anitvirus programs wont run!

**graf** · 01-31-2010 04:23 AM

can I still get some help if I can't get the log files? I can't get the superantivirus, and the malware bytes logs because my laptop cut of before they can finsh, I couldn't even install the super antivirus program because I get this a (windows install error) or when I run any spyware or A/V program my computer shuts down. can't make headway.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:10:57, on 1/30/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avant Browser\avant.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Free Radio TV Toolbar - {9dbb9aeb-5a16-4989-a66f-c0f1c909d647} - C:\Program Files\Free_Radio_TV\tbFree.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Free Radio TV Toolbar - {9dbb9aeb-5a16-4989-a66f-c0f1c909d647} - C:\Program Files\Free_Radio_TV\tbFree.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\mrojan vemover\Trjscan.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.milwaukeepc.com
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8256 bytes

**evilfantasy** · 01-31-2010 03:08 PM

PC Tools Firewall Plus
ZoneAlarm

Running multiple software firewalls is unnecessary for typical home computers, home networking, and small-business networking scenarios. Using two firewalls on the same connection could cause issues with connectivity to the Internet or other unexpected behavior.

One firewall, whether it is the Windows XP Internet Connection Firewall or a different software firewall, can provide substantial protection for your computer.

Therefore please go to add/remove programs in the control panel and remove one of these.

Restart the computer before continuing.

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

**graf** · 02-01-2010 08:27 PM

ComboFix 10-02-01.02 - Chris N 02/01/2010 20:09:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.259 [GMT -6:00]
Running from: c:\documents and settings\Chris N\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Bug Doctor
c:\documents and settings\All Users\Start Menu\Programs\Bug Doctor\BugDoctor.lnk
c:\documents and settings\All Users\Start Menu\Programs\Bug Doctor\Get Bonuses!.lnk
c:\documents and settings\All Users\Start Menu\Programs\Bug Doctor\Uninstall BugDoctor.lnk
c:\windows\system32\Ultra.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-02-02 01:25 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2010-02-02 01:25 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2010-02-02 01:25 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2010-02-02 01:25 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2010-02-02 01:25 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2010-02-02 00:56 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2010-02-02 00:56 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2010-02-02 00:56 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2010-02-01 00:10 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2010-01-31 18:18 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2010-01-31 18:18 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2010-01-31 18:18 . 2008-06-17 19:02 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll
2010-01-31 18:18 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2010-01-31 18:17 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2010-01-31 18:17 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-01-31 18:17 . 2009-08-25 09:17 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll
2010-01-31 18:17 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2010-01-31 18:17 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2010-01-31 18:16 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2010-01-31 18:16 . 2009-06-10 14:13 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2010-01-31 18:16 . 2009-06-25 08:25 147456 -c----w- c:\windows\system32\dllcache\schannel.dll
2010-01-31 18:09 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-31 18:09 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-31 18:09 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-31 18:08 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-31 18:08 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-31 18:07 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-31 18:07 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-31 18:07 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2010-01-31 06:56 . 2010-01-31 06:56 -------- d-----w- c:\windows\system32\scripting
2010-01-31 06:56 . 2010-01-31 06:56 -------- d-----w- c:\windows\system32\bits
2010-01-31 00:32 . 2010-01-31 00:32 -------- d-----w- c:\documents and settings\Chris N\Local Settings\Application Data\Threat Expert
2010-01-30 23:51 . 2010-01-31 17:56 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-01-30 23:48 . 2010-01-07 18:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-30 23:47 . 2009-11-23 19:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-30 23:47 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-30 23:47 . 2010-01-31 18:06 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-30 19:49 . 2010-01-31 17:10 -------- d-----w- c:\program files\Bug Doctor
2010-01-29 10:02 . 2010-01-30 20:13 -------- d-----w- c:\program files\Enigma Software Group
2010-01-29 09:50 . 2010-01-30 23:53 -------- d-----w- c:\documents and settings\Chris N\Local Settings\Application Data\Ashampoo
2010-01-29 09:45 . 2010-01-29 09:45 -------- d-----w- c:\program files\Ashampoo
2010-01-28 22:49 . 2010-01-28 22:49 -------- d-----w- c:\windows\system32\NtmsData
2010-01-28 19:33 . 2009-12-12 00:05 3613560 ----a-w- c:\documents and settings\Chris N\Application Data\Simply Super Software\Trojan Remover\ydx1.exe
2010-01-28 19:28 . 2010-01-28 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-01-28 11:29 . 2010-01-31 05:57 -------- d-----w- c:\windows\EHome
2010-01-28 10:51 . 2010-01-28 10:51 -------- d-sh--w- c:\documents and settings\Chris N\PrivacIE
2010-01-28 10:47 . 2010-01-28 10:47 -------- d-----w- c:\program files\Trend Micro
2010-01-28 07:15 . 2010-01-28 07:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-28 05:52 . 2010-01-28 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-01-28 05:52 . 2010-01-28 06:13 -------- d-----w- c:\program files\RegCure
2010-01-28 02:05 . 2010-01-28 02:05 -------- d-----w- c:\program files\CCleaner
2010-01-28 00:54 . 2010-01-28 00:54 -------- d-----w- c:\documents and settings\Chris N\Application Data\Malwarebytes
2010-01-28 00:54 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 00:54 . 2010-01-28 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-28 00:54 . 2010-01-28 00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 00:54 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-28 00:52 . 2010-01-28 00:52 -------- d-----w- c:\program files\InCode Solutions
2010-01-28 00:02 . 2010-01-28 07:15 63 ----a-w- c:\windows\system\SysSD.dll
2010-01-28 00:02 . 2006-12-07 01:02 1032192 ----a-w- c:\windows\system32\VchReg.dll
2010-01-28 00:01 . 2010-01-28 00:01 -------- d-----w- c:\windows\Downloaded Installations
2010-01-27 23:13 . 2010-01-27 23:13 -------- d-----w- c:\documents and settings\Chris N\Local Settings\Application Data\G DATA
2010-01-27 22:45 . 2010-01-31 18:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-27 22:40 . 2010-02-01 03:29 -------- d-----w- c:\program files\mrojan vemover
2010-01-27 22:40 . 2010-01-27 22:40 -------- d-----w- c:\documents and settings\Chris N\Application Data\Simply Super Software
2010-01-27 13:51 . 2010-01-27 13:51 -------- d-sh--w- c:\documents and settings\Chris N\IECompatCache
2010-01-27 12:00 . 2010-01-27 12:00 -------- d-----w- c:\documents and settings\Chris N\Application Data\MailFrontier
2010-01-27 11:59 . 2010-02-01 04:32 2544672 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-27 11:54 . 2010-01-27 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier
2010-01-27 11:54 . 2010-02-02 00:53 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-01-27 11:54 . 2007-11-14 22:05 75248 ----a-w- c:\windows\zllsputility.exe
2010-01-27 11:54 . 2004-04-27 10:40 11264 ----a-w- c:\windows\system32\SpOrder.dll
2010-01-27 11:53 . 2007-11-14 22:04 83432 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-27 11:53 . 2007-11-14 22:04 71144 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-27 11:53 . 2007-11-14 22:05 1086952 ----a-w- c:\windows\system32\zpeng24.dll
2010-01-27 11:53 . 2010-01-30 20:27 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-27 11:53 . 2010-01-27 11:53 -------- d-----w- c:\program files\Zone Labs
2010-01-27 11:52 . 2010-02-02 02:03 -------- d-----w- c:\windows\Internet Logs
2010-01-27 07:28 . 2010-01-27 07:28 -------- d-----w- c:\program files\VS Revo Group
2010-01-27 06:57 . 2010-01-27 06:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-27 06:40 . 2010-01-27 06:40 -------- d-sh--w- c:\documents and settings\Administrator.BIGPOPPA.003\IETldCache
2010-01-27 06:37 . 2010-01-27 06:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-27 02:46 . 2010-01-27 02:46 -------- d-sh--w- c:\documents and settings\Chris N\IETldCache
2010-01-27 02:22 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-27 02:22 . 2010-01-28 19:05 -------- d-----w- c:\windows\ie8updates
2010-01-27 02:21 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-27 02:21 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-27 02:17 . 2010-01-27 02:20 -------- dc-h--w- c:\windows\ie8
2010-01-27 01:55 . 2010-01-27 01:55 -------- d-----w- c:\documents and settings\Administrator.BIGPOPPA.003\Application Data\Avant Profiles
2010-01-27 01:24 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-27 01:24 . 2010-01-27 01:24 -------- d-----w- c:\program files\Panda Security
2010-01-27 00:13 . 2010-01-28 08:09 -------- d-----w- c:\documents and settings\Chris N\Application Data\Avant Profiles
2010-01-27 00:13 . 2010-02-02 01:40 -------- d-----w- c:\program files\Avant Browser
2010-01-26 23:21 . 2010-01-26 23:21 -------- d-----w- C:\72fca1990561a29517c622
2010-01-26 20:46 . 2010-01-26 20:46 -------- d-----w- c:\documents and settings\Chris N\Local Settings\Application Data\Help
2010-01-26 01:10 . 2010-01-26 01:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-26 01:05 . 2007-12-27 20:34 12328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 01:05 . 2010-01-26 01:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-01-26 01:05 . 2007-12-27 21:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-01-26 01:05 . 2010-01-26 01:08 -------- d-s---w- c:\documents and settings\Administrator
2010-01-17 19:45 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-17 19:39 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-17 19:39 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 00:50 . 2010-02-02 00:52 202240 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-02-01 04:32 . 2010-01-27 11:59 34004 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-31 23:12 . 2010-01-31 23:18 1704448 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-01-31 17:54 . 2010-01-31 17:56 167936 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-01-31 08:41 . 2010-01-31 08:43 227840 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-01-31 02:39 . 2010-01-31 03:16 223232 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-01-29 09:30 . 2010-01-29 09:40 1520640 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-01-29 09:30 . 2010-01-29 09:40 1123328 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-01-29 02:13 . 2009-03-05 19:28 -------- d-----w- c:\program files\SeekeenSrch
2010-01-28 10:24 . 2008-04-30 00:41 -------- d-----w- c:\program files\Google
2010-01-28 10:24 . 2010-01-28 10:26 1436160 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-28 02:04 . 2008-01-04 14:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-28 01:16 . 2010-01-28 01:17 1323520 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-28 01:10 . 2010-01-28 01:12 1342976 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-27 22:08 . 2010-01-27 22:10 1784832 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-27 22:06 . 2010-01-27 22:10 1784832 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-27 13:18 . 2010-01-27 13:20 183296 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-01-27 13:17 . 2008-01-04 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-27 12:48 . 2010-01-27 12:55 1766400 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-26 01:09 . 2010-01-01 01:53 -------- d-----w- c:\program files\Free_Radio_TV
2010-01-26 01:09 . 2010-01-02 08:04 -------- d-----w- c:\documents and settings\Chris N\Application Data\Inbox Toolbar
2010-01-26 01:09 . 2010-01-02 08:04 -------- d-----w- c:\program files\Inbox Toolbar
2010-01-26 01:09 . 2010-01-02 08:06 -------- d-----w- c:\program files\RebateInformer
2010-01-26 01:09 . 2010-01-02 08:05 -------- d-----w- c:\program files\Crawler
2010-01-19 23:55 . 2009-01-11 20:50 -------- d-----w- c:\documents and settings\Chris N\Application Data\FrostWire
2010-01-17 19:49 . 2008-01-03 13:17 28264 ----a-w- c:\documents and settings\Chris N\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 08:09 . 2010-01-02 08:08 -------- d-----w- c:\documents and settings\Chris N\Application Data\RebateInformer
2010-01-01 01:53 . 2010-01-01 01:53 -------- d-----w- c:\program files\Conduit
2009-12-31 21:27 . 2009-12-24 17:10 79488 ----a-w- c:\documents and settings\Chris N\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-27 21:39 . 2009-12-27 21:38 7631232 ----a-w- c:\documents and settings\Chris N\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2009-12-24 08:08 . 2008-01-04 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-24 08:00 . 2008-01-04 13:34 -------- d-----w- c:\program files\Microsoft Works
2009-12-21 19:14 . 2007-12-27 18:35 916480 ------w- c:\windows\system32\wininet.dll
2009-11-21 16:24 . 2010-01-17 19:45 470528 ----a-w- c:\windows\AppPatch\SET18.tmp
2009-11-21 15:51 . 2007-12-27 18:34 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-07-19 01:46 . 2008-07-19 01:47 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]
2009-11-10 00:38 2331672 ----a-w- c:\program files\Free_Radio_TV\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}"= "c:\program files\Free_Radio_TV\tbFree.dll" [2009-11-10 2331672]

[HKEY_CLASSES_ROOT\clsid\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 919016]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-01-10 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-01-10 581632]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-24 30192]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-05-16 323584]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-29 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-30 185896]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 847872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris N^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 22:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2008-02-01 20:32 8699904 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-25 17:38 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero StartSmart\\NeroStartSmart.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/26/2010 7:24 PM 28552]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [1/30/2010 5:48 PM 233136]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [1/30/2010 5:47 PM 88040]
S0 b19f2088170ea31dc09a790c8d43cf9f;b19f2088170ea31dc09a790c8d43cf9f; [x]
S3 ATMFBUS;A600 USB Composite Device Driver; [x]
S3 ATMFCVsp;A600 Cricket CM Port; [x]
S3 ATMFFLT;A600 USB Modem Installation CD; [x]
S3 ATMFMdm;A600 Cricket EVDO Modem; [x]
S3 ATMFNET;A600 Cricket EVDO Network Adapter; [x]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port; [x]
S3 ATMFVsp;A600 Cricket Diagnostics Port; [x]
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver; [x]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/29/2008 6:42 PM 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/27/2010 6:54 PM 38224]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [7/7/2008 3:29 PM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [7/7/2008 3:29 PM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [7/7/2008 3:29 PM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [7/7/2008 3:29 PM 59520]
S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [12/18/2008 12:05 AM 84352]
S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [12/18/2008 12:05 AM 14976]
S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [12/18/2008 12:05 AM 110848]
S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [12/18/2008 12:05 AM 90880]
S4 SeekeenSrch Service;SeekeenSrch Service;c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen155.exe [9/27/2009 7:56 PM 4608]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-12-24 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2009-06-26 23:21]

2010-01-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2010-01-28 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2010-01-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISTray - c:\program files\Spyware Doctor\pctsTray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-02-01 20:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\CHRISN~1\LOCALS~1\Temp\ASFWHide"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-02-01 20:19:50
ComboFix-quarantined-files.txt 2010-02-02 02:19
ComboFix2.txt 2010-01-28 20:32

Pre-Run: 43,234,013,184 bytes free
Post-Run: 43,244,859,392 bytes free

- - End Of File - - F986B4F47E20E3CF8A7F5D26965F1DAC

**graf** · 02-01-2010 08:32 PM

I think my problem it a rootkit, because everytime i try to run a antivirus program it shut down my system, or when i try to install a new program a windows install error will pop up

**graf** · 02-01-2010 08:41 PM

Heres a smitfraudfix log.

SmitFraudFix v2.424

Scan done at 20:37:25.86, Mon 02/01/2010
Run from C:\Documents and Settings\Chris N\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chris N

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHRISN~1\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chris N\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHRISN~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 209.18.47.61
DNS Server Search Order: 209.18.47.62

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8511E2A3-3EE1-4FEA-9D47-DBA902FBF378}: DhcpNameServer=209.18.47.61 209.18.47.62
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8511E2A3-3EE1-4FEA-9D47-DBA902FBF378}: DhcpNameServer=209.18.47.61 209.18.47.62
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8511E2A3-3EE1-4FEA-9D47-DBA902FBF378}: DhcpNameServer=209.18.47.61 209.18.47.62
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8511E2A3-3EE1-4FEA-9D47-DBA902FBF378}: DhcpNameServer=209.18.47.61 209.18.47.62
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=209.18.47.61 209.18.47.62
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=209.18.47.61 209.18.47.62
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=209.18.47.61 209.18.47.62
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=209.18.47.61 209.18.47.62

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

**graf** · 02-01-2010 09:04 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3664
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/1/2010 8:59:06 PM
mbam-log-2010-02-01 (20-59-06).txt

Scan type: Quick Scan
Objects scanned: 162411
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 55

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bug doctor_is1 (Rogue.BugDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Bug Doctor (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin (Rogue.BugDoctor) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Bug Doctor\Bug Doctor Help.chm (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\BugDoctor.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\FixedOnSaturdayJanuary302010140203.xml (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\Get Bonuses.url (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin.ini (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\unins000.dat (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\unins000.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\bug.swf (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fixing_error-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fixing_error-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fixing_error-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fixing_error-rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fix_complete-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fix_complete-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fix_complete-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\fix_complete-roll_over.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\LiveUpdate_disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\LiveUpdate_normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\LiveUpdate_pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\LiveUpdate_rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\main_disable.jpg (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\main_enable.jpg (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\main_pressed.jpg (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\main_roll_over.jpg (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\mask.bmp (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\mask1.bmp (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scan.swf (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scancomplete.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scanning_error-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scanning_error-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scanning_error-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scanning_error-rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scan_complete-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scan_complete-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scan_complete-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\scan_complete-roll_over.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\schedule_disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\schedule_normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\schedule_pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\schedule_rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\skin.ini (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\SubMainDisable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\SubMainNormal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\SubMainPressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\SubMainRollOver.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\support_disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\support_normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\support_pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\support_rollover.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\unlock_key-disable.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\unlock_key-normal.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\unlock_key-pressed.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Bug Doctor\skin\unlock_key-roll_over.gif (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris N\Desktop\BugDoctor.lnk (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris N\Desktop\Get Bonuses!.lnk (Rogue.BugDoctor) -> Quarantined and deleted successfully.

**evilfantasy** · 02-01-2010 10:02 PM

Originally Posted by graf

I think my problem it a rootkit,

Yes it is and I think I found it.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

Driver::
SeekeenSrch Service

File::
c:\docume~1\CHRISN~1\LOCALS~1\Temp\ASFWHide

Folder::
c:\documents and settings\All Users\Application Data\SeekeenSrch

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

----------

Next post please add:
New ComboFix log

RootRepeal log

**graf** · 02-02-2010 12:20 AM

new combofix report

ComboFix 10-02-01.02 - Chris N 02/01/2010 23:52:42.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.256 [GMT -6:00]
Running from: c:\documents and settings\Chris N\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris N\Desktop\CFScript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\docume~1\CHRISN~1\LOCALS~1\Temp\ASFWHide"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SeekeenSrch
c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen147.exe
c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen155.exe
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_SEEKEENSRCH_SERVICE
-------\Service_SeekeenSrch Service

((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-02-02 01:25 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2010-02-02 01:25 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2010-02-02 01:25 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2010-02-02 01:25 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2010-02-02 01:25 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2010-02-02 00:56 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2010-02-02 00:56 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2010-02-02 00:56 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2010-02-01 00:10 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2010-01-31 18:18 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2010-01-31 18:18 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2010-01-31 18:18 . 2008-06-17 19:02 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll
2010-01-31 18:18 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2010-01-31 18:17 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2010-01-31 18:17 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-01-31 18:17 . 2009-08-25 09:17 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll
2010-01-31 18:17 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2010-01-31 18:17 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2010-01-31 18:16 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2010-01-31 18:16 . 2009-06-10 14:13 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2010-01-31 18:16 . 2009-06-25 08:25 147456 -c----w- c:\windows\system32\dllcache\schannel.dll
2010-01-31 18:09 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-31 18:09 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-31 18:09 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-31 18:08 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-31 18:08 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-31 18:07 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-31 18:07 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-31 18:07 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2010-01-31 06:56 . 2010-01-31 06:56 -------- d-----w- c:\windows\system32\scripting
2010-01-31 06:56 . 2010-01-31 06:56 -------- d-----w- c:\windows\system32\bits
2010-01-31 00:32 . 2010-01-31 00:32 -------- d-----w- c:\documents and settings\Chris N\Local Settings\Application Data\Threat Expert
2010-01-30 23:51 . 2010-01-31 17:56 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-01-30 23:48 . 2010-01-07 18:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-30 23:47 . 2009-11-23 19:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-30 23:47 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-30 23:47 . 2010-01-31 18:06 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-29 10:02 . 2010-01-30 20:13 -------- d-----w- c:\program files\Enigma Software Group
2010-01-29 09:50 . 2010-01-30 23:53 -------- d-----w- c:\documents and settings\Chris N\Local Settings\Application Data\Ashampoo
2010-01-29 09:45 . 2010-01-29 09:45 -------- d-----w- c:\program files\Ashampoo
2010-01-28 22:49 . 2010-01-28 22:49 -------- d-----w- c:\windows\system32\NtmsData
2010-01-28 19:33 . 2009-12-12 00:05 3613560 ----a-w- c:\documents and settings\Chris N\Application Data\Simply Super Software\Trojan Remover\ydx1.exe
2010-01-28 19:28 . 2010-01-28 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-01-28 11:29 . 2010-01-31 05:57 -------- d-----w- c:\windows\EHome
2010-01-28 10:51 . 2010-01-28 10:51 -------- d-sh--w- c:\documents and settings\Chris N\PrivacIE
2010-01-28 10:47 . 2010-01-28 10:47 -------- d-----w- c:\program files\Trend Micro
2010-01-28 07:15 . 2010-01-28 07:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-28 05:52 . 2010-01-28 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-01-28 05:52 . 2010-01-28 06:13 -------- d-----w- c:\program files\RegCure
2010-01-28 02:05 . 2010-01-28 02:05 -------- d-----w- c:\program files\CCleaner
2010-01-28 00:54 . 2010-01-28 00:54 -------- d-----w- c:\documents and settings\Chris N\Application Data\Malwarebytes
2010-01-28 00:54 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 00:54 . 2010-01-28 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-28 00:54 . 2010-01-28 00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 00:54 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-28 00:52 . 2010-01-28 00:52 -------- d-----w- c:\program files\InCode Solutions
2010-01-28 00:02 . 2010-01-28 07:15 63 ----a-w- c:\windows\system\SysSD.dll
2010-01-28 00:02 . 2006-12-07 01:02 1032192 ----a-w- c:\windows\system32\VchReg.dll
2010-01-28 00:01 . 2010-01-28 00:01 -------- d-----w- c:\windows\Downloaded Installations
2010-01-27 23:13 . 2010-01-27 23:13 -------- d-----w- c:\documents and settings\Chris N\Local Settings\Application Data\G DATA
2010-01-27 22:45 . 2010-01-31 18:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-27 22:40 . 2010-02-01 03:29 -------- d-----w- c:\program files\mrojan vemover
2010-01-27 22:40 . 2010-01-27 22:40 -------- d-----w- c:\documents and settings\Chris N\Application Data\Simply Super Software
2010-01-27 13:51 . 2010-01-27 13:51 -------- d-sh--w- c:\documents and settings\Chris N\IECompatCache
2010-01-27 12:00 . 2010-01-27 12:00 -------- d-----w- c:\documents and settings\Chris N\Application Data\MailFrontier
2010-01-27 11:59 . 2010-02-02 05:59 2621728 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-27 11:54 . 2010-01-27 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier
2010-01-27 11:54 . 2010-02-02 05:27 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-01-27 11:54 . 2007-11-14 22:05 75248 ----a-w- c:\windows\zllsputility.exe
2010-01-27 11:54 . 2004-04-27 10:40 11264 ----a-w- c:\windows\system32\SpOrder.dll
2010-01-27 11:53 . 2007-11-14 22:04 83432 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-27 11:53 . 2007-11-14 22:04 71144 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-27 11:53 . 2007-11-14 22:05 1086952 ----a-w- c:\windows\system32\zpeng24.dll
2010-01-27 11:53 . 2010-01-30 20:27 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-27 11:53 . 2010-01-27 11:53 -------- d-----w- c:\program files\Zone Labs
2010-01-27 11:52 . 2010-02-02 06:03 -------- d-----w- c:\windows\Internet Logs
2010-01-27 07:28 . 2010-01-27 07:28 -------- d-----w- c:\program files\VS Revo Group
2010-01-27 06:57 . 2010-01-27 06:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-27 06:40 . 2010-01-27 06:40 -------- d-sh--w- c:\documents and settings\Administrator.BIGPOPPA.003\IETldCache
2010-01-27 06:37 . 2010-01-27 06:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-27 02:46 . 2010-01-27 02:46 -------- d-sh--w- c:\documents and settings\Chris N\IETldCache
2010-01-27 02:22 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-27 02:22 . 2010-01-28 19:05 -------- d-----w- c:\windows\ie8updates
2010-01-27 02:21 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-27 02:21 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-27 02:17 . 2010-01-27 02:20 -------- dc-h--w- c:\windows\ie8
2010-01-27 01:55 . 2010-01-27 01:55 -------- d-----w- c:\documents and settings\Administrator.BIGPOPPA.003\Application Data\Avant Profiles
2010-01-27 01:24 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-27 01:24 . 2010-01-27 01:24 -------- d-----w- c:\program files\Panda Security
2010-01-27 00:13 . 2010-01-28 08:09 -------- d-----w- c:\documents and settings\Chris N\Application Data\Avant Profiles
2010-01-27 00:13 . 2010-02-02 01:40 -------- d-----w- c:\program files\Avant Browser
2010-01-26 23:21 . 2010-01-26 23:21 -------- d-----w- C:\72fca1990561a29517c622
2010-01-26 20:46 . 2010-01-26 20:46 -------- d-----w- c:\documents and settings\Chris N\Local Settings\Application Data\Help
2010-01-26 01:10 . 2010-01-26 01:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-26 01:05 . 2007-12-27 20:34 12328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 01:05 . 2010-01-26 01:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-01-26 01:05 . 2007-12-27 21:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-01-26 01:05 . 2010-01-26 01:08 -------- d-s---w- c:\documents and settings\Administrator
2010-01-17 19:45 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-17 19:39 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-17 19:39 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 05:59 . 2010-01-27 11:59 35852 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-02 00:50 . 2010-02-02 00:52 202240 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-01-31 23:12 . 2010-01-31 23:18 1704448 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-01-31 17:54 . 2010-01-31 17:56 167936 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-01-31 08:41 . 2010-01-31 08:43 227840 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-01-31 02:39 . 2010-01-31 03:16 223232 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-01-29 09:30 . 2010-01-29 09:40 1520640 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-01-29 09:30 . 2010-01-29 09:40 1123328 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-01-29 02:13 . 2009-03-05 19:28 -------- d-----w- c:\program files\SeekeenSrch
2010-01-28 10:24 . 2008-04-30 00:41 -------- d-----w- c:\program files\Google
2010-01-28 10:24 . 2010-01-28 10:26 1436160 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-28 02:04 . 2008-01-04 14:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-28 01:16 . 2010-01-28 01:17 1323520 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-28 01:10 . 2010-01-28 01:12 1342976 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-27 22:08 . 2010-01-27 22:10 1784832 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-27 22:06 . 2010-01-27 22:10 1784832 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-27 13:18 . 2010-01-27 13:20 183296 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-01-27 13:17 . 2008-01-04 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-27 12:48 . 2010-01-27 12:55 1766400 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-26 01:09 . 2010-01-01 01:53 -------- d-----w- c:\program files\Free_Radio_TV
2010-01-26 01:09 . 2010-01-02 08:04 -------- d-----w- c:\documents and settings\Chris N\Application Data\Inbox Toolbar
2010-01-26 01:09 . 2010-01-02 08:04 -------- d-----w- c:\program files\Inbox Toolbar
2010-01-26 01:09 . 2010-01-02 08:06 -------- d-----w- c:\program files\RebateInformer
2010-01-26 01:09 . 2010-01-02 08:05 -------- d-----w- c:\program files\Crawler
2010-01-19 23:55 . 2009-01-11 20:50 -------- d-----w- c:\documents and settings\Chris N\Application Data\FrostWire
2010-01-17 19:49 . 2008-01-03 13:17 28264 ----a-w- c:\documents and settings\Chris N\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 08:09 . 2010-01-02 08:08 -------- d-----w- c:\documents and settings\Chris N\Application Data\RebateInformer
2010-01-01 01:53 . 2010-01-01 01:53 -------- d-----w- c:\program files\Conduit
2009-12-31 21:27 . 2009-12-24 17:10 79488 ----a-w- c:\documents and settings\Chris N\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-27 21:39 . 2009-12-27 21:38 7631232 ----a-w- c:\documents and settings\Chris N\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2009-12-24 08:08 . 2008-01-04 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-24 08:00 . 2008-01-04 13:34 -------- d-----w- c:\program files\Microsoft Works
2009-12-21 19:14 . 2007-12-27 18:35 916480 ------w- c:\windows\system32\wininet.dll
2009-11-21 16:24 . 2010-01-17 19:45 470528 ----a-w- c:\windows\AppPatch\SET18.tmp
2009-11-21 15:51 . 2007-12-27 18:34 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-07-19 01:46 . 2008-07-19 01:47 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]
2009-11-10 00:38 2331672 ----a-w- c:\program files\Free_Radio_TV\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}"= "c:\program files\Free_Radio_TV\tbFree.dll" [2009-11-10 2331672]

[HKEY_CLASSES_ROOT\clsid\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 919016]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-01-10 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-01-10 581632]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-24 30192]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-05-16 323584]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-29 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-30 185896]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 847872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris N^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 22:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2008-02-01 20:32 8699904 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-25 17:38 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero StartSmart\\NeroStartSmart.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/26/2010 7:24 PM 28552]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [1/30/2010 5:48 PM 233136]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [1/30/2010 5:47 PM 88040]
S0 b19f2088170ea31dc09a790c8d43cf9f;b19f2088170ea31dc09a790c8d43cf9f; [x]
S3 ATMFBUS;A600 USB Composite Device Driver; [x]
S3 ATMFCVsp;A600 Cricket CM Port; [x]
S3 ATMFFLT;A600 USB Modem Installation CD; [x]
S3 ATMFMdm;A600 Cricket EVDO Modem; [x]
S3 ATMFNET;A600 Cricket EVDO Network Adapter; [x]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port; [x]
S3 ATMFVsp;A600 Cricket Diagnostics Port; [x]
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver; [x]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/29/2008 6:42 PM 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/27/2010 6:54 PM 38224]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [7/7/2008 3:29 PM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [7/7/2008 3:29 PM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [7/7/2008 3:29 PM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [7/7/2008 3:29 PM 59520]
S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [12/18/2008 12:05 AM 84352]
S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [12/18/2008 12:05 AM 14976]
S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [12/18/2008 12:05 AM 110848]
S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [12/18/2008 12:05 AM 90880]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-12-24 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2009-06-26 23:21]

2010-01-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2010-01-28 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2010-01-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-02-02 00:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1036)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
.
**************************************************************************
.
Completion time: 2010-02-02 00:13:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-02 06:13
ComboFix2.txt 2010-02-02 02:19
ComboFix3.txt 2010-01-28 20:32

Pre-Run: 43,205,758,976 bytes free
Post-Run: 43,159,838,720 bytes free

- - End Of File - - 159ADD6A7EBE8D21C429E2B3A565524B

**graf** · 02-02-2010 12:49 AM

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/02/02 00:35
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\ComboFix\catchme.sys
Address: 0xF77CD000 Size: 31744 File Visible: No Signed: -
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF7525000 Size: 60416 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF091A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79F7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7B16000 Size: 2560 File Visible: No Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xF79C9000 Size: 7872 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF0054000 Size: 49152 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xF72E9000 Size: 81920 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0aea040

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0ae6930

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af1a80

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0aea510

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af0870

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af0aa0

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af3fd0

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0aea600

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0ae6f20

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af26e0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af2440

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af0580

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af28b0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af4270

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0ae6d70

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af0350

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af0150

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af3250

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af2cb0

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0ae9c00

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af3080

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0aea220

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0ae7120

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af2140

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf0af0cd0

==EOF==

**evilfantasy** · 02-02-2010 11:41 AM

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

Thread: anitvirus programs wont run!

LinkBack

Thread Tools

anitvirus programs wont run!

here's my combo fix log