Solve : HijackThis log for a win32/vundo!generic problum?

1.	Solve : HijackThis log for a win32/vundo!generic problum?
Answer» if someone could please help Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:10:14 PM, on 5/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\WINDOWS\mrofinu1535.exe C:\program files\steam\steam.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\WINZIP\WZQKPICK.EXE C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM\aim.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe C:\Program Files\Svconr\Svconr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\b155.exe C:\Program Files\JavaCore\JavaCore.exe C:\Program Files\InetGet2\sacatapo821058.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Jeff Hansen\My Documents\HiJackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/http://www.yahoo.com/search/ie.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://enascor.com/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/http://www.yahoo.com/search/ie.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spcron.dll O2 - BHO: (no name) - {2E1550C1-DB0B-4B2D-B338-CA5DCF368E13} - C:\WINDOWS\system32\pwlosnmw.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\ugmupocq.dll (file missing) O2 - BHO: (no name) - {E93121AD-7C67-417A-A6A5-87C60214AC80} - C:\WINDOWS\system32\pmnlm.dll (file missing) O2 - BHO: (no name) - {F7F6584C-864B-411D-A410-BB2DE0D33CA1} - C:\WINDOWS\system32\nnnmjgHy.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201 522886B092CBD44BD8689220221DD3257 O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe" O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab O20 - Winlogon Notify: nnnmjgHy - C:\WINDOWS\SYSTEM32\nnnmjgHy.dll O20 - Winlogon Notify: pmnlm - C:\WINDOWS\system32\pmnlm.dll (file missing) O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9893 bytesWelcome to CH Please download Combofix by sUBs from one of the below links. (Try all three if necessary) Link #1* Link #2 Link #3 Important! Combofix.exe MUST be saved to and ran from the Desktop. Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix. Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. If yours is not listed and you don't know how to disable it, please ask. Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run. Double click combofix.exe & follow the prompts. Choose Yes to accept the Disclaimers.[ When finished, it will produce a log for you. Post that log in your next reply. Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer. Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet. ComboFix 08-05-09.1 - Jeff Hansen 2008-05-10 21:26:51.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.166 [GMT -4:00] Running from: C:\Documents and Settings\Jeff Hansen\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Guest\err.log C:\Documents and Settings\Jeff Hansen\Application Data\macromedia\Flash Player\#SharedObjects\JLWWAZY2\www.broadcaster.com C:\Documents and Settings\Jeff Hansen\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Jeff Hansen\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Documents and Settings\Jeff Hansen\err.log C:\Documents and Settings\Jeff Hansen\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Jeff Hansen\Local Settings\Temporary Internet Files\bestwiner.stt C:\Documents and Settings\Jeff Hansen\Local Settings\Temporary Internet Files\CPV.stt C:\Documents and Settings\Jeff Hansen\Start Menu\Programs\Internet Speed Monitor C:\Documents and Settings\Jeff Hansen\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk C:\Documents and Settings\Jeff Hansen\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk C:\Program Files\Common Files\{34F43~1 C:\Program Files\Common Files\{34F43~1\Uninstall.exe C:\Program Files\Common Files\{34F43~2 C:\Program Files\Common Files\{C4F43~1 C:\Program Files\CPV C:\Program Files\inetget2 C:\Program Files\inetget2\sacatapo821058.exe C:\Program Files\ISM C:\Program Files\ISM\ism.exe C:\Program Files\ISM\Uninstall.exe C:\Program Files\JavaCore C:\Program Files\JavaCore\JavaCore.exe C:\Program Files\JavaCore\UnInstall.exe C:\Program Files\QdrDrive C:\Program Files\QdrDrive\qdrloader.exe C:\Program Files\QdrPack C:\Program Files\QdrPack\QdrPack15.exe C:\Program Files\Temporary C:\WA6P C:\WINDOWS\b104.exe C:\WINDOWS\b148.exe C:\WINDOWS\b149.exe C:\WINDOWS\b152.exe C:\WINDOWS\b155.exe C:\WINDOWS\b156.exe C:\WINDOWS\b999.exe C:\WINDOWS\mrofinu1535.exe C:\WINDOWS\system32\components C:\WINDOWS\system32\dgjlm.ini2 C:\WINDOWS\system32\dgjlm.tmp C:\WINDOWS\system32\iyspawlq.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mevrkpsw.ini C:\WINDOWS\system32\mlnmp.bak1 C:\WINDOWS\system32\mlnmp.bak2 C:\WINDOWS\system32\mlnmp.ini C:\WINDOWS\system32\mlnmp.ini2 C:\WINDOWS\system32\mlnmp.tmp C:\WINDOWS\system32\nnnmjgHy.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_COM+_MESSAGES ((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 ))))))))))))))))))))))))))))))) . 2008-05-10 12:55 . 2008-05-10 12:55d--------C:\Program Files\Spcron 2008-05-10 12:50 . 2008-05-10 12:50d--------C:\Program Files\Svconr 2008-05-09 22:31 . 2008-05-09 22:32d--------C:\Documents and Settings\Jeff Hansen\.limewire 2008-05-09 19:22 . 2008-05-09 19:22d--------C:\Documents and Settings\Jeff Hansen\Application Data\Lavasoft 2008-05-09 12:40 . 2008-02-12 14:4548--a------C:\Documents and Settings\Jeff Hansen\readme.bat 2008-05-09 10:45 . 