1.

Solve : PLEASE HELP I have been Hijacked?

Answer»

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

Folder::
c:\program files\Winferno\RegistryPowerCleaner

File::
c:\windows\Tasks\rpc.job

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
ok thank you, Here is my new log

ComboFix 09-02-12.03 - Owner 2009-02-14  8:45:02.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.255.105 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
COMMAND switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2009-01-14 to 2009-02-14  )))))))))))))))))))))))))))))))
.

2009-02-12 01:34 . 2009-02-12 01:34      d--------   C:\ca95aaa2e5c16143353336
2009-02-09 10:12 . 2009-02-09 10:12      d--------   c:\windows\Desktop
2009-02-06 01:09 . 2009-02-06 01:16      d---s----   c:\documents and settings\Administrator
2009-02-05 01:45 . 2009-02-05 01:45      d--------   c:\program files\Trend Micro
2009-02-04 21:21 . 2005-09-01 11:03   127,488   ---------   c:\windows\system32\drivers\imagesrv.sys
2009-02-04 21:21 . 2005-09-01 11:03   5,888   ---------   c:\windows\system32\drivers\imagedrv.sys
2009-02-04 15:33 . 2009-02-12 19:41      d--------   c:\program files\MSECACHE
2009-02-04 14:03 . 2009-02-04 13:15   15,688   --a------   c:\windows\system32\lsdelete.exe
2009-02-04 12:58 . 2009-02-04 12:58      d----c---   c:\windows\system32\DRVSTORE
2009-02-04 12:58 . 2009-01-18 16:30   64,160   --a------   c:\windows\system32\drivers\Lbd.sys
2009-02-04 12:56 . 2009-02-04 12:57      d--H-c---   c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-04 12:02 . 2009-01-28 12:06   1,405,680   ---------   C:\WindowsServer2003-KB833167-x86-ENU.EXE
2009-02-04 12:02 . 2009-01-28 12:06   1,081,072   ---------   C:\WINDOWSSERVER2003-KB833167-X86-ENU-Symbols.EXE
2009-02-03 14:10 . 2009-02-03 14:10      d--------   c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-03 12:58 . 2009-02-03 12:56   73,728   --a------   c:\windows\system32\javacpl.cpl
2009-02-03 10:59 . 2009-02-03 10:59      d--------   c:\program files\Java(2)
2009-02-02 15:56 . 2009-02-02 15:56      d--------   c:\windows\ShellNew
2009-02-02 15:55 . 2009-02-02 15:55      d--------   c:\program files\Microsoft ActiveSync
2009-02-02 15:55 . 2009-02-02 15:55      d--------   c:\program files\Common Files\L&H
2009-01-30 20:37 . 2009-02-04 17:27      d--------   c:\windows\system32\NtmsData
2009-01-25 22:52 . 2009-01-25 23:01      d--------   C:\031a77de410c59025efbcd16
2009-01-23 09:28 . 2009-01-23 09:31      d--------   c:\program files\CA Yahoo! Anti-Spy
2009-01-20 17:29 . 2009-02-03 14:12      d--------   c:\program files\QuickTime
2009-01-20 17:23 . 2009-01-20 17:23      d--------   c:\program files\Apple Software Update
2009-01-20 17:23 . 2009-01-20 17:23      d--------   c:\documents and settings\All Users\Application Data\Apple
2009-01-17 21:27 . 2009-01-17 21:27      d--------   c:\program files\CONEXANT
2009-01-14 15:10 . 2001-08-17 13:47   12,928   --a------   c:\windows\system32\drivers\Dot4Prt.sys
2009-01-14 15:10 . 2001-08-17 13:47   12,928   --a--c---   c:\windows\system32\dllcache\dot4prt.sys
2009-01-14 15:09 . 2008-04-13 14:39   206,976   --a------   c:\windows\system32\drivers\Dot4.sys
2009-01-14 15:09 . 2008-04-13 14:39   206,976   --a--c---   c:\windows\system32\dllcache\dot4.sys
2009-01-14 15:09 . 2001-08-17 13:47   23,808   --a------   c:\windows\system32\drivers\Dot4usb.sys
2009-01-14 15:09 . 2001-08-17 13:47   23,808   --a--c---   c:\windows\system32\dllcache\dot4usb.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 00:43   ---------   d-----w   c:\program files\Windows MEDIA Connect 2
2009-02-05 21:07   ---------   d-----w   c:\program files\Ahead
2009-02-04 17:55   ---------   d-----w   c:\program files\Lavasoft
2009-02-03 17:56   410,984   ----a-w   c:\windows\system32\deploytk.dll
2009-02-01 14:37   325,128   ----a-w   c:\windows\system32\drivers\avgldx86.sys
2009-02-01 14:37   107,272   ----a-w   c:\windows\system32\drivers\avgtdix.sys
2009-02-01 14:37   10,520   ----a-w   c:\windows\system32\avgrsstx.dll
2009-01-31 01:32   ---------   d-----w   c:\program files\DivX
2009-01-29 07:55   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg8
2009-01-23 15:02   ---------   d-----w   c:\program files\Free Offers from Freeze.com
2009-01-23 14:28   ---------   d-----w   c:\program files\Common Files\Scanner
2009-01-16 21:07   ---------   d-----w   c:\program files\Java
2009-01-06 18:29   ---------   d-----w   c:\program files\LimeWire
2009-01-06 17:55   ---------   d-----w   c:\program files\Real
2009-01-06 17:55   ---------   d-----w   c:\program files\Common Files\Real
2008-12-29 15:01   ---------   d-----w   c:\program files\MSXML 4.0
2008-12-28 02:52   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-28 02:52   ---------   d-----w   c:\program files\Samsung
2008-12-28 02:52   ---------   d-----w   c:\program files\MarkAny
2008-12-20 23:15   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-09-15 09:25   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091520080916\index.dat
.

(((((((((((((((((((((((((((((   [email protected]_ 1.57.55.77   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-04 18:08:14   16,384   -c--a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-13 03:00:59   16,384   -c--a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-04 18:08:14   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-13 03:00:59   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-04 18:08:14   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-13 03:00:59   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-14 13:36:55   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_1ac.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-17 4670704]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [BU]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-01-27 1381376]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"LWBMOUSE"="c:\program files\Gigaware\Gigaware Driver\4.06\MOUSE32A.EXE" [2001-11-09 356352]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-01 1601304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-04 509784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2007-07-11 36864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2007-07-11 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-01 09:37 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-04 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-12 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-12 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-12 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-12 298264]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2007-07-11 34916]
R3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2007-07-11 148352]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [2001-07-11 23153]
.
Contents of the 'Scheduled Tasks' folder

2009-02-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-04 13:14]

2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-08 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\mkokt0q1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 08:49:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


**************************************************************************
.
Completion time: 2009-02-14  8:55:10
ComboFix-quarantined-files.txt  2009-02-14 13:53:43
ComboFix2.txt  2009-02-14 13:16:39
ComboFix3.txt  2009-02-12 07:02:10
ComboFix4.txt  2009-02-12 05:54:52

Pre-Run: 13,276,667,904 bytes free
Post-Run: 13,262,733,312 bytes free

165   --- E O F ---   2009-02-12 06:36:29

I don't think you followed the directions correctly. Please try again.Ok Hopefully I did this Right, I had to try it a few times for it to work with out my computer freezing on me, But this time i did it in safe mode and i think it took LOL
Heres my log

ComboFix 09-02-14.01 - Owner 2009-02-15 22:12:53.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.255.150 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

FILE ::
c:\windows\Tasks\rpc.job
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\rpc.job
H:\autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2009-01-16 to 2009-02-16  )))))))))))))))))))))))))))))))
.

2009-02-15 19:27 . 2009-02-15 19:34      d--------   C:\32788R22FWJFW(2)
2009-02-15 19:18 . 2009-02-15 19:34      d--------   C:\RECYCLER(2)
2009-02-15 19:17 . 2009-02-15 19:34      d--------   C:\ComboFix(2)
2009-02-12 01:34 . 2009-02-12 01:34      d--------   C:\ca95aaa2e5c16143353336
2009-02-09 10:12 . 2009-02-09 10:12      d--------   c:\windows\Desktop
2009-02-06 01:09 . 2009-02-06 01:16      d---s----   c:\documents and settings\Administrator
2009-02-05 02:38 . 2009-02-05 02:38      d--------   c:\documents and settings\Owner\Application Data\Apple Computer
2009-02-05 01:45 . 2009-02-05 01:45      d--------   c:\program files\Trend Micro
2009-02-04 21:21 . 2005-09-01 11:03   127,488   ---------   c:\windows\system32\drivers\imagesrv.sys
2009-02-04 21:21 . 2005-09-01 11:03   5,888   ---------   c:\windows\system32\drivers\imagedrv.sys
2009-02-04 15:33 . 2009-02-12 19:41      d--------   c:\program files\MSECACHE
2009-02-04 14:03 . 2009-02-04 13:15   15,688   --a------   c:\windows\system32\lsdelete.exe
2009-02-04 12:58 . 2009-02-04 12:58      d----c---   c:\windows\system32\DRVSTORE
2009-02-04 12:58 . 2009-01-18 16:30   64,160   --a------   c:\windows\system32\drivers\Lbd.sys
2009-02-04 12:56 . 2009-02-04 12:57      d--h-c---   c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-04 12:02 . 2009-01-28 12:06   1,405,680   ---------   C:\WindowsServer2003-KB833167-x86-ENU.EXE
2009-02-04 12:02 . 2009-01-28 12:06   1,081,072   ---------   C:\WINDOWSSERVER2003-KB833167-X86-ENU-Symbols.EXE
2009-02-03 14:10 . 2009-02-03 14:10      d--------   c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-03 12:58 . 2009-02-03 12:56   73,728   --a------   c:\windows\system32\javacpl.cpl
2009-02-03 10:59 . 2009-02-03 10:59      d--------   c:\program files\Java(2)
2009-02-02 15:56 . 2009-02-02 15:56      d--------   c:\windows\ShellNew
2009-02-02 15:55 . 2009-02-02 15:55      d--------   c:\program files\Microsoft ActiveSync
2009-02-02 15:55 . 2009-02-02 15:55      d--------   c:\program files\Common Files\L&H
2009-01-30 20:37 . 2009-02-04 17:27      d--------   c:\windows\system32\NtmsData
2009-01-25 22:52 . 2009-01-25 23:01      d--------   C:\031a77de410c59025efbcd16
2009-01-23 09:28 . 2009-01-23 09:31      d--------   c:\program files\CA Yahoo! Anti-Spy
2009-01-20 17:29 . 2009-02-03 14:12      d--------   c:\program files\QuickTime
2009-01-20 17:23 . 2009-01-20 17:23      d--------   c:\program files\Apple Software Update
2009-01-20 17:23 . 2009-01-20 17:23      d--------   c:\documents and settings\All Users\Application Data\Apple
2009-01-17 21:27 . 2009-01-17 21:27      d--------   c:\program files\CONEXANT

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 00:55   ---------   d-----w   c:\documents and settings\Owner\Application Data\mjusbsp
2009-02-13 00:43   ---------   d-----w   c:\program files\Windows Media Connect 2
2009-02-05 21:07   ---------   d-----w   c:\program files\Ahead
2009-02-05 07:41   ---------   d-----w   c:\documents and settings\Owner\Application Data\LimeWire
2009-02-04 17:55   ---------   d-----w   c:\program files\Lavasoft
2009-02-01 14:37   325,128   ----a-w   c:\windows\system32\drivers\avgldx86.sys
2009-02-01 14:37   107,272   ----a-w   c:\windows\system32\drivers\avgtdix.sys
2009-01-31 01:32   ---------   d-----w   c:\program files\DivX
2009-01-29 07:55   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg8
2009-01-23 15:02   ---------   d-----w   c:\program files\Free Offers from Freeze.com
2009-01-23 14:28   ---------   d-----w   c:\program files\Common Files\Scanner
2009-01-19 17:33   ---------   d-----w   c:\documents and settings\Owner\Application Data\Yahoo!
2009-01-16 21:07   ---------   d-----w   c:\program files\Java
2009-01-06 18:29   ---------   d-----w   c:\program files\LimeWire
2009-01-06 17:55   ---------   d-----w   c:\program files\Real
2009-01-06 17:55   ---------   d-----w   c:\program files\Common Files\Real
2008-12-29 15:01   ---------   d-----w   c:\program files\MSXML 4.0
2008-12-28 21:40   ---------   d-----w   c:\documents and settings\Owner\Application Data\FrostWire
2008-12-28 02:52   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-28 02:52   ---------   d-----w   c:\program files\Samsung
2008-12-28 02:52   ---------   d-----w   c:\program files\MarkAny
2008-12-28 02:52   ---------   d-----w   c:\documents and settings\Owner\Application Data\DataCast
2008-09-15 09:25   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091520080916\index.dat
.

(((((((((((((((((((((((((((((   [email protected]_ 1.57.55.77   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-04 18:08:14   16,384   -c--a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-13 03:00:59   16,384   -c--a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-04 18:08:14   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-13 03:00:59   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-04 18:08:14   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-13 03:00:59   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-06 06:22:12   229,088   ----a-w   c:\windows\system32\Restore\rstrlog.dat
+ 2009-02-16 00:37:45   465,312   ----a-w   c:\windows\system32\Restore\rstrlog.dat
+ 2006-01-09 14:36:06   40,960   ----a-w   c:\windows\system32\swsc.exe
+ 2009-02-16 03:17:29   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_3cc.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-17 4670704]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [BU]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-01-27 1381376]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"LWBMOUSE"="c:\program files\Gigaware\Gigaware Driver\4.06\MOUSE32A.EXE" [2001-11-09 356352]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-01 1601304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-04 509784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2007-07-11 36864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2007-07-11 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-01 09:37 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-04 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-12 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-12 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-12 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-12 298264]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2007-07-11 34916]
R3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2007-07-11 148352]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [2001-07-11 23153]
.
Contents of the 'Scheduled Tasks' folder

2009-02-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-04 13:14]

2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\mkokt0q1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 22:18:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-02-15 22:30:07 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt  2009-02-16 03:30:01
ComboFix2.txt  2009-02-15 21:38:22
ComboFix3.txt  2009-02-14 13:55:13
ComboFix4.txt  2009-02-14 13:16:39
ComboFix5.txt  2009-02-16 00:17:42

Pre-Run: 13,197,402,112 bytes free
Post-Run: 12,912,472,064 bytes free

197   --- E O F ---   2009-02-12 06:36:29
Ok Hopefully I did this Right, I had to try it a few times for it to work with out my computer freezing on me, But this time i did it in safe mode and i think it took LOL
Heres my log

ComboFix 09-02-14.01 - Owner 2009-02-15 22:12:53.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.255.150 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

FILE ::
c:\windows\Tasks\rpc.job
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\rpc.job
H:\autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2009-01-16 to 2009-02-16  )))))))))))))))))))))))))))))))
.

2009-02-15 19:27 . 2009-02-15 19:34      d--------   C:\32788R22FWJFW(2)
2009-02-15 19:18 . 2009-02-15 19:34      d--------   C:\RECYCLER(2)
2009-02-15 19:17 . 2009-02-15 19:34      d--------   C:\ComboFix(2)
2009-02-12 01:34 . 2009-02-12 01:34      d--------   C:\ca95aaa2e5c16143353336
2009-02-09 10:12 . 2009-02-09 10:12      d--------   c:\windows\Desktop
2009-02-06 01:09 . 2009-02-06 01:16      d---s----   c:\documents and settings\Administrator
2009-02-05 02:38 . 2009-02-05 02:38      d--------   c:\documents and settings\Owner\Application Data\Apple Computer
2009-02-05 01:45 . 2009-02-05 01:45      d--------   c:\program files\Trend Micro
2009-02-04 21:21 . 2005-09-01 11:03   127,488   ---------   c:\windows\system32\drivers\imagesrv.sys
2009-02-04 21:21 . 2005-09-01 11:03   5,888   ---------   c:\windows\system32\drivers\imagedrv.sys
2009-02-04 15:33 . 2009-02-12 19:41      d--------   c:\program files\MSECACHE
2009-02-04 14:03 . 2009-02-04 13:15   15,688   --a------   c:\windows\system32\lsdelete.exe
2009-02-04 12:58 . 2009-02-04 12:58      d----c---   c:\windows\system32\DRVSTORE
2009-02-04 12:58 . 2009-01-18 16:30   64,160   --a------   c:\windows\system32\drivers\Lbd.sys
2009-02-04 12:56 . 2009-02-04 12:57      d--h-c---   c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-04 12:02 . 2009-01-28 12:06   1,405,680   ---------   C:\WindowsServer2003-KB833167-x86-ENU.EXE
2009-02-04 12:02 . 2009-01-28 12:06   1,081,072   ---------   C:\WINDOWSSERVER2003-KB833167-X86-ENU-Symbols.EXE
2009-02-03 14:10 . 2009-02-03 14:10      d--------   c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-03 12:58 . 2009-02-03 12:56   73,728   --a------   c:\windows\system32\javacpl.cpl
2009-02-03 10:59 . 2009-02-03 10:59      d--------   c:\program files\Java(2)
2009-02-02 15:56 . 2009-02-02 15:56      d--------   c:\windows\ShellNew
2009-02-02 15:55 . 2009-02-02 15:55      d--------   c:\program files\Microsoft ActiveSync
2009-02-02 15:55 . 2009-02-02 15:55      d--------   c:\program files\Common Files\L&H
2009-01-30 20:37 . 2009-02-04 17:27      d--------   c:\windows\system32\NtmsData
2009-01-25 22:52 . 2009-01-25 23:01      d--------   C:\031a77de410c59025efbcd16
2009-01-23 09:28 . 2009-01-23 09:31      d--------   c:\program files\CA Yahoo! Anti-Spy
2009-01-20 17:29 . 2009-02-03 14:12      d--------   c:\program files\QuickTime
2009-01-20 17:23 . 2009-01-20 17:23      d--------   c:\program files\Apple Software Update
2009-01-20 17:23 . 2009-01-20 17:23      d--------   c:\documents and settings\All Users\Application Data\Apple
2009-01-17 21:27 . 2009-01-17 21:27      d--------   c:\program files\CONEXANT

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 00:55   ---------   d-----w   c:\documents and settings\Owner\Application Data\mjusbsp
2009-02-13 00:43   ---------   d-----w   c:\program files\Windows Media Connect 2
2009-02-05 21:07   ---------   d-----w   c:\program files\Ahead
2009-02-05 07:41   ---------   d-----w   c:\documents and settings\Owner\Application Data\LimeWire
2009-02-04 17:55   ---------   d-----w   c:\program files\Lavasoft
2009-02-01 14:37   325,128   ----a-w   c:\windows\system32\drivers\avgldx86.sys
2009-02-01 14:37   107,272   ----a-w   c:\windows\system32\drivers\avgtdix.sys
2009-01-31 01:32   ---------   d-----w   c:\program files\DivX
2009-01-29 07:55   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg8
2009-01-23 15:02   ---------   d-----w   c:\program files\Free Offers from Freeze.com
2009-01-23 14:28   ---------   d-----w   c:\program files\Common Files\Scanner
2009-01-19 17:33   ---------   d-----w   c:\documents and settings\Owner\Application Data\Yahoo!
2009-01-16 21:07   ---------   d-----w   c:\program files\Java
2009-01-06 18:29   ---------   d-----w   c:\program files\LimeWire
2009-01-06 17:55   ---------   d-----w   c:\program files\Real
2009-01-06 17:55   ---------   d-----w   c:\program files\Common Files\Real
2008-12-29 15:01   ---------   d-----w   c:\program files\MSXML 4.0
2008-12-28 21:40   ---------   d-----w   c:\documents and settings\Owner\Application Data\FrostWire
2008-12-28 02:52   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-28 02:52   ---------   d-----w   c:\program files\Samsung
2008-12-28 02:52   ---------   d-----w   c:\program files\MarkAny
2008-12-28 02:52   ---------   d-----w   c:\documents and settings\Owner\Application Data\DataCast
2008-09-15 09:25   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091520080916\index.dat
.

(((((((((((((((((((((((((((((   [email protected]_ 1.57.55.77   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-04 18:08:14   16,384   -c--a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-13 03:00:59   16,384   -c--a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-04 18:08:14   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-13 03:00:59   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-04 18:08:14   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-13 03:00:59   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-06 06:22:12   229,088   ----a-w   c:\windows\system32\Restore\rstrlog.dat
+ 2009-02-16 00:37:45   465,312   ----a-w   c:\windows\system32\Restore\rstrlog.dat
+ 2006-01-09 14:36:06   40,960   ----a-w   c:\windows\system32\swsc.exe
+ 2009-02-16 03:17:29   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_3cc.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-17 4670704]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [BU]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-01-27 1381376]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"LWBMOUSE"="c:\program files\Gigaware\Gigaware Driver\4.06\MOUSE32A.EXE" [2001-11-09 356352]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-01 1601304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-04 509784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2007-07-11 36864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2007-07-11 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-01 09:37 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-04 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-12 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-12 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-12 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-12 298264]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2007-07-11 34916]
R3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2007-07-11 148352]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [2001-07-11 23153]
.
Contents of the 'Scheduled Tasks' folder

2009-02-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-04 13:14]

2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\mkokt0q1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 22:18:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-02-15 22:30:07 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt  2009-02-16 03:30:01
ComboFix2.txt  2009-02-15 21:38:22
ComboFix3.txt  2009-02-14 13:55:13
ComboFix4.txt  2009-02-14 13:16:39
ComboFix5.txt  2009-02-16 00:17:42

Pre-Run: 13,197,402,112 bytes free
Post-Run: 12,912,472,064 bytes free

197   --- E O F ---   2009-02-12 06:36:29

    Yes that's better.

    • Click START then RUN
    • Now type Combofix /u in the runbox
    • Make sure there's a space between Combofix and /u
    • Then hit Enter.
    .
    • The above procedure will:
    • Delete the following:
    • ComboFix and its associated files and folders.
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Set a new, clean Restore Point.
    .
    ----------

    Download
ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator
  • Under Main: Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords click No at the prompt.
  • Click Exit on the Main menu to close the program.
.
Note that your system will run slower for a reboot or two after having used this TOOL so don't panic.

----------

Download OTCleanIt.exe and save it to your Desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it yourself.
.
Important: Restart the computer before continuing.

----------

Use the ESET Online Antivirus Scanner

This scanner requires Internet Explorer

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

Also let me know how the computer is running now.Thank you my computer is running better,But have one more problem Windows installer keeps opening every time i do something should i try to get a new version or something?

Heres my log from ESET

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3857 (20090216)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=3e83c31cdf5f6f4ea0604f3a36eb9d7e
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-16 09:36:46
# local_time=2009-02-16 04:36:46 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=131046
# found=0
# scan_time=2631Download Deckard's Association File Tool (DAFT) and save it to your desktop.
  • Rename daft.exe to daft.com and double click on it to run.
  • Read the disclaimer and click OK.
  • Click on the Scan button.
  • If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a checkmark (tick) in the boxes in question.
  • Click the Fix button.
.
Was anything found and fixed?I keep getting page not found when i try to download Deckard's Association File Tool
Try Dial-a-fix.

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

  • Open the folder and run Dial-a-fix.exe
  • 2 windows will open. Close the one in the background labeled Restrictive Policies
  • Check the box in section 1, Empty temp folders.
  • Check the box in section 2, Fix Windows Installer.
  • Check the box in section 3, Fix Windows Update.
  • Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
  • Check all boxes in section 5, labeled Registration Center.
  • Click Go
  • OK any error messages if received, but write them down and post them here.
  • Restart the computer when done.
.
Is the problem fixed?Thank you Every thing is good if i use mozilla,But when open any windows With IE installer pops up. I thank you so muchRe-register MsiExec
  • Go to Start > Run
  • Type or Copy and Paste the following:
    • MSIEXEC /UNREGISTER then hit enter.
  • Then again Start > Run
  • Now type or Copy and Paste the following:
    • MSIEXEC /REGSERVER then hit enter.
.
No visible change will take place. Try to install/uninstall again.

If this method fails, you will need to reinstall the Microsoft Windows Installer (MSI)
Windows Installer 3.1
Windows Installer 4.5LOL OK Well i figured out one thing Everytime i download anything from windows it wont install even windows update fails 
Should i go to a different forum and make a new post,so i dont have to bug you with this problemGo to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

[HKEY_CLASSES_ROOT\regfile]
="Registration Entries"
"EditFlags"=dword:00100000
"BrowserFlags"=dword:00000008

[HKEY_CLASSES_ROOT\regfile\DefaultIcon]
=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,72,00,65,00,67,00,65,00,64,00,69,00,74,00,2e,00,65,00,78,00,65,00,\
  2c,00,31,00,00,00

[HKEY_CLASSES_ROOT\regfile\shell]
="open"

[HKEY_CLASSES_ROOT\regfile\shell\edit]

[HKEY_CLASSES_ROOT\regfile\shell\edit\command]
=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\
  54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,\
  00

[HKEY_CLASSES_ROOT\regfile\shell\open]
="MER&ge"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\regfile\shell\print]

[HKEY_CLASSES_ROOT\regfile\shell\print\command]
=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\
  54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,2f,00,70,00,20,\
  00,25,00,31,00,00,00

[HKEY_CLASSES_ROOT\.lnk]
="lnkfile"

[HKEY_CLASSES_ROOT\.lnk\ShellEx]

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214EE-0000-0000-C000-000000000046}]
="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214F9-0000-0000-C000-000000000046}]
="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{00021500-0000-0000-C000-000000000046}]
="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}]
="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellNew]
"Command"="rundll32.exe appwiz.cpl,NewLinkHere %1"

[HKEY_CLASSES_ROOT\lnkfile]
="Shortcut"
"EditFlags"=dword:00000001
"IsShortcut"=""
"NeverShowExt"=""

[HKEY_CLASSES_ROOT\lnkfile\CLSID]
="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\Offline Files]
="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}]

[HKEY_CLASSES_ROOT\lnkfile\shellex\DropHandler]
="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler]
="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers\ShimLayer Property Page]
="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}]
="Shortcut"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32]
="shell32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered]

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentHandler]
="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\ProgID]
="lnkfile"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex]

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex\MayChangeDefaultMenu]

Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

Is it fixed now?


Discussion

No Comment Found

Related InterviewSolutions