Fixed: Extreme virus problem - Page 3

Pancake · 06-29-2008

As it says in my instructions just tick the box next to the item/s and then hit Fix at the bottom of the page.

t-kayz · 06-29-2008

ComboFix 08-06-20.4 - Tendekai Kachere 2008-06-29 3:26:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.130 [GMT 1:00]
Running from: C:\Documents and Settings\Tendekai Kachere\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tendekai Kachere\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp\syschk3
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\agbgvppy.dll
C:\WINDOWS\SYSTEM32\agbyiynh.dll
C:\WINDOWS\SYSTEM32\akalrtlr.dll
C:\WINDOWS\SYSTEM32\bqifnuaq.dll
C:\WINDOWS\SYSTEM32\bqneilyk.dll
C:\WINDOWS\SYSTEM32\clwpxf.dll
C:\WINDOWS\SYSTEM32\cudcapen.dll
C:\WINDOWS\SYSTEM32\eogafiqq.dll
C:\WINDOWS\SYSTEM32\eukgxsiw.dll
C:\WINDOWS\SYSTEM32\hcbavmtx.dll
C:\WINDOWS\SYSTEM32\ifrocefn.dll
C:\WINDOWS\SYSTEM32\jgnmbcrg.dll
C:\WINDOWS\SYSTEM32\lyaypcts.dll
C:\WINDOWS\SYSTEM32\modtrux01
C:\WINDOWS\SYSTEM32\modtrux01\modtrux011065.exe
C:\WINDOWS\SYSTEM32\nfygcyeh.dll
C:\WINDOWS\SYSTEM32\pskpwdup.dll
C:\WINDOWS\SYSTEM32\qtmmthkw.dll
C:\WINDOWS\SYSTEM32\tmnqartl.dll
C:\WINDOWS\SYSTEM32\vrmiinod.dll
C:\WINDOWS\SYSTEM32\xlklpdkg.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.
2008-06-29 01:16 . 2008-06-29 01:16 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-29 01:08 . 2008-06-29 01:31 <DIR> d-------- C:\SDFix
2008-06-29 00:40 . 2008-06-29 02:13 526 ---hs---- C:\WINDOWS\SYSTEM32\nfecorfi.ini
2008-06-29 00:40 . 2008-06-29 00:40 0 --a------ C:\WINDOWS\BM33fc4321.xml
2008-06-27 10:33 . 2008-06-27 10:33 <DIR> d-------- C:\Deckard
2008-06-26 12:31 . 2008-06-26 12:31 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\iolo
2008-06-26 12:31 . 2008-06-26 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-06-26 01:14 . 2008-06-27 10:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 01:13 . 2008-06-26 19:50 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-26 01:13 . 2008-06-26 01:13 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\PC Tools
2008-06-26 01:13 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-06-26 01:13 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-06-26 01:13 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-06-26 01:13 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-06-24 12:51 . 2008-06-24 12:51 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-23 18:03 . 2008-06-23 18:03 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-23 00:01 . 2008-06-23 20:35 53,192 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_skt32.sys
2008-06-22 23:58 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_pkt32.sys
2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Program Files\Raxco
2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-06-22 23:56 . 2008-06-22 23:56 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-06-22 23:56 . 2008-06-22 23:56 <DIR> d-------- C:\Program Files\CA
2008-06-22 23:38 . 2008-06-22 23:55 <DIR> d-------- C:\Program Files\Virgin Broadband
2008-06-22 23:38 . 2008-06-23 00:02 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Virgin Broadband
2008-06-22 23:38 . 2008-06-22 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-06-22 23:33 . 2008-06-22 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME
2008-06-19 21:29 . 2008-06-26 00:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-19 21:29 . 2008-06-19 21:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-31 16:07 . 2008-05-31 16:07 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\ArcSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-26 19:05 --------- d-----w C:\Program Files\Modem On Hold
2008-06-26 19:05 --------- d-----w C:\Program Files\Microsoft Works
2008-06-26 12:02 --------- d-----w C:\Program Files\DivX
2008-06-26 11:41 --------- d-----w C:\Program Files\Common Files\Real
2008-06-24 11:41 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\MSN6
2008-06-22 22:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 17:22 --------- d-----w C:\Program Files\Yahoo!
2008-06-22 17:20 --------- d-----w C:\Program Files\Nokia
2008-06-22 12:25 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\uTorrent
2008-06-18 21:56 --------- d-----w C:\Program Files\Sports Interactive
2008-06-13 15:06 --------- d-----w C:\Program Files\OFFICE11
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-31 16:38 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\HPAppData
2008-05-10 08:31 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-05-10 08:31 --------- d-----w C:\Program Files\ArcSoft
2008-05-10 07:50 --------- d-----w C:\Program Files\Philips
2008-05-10 07:50 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\InstallShield
2008-05-09 06:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-09 06:52 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 17:01 --------- d-----w C:\Program Files\BearShare Applications
.
((((((((((((((((((((((((((((( snapshot@2008-06-29_ 0.39.33.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 23:28:21 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-06-29 02:30:20 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-06-28 02:48:40 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-29 00:16:31 7,516,160 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-29 00:16:31 102,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-28 02:48:40 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-29 00:16:17 7,516,160 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-06-29 00:16:17 102,400 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2002-08-29 04:00:00 50,620 ----a-w C:\WINDOWS\SYSTEM32\COMMAND.COM
+ 2001-08-18 12:00:00 50,620 ----a-w C:\WINDOWS\SYSTEM32\COMMAND.COM
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-02 02:45 98304]
"ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44 65536]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 02:12 2658304]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552]
"BM33fc4321"="C:\WINDOWS\system32\qtmmthkw.dll " [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 08:56 53760 C:\WINDOWS\SYSTEM32\narrator.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\uTorrent.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
S3 bDMusicb;bDMusicb;C:\DOCUME~1\TENDEK~1\LOCALS~1\Te mp\bDMusicb.sys []
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2004-08-04 08:56]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 19:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 19:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 19:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 19:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 19:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 19:24]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{97497e48-f395-11dc-b187-000f1f556a00}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 02:33:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-28 22:11:06 C:\WINDOWS\Tasks\WebReg Deskjet F2100 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 03:30:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2008-06-29 3:41:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 02:41:17
ComboFix2.txt 2008-06-28 23:40:26
Pre-Run: 59,654,438,912 bytes free
Post-Run: 59,633,868,800 bytes free
200 --- E O F --- 2008-06-28 23:47:33

Thanks again.

Pancake · 06-29-2008

Just this to fix and you are all done...

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\nfecorfi.ini
C:\WINDOWS\BM33fc4321.xml

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BM33fc4321"=-

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

t-kayz · 06-29-2008

ComboFix 08-06-20.4 - Tendekai Kachere 2008-06-29 11:09:32.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.177 [GMT 1:00]
Running from: C:\Documents and Settings\Tendekai Kachere\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tendekai Kachere\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\BM33fc4321.xml
C:\WINDOWS\SYSTEM32\nfecorfi.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM33fc4321.xml
C:\WINDOWS\SYSTEM32\nfecorfi.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.
2008-06-29 01:16 . 2008-06-29 01:16 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-29 01:08 . 2008-06-29 01:31 <DIR> d-------- C:\SDFix
2008-06-27 10:33 . 2008-06-27 10:33 <DIR> d-------- C:\Deckard
2008-06-26 12:31 . 2008-06-26 12:31 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\iolo
2008-06-26 12:31 . 2008-06-26 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-06-26 01:14 . 2008-06-27 10:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 01:13 . 2008-06-26 19:50 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-26 01:13 . 2008-06-26 01:13 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\PC Tools
2008-06-26 01:13 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-06-26 01:13 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-06-26 01:13 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-06-26 01:13 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-06-24 12:51 . 2008-06-24 12:51 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-23 18:03 . 2008-06-23 18:03 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-23 00:01 . 2008-06-23 20:35 53,192 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_skt32.sys
2008-06-22 23:58 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_pkt32.sys
2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Program Files\Raxco
2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-06-22 23:56 . 2008-06-22 23:56 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-06-22 23:56 . 2008-06-22 23:56 <DIR> d-------- C:\Program Files\CA
2008-06-22 23:38 . 2008-06-22 23:55 <DIR> d-------- C:\Program Files\Virgin Broadband
2008-06-22 23:38 . 2008-06-23 00:02 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Virgin Broadband
2008-06-22 23:38 . 2008-06-22 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-06-22 23:33 . 2008-06-22 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME
2008-06-19 21:29 . 2008-06-26 00:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-19 21:29 . 2008-06-19 21:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-31 16:07 . 2008-05-31 16:07 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\ArcSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-26 19:05 --------- d-----w C:\Program Files\Modem On Hold
2008-06-26 19:05 --------- d-----w C:\Program Files\Microsoft Works
2008-06-26 12:02 --------- d-----w C:\Program Files\DivX
2008-06-26 11:41 --------- d-----w C:\Program Files\Common Files\Real
2008-06-24 11:41 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\MSN6
2008-06-22 22:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 17:22 --------- d-----w C:\Program Files\Yahoo!
2008-06-22 17:20 --------- d-----w C:\Program Files\Nokia
2008-06-22 12:25 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\uTorrent
2008-06-18 21:56 --------- d-----w C:\Program Files\Sports Interactive
2008-06-13 15:06 --------- d-----w C:\Program Files\OFFICE11
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-05-31 16:38 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\HPAppData
2008-05-10 08:31 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-05-10 08:31 --------- d-----w C:\Program Files\ArcSoft
2008-05-10 07:50 --------- d-----w C:\Program Files\Philips
2008-05-10 07:50 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\InstallShield
2008-05-09 06:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-09 06:52 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 17:01 --------- d-----w C:\Program Files\BearShare Applications
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-04-17 10:46 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-29_ 0.39.33.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 23:28:21 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-06-29 10:01:43 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-06-28 02:48:40 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-29 00:16:31 7,516,160 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-29 00:16:31 102,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-28 02:48:40 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-29 00:16:17 7,516,160 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-06-29 00:16:17 102,400 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2002-08-29 04:00:00 50,620 ----a-w C:\WINDOWS\SYSTEM32\COMMAND.COM
+ 2001-08-18 12:00:00 50,620 ----a-w C:\WINDOWS\SYSTEM32\COMMAND.COM
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-02 02:45 98304]
"ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44 65536]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 02:12 2658304]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552]
"BM33fc4321"="C:\WINDOWS\system32\qtmmthkw.dll " [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 08:56 53760 C:\WINDOWS\SYSTEM32\narrator.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\uTorrent.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
S3 bDMusicb;bDMusicb;C:\DOCUME~1\TENDEK~1\LOCALS~1\Te mp\bDMusicb.sys []
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2004-08-04 08:56]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 19:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 19:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 19:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 19:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 19:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 19:24]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{97497e48-f395-11dc-b187-000f1f556a00}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 10:05:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-28 22:11:06 C:\WINDOWS\Tasks\WebReg Deskjet F2100 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 11:12:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-06-29 11:15:37
ComboFix-quarantined-files.txt 2008-06-29 10:14:53
ComboFix2.txt 2008-06-29 02:41:40
ComboFix3.txt 2008-06-28 23:40:26
Pre-Run: 59,614,294,016 bytes free
Post-Run: 59,600,785,408 bytes free
172 --- E O F --- 2008-06-28 23:47:33

That's the ComboFix log...

t-kayz · 06-29-2008

Deckard's System Scanner v20071014.68
Run by Tendekai Kachere on 2008-06-29 11:19:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as Tendekai Kachere.exe) ------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:11, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Tendekai Kachere\Desktop\dss.exe
C:\DOCUME~1\TENDEK~1\Desktop\TENDEK~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Dell UK Portal
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [BM33fc4321] Rundll32.exe "C:\WINDOWS\system32\qtmmthkw.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball...GameLoader.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball...GameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/u...s/dbaccess.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143397592921
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba250.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 10243 bytes
-- Files created between 2008-05-29 and 2008-06-29 -----------------------------
2008-06-29 01:16:03 0 d-------- C:\WINDOWS\ERUNT
2008-06-29 00:17:19 0 d-------- C:\cmdcons
2008-06-29 00:14:58 68096 --a------ C:\WINDOWS\zip.exe
2008-06-29 00:14:58 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-29 00:14:58 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-29 00:14:58 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-29 00:14:58 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-29 00:14:58 98816 --a------ C:\WINDOWS\sed.exe
2008-06-29 00:14:58 80412 --a------ C:\WINDOWS\grep.exe
2008-06-29 00:14:58 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-26 12:31:46 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\iolo
2008-06-26 12:31:46 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-06-26 01:14:04 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 01:13:09 0 d-------- C:\Program Files\Spyware Doctor
2008-06-26 01:13:09 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\PC Tools
2008-06-24 12:51:06 0 d-------- C:\Program Files\Windows Defender
2008-06-23 20:33:06 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-06-23 18:03:56 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-22 23:57:48 0 d-------- C:\Program Files\Common Files\Authentium
2008-06-22 23:57:08 0 d-------- C:\Program Files\Raxco
2008-06-22 23:57:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-06-22 23:56:37 0 d-------- C:\Program Files\CA
2008-06-22 23:56:24 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-22 23:38:40 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Virgin Broadband
2008-06-22 23:38:28 0 d-------- C:\Program Files\Virgin Broadband
2008-06-22 23:38:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-06-22 23:33:56 0 d-------- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME
2008-05-31 16:07:08 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\ArcSoft

-- Find3M Report ---------------------------------------------------------------
2008-06-29 01:24:17 0 d-------- C:\Program Files\Common Files
2008-06-28 23:11:08 141260 --a------ C:\WINDOWS\hpoins14.dat
2008-06-26 20:05:11 0 d-------- C:\Program Files\Movie Maker
2008-06-26 20:05:04 0 d-------- C:\Program Files\Modem On Hold
2008-06-26 20:05:03 0 d-------- C:\Program Files\Microsoft Works
2008-06-26 20:04:57 0 d-------- C:\Program Files\Messenger
2008-06-26 13:02:36 0 d-------- C:\Program Files\DivX
2008-06-26 12:41:18 0 d-------- C:\Program Files\Common Files\Real
2008-06-24 20:14:44 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Adobe
2008-06-24 12:41:17 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\MSN6
2008-06-22 23:49:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 18:22:43 0 d-------- C:\Program Files\Yahoo!
2008-06-22 18:20:03 0 d-------- C:\Program Files\Nokia
2008-06-22 13:25:50 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\uTorrent
2008-06-18 22:56:26 0 d-------- C:\Program Files\Sports Interactive
2008-06-13 16:06:14 0 d-------- C:\Program Files\OFFICE11
2008-05-31 17:38:56 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\HPAppData
2008-05-10 09:31:49 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-05-10 09:31:48 0 d-------- C:\Program Files\ArcSoft
2008-05-10 08:50:58 0 d-------- C:\Program Files\Philips
2008-05-10 08:50:34 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\InstallShield
2008-05-09 07:53:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-09 07:52:25 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\AdobeUM
2008-05-07 18:01:09 0 d-------- C:\Program Files\BearShare Applications

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
02/03/2007 17:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [19/10/2005 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [19/10/2005 08:59]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [11/04/2004 20:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [11/04/2004 11:43]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [15/03/2004 01:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 01:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/09/2004 02:45]
"ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 00:46]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [14/09/2005 21:44]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [28/11/2006 02:12]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 22:34]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 18:49]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 14:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 14:10]
"BM33fc4321"="C:\WINDOWS\system32\qtmmthkw.dll " []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27/06/2006 17:21]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"RunNarrator"=Narrator.exe
C:\Documents and Settings\Tendekai Kachere\Start Menu\Programs\Startup\
DESKTOP.INI [03/09/2002 09:00:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 03:38:16]
DESKTOP.INI [03/09/2002 09:00:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/03/2007 22:26:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{97497e48-f395-11dc-b187-000f1f556a00}]
AutoRun\command- ie.exe
explore\Command- ie.exe
open\Command- ie.exe
*Newly Created Service* - CATCHME

-- End of Deckard's System Scanner: finished at 2008-06-29 11:19:43 ------------

And that's the HiJackThis one. Thank you

Pancake · 06-29-2008

Just this to fix and your done..

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKLM\..\Run: [BM33fc4321] Rundll32.exe "C:\WINDOWS\system32\qtmmthkw.dll",s

==================================

Copy the text the in the code box to notepad. Save it as fixreg.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BM33fc4321"=-

After reboot post a new HJT log.

t-kayz · 06-29-2008

Deckard's System Scanner v20071014.68
Run by Tendekai Kachere on 2008-06-29 12:46:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as Tendekai Kachere.exe) ------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:09, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tendekai Kachere\Desktop\dss.exe
C:\DOCUME~1\TENDEK~1\Desktop\TENDEK~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Dell UK Portal
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball...GameLoader.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball...GameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/u...s/dbaccess.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143397592921
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba250.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 10359 bytes
-- Files created between 2008-05-29 and 2008-06-29 -----------------------------
2008-06-29 01:16:03 0 d-------- C:\WINDOWS\ERUNT
2008-06-29 00:17:19 0 d-------- C:\cmdcons
2008-06-29 00:14:58 68096 --a------ C:\WINDOWS\zip.exe
2008-06-29 00:14:58 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-29 00:14:58 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-29 00:14:58 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-29 00:14:58 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-29 00:14:58 98816 --a------ C:\WINDOWS\sed.exe
2008-06-29 00:14:58 80412 --a------ C:\WINDOWS\grep.exe
2008-06-29 00:14:58 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-26 12:31:46 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\iolo
2008-06-26 12:31:46 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-06-26 01:14:04 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 01:13:09 0 d-------- C:\Program Files\Spyware Doctor
2008-06-26 01:13:09 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\PC Tools
2008-06-24 12:51:06 0 d-------- C:\Program Files\Windows Defender
2008-06-23 20:33:06 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-06-23 18:03:56 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-22 23:57:48 0 d-------- C:\Program Files\Common Files\Authentium
2008-06-22 23:57:08 0 d-------- C:\Program Files\Raxco
2008-06-22 23:57:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-06-22 23:56:37 0 d-------- C:\Program Files\CA
2008-06-22 23:56:24 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-22 23:38:40 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Virgin Broadband
2008-06-22 23:38:28 0 d-------- C:\Program Files\Virgin Broadband
2008-06-22 23:38:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-06-22 23:33:56 0 d-------- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME
2008-05-31 16:07:08 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\ArcSoft

-- Find3M Report ---------------------------------------------------------------
2008-06-29 01:24:17 0 d-------- C:\Program Files\Common Files
2008-06-28 23:11:08 141260 --a------ C:\WINDOWS\hpoins14.dat
2008-06-26 20:05:11 0 d-------- C:\Program Files\Movie Maker
2008-06-26 20:05:04 0 d-------- C:\Program Files\Modem On Hold
2008-06-26 20:05:03 0 d-------- C:\Program Files\Microsoft Works
2008-06-26 20:04:57 0 d-------- C:\Program Files\Messenger
2008-06-26 13:02:36 0 d-------- C:\Program Files\DivX
2008-06-26 12:41:18 0 d-------- C:\Program Files\Common Files\Real
2008-06-24 20:14:44 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Adobe
2008-06-24 12:41:17 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\MSN6
2008-06-22 23:49:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 18:22:43 0 d-------- C:\Program Files\Yahoo!
2008-06-22 18:20:03 0 d-------- C:\Program Files\Nokia
2008-06-22 13:25:50 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\uTorrent
2008-06-18 22:56:26 0 d-------- C:\Program Files\Sports Interactive
2008-06-13 16:06:14 0 d-------- C:\Program Files\OFFICE11
2008-05-31 17:38:56 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\HPAppData
2008-05-10 09:31:49 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-05-10 09:31:48 0 d-------- C:\Program Files\ArcSoft
2008-05-10 08:50:58 0 d-------- C:\Program Files\Philips
2008-05-10 08:50:34 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\InstallShield
2008-05-09 07:53:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-09 07:52:25 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\AdobeUM
2008-05-07 18:01:09 0 d-------- C:\Program Files\BearShare Applications

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
02/03/2007 17:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [19/10/2005 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [19/10/2005 08:59]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [11/04/2004 20:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [11/04/2004 11:43]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [15/03/2004 01:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 01:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/09/2004 02:45]
"ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 00:46]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [14/09/2005 21:44]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [28/11/2006 02:12]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 22:34]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 18:49]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 14:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 14:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27/06/2006 17:21]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"RunNarrator"=Narrator.exe
C:\Documents and Settings\Tendekai Kachere\Start Menu\Programs\Startup\
DESKTOP.INI [03/09/2002 09:00:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 03:38:16]
DESKTOP.INI [03/09/2002 09:00:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/03/2007 22:26:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{97497e48-f395-11dc-b187-000f1f556a00}]
AutoRun\command- ie.exe
explore\Command- ie.exe
open\Command- ie.exe

-- End of Deckard's System Scanner: finished at 2008-06-29 12:47:45 ------------

06-29-2008	#15
Pancake Senior Security Analyst Join Date: Jun 2006 Location: Victoria, Australia Posts: 6,867 PC Experience: Elite PC Guru	Re: Extreme virus problem As it says in my instructions just tick the box next to the item/s and then hit Fix at the bottom of the page. __________________ An Australian Member of and My real name is Eddy

06-29-2008	#16
t-kayz Bronze Member Join Date: Jun 2008 Posts: 19 PC Experience: Experienced beginner	Re: Extreme virus problem ComboFix 08-06-20.4 - Tendekai Kachere 2008-06-29 3:26:52.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.130 [GMT 1:00] Running from: C:\Documents and Settings\Tendekai Kachere\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Tendekai Kachere\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\temp\syschk3 C:\WINDOWS\pskt.ini C:\WINDOWS\SYSTEM32\agbgvppy.dll C:\WINDOWS\SYSTEM32\agbyiynh.dll C:\WINDOWS\SYSTEM32\akalrtlr.dll C:\WINDOWS\SYSTEM32\bqifnuaq.dll C:\WINDOWS\SYSTEM32\bqneilyk.dll C:\WINDOWS\SYSTEM32\clwpxf.dll C:\WINDOWS\SYSTEM32\cudcapen.dll C:\WINDOWS\SYSTEM32\eogafiqq.dll C:\WINDOWS\SYSTEM32\eukgxsiw.dll C:\WINDOWS\SYSTEM32\hcbavmtx.dll C:\WINDOWS\SYSTEM32\ifrocefn.dll C:\WINDOWS\SYSTEM32\jgnmbcrg.dll C:\WINDOWS\SYSTEM32\lyaypcts.dll C:\WINDOWS\SYSTEM32\modtrux01 C:\WINDOWS\SYSTEM32\modtrux01\modtrux011065.exe C:\WINDOWS\SYSTEM32\nfygcyeh.dll C:\WINDOWS\SYSTEM32\pskpwdup.dll C:\WINDOWS\SYSTEM32\qtmmthkw.dll C:\WINDOWS\SYSTEM32\tmnqartl.dll C:\WINDOWS\SYSTEM32\vrmiinod.dll C:\WINDOWS\SYSTEM32\xlklpdkg.dll . ((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))) . 2008-06-29 01:16 . 2008-06-29 01:16 <DIR> d-------- C:\WINDOWS\ERUNT 2008-06-29 01:08 . 2008-06-29 01:31 <DIR> d-------- C:\SDFix 2008-06-29 00:40 . 2008-06-29 02:13 526 ---hs---- C:\WINDOWS\SYSTEM32\nfecorfi.ini 2008-06-29 00:40 . 2008-06-29 00:40 0 --a------ C:\WINDOWS\BM33fc4321.xml 2008-06-27 10:33 . 2008-06-27 10:33 <DIR> d-------- C:\Deckard 2008-06-26 12:31 . 2008-06-26 12:31 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\iolo 2008-06-26 12:31 . 2008-06-26 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-06-26 01:14 . 2008-06-27 10:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-26 01:13 . 2008-06-26 19:50 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-06-26 01:13 . 2008-06-26 01:13 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\PC Tools 2008-06-26 01:13 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys 2008-06-26 01:13 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys 2008-06-26 01:13 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys 2008-06-26 01:13 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys 2008-06-24 12:51 . 2008-06-24 12:51 <DIR> d-------- C:\Program Files\Windows Defender 2008-06-23 18:03 . 2008-06-23 18:03 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-06-23 00:01 . 2008-06-23 20:35 53,192 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_skt32.sys 2008-06-22 23:58 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_pkt32.sys 2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Program Files\Raxco 2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Program Files\Common Files\Authentium 2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco 2008-06-22 23:56 . 2008-06-22 23:56 <DIR> d-------- C:\Program Files\Common Files\Scanner 2008-06-22 23:56 . 2008-06-22 23:56 <DIR> d-------- C:\Program Files\CA 2008-06-22 23:38 . 2008-06-22 23:55 <DIR> d-------- C:\Program Files\Virgin Broadband 2008-06-22 23:38 . 2008-06-23 00:02 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Virgin Broadband 2008-06-22 23:38 . 2008-06-22 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband 2008-06-22 23:33 . 2008-06-22 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME 2008-06-19 21:29 . 2008-06-26 00:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-19 21:29 . 2008-06-19 21:29 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-31 16:07 . 2008-05-31 16:07 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\ArcSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-06-26 19:05 --------- d-----w C:\Program Files\Modem On Hold 2008-06-26 19:05 --------- d-----w C:\Program Files\Microsoft Works 2008-06-26 12:02 --------- d-----w C:\Program Files\DivX 2008-06-26 11:41 --------- d-----w C:\Program Files\Common Files\Real 2008-06-24 11:41 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\MSN6 2008-06-22 22:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-22 17:22 --------- d-----w C:\Program Files\Yahoo! 2008-06-22 17:20 --------- d-----w C:\Program Files\Nokia 2008-06-22 12:25 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\uTorrent 2008-06-18 21:56 --------- d-----w C:\Program Files\Sports Interactive 2008-06-13 15:06 --------- d-----w C:\Program Files\OFFICE11 2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-31 16:38 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\HPAppData 2008-05-10 08:31 --------- d-----w C:\Program Files\Common Files\ArcSoft 2008-05-10 08:31 --------- d-----w C:\Program Files\ArcSoft 2008-05-10 07:50 --------- d-----w C:\Program Files\Philips 2008-05-10 07:50 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\InstallShield 2008-05-09 06:53 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-09 06:52 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\AdobeUM 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 17:01 --------- d-----w C:\Program Files\BearShare Applications . ((((((((((((((((((((((((((((( snapshot@2008-06-29_ 0.39.33.98 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-28 23:28:21 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT + 2008-06-29 02:30:20 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT + 2008-06-28 02:48:40 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-06-29 00:16:31 7,516,160 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-06-29 00:16:31 102,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-06-28 02:48:40 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-06-29 00:16:17 7,516,160 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-06-29 00:16:17 102,400 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2002-08-29 04:00:00 50,620 ----a-w C:\WINDOWS\SYSTEM32\COMMAND.COM + 2001-08-18 12:00:00 50,620 ----a-w C:\WINDOWS\SYSTEM32\COMMAND.COM . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-02 02:45 98304] "ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" [ ] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344] "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44 65536] "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 02:12 2658304] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152] "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552] "PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000] "-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552] "BM33fc4321"="C:\WINDOWS\system32\qtmmthkw.dll " [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-04 08:56 53760 C:\WINDOWS\SYSTEM32\narrator.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588] [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\LimeWire\\LimeWire.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\uTorrent.exe"= "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= S3 bDMusicb;bDMusicb;C:\DOCUME~1\TENDEK~1\LOCALS~1\Te mp\bDMusicb.sys [] S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2004-08-04 08:56] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 19:23] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 19:23] S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 19:23] S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 19:23] S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 19:23] S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 19:24] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{97497e48-f395-11dc-b187-000f1f556a00}] \Shell\AutoRun\command - ie.exe \Shell\explore\Command - ie.exe \Shell\open\Command - ie.exe . Contents of the 'Scheduled Tasks' folder "2008-06-29 02:33:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-06-28 22:11:06 C:\WINDOWS\Tasks\WebReg Deskjet F2100 series.job" - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe . ************************************************ ******************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-29 03:30:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ******************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Virgin Broadband\PCguard\rpsupdaterr.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\WINDOWS\SYSTEM32\wscntfy.exe . ********************************************** ********************** . Completion time: 2008-06-29 3:41:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-29 02:41:17 ComboFix2.txt 2008-06-28 23:40:26 Pre-Run: 59,654,438,912 bytes free Post-Run: 59,633,868,800 bytes free 200 --- E O F --- 2008-06-28 23:47:33 Thanks again.

06-29-2008	#17
Pancake Senior Security Analyst Join Date: Jun 2006 Location: Victoria, Australia Posts: 6,867 PC Experience: Elite PC Guru	Re: Extreme virus problem Just this to fix and you are all done... Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open notepad and copy/paste the text in the quotebox below into it: File:: C:\WINDOWS\SYSTEM32\nfecorfi.ini C:\WINDOWS\BM33fc4321.xml Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "BM33fc4321"=- Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop. Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer __________________ An Australian Member of and My real name is Eddy

06-29-2008	#18
t-kayz Bronze Member Join Date: Jun 2008 Posts: 19 PC Experience: Experienced beginner	Re: Extreme virus problem ComboFix 08-06-20.4 - Tendekai Kachere 2008-06-29 11:09:32.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.177 [GMT 1:00] Running from: C:\Documents and Settings\Tendekai Kachere\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Tendekai Kachere\Desktop\CFScript.txt * Created a new restore point FILE :: C:\WINDOWS\BM33fc4321.xml C:\WINDOWS\SYSTEM32\nfecorfi.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM33fc4321.xml C:\WINDOWS\SYSTEM32\nfecorfi.ini . ((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))) . 2008-06-29 01:16 . 2008-06-29 01:16 <DIR> d-------- C:\WINDOWS\ERUNT 2008-06-29 01:08 . 2008-06-29 01:31 <DIR> d-------- C:\SDFix 2008-06-27 10:33 . 2008-06-27 10:33 <DIR> d-------- C:\Deckard 2008-06-26 12:31 . 2008-06-26 12:31 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\iolo 2008-06-26 12:31 . 2008-06-26 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-06-26 01:14 . 2008-06-27 10:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-26 01:13 . 2008-06-26 19:50 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-06-26 01:13 . 2008-06-26 01:13 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\PC Tools 2008-06-26 01:13 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys 2008-06-26 01:13 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys 2008-06-26 01:13 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys 2008-06-26 01:13 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys 2008-06-24 12:51 . 2008-06-24 12:51 <DIR> d-------- C:\Program Files\Windows Defender 2008-06-23 18:03 . 2008-06-23 18:03 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-06-23 00:01 . 2008-06-23 20:35 53,192 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_skt32.sys 2008-06-22 23:58 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_pkt32.sys 2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Program Files\Raxco 2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Program Files\Common Files\Authentium 2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco 2008-06-22 23:56 . 2008-06-22 23:56 <DIR> d-------- C:\Program Files\Common Files\Scanner 2008-06-22 23:56 . 2008-06-22 23:56 <DIR> d-------- C:\Program Files\CA 2008-06-22 23:38 . 2008-06-22 23:55 <DIR> d-------- C:\Program Files\Virgin Broadband 2008-06-22 23:38 . 2008-06-23 00:02 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Virgin Broadband 2008-06-22 23:38 . 2008-06-22 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband 2008-06-22 23:33 . 2008-06-22 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME 2008-06-19 21:29 . 2008-06-26 00:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-19 21:29 . 2008-06-19 21:29 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-31 16:07 . 2008-05-31 16:07 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\ArcSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-06-26 19:05 --------- d-----w C:\Program Files\Modem On Hold 2008-06-26 19:05 --------- d-----w C:\Program Files\Microsoft Works 2008-06-26 12:02 --------- d-----w C:\Program Files\DivX 2008-06-26 11:41 --------- d-----w C:\Program Files\Common Files\Real 2008-06-24 11:41 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\MSN6 2008-06-22 22:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-22 17:22 --------- d-----w C:\Program Files\Yahoo! 2008-06-22 17:20 --------- d-----w C:\Program Files\Nokia 2008-06-22 12:25 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\uTorrent 2008-06-18 21:56 --------- d-----w C:\Program Files\Sports Interactive 2008-06-13 15:06 --------- d-----w C:\Program Files\OFFICE11 2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys 2008-05-31 16:38 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\HPAppData 2008-05-10 08:31 --------- d-----w C:\Program Files\Common Files\ArcSoft 2008-05-10 08:31 --------- d-----w C:\Program Files\ArcSoft 2008-05-10 07:50 --------- d-----w C:\Program Files\Philips 2008-05-10 07:50 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\InstallShield 2008-05-09 06:53 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-09 06:52 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\AdobeUM 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys 2008-05-07 17:01 --------- d-----w C:\Program Files\BearShare Applications 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll 2008-04-17 10:46 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe . ((((((((((((((((((((((((((((( snapshot@2008-06-29_ 0.39.33.98 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-28 23:28:21 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT + 2008-06-29 10:01:43 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT + 2008-06-28 02:48:40 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-06-29 00:16:31 7,516,160 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-06-29 00:16:31 102,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-06-28 02:48:40 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-06-29 00:16:17 7,516,160 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-06-29 00:16:17 102,400 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2002-08-29 04:00:00 50,620 ----a-w C:\WINDOWS\SYSTEM32\COMMAND.COM + 2001-08-18 12:00:00 50,620 ----a-w C:\WINDOWS\SYSTEM32\COMMAND.COM . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-02 02:45 98304] "ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" [ ] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344] "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44 65536] "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 02:12 2658304] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152] "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552] "PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000] "-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552] "BM33fc4321"="C:\WINDOWS\system32\qtmmthkw.dll " [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-04 08:56 53760 C:\WINDOWS\SYSTEM32\narrator.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588] [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\LimeWire\\LimeWire.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\uTorrent.exe"= "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= S3 bDMusicb;bDMusicb;C:\DOCUME~1\TENDEK~1\LOCALS~1\Te mp\bDMusicb.sys [] S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2004-08-04 08:56] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 19:23] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 19:23] S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 19:23] S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 19:23] S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 19:23] S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 19:24] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{97497e48-f395-11dc-b187-000f1f556a00}] \Shell\AutoRun\command - ie.exe \Shell\explore\Command - ie.exe \Shell\open\Command - ie.exe Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-06-29 10:05:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-06-28 22:11:06 C:\WINDOWS\Tasks\WebReg Deskjet F2100 series.job" - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe . ************************************************ ******************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-29 11:12:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ********************** . Completion time: 2008-06-29 11:15:37 ComboFix-quarantined-files.txt 2008-06-29 10:14:53 ComboFix2.txt 2008-06-29 02:41:40 ComboFix3.txt 2008-06-28 23:40:26 Pre-Run: 59,614,294,016 bytes free Post-Run: 59,600,785,408 bytes free 172 --- E O F --- 2008-06-28 23:47:33 That's the ComboFix log...

06-29-2008	#19
t-kayz Bronze Member Join Date: Jun 2008 Posts: 19 PC Experience: Experienced beginner	Re: Extreme virus problem Deckard's System Scanner v20071014.68 Run by Tendekai Kachere on 2008-06-29 11:19:07 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 510 MiB (512 MiB recommended). -- HijackThis (run as Tendekai Kachere.exe) ------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:19:11, on 29/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\USB Disk Win98 Driver\Res.EXE C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Tendekai Kachere\Desktop\dss.exe C:\DOCUME~1\TENDEK~1\Desktop\TENDEK~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Dell UK Portal R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe" O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" O4 - HKLM\..\Run: [BM33fc4321] Rundll32.exe "C:\WINDOWS\system32\qtmmthkw.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball...GameLoader.dll O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball...GameLoader.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/u...s/dbaccess.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143397592921 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab55579.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba250.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 10243 bytes -- Files created between 2008-05-29 and 2008-06-29 ----------------------------- 2008-06-29 01:16:03 0 d-------- C:\WINDOWS\ERUNT 2008-06-29 00:17:19 0 d-------- C:\cmdcons 2008-06-29 00:14:58 68096 --a------ C:\WINDOWS\zip.exe 2008-06-29 00:14:58 49152 --a------ C:\WINDOWS\VFind.exe 2008-06-29 00:14:58 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-06-29 00:14:58 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-06-29 00:14:58 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-06-29 00:14:58 98816 --a------ C:\WINDOWS\sed.exe 2008-06-29 00:14:58 80412 --a------ C:\WINDOWS\grep.exe 2008-06-29 00:14:58 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-06-26 12:31:46 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\iolo 2008-06-26 12:31:46 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-06-26 01:14:04 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-26 01:13:09 0 d-------- C:\Program Files\Spyware Doctor 2008-06-26 01:13:09 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\PC Tools 2008-06-24 12:51:06 0 d-------- C:\Program Files\Windows Defender 2008-06-23 20:33:06 0 dr------- C:\Documents and Settings\LocalService\My Documents 2008-06-23 18:03:56 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-06-22 23:57:48 0 d-------- C:\Program Files\Common Files\Authentium 2008-06-22 23:57:08 0 d-------- C:\Program Files\Raxco 2008-06-22 23:57:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco 2008-06-22 23:56:37 0 d-------- C:\Program Files\CA 2008-06-22 23:56:24 0 d-------- C:\Program Files\Common Files\Scanner 2008-06-22 23:38:40 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Virgin Broadband 2008-06-22 23:38:28 0 d-------- C:\Program Files\Virgin Broadband 2008-06-22 23:38:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband 2008-06-22 23:33:56 0 d-------- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME 2008-05-31 16:07:08 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\ArcSoft -- Find3M Report --------------------------------------------------------------- 2008-06-29 01:24:17 0 d-------- C:\Program Files\Common Files 2008-06-28 23:11:08 141260 --a------ C:\WINDOWS\hpoins14.dat 2008-06-26 20:05:11 0 d-------- C:\Program Files\Movie Maker 2008-06-26 20:05:04 0 d-------- C:\Program Files\Modem On Hold 2008-06-26 20:05:03 0 d-------- C:\Program Files\Microsoft Works 2008-06-26 20:04:57 0 d-------- C:\Program Files\Messenger 2008-06-26 13:02:36 0 d-------- C:\Program Files\DivX 2008-06-26 12:41:18 0 d-------- C:\Program Files\Common Files\Real 2008-06-24 20:14:44 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Adobe 2008-06-24 12:41:17 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\MSN6 2008-06-22 23:49:22 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-22 18:22:43 0 d-------- C:\Program Files\Yahoo! 2008-06-22 18:20:03 0 d-------- C:\Program Files\Nokia 2008-06-22 13:25:50 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\uTorrent 2008-06-18 22:56:26 0 d-------- C:\Program Files\Sports Interactive 2008-06-13 16:06:14 0 d-------- C:\Program Files\OFFICE11 2008-05-31 17:38:56 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\HPAppData 2008-05-10 09:31:49 0 d-------- C:\Program Files\Common Files\ArcSoft 2008-05-10 09:31:48 0 d-------- C:\Program Files\ArcSoft 2008-05-10 08:50:58 0 d-------- C:\Program Files\Philips 2008-05-10 08:50:34 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\InstallShield 2008-05-09 07:53:58 0 d-------- C:\Program Files\Common Files\Adobe 2008-05-09 07:52:25 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\AdobeUM 2008-05-07 18:01:09 0 d-------- C:\Program Files\BearShare Applications -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] 02/03/2007 17:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [19/10/2005 08:59] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [19/10/2005 08:59] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [11/04/2004 20:15] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [11/04/2004 11:43] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [15/03/2004 01:04] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 01:01] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/09/2004 02:45] "ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" [] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 00:46] "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [14/09/2005 21:44] "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [28/11/2006 02:12] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 22:34] "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 18:49] "PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 14:10] "-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 14:10] "BM33fc4321"="C:\WINDOWS\system32\qtmmthkw.dll " [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27/06/2006 17:21] [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce] "RunNarrator"=Narrator.exe C:\Documents and Settings\Tendekai Kachere\Start Menu\Programs\Startup\ DESKTOP.INI [03/09/2002 09:00:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 03:38:16] DESKTOP.INI [03/09/2002 09:00:00] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/03/2007 22:26:24] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{97497e48-f395-11dc-b187-000f1f556a00}] AutoRun\command- ie.exe explore\Command- ie.exe open\Command- ie.exe Newly Created Service - CATCHME -- End of Deckard's System Scanner: finished at 2008-06-29 11:19:43 ------------ And that's the HiJackThis one. Thank you

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
Resolved: Extreme lag in-game	Bikkit	Windows Vista & 7	10	01-04-2009 12:41 AM
Fixed: In need of extreme help	PARJOH13	Windows XP/2000	4	10-11-2008 11:51 AM
ASUS Maximus Extreme	Joe	Motherboards	1	02-16-2008 07:26 PM
What processor can I use?(with pf5 extreme)	GhastMaster	Unfinished Threads	3	03-07-2007 09:48 PM
Pending: extreme Problems	EmattE	Spyware / AdWare	9	03-30-2006 10:26 PM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode