft Firewall PlugIn (ADBLOCK.DLL);C:\Program Files\Lavasoft\Personal Firewall\kernel\ADBLOCK.DLL [2005-11-03 33504]
    R3 ARP.DLL;Lavasoft Firewall PlugIn (ARP.DLL);C:\Program Files\Lavasoft\Personal Firewall\kernel\ARP.DLL [2005-11-03 17632]
    R3 CONTENT.DLL;Lavasoft Firewall PlugIn (CONTENT.DLL);C:\Program Files\Lavasoft\Personal Firewall\kernel\CONTENT.DLL [2005-11-03 4928]
    R3 DNSCACHE.DLL;Lavasoft Firewall PlugIn (DNSCACHE.DLL);C:\Program Files\Lavasoft\Personal Firewall\kernel\DNSCACHE.DLL [2005-11-03 14208]
    R3 FTPFILT.DLL;Lavasoft Firewall PlugIn (FTPFILT.DLL);C:\Program Files\Lavasoft\Personal Firewall\kernel\FTPFILT.DLL [2005-11-03 9056]
    R3 HTMLFILT.DLL;Lavasoft Firewall PlugIn (HTMLFILT.DLL);C:\Program Files\Lavasoft\Personal Firewall\kernel\HTMLFILT.DLL [2005-11-03 11584]
    R3 HTTPFILT.DLL;Lavasoft Firewall PlugIn (HTTPFILT.DLL);C:\Program Files\Lavasoft\Personal Firewall\kernel\HTTPFILT.DLL [2005-11-03 13280]
    R3 IMAPFILT.DLL;Lavasoft Firewall PlugIn (IMAPFILT.DLL);C:\Program Files\Lavasoft\Personal Firewall\kernel\IMAPFILT.DLL [2005-11-03 7232]
    R3 MAILFILT.DLL;Lavasoft Firewall PlugIn (MAILFILT.DLL);C:\Program Files\Lavasoft\Personal Firewall\kernel\MAILFILT.DLL [2005-11-03 14784]
    R3 NNTPFILT.DLL;Lavasoft Firewall PlugIn (NNTPFILT.DLL);C:\Program Files\Lavasoft\Personal Firewall\kernel\NNTPFILT.DLL [2005-11-03 6784]
    R3 POP3FILT.DLL;Lavasoft Firewall PlugIn (POP3FILT.DLL);C:\Program Files\Lavasoft\Personal Firewall\kernel\POP3FILT.DLL [2005-11-03 10016]
    R3 PROTECT.DLL;Lavasoft Firewall PlugIn (PROTECT.DLL);C:\Program Files\Lavasoft\Personal Firewall\kernel\PROTECT.DLL [2005-11-03 16992]
    R3 SECRET.DLL;Lavasoft Firewall PlugIn (SECRET.DLL);C:\Program Files\Lavasoft\Personal Firewall\kernel\SECRET.DLL [2005-11-03 9728]
    S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe Start=service [ ]
    S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2006-04-23 29184]
    S4 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE [2004-10-04 57344]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47067ed8-ba1a-11da-ae51-0014a55dc70c}]
    \Shell\AutoRun\command - F:\q83iwmgf.bat
    \Shell\explore\Command - F:\q83iwmgf.bat
    \Shell\open\Command - F:\q83iwmgf.bat
    .
    Contents of the 'Scheduled Tasks' folder

    2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\XXXXXXX\Application Data\Mozilla\Firefox\Profiles\4yxa7ucb.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-07 23:34:41
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    C:\WINDOWS\explorer.exe [2444] 0x8569DAF0

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\McAfee.com\Agent\Mcdetect.exe
    C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\PRISMSVR.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\conime.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-07 23:41:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-08 06:41:09

    Pre-Run: 71,113,617,408 bytes free
    Post-Run: 77,711,953,920 bytes free

    225 --- E O F --- 2008-09-10 10:02:32


    Thank you very much for the fast reply

    hakuron
     
  13. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    You got me buddy, give it a boot and see……..

    Maybe all will change after we get you cleaned up.. ;)

    I need some time to go over the Combo Log so don’t hold your breath… lol

    Looks like you may have a worm on a flash drive…. You do have a flash drive, huh?

    I’ll be looking over the logs so any questions, concerns?

    Also, while I am looking over the logs, please go to Start > Run > type in sfc /scannow click OK

    Let it run and let me know the outcome…

    2OG
     
  14. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Also, please send me a fresh HJT Log.... TNX

    2OG
     
  15. hakuron

    hakuron Member

    Joined:
    Jan 7, 2006
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    16
    @2oldgeek

    i did the scan thing, and when it's almost complete, it asks me for a win xp cd2 , which i don't have. btw here's the HJT log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:38, on 2008-10-08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Lavasoft\Personal Firewall\lpfw.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\conime.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\tsnpstd3.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Dell Wireless\PRISMCFG.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: (no name) - {491AF6C5-21F2-46E1-C653-3DF529127D7B} - C:\WINDOWS\wcidBHO.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {85CF4327-68DE-1974-B32E-766E84A9706C} - C:\WINDOWS\wcidBHO.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [Personal Firewall] C:\Program Files\Lavasoft\Personal Firewall\lpfw.exe /waitservice
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Personal Firewall Service (LavasoftFirewall) - Agnitum Ltd. - C:\Program Files\Lavasoft\Personal Firewall\lpfw.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 10044 bytes


    thank you again

    hakuron
     
  16. hakuron

    hakuron Member

    Joined:
    Jan 7, 2006
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    16
    btw, what's a flash drive???
     
  17. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    @hakuron,

    Let me know if your icons and toolbar are staying in place now…

    You have a corrupt or missing System File. That is what we found out with the SFC /scannow..
    If you have a friend that has a XP disk, see if you can borrow it to make the repairs to your computer.. Simply run sfc /scannow again and when it asks for a CD put it in the drive and it will find and replace the bad file……


    The link I sent you for McAfee un-installer is still down but I found another one.
    Download and run this to get rid of the old McAfee programs that are still running in your machine:
    http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

    Here are a few other things you need to do:


    Your Adobe Reader is out of date.

    Download and install -> Adobe Reader 9.0



    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.


    Update Java using JavaRa

    Please download JavaRa and unzip it to your desktop.
    • Double-click on JavaRa.exe to start the program.
    • Click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.

    Then download and install Java Runtime Environment (JRE) 6 Update 7.



    Java Runtime can be activated by websites, so if there is security vulnerability in any Java version on your machine, it can be exploited by a malicious site to infect your machine. Each new version of Java fixes security vulnerabilities, so it's extremely important to keep up to date, and it's auto-update mechanism isn't considered very reliable.




    hakuron, I know you know what a Flash drive, Thumb drive, Pin drive, USB drive is….

    What is your F: Drive??? Either you or someone has plugged in a “F” drive and it contains a Worm. Find it and we can clean it. Otherwise don’t plug it in…….

    Let me know how everything is working.. any problems???

    2OG
     
  18. hakuron

    hakuron Member

    Joined:
    Jan 7, 2006
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    16
    @2oldgeek

    WOOHOO!! the Mcafee has finally been officially removed. i have updated Java and installed the new adobe reader. but there's still one slight problem, it seems that i have to type explorer.exe everytime after i restarted my computer to get my icons back. is there a way to make it stay there? and about the F drive, i'm not sure where you see it, because on the 'my computer' window, i don't see any F drive. only C, A, D, E , and G

    you're the best

    hakuron
     
  19. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    @hakuron,

    Will be away for a few days but when I return, hopefully, I can come up with a solution to get your desktop to load properly. Hang in there…. [​IMG]


    2OG
     
  20. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    @ hakuron,


    You won’t be able to see it until it’s plugged in. When you plug in a flash drive the system initializes it and places a key in the registry.

    The registry key shows up in ComboFix:


    This tells me that you have had a memory device connected to your computer and it loaded a file called q83iwmgf.bat which is a Bad file. See ->> q83iwmgf.bat - HERE

    That file is no longer in your computer, but if you connect that device without cleaning it you will be re-infected….


    As I said, this is a sign of a corrupted System file that needs to be replaced before Explorer can load properly..

    Since you have no CD did you check with all your friends, cousins, neighbors, etc. and maybe beg or borrow a CD from one of them???

    Maybe we can do a work around the problem or if we are lucky, there may be a file on your drive….

    Use windows explorer and navigate to C:\Windows\ - then look for a Folder named I386

    Let me know if you find this folder and we can go from there…..

    2OG
     

Share This Page