2008-05-09 10:45d--------C:\Program Files\Common Files\Macromedia Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-11 01:39---------d-----wC:\Program Files\Steam 2008-05-11 01:38---------d-----wC:\Documents and Settings\Jeff Hansen\Application Data\WTablet 2008-05-11 01:37---------d-----wC:\Documents and Settings\LocalService\Application Data\WTablet 2008-05-08 21:33---------d-----wC:\Program Files\Common Files\Adobe 2008-05-08 21:27---------d-----wC:\Documents and Settings\Jeff Hansen\Application Data\AdobeUM 2008-03-26 21:40---------d-----wC:\Program Files\LimeWire 2008-03-26 17:45---------d-----wC:\Program Files\Kate's Video Converter 2008-02-10 03:2115----a-wC:\Documents and Settings\Jeff Hansen\StopWZC.bat 2008-02-10 03:2016----a-wC:\Documents and Settings\Jeff Hansen\StartWZC.bat 2008-01-09 21:20251----a-wC:\Program Files\wt3d.ini 2007-03-23 14:39382----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb1942.dat 2007-03-23 14:3869,632----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb4827.dat 2007-03-23 14:38151----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb292.dat 2007-03-23 14:380----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb2391.dat 2006-11-30 03:4249----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb41.dat 2006-11-29 15:466,144----a-wC:\Documents and Settings\Guest\Application Data\internaldb1362.dat 2006-11-22 06:520----a-wC:\Program Files\Common Files\err.log 2006-11-18 17:080----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb5436.dat 2006-11-16 20:079,216----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb9040.dat 2006-11-16 20:070----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb1912.dat 2006-11-16 04:570----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb4604.dat 2006-11-16 04:570----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb3902.dat 2006-11-16 04:570----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb153.dat 2006-11-04 21:037,048----a-wC:\Documents and Settings\All Users\Application Data\ypinfo.bin 2007-12-06 23:1088--sh--rC:\WINDOWS\system32\41457874FA.sys 2007-09-10 18:0756--sh--rC:\WINDOWS\system32\FA74784541.sys 2007-12-06 23:106,580--sha-wC:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E1550C1-DB0B-4B2D-B338-CA5DCF368E13}] C:\WINDOWS\system32\pwlosnmw.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7C0AA32-5656-42F4-BF96-09ED9F459BD9}] 2008-02-07 21:07217088--a------C:\Program Files\Messenger\kywokelyt821058.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E93121AD-7C67-417A-A6A5-87C60214AC80}] C:\WINDOWS\system32\pmnlm.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ] "Steam"="c:\program files\steam\steam.exe" [2008-04-01 19:03 1271032] "Svconr"="C:\Program Files\Svconr\Svconr.exe" [2008-05-10 12:50 57344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 12:56 761947] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-03-23 14:31 230512] "CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-03-23 14:31 185456] "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43 407032] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-07 19:15 180269] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 02:37 57344] C:\Documents and Settings\Jeff Hansen\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-03-09 15:57:14 81920] Microsoft Office Shortcut Bar.Lnk [2007-04-02 15:06:31 761] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-25 09:30:07 784912] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-09-26 23:45:57 106560] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlm] C:\WINDOWS\system32\pmnlm.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\America Online 9.0\\waol.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"= "C:\\Program Files\\Steam\\SteamApps\\hippiegothie\\team fortress 2\\hl2.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 17:18] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 15:55] S3 SaiH0461;SaiH0461;C:\WINDOWS\system32\DRIVERS\SaiH0461.sys [2006-08-08 13:25] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . Contents of the 'Scheduled Tasks' folder "2008-05-05 15:24:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-11 01:37:22 C:\WINDOWS\Tasks\Winter Fun Wallpaper Changer.job" - C:\Documents and Settings\All Users\Start Menu\Programs\Winter Fun Pack 2004 for Windows XP\Winter Fun Wallpaper Changer.lnk . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-10 21:39:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Yahoo!\Antivirus\iSafe.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe . ********************************************************************** . Completion time: 2008-05-10 21:45:36 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-11 01:45:30 Pre-Run: 10,848,620,544 bytes free Post-Run: 10,703,892,480 bytes free 220--- E O F ---2008-04-11 07:09:05Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. Click Start , then Run Type notepad.exe in the Run Box. 2. Copy the TEXT in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Folder:: C:\Program Files\Spcron C:\Program Files\Svconr REGISTRY:: [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E1550C1-DB0B-4B2D-B338-CA5DCF368E13}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7C0AA32-5656-42F4-BF96-09ED9F459BD9}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E93121AD-7C67-417A-A6A5-87C60214AC80}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Svconr"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlm] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze ---------- Create An Uninstall List Start HijackThis Click on the Open the Misc Tools section Click on the Open Uninstall Manager button. Click on the Save list button and specify where you would like to save this file and click Save. When you press Save button a notepad will open with the contents of that file. Copy and paste that list in your reply. . ---------- Next post add (you may need to use two posts to get everything in) New Combofix log Uninstall list Let me know how everything is now** .ComboFix 08-05-09.1 - Jeff Hansen 2008-05-10 22:18:40.2 - NTFSx86 Running from: C:\Documents and Settings\Jeff Hansen\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Jeff Hansen\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Jeff Hansen\Local Settings\Temporary Internet Files\bestwiner.stt C:\Program Files\Spcron C:\Program Files\Spcron\Spcron.dll C:\Program Files\Svconr C:\Program Files\Svconr\Svconr.exe . ((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 ))))))))))))))))))))))))))))))) . 2008-05-09 22:31 . 2008-05-09 22:32d--------C:\Documents and Settings\Jeff Hansen\.limewire 2008-05-09 19:22 . 2008-05-09 19:22d--------C:\Documents and Settings\Jeff Hansen\Application Data\Lavasoft 2008-05-09 12:40 . 2008-02-12 14:4548--a------C:\Documents and Settings\Jeff Hansen\readme.bat 2008-05-09 10:45 . 2008-05-09 10:45d--------C:\Program Files\Common Files\Macromedia Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-11 02:26---------d-----wC:\Program Files\Steam 2008-05-11 02:25---------d-----wC:\Documents and Settings\Jeff Hansen\Application Data\WTablet 2008-05-11 02:24---------d-----wC:\Documents and Settings\LocalService\Application Data\WTablet 2008-05-08 21:33---------d-----wC:\Program Files\Common Files\Adobe 2008-05-08 21:27---------d-----wC:\Documents and Settings\Jeff Hansen\Application Data\AdobeUM 2008-03-26 21:40---------d-----wC:\Program Files\LimeWire 2008-03-26 17:45---------d-----wC:\Program Files\Kate's Video Converter 2008-03-19 09:471,845,248----a-wC:\WINDOWS\system32\win32k.sys 2008-03-19 09:471,845,248------wC:\WINDOWS\system32\dllcache\win32k.sys 2008-03-10 13:4632,768----a-wC:\WINDOWS\system32\~GLH0003.TMP 2008-02-20 06:51282,624----a-wC:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51282,624------wC:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:3245,568----a-wC:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:3245,568------wC:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:32148,992------wC:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-15 09:0718,432------wC:\WINDOWS\system32\dllcache\iedw.exe 2008-02-10 03:2115----a-wC:\Documents and Settings\Jeff Hansen\StopWZC.bat 2008-02-10 03:2016----a-wC:\Documents and Settings\Jeff Hansen\StartWZC.bat 2008-01-09 21:20251----a-wC:\Program Files\wt3d.ini 2007-03-23 14:39382----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb1942.dat 2007-03-23 14:3869,632----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb4827.dat 2007-03-23 14:38151----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb292.dat 2007-03-23 14:380----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb2391.dat 2006-11-30 03:4249----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb41.dat 2006-11-29 15:466,144----a-wC:\Documents and Settings\Guest\Application Data\internaldb1362.dat 2006-11-22 06:520----a-wC:\Program Files\Common Files\err.log 2006-11-18 17:080----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb5436.dat 2006-11-16 20:079,216----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb9040.dat 2006-11-16 20:070----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb1912.dat 2006-11-16 04:570----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb4604.dat 2006-11-16 04:570----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb3902.dat 2006-11-16 04:570----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb153.dat 2006-11-04 21:037,048----a-wC:\Documents and Settings\All Users\Application Data\ypinfo.bin 2007-12-06 23:1088--sh--rC:\WINDOWS\system32\41457874FA.sys 2007-09-10 18:0756--sh--rC:\WINDOWS\system32\FA74784541.sys 2007-12-06 23:106,580--sha-wC:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( [emailprotected]_21.45.14.05 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-11 01:37:182,048--s-a-wC:\WINDOWS\bootstat.dat + 2008-05-11 02:24:272,048--s-a-wC:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E1550C1-DB0B-4B2D-B338-CA5DCF368E13}] C:\WINDOWS\system32\pwlosnmw.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7C0AA32-5656-42F4-BF96-09ED9F459BD9}] 2008-02-07 21:07217088--a------C:\Program Files\Messenger\kywokelyt821058.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E93121AD-7C67-417A-A6A5-87C60214AC80}] C:\WINDOWS\system32\pmnlm.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ] "Steam"="c:\program files\steam\steam.exe" [2008-04-01 19:03 1271032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 12:56 761947] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-03-23 14:31 230512] "CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-03-23 14:31 185456] "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43 407032] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-07 19:15 180269] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 02:37 57344] C:\Documents and Settings\Jeff Hansen\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-03-09 15:57:14 81920] Microsoft Office Shortcut Bar.Lnk [2007-04-02 15:06:31 761] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-25 09:30:07 784912] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-09-26 23:45:57 106560] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlm] C:\WINDOWS\system32\pmnlm.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\America Online 9.0\\waol.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"= "C:\\Program Files\\Steam\\SteamApps\\hippiegothie\\team fortress 2\\hl2.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 17:18] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 15:55] S3 SaiH0461;SaiH0461;C:\WINDOWS\system32\DRIVERS\SaiH0461.sys [2006-08-08 13:25] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . Contents of the 'Scheduled Tasks' folder "2008-05-05 15:24:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-11 02:24:33 C:\WINDOWS\Tasks\Winter Fun Wallpaper Changer.job" - C:\Documents and Settings\All Users\Start Menu\Programs\Winter Fun Pack 2004 for Windows XP\Winter Fun Wallpaper Changer.lnk . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-10 22:26:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Yahoo!\Antivirus\iSafe.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe . ********************************************************************** . Completion time: 2008-05-10 22:35:20 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-11 02:34:55 ComboFix2.txt 2008-05-11 01:45:37 Pre-Run: 10,695,467,008 bytes free Post-Run: 12,507,443,200 bytes free 183--- E O F ---2008-04-11 07:09:05uninstall list Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Flash Player Plugin Adobe Help Center 2.0 Adobe Photoshop Elements 4.0 Adobe Reader 7.1.0 Adobe Shockwave Player AIM "You've Got Pictures" Picture Finder Plugin v9.5.1.8 AOL Coach Version 1.0(Build:20040229.1 en) AOL Connectivity Services AOL Instant Messenger AOL Uninstaller (Choose which Products to Remove) Apple Mobile Device Support Apple Software Update AT&T Yahoo! Applications Audacity 1.2.5 Broadcom Management Programs CDDRV_Installer Conexant HDA D110 MDC V.92 Modem Corel Painter Essentials 3 CursorXP Dell Digital Jukebox Driver Dell Support 3.1 Dell Wireless WLAN Card DellConnect Digital Content Portal Digital Line Detect DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player Documentation & Support Launcher EducateU ESPNMotion Games, Music, & Photos Launcher GemMaster Mystic Half-Life 2 High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB888795) Hotfix for Windows XP (KB891593) Hotfix for Windows XP (KB895961) Hotfix for Windows XP (KB899337) Hotfix for Windows XP (KB899510) Hotfix for Windows XP (KB902841) Hotfix for Windows XP (KB926239) HyperCam 2 Intel(R) Graphics Media Accelerator Driver Internal Network Card Power Management Internet Service Offers Launcher iPod for Windows 2006-03-23 iTunes J2SE Runtime Environment 5.0 Update 1 J2SE Runtime Environment 5.0 Update 3 Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) SE Runtime Environment 6 Update 1 KhalInstallWrapper Learn2 Player (Uninstall Only) LimeWire PRO 4.8.1 Logitech SetPoint Macromedia Flash 5 MCU Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft GIF Animator Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office 97, Professional Edition Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Modem Helper Mozilla Firefox (2.0.0.14) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK NetWaiting NetZeroInstallers nik COLOR Efex Pro 2.0 IE Opera 9.24 Otto Peggle Deluxe Peggle Extreme Picasa 2 Portal PowerDVD 5.7 QuickSet QuickTime RealPlayer RealWorld Cursor Editor Safety Alert 2006 Safety Bar Saitek SST Programming Software Search Enhancer Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) SigmaTel Audio Sonic DLA Sonic Encoders Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Spybot - Search & Destroy 1.4 Steam Synaptics Pointing Device Driver Tablet Team Fortress 2 Dedicated Server Update for Windows Media Player 10 (KB913800) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) Update Rollup 2 for Windows XP Media Center Edition 2005 URGE Viewpoint Manager (Remove Only) Viewpoint Media Player Viewpoint Toolbar WebCyberCoach 3.2 Dell WhiteCap Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890927 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 WinZip Xvid 1.1.2 final uninstall That didn't get everything I hoped it would and there was a new entry I have not seen before. We may need to run it again if the next set of instructions don't work. ----- Your Java is out of date. Older versions of Java have VULNERABILITIES that malware can use to infect your system. Please follow these steps to remove older version(s) of Java components and update. Step 1 - Get the new version Go to the Sun Java Download Page On the Sun Java page scroll to the 5th download. Java Runtime Environment (JRE) 6 Update 6 Click the button and choose the options. Platform Windows Language English Next place a check mark in the box to agree to the License Agreement*. "I agree to the Java SE Runtime Environment 6 License Agreement" Click Continue* Click on the link to download Windows Offline Installation and save to your desktop. Then from your desktop double-click on jre-6u6-windowsi586-p.exe to install the newest version. Follow the prompts to complete the installation. Step 2 - Remove old version(s) Close any programs you may have running - especially your web browser. Go to Start > Control Panel > Add/Remove programs and remove all older versions of Java. Uninstall: J2SE Runtime Environment 5.0 Update 1 J2SE Runtime Environment 5.0 Update 3 Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) SE Runtime Environment 6 Update 1 Do not remove Java 6 Update 6 Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each old Java version. Restart your computer once all Java components are removed. Step 3 - Remove old folder(s) Double click My Computer on the desktop, Locate this folder: C:\Program Files\Java Open the Java folder and delete any subfolders *except* the jre1.6.0_06 folder which was just created by the newest Java installation. ----- Go to add/remove programs and uninstall: Safety Alert 2006 Safety Bar Search Enhancer Viewpoint Manager (Remove Only) Viewpoint Media Player Viewpoint Toolbar Please check add/remove programs to be sure these actually uninstalled. Let me know if they don't. ---------- Download SDFix.exe and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard). Finally add the contents of the Report.txt in your next post. ---------- Now run a new Hijackthis scan and post that log as well. ---------- Next post SDFix log New Hijackthis log

Answer»

if someone could please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:14 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\mrofinu1535.exe
C:\program files\steam\steam.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WINZIP\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\b155.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\InetGet2\sacatapo821058.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Jeff Hansen\My Documents\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://enascor.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spcron.dll
O2 - BHO: (no name) - {2E1550C1-DB0B-4B2D-B338-CA5DCF368E13} - C:\WINDOWS\system32\pwlosnmw.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\ugmupocq.dll (file missing)
O2 - BHO: (no name) - {E93121AD-7C67-417A-A6A5-87C60214AC80} - C:\WINDOWS\system32\pmnlm.dll (file missing)
O2 - BHO: (no name) - {F7F6584C-864B-411D-A410-BB2DE0D33CA1} - C:\WINDOWS\system32\nnnmjgHy.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201 522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O20 - Winlogon Notify: nnnmjgHy - C:\WINDOWS\SYSTEM32\nnnmjgHy.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\system32\pmnlm.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9893 bytesWelcome to CH

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)

Important! Combofix.exe MUST be saved to and ran from the Desktop.

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
Double click combofix.exe & follow the prompts.
Choose Yes to accept the Disclaimers.[

When finished, it will produce a log for you.
Post that log in your next reply.

Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall

If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

ComboFix 08-05-09.1 - Jeff Hansen 2008-05-10 21:26:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.166 [GMT -4:00]
Running from: C:\Documents and Settings\Jeff Hansen\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest\err.log
C:\Documents and Settings\Jeff Hansen\Application Data\macromedia\Flash Player\#SharedObjects\JLWWAZY2\www.broadcaster.com
C:\Documents and Settings\Jeff Hansen\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Jeff Hansen\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Jeff Hansen\err.log
C:\Documents and Settings\Jeff Hansen\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Jeff Hansen\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Jeff Hansen\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Jeff Hansen\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Jeff Hansen\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Jeff Hansen\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\Common Files\{34F43~1
C:\Program Files\Common Files\{34F43~1\Uninstall.exe
C:\Program Files\Common Files\{34F43~2
C:\Program Files\Common Files\{C4F43~1
C:\Program Files\CPV
C:\Program Files\inetget2
C:\Program Files\inetget2\sacatapo821058.exe
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\QdrPack15.exe
C:\Program Files\Temporary
C:\WA6P
C:\WINDOWS\b104.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\b999.exe
C:\WINDOWS\mrofinu1535.exe
C:\WINDOWS\system32\components
C:\WINDOWS\system32\dgjlm.ini2
C:\WINDOWS\system32\dgjlm.tmp
C:\WINDOWS\system32\iyspawlq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mevrkpsw.ini
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\mlnmp.tmp
C:\WINDOWS\system32\nnnmjgHy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COM+_MESSAGES

((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-10 12:55 . 2008-05-10 12:55d--------C:\Program Files\Spcron
2008-05-10 12:50 . 2008-05-10 12:50d--------C:\Program Files\Svconr
2008-05-09 22:31 . 2008-05-09 22:32d--------C:\Documents and Settings\Jeff Hansen\.limewire
2008-05-09 19:22 . 2008-05-09 19:22d--------C:\Documents and Settings\Jeff Hansen\Application Data\Lavasoft
2008-05-09 12:40 . 2008-02-12 14:4548--a------C:\Documents and Settings\Jeff Hansen\readme.bat
2008-05-09 10:45 . 2008-05-09 10:45d--------C:\Program Files\Common Files\Macromedia Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 01:39---------d-----wC:\Program Files\Steam
2008-05-11 01:38---------d-----wC:\Documents and Settings\Jeff Hansen\Application Data\WTablet
2008-05-11 01:37---------d-----wC:\Documents and Settings\LocalService\Application Data\WTablet
2008-05-08 21:33---------d-----wC:\Program Files\Common Files\Adobe
2008-05-08 21:27---------d-----wC:\Documents and Settings\Jeff Hansen\Application Data\AdobeUM
2008-03-26 21:40---------d-----wC:\Program Files\LimeWire
2008-03-26 17:45---------d-----wC:\Program Files\Kate's Video Converter
2008-02-10 03:2115----a-wC:\Documents and Settings\Jeff Hansen\StopWZC.bat
2008-02-10 03:2016----a-wC:\Documents and Settings\Jeff Hansen\StartWZC.bat
2008-01-09 21:20251----a-wC:\Program Files\wt3d.ini
2007-03-23 14:39382----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb1942.dat
2007-03-23 14:3869,632----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb4827.dat
2007-03-23 14:38151----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb292.dat
2007-03-23 14:380----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb2391.dat
2006-11-30 03:4249----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb41.dat
2006-11-29 15:466,144----a-wC:\Documents and Settings\Guest\Application Data\internaldb1362.dat
2006-11-22 06:520----a-wC:\Program Files\Common Files\err.log
2006-11-18 17:080----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb5436.dat
2006-11-16 20:079,216----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb9040.dat
2006-11-16 20:070----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb1912.dat
2006-11-16 04:570----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb4604.dat
2006-11-16 04:570----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb3902.dat
2006-11-16 04:570----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb153.dat
2006-11-04 21:037,048----a-wC:\Documents and Settings\All Users\Application Data\ypinfo.bin
2007-12-06 23:1088--sh--rC:\WINDOWS\system32\41457874FA.sys
2007-09-10 18:0756--sh--rC:\WINDOWS\system32\FA74784541.sys
2007-12-06 23:106,580--sha-wC:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E1550C1-DB0B-4B2D-B338-CA5DCF368E13}]
C:\WINDOWS\system32\pwlosnmw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7C0AA32-5656-42F4-BF96-09ED9F459BD9}]
2008-02-07 21:07217088--a------C:\Program Files\Messenger\kywokelyt821058.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E93121AD-7C67-417A-A6A5-87C60214AC80}]
C:\WINDOWS\system32\pmnlm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"Steam"="c:\program files\steam\steam.exe" [2008-04-01 19:03 1271032]
"Svconr"="C:\Program Files\Svconr\Svconr.exe" [2008-05-10 12:50 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 12:56 761947]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-03-23 14:31 230512]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-03-23 14:31 185456]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43 407032]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-07 19:15 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 02:37 57344]

C:\Documents and Settings\Jeff Hansen\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-03-09 15:57:14 81920]
Microsoft Office Shortcut Bar.Lnk [2007-04-02 15:06:31 761]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-25 09:30:07 784912]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-09-26 23:45:57 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlm]
C:\WINDOWS\system32\pmnlm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\Steam\\SteamApps\\hippiegothie\\team fortress 2\\hl2.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 17:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 15:55]
S3 SaiH0461;SaiH0461;C:\WINDOWS\system32\DRIVERS\SaiH0461.sys [2006-08-08 13:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 15:24:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-11 01:37:22 C:\WINDOWS\Tasks\Winter Fun Wallpaper Changer.job"
- C:\Documents and Settings\All Users\Start Menu\Programs\Winter Fun Pack 2004 for Windows XP\Winter Fun Wallpaper Changer.lnk
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 21:39:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\iSafe.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-05-10 21:45:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-11 01:45:30

Pre-Run: 10,848,620,544 bytes free
Post-Run: 10,703,892,480 bytes free

220--- E O F ---2008-04-11 07:09:05Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.

Click Start , then Run
Type notepad.exe in the Run Box.

2. Copy the TEXT in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

Folder::
C:\Program Files\Spcron
C:\Program Files\Svconr

REGISTRY::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E1550C1-DB0B-4B2D-B338-CA5DCF368E13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7C0AA32-5656-42F4-BF96-09ED9F459BD9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E93121AD-7C67-417A-A6A5-87C60214AC80}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svconr"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlm]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

----------

Create An Uninstall List

Start HijackThis
Click on the Open the Misc Tools section
Click on the Open Uninstall Manager button.
Click on the Save list button and specify where you would like to save this file and click Save.
- When you press Save button a notepad will open with the contents of that file.
Copy and paste that list in your reply.

.
----------

Next post add (you may need to use two posts to get everything in)
New Combofix log
Uninstall list

Let me know how everything is now
.ComboFix 08-05-09.1 - Jeff Hansen 2008-05-10 22:18:40.2 - NTFSx86
Running from: C:\Documents and Settings\Jeff Hansen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jeff Hansen\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jeff Hansen\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Program Files\Spcron
C:\Program Files\Spcron\Spcron.dll
C:\Program Files\Svconr
C:\Program Files\Svconr\Svconr.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-09 22:31 . 2008-05-09 22:32d--------C:\Documents and Settings\Jeff Hansen\.limewire
2008-05-09 19:22 . 2008-05-09 19:22d--------C:\Documents and Settings\Jeff Hansen\Application Data\Lavasoft
2008-05-09 12:40 . 2008-02-12 14:4548--a------C:\Documents and Settings\Jeff Hansen\readme.bat
2008-05-09 10:45 . 2008-05-09 10:45d--------C:\Program Files\Common Files\Macromedia Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 02:26---------d-----wC:\Program Files\Steam
2008-05-11 02:25---------d-----wC:\Documents and Settings\Jeff Hansen\Application Data\WTablet
2008-05-11 02:24---------d-----wC:\Documents and Settings\LocalService\Application Data\WTablet
2008-05-08 21:33---------d-----wC:\Program Files\Common Files\Adobe
2008-05-08 21:27---------d-----wC:\Documents and Settings\Jeff Hansen\Application Data\AdobeUM
2008-03-26 21:40---------d-----wC:\Program Files\LimeWire
2008-03-26 17:45---------d-----wC:\Program Files\Kate's Video Converter
2008-03-19 09:471,845,248----a-wC:\WINDOWS\system32\win32k.sys
2008-03-19 09:471,845,248------wC:\WINDOWS\system32\dllcache\win32k.sys
2008-03-10 13:4632,768----a-wC:\WINDOWS\system32\~GLH0003.TMP
2008-02-20 06:51282,624----a-wC:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51282,624------wC:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:3245,568----a-wC:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:3245,568------wC:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32148,992------wC:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 09:0718,432------wC:\WINDOWS\system32\dllcache\iedw.exe
2008-02-10 03:2115----a-wC:\Documents and Settings\Jeff Hansen\StopWZC.bat
2008-02-10 03:2016----a-wC:\Documents and Settings\Jeff Hansen\StartWZC.bat
2008-01-09 21:20251----a-wC:\Program Files\wt3d.ini
2007-03-23 14:39382----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb1942.dat
2007-03-23 14:3869,632----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb4827.dat
2007-03-23 14:38151----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb292.dat
2007-03-23 14:380----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb2391.dat
2006-11-30 03:4249----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb41.dat
2006-11-29 15:466,144----a-wC:\Documents and Settings\Guest\Application Data\internaldb1362.dat
2006-11-22 06:520----a-wC:\Program Files\Common Files\err.log
2006-11-18 17:080----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb5436.dat
2006-11-16 20:079,216----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb9040.dat
2006-11-16 20:070----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb1912.dat
2006-11-16 04:570----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb4604.dat
2006-11-16 04:570----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb3902.dat
2006-11-16 04:570----a-wC:\Documents and Settings\Jeff Hansen\Application Data\internaldb153.dat
2006-11-04 21:037,048----a-wC:\Documents and Settings\All Users\Application Data\ypinfo.bin
2007-12-06 23:1088--sh--rC:\WINDOWS\system32\41457874FA.sys
2007-09-10 18:0756--sh--rC:\WINDOWS\system32\FA74784541.sys
2007-12-06 23:106,580--sha-wC:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [emailprotected]_21.45.14.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 01:37:182,048--s-a-wC:\WINDOWS\bootstat.dat
+ 2008-05-11 02:24:272,048--s-a-wC:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E1550C1-DB0B-4B2D-B338-CA5DCF368E13}]
C:\WINDOWS\system32\pwlosnmw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7C0AA32-5656-42F4-BF96-09ED9F459BD9}]
2008-02-07 21:07217088--a------C:\Program Files\Messenger\kywokelyt821058.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E93121AD-7C67-417A-A6A5-87C60214AC80}]
C:\WINDOWS\system32\pmnlm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"Steam"="c:\program files\steam\steam.exe" [2008-04-01 19:03 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 12:56 761947]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-03-23 14:31 230512]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-03-23 14:31 185456]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43 407032]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-07 19:15 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 02:37 57344]

C:\Documents and Settings\Jeff Hansen\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-03-09 15:57:14 81920]
Microsoft Office Shortcut Bar.Lnk [2007-04-02 15:06:31 761]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-25 09:30:07 784912]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-09-26 23:45:57 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlm]
C:\WINDOWS\system32\pmnlm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\Steam\\SteamApps\\hippiegothie\\team fortress 2\\hl2.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 17:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 15:55]
S3 SaiH0461;SaiH0461;C:\WINDOWS\system32\DRIVERS\SaiH0461.sys [2006-08-08 13:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 15:24:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-11 02:24:33 C:\WINDOWS\Tasks\Winter Fun Wallpaper Changer.job"
- C:\Documents and Settings\All Users\Start Menu\Programs\Winter Fun Pack 2004 for Windows XP\Winter Fun Wallpaper Changer.lnk
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 22:26:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\iSafe.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-05-10 22:35:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-11 02:34:55
ComboFix2.txt 2008-05-11 01:45:37

Pre-Run: 10,695,467,008 bytes free
Post-Run: 12,507,443,200 bytes free

183--- E O F ---2008-04-11 07:09:05uninstall list

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader 7.1.0
Adobe Shockwave Player
AIM "You've Got Pictures" Picture Finder Plugin v9.5.1.8
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Applications
Audacity 1.2.5
Broadcom Management Programs
CDDRV_Installer
Conexant HDA D110 MDC V.92 Modem
Corel Painter Essentials 3
CursorXP
Dell Digital Jukebox Driver
Dell Support 3.1
Dell Wireless WLAN Card
DellConnect
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Documentation & Support Launcher
EducateU
ESPNMotion
Games, Music, & Photos Launcher
GemMaster Mystic
Half-Life 2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB926239)
HyperCam 2
Intel(R) Graphics Media Accelerator Driver
Internal Network Card Power Management
Internet Service Offers Launcher
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) SE Runtime Environment 6 Update 1
KhalInstallWrapper
Learn2 Player (Uninstall Only)
LimeWire PRO 4.8.1
Logitech SetPoint
Macromedia Flash 5
MCU
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft GIF Animator
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 97, Professional Edition
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
NetWaiting
NetZeroInstallers
nik COLOR Efex Pro 2.0 IE
Opera 9.24
Otto
Peggle Deluxe
Peggle Extreme
Picasa 2
Portal
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer
RealWorld Cursor Editor
Safety Alert 2006
Safety Bar
Saitek SST Programming Software
Search Enhancer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
SigmaTel Audio
Sonic DLA
Sonic Encoders
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy 1.4
Steam
Synaptics Pointing Device Driver
Tablet
Team Fortress 2 Dedicated Server
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
WebCyberCoach 3.2 Dell
WhiteCap
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
WinZip
Xvid 1.1.2 final uninstall

That didn't get everything I hoped it would and there was a new entry I have not seen before. We may need to run it again if the next set of instructions don't work.

-----

Your Java is out of date.
Older versions of Java have VULNERABILITIES that malware can use to infect your system.
Please follow these steps to remove older version(s) of Java components and update.

Step 1 - Get the new version

Go to the Sun Java Download Page
On the Sun Java page scroll to the 5th download. Java Runtime Environment (JRE) 6 Update 6
Click the button and choose the options.
- Platform Windows
- Language English
- Next place a check mark in the box to agree to the License Agreement.
"I agree to the Java SE Runtime Environment 6 License Agreement"
Click Continue
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop double-click on jre-6u6-windowsi586-p.exe to install the newest version.
Follow the prompts to complete the installation.

Step 2 - Remove old version(s)

Close any programs you may have running - especially your web browser.
Go to Start > Control Panel > Add/Remove programs and remove all older versions of Java.
Uninstall:
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) SE Runtime Environment 6 Update 1
Do not remove Java 6 Update 6
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each old Java version.
- Restart your computer once all Java components are removed.
Step 3 - Remove old folder(s)
- Double click My Computer on the desktop, Locate this folder: C:\Program Files\Java
- Open the Java folder and delete any subfolders except the jre1.6.0_06 folder which was just created by the newest Java installation.
-----

Go to add/remove programs and uninstall:
Safety Alert 2006
Safety Bar
Search Enhancer
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar

Please check add/remove programs to be sure these actually uninstalled. Let me know if they don't.

----------

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard).
- Finally add the contents of the Report.txt in your next post.
----------

Now run a new Hijackthis scan and post that log as well.

----------

Next post
SDFix log
New Hijackthis log

Solve : HijackThis log for a win32/vundo!generic problum?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment