WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can Some One Help Me With This Torjan Tr/crypt.xpack.gen

Started by The killer , Aug 29 2007 08:42 AM

Please log in to reply

13 replies to this topic

#1 The killer

New Member

Authentic Member
7 posts

Posted 29 August 2007 - 08:42 AM

Hello:

Hope you are felling good.

My computer has been infected with this torjan (( TR/Crypt.XPACK.Gen )) for almost one week, and i
cant get it removed.

Now i can't even get conected to the internetor i cant go to my computer propertis,control panel.... also when i pot a flash it refuse to work. It apeers a letter that says:

http://www.pikipimp....s=1188398005058

and every 7 minutes it says that my computer is infected:

http://www.mdh888.co...71.imgcache.bmp

This appers also:

http://www.mdh888.co...ageQuality=Full

Now i have downloaded avira anti virus.

every time i start a program this messege appers:

http://www.pikipimp....s=1188398180791

Can some one help me please?

Advertisements

Register to Remove

#2 jwbirdsong

Authentic Member

Authentic Member
31 posts

Posted 29 August 2007 - 08:18 PM

As far as the Anti-Virus pop up is concerned..you need to QUARANTAINE
C:\WINDOWS\System32\hanonvt.ini..not ignore it...It will most likely come back shortly but we'll get rid of it soon.

Post a log from the following 2 programs

1) Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

2) Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

#3 The killer

New Member

Authentic Member
7 posts

Posted 30 August 2007 - 08:04 AM

Thanks for quick answering me: :wavey:

Here is the results for HJTsetup.exe:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:49:48 م, on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = %USERNAME%
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.341.0\HostIE.dll (file missing)
O3 - Toolbar: iZone Internet Turbo - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\iZone Internet Turbo\Toolband.dll
O3 - Toolbar: Protection Bar - {CC18AE76-7E65-4258-A193-9EA0C52DA6B8} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Set] fuset.exe (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [Set] fuset.exe (User '?')
O4 - HKUS\S-1-5-21-789336058-1580818891-1060284298-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [Set] fuset.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Set] fuset.exe (User 'Default user')
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f00b5d85975949c0affcc67a7b9af295
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f00b5d85975949c0affcc67a7b9af295
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\WINDOWS\system32\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\WINDOWS\system32\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\WINDOWS\system32\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msnmsgr.exe
O9 - Extra 'Tools' menuitem: MSN Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msnmsgr.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1188304008226
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 5623 bytes

But the seconde program ( SmitfraudFix ) did not work. It just apperd an empty command promt

Edited by The killer, 30 August 2007 - 08:16 AM.

#4 jwbirdsong

Authentic Member

Authentic Member
31 posts

Posted 30 August 2007 - 09:11 PM

Just as a matter of curisoity, when you did the Smitfraudfix you 1st Downloaded it to your desktop and THEN tried to run it correct??
You didn't choose RUN from the download link did you?

You need to print this out or save a copy to Notepad for reading because you can NOT have IE/FF or any browser open while doing the fix.

Open HijackThis and click on Do a system scan only. Place a check mark next to the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL <<--- This one is NOT necessary to remove, but I still recomended you fix it.
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.341.0\HostIE.dll (file missing)
O3 - Toolbar: Protection Bar - {CC18AE76-7E65-4258-A193-9EA0C52DA6B8} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Set] fuset.exe (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [Set] fuset.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [Set] fuset.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [Set] fuset.exe (User 'Default user')
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini
Close ALL other open windows and programs and click Fix checked.

REBOOT

Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply .

#5 The killer

New Member

Authentic Member
7 posts

Posted 31 August 2007 - 08:49 AM

First of all Thanks for continuing with me :thumbup:

Answering your questions:

Just as a matter of curisoity, when you did the Smitfraudfix you 1st Downloaded it to your desktop and THEN tried to run it correct?? Yes
You didn't choose RUN from the download link did you? NO

The result of ( Combofix )

ComboFix 07-08-30.3 - "Administrator" 08/31/2007 17:27:07.1 - FAT32x86 NETWORK
framedyn.dll is missing

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekmoSA
C:\Program Files\messenger\msnmsgr.exe
C:\Program Files\VirusProtectPro 3.7
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\ufdata2000.log

((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

11/23/2001 07:08 AM 712704 -ra------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
08/30/2007 09:16 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
08/30/2007 08:08 PM --------- d-------- C:\Program Files\JAP
08/30/2007 04:47 PM --------- d-------- C:\Program Files\Trend Micro
08/29/2007 11:35 PM --------- d-------- C:\Program Files\NoAdware5.0
08/29/2007 10:40 PM --------- d-------- C:\Program Files\RegCure
08/28/2007 04:49 AM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
08/25/2007 10:04 PM --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
08/22/2007 07:31 PM --------- d-------- C:\DOCUME~1\ABDUL\APPLIC~1\PC Tools
08/22/2007 07:00 PM --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools
08/22/2007 05:42 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
08/22/2007 05:24 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
08/20/2007 04:19 PM --------- d-------- C:\DOCUME~1\ABDUL\APPLIC~1\tor
08/19/2007 12:18 AM --------- d-------- C:\DOCUME~1\ABDUL\APPLIC~1\Lavasoft
08/19/2007 12:14 AM --------- d-------- C:\Program Files\McAfee.com
08/19/2007 12:14 AM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
08/19/2007 12:08 AM 9 -r-hs---- C:\Program Files\Desktop_.ini
08/19/2007 02:51 AM --------- d-------- C:\Program Files\Power Email Harvester
08/17/2007 11:17 PM --------- d-------- C:\DOCUME~1\ABDUL\APPLIC~1\WinRAR
08/15/2007 03:57 PM --------- d-------- C:\Program Files\iZone Internet Turbo
08/15/2007 01:46 AM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
08/14/2007 01:06 PM --------- d-------- C:\Program Files\Hide IP Platinum
07/30/2007 07:19 PM 203096 --a------ C:\WINDOWS\system32\wuweb.dll
06/28/2007 03:19 PM --------- d-------- C:\DOCUME~1\ABDUL\APPLIC~1\Ahead
06/28/2007 02:54 PM --------- d-------- C:\Program Files\Common Files\Ahead
06/28/2007 01:00 PM --------- d-------- C:\DOCUME~1\ABDUL\APPLIC~1\Real
06/28/2007 01:00 PM --------- d-------- C:\DOCUME~1\ABDUL\APPLIC~1\COWON
06/17/2007 12:11 AM 51200 --a------ C:\WINDOWS\nircmd.exe
06/14/2007 06:14 PM 114688 --a------ C:\WINDOWS\sliprt.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}"= C:\Program Files\Video ActiveX Access\iesbpl.dll [ ]

[HKEY_CLASSES_ROOT\CLSID\{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [04/02/2007 10:35 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [01/01/2006 12:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"WinAVX"=C:\WINDOWS\system32\WinAvXX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoCommonGroups"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\hanonvt.ini

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Abdul^Start Menu^Programs^Startup^system.exe]
path=C:\Documents and Settings\Abdul\Start Menu\Programs\Startup\system.exe
backup=C:\WINDOWS\pss\system.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^system.exe]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\system.exe
backup=C:\WINDOWS\pss\system.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
backup=C:\WINDOWS\pss\autorun.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^iZone Internet Turbo.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\iZone Internet Turbo.lnk
backup=C:\WINDOWS\pss\iZone Internet Turbo.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12Voip]
"C:\Program Files\12Voip.com\12Voip\12Voip.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]
C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide IP Platinum]
C:\Program Files\Hide IP Platinum\hideippla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
D:\hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
D:\Program Files\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.2]
msime80.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]
"C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsServer]
msfir80.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoOE]
C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoSA]
"C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
C:\WINDOWS\system32\keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
"C:\Program Files\iZone Internet Turbo\iZonecore.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svcshare]
C:\WINDOWS\system32\drivers\spoclsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]
C:\WINDOWS\system32\WinAvXX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"MDM"=2 (0x2)
"xmlprov"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"usprserv"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NOD32krn"=2 (0x2)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"AudioSrv"=2 (0x2)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"AVP"=2 (0x2)
"SDhelper"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)

Contents of the 'Scheduled Tasks' folder
2007-08-28 01:42:36 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
2007-08-29 19:41:40 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2007-08-29 19:41:42 C:\WINDOWS\Tasks\RegCure Program Check.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-31 17:34:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 08/31/2007 17:37:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 08/31/2007 05:37 PM

--- E O F ---

#6 The killer

New Member

Authentic Member
7 posts

Posted 31 August 2007 - 08:57 AM

Again i thank you :thumbup:

becuse now i can go to control panel and my computer propertis

I think half the problem have been solved

#7 jwbirdsong

Authentic Member

Authentic Member
31 posts

Posted 01 September 2007 - 12:35 PM

You seem to have a LARGE number of items disabled in msconfig..Did you do this because of the troubles you were having or just feel you don't need these running anymore.
Look like some ARE obselete (KAV, McAfee) Go to Control Panel>Add/Remove programs and uninstall everything you no longer want or need. While in Add/Remover also uninstall Seekmo/Toolbar

Also looks like you may have this problem "Application Has Failed to Start Because Framedyn.dll Was Not Found" Error Message When You Open the System Properties Dialog Box.
If so do the fix found HERE

Please go here to upload a suspicious file for analysis.

Enter your username from this forum
Copy and paste the link to this thread
Browse for this filename: C:\WINDOWS\system32\drivers\spoclsv.exe AND C:\WINDOWS\system32\hanonvt.ini
In the comments, please mention that I asked you to upload this file
Click on Send File

Clean your Cache and Cookies in IE:
Go to Control Panel > Internet Options > General tab.
Click the "Delete Cookies" button and then the "Delete Files" button next to it.
When prompted, place a check in: "Delete all offline content",
(You will have to re-enter passwords at websites that require them.)
Click OK

Clean other Temporary files + Recycle bin:
Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a fresh Combofix log

#8 The killer

New Member

Authentic Member
7 posts

Posted 02 September 2007 - 08:31 AM

hi

ok i have uploaded the file C:\WINDOWS\system32\hanonvt.ini but the seconde ( spoclsv.exe ) file does not exist, and i have mentiond that you asked me to upload this file.

The panda anti-virus also didn't work

I will remove the avira anti-virus and will install the kaspersky

#9 The killer

New Member

Authentic Member
7 posts

Posted 04 September 2007 - 06:15 AM

The virus have been deleted by kasper 2007

Thanks for all your help and that you had time to help me.

Now i have a little problem, it appears a scren saying:

http://www.pikipimp....s=1188907865684

Thanks

#10 jwbirdsong

Authentic Member

Authentic Member
31 posts

Posted 04 September 2007 - 07:30 AM

Please use regular text and color. You enthusiasm is great but makes the post difficult to read. What are you doing when you get the above error?? Please run and post an update Combofix log

Edited by jwbirdsong, 04 September 2007 - 07:31 AM.

#11 The killer

New Member

Authentic Member
7 posts

Posted 05 September 2007 - 04:34 AM

HI

Answering your question. I press ok

The results of Combofix

ComboFix 07-08-30.3 - "Abdul_2" 09/05/2007 13:12:54.2 - NTFSx86
framedyn.dll is missing

((((((((((((((((((((((((( Files Created from 2007-08-05 to 2007-09-05 )))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

11/23/2001 07:08 AM 712704 -ra------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
09/05/2007 02:05 AM --------- d-------- C:\DOCUME~1\ABDUL_2\APPLIC~1\Talkback
09/05/2007 01:04 PM 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
09/05/2007 01:04 PM 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
09/05/2007 01:04 PM 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
09/05/2007 01:04 PM 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
09/04/2007 05:04 PM --------- d-------- C:\DOCUME~1\ABDUL_2\APPLIC~1\SlipStream
09/04/2007 04:15 PM --------- d-------- C:\DOCUME~1\ABDUL_2\APPLIC~1\Real
09/04/2007 02:47 AM 82061 --a------ C:\WINDOWS\system32\drivers\klick.dat
09/04/2007 02:47 AM 81549 --a------ C:\WINDOWS\system32\drivers\klin.dat
09/04/2007 02:31 AM --------- d-------- C:\Program Files\Kaspersky Lab
09/02/2007 10:36 PM --------- d-------- C:\Program Files\TurboFTP
09/02/2007 10:36 PM --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\TurboFTP
09/01/2007 04:48 PM --------- d-------- C:\Program Files\LeapFTP
09/01/2007 03:45 PM 114688 --a------ C:\WINDOWS\system32\msmsg3sp.dll
09/01/2007 03:45 PM --------- d-------- C:\Program Files\Common Files\FileStream Scheduler
08/30/2007 09:16 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
08/30/2007 08:08 PM --------- d-------- C:\Program Files\JAP
08/30/2007 04:47 PM --------- d-------- C:\Program Files\Trend Micro
08/29/2007 11:35 PM --------- d-------- C:\Program Files\NoAdware5.0
08/29/2007 10:40 PM --------- d-------- C:\Program Files\RegCure
08/25/2007 10:04 PM --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
08/22/2007 07:00 PM --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools
08/22/2007 05:42 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
08/22/2007 05:24 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
08/19/2007 12:14 AM --------- d-------- C:\Program Files\McAfee.com
08/19/2007 12:14 AM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
08/19/2007 12:08 AM 9 -r-hs---- C:\Program Files\Desktop_.ini
08/19/2007 02:51 AM --------- d-------- C:\Program Files\Power Email Harvester
08/15/2007 03:57 PM --------- d-------- C:\Program Files\iZone Internet Turbo
08/15/2007 01:46 AM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
08/14/2007 01:06 PM --------- d-------- C:\Program Files\Hide IP Platinum
07/30/2007 07:19 PM 92504 --a------ C:\WINDOWS\system32\cdm.dll
07/30/2007 07:19 PM 549720 --a------ C:\WINDOWS\system32\wuapi.dll
07/30/2007 07:19 PM 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
07/30/2007 07:19 PM 43352 --a------ C:\WINDOWS\system32\wups2.dll
07/30/2007 07:19 PM 325976 --a------ C:\WINDOWS\system32\wucltui.dll
07/30/2007 07:19 PM 203096 --a------ C:\WINDOWS\system32\wuweb.dll
07/30/2007 07:19 PM 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
07/30/2007 07:18 PM 33624 --a------ C:\WINDOWS\system32\wups.dll
06/28/2007 12:51 PM 206088 --a------ C:\WINDOWS\system32\klogon.dll
06/17/2007 12:11 AM 51200 --a------ C:\WINDOWS\nircmd.exe
06/14/2007 06:14 PM 114688 --a------ C:\WINDOWS\sliprt.dll

((((((((((((((((((((((((((((( snapshot_Fri 08-31-2007_173642.04 )))))))))))))))))))))))))))))))))))))))))

----a-w 60,928 2002-08-16 12:15:52 C:\WINDOWS\unleap.exe
----a-w 32,768 2007-09-03 23:40:06 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-03 23:40:06 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w 32,768 2007-09-03 23:45:18 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 186,640 2007-06-27 14:31:58 C:\WINDOWS\system32\drivers\klif.sys
----a-w 36,352 2004-08-03 19:59:56 C:\WINDOWS\system32\drivers\disk.sys
----a-w 26,496 2004-08-03 20:08:48 C:\WINDOWS\system32\drivers\USBSTOR.SYS
----a-w 110,360 2007-04-28 13:51:02 C:\WINDOWS\system32\drivers\kl1.sys
----a-w 22,457 2007-06-28 09:50:52 C:\WINDOWS\system32\drivers\klop.dat
----a-w 12,160 2001-08-17 10:48:00 C:\WINDOWS\system32\drivers\mouhid.sys
----a-w 23,040 2004-08-03 19:58:34 C:\WINDOWS\system32\drivers\mouclass.sys
----a-w 36,864 2003-08-01 08:00:16 C:\WINDOWS\system32\ActiveScan\certdll.dll
----a-w 110,592 2007-03-29 06:20:50 C:\WINDOWS\system32\ActiveScan\as.dll
----a-w 96,256 2005-06-03 11:03:18 C:\WINDOWS\system32\ActiveScan\asmdat.dll
----a-w 4,608 2006-02-16 15:20:20 C:\WINDOWS\system32\ActiveScan\memvfile.dll
----a-w 139,264 2004-05-04 12:01:02 C:\WINDOWS\system32\ActiveScan\pavaleas.dll
----a-w 45,056 2006-07-14 10:04:10 C:\WINDOWS\system32\ActiveScan\pavdr.exe
----a-w 159,832 2006-04-10 07:50:02 C:\WINDOWS\system32\ActiveScan\pavexcom.dll
----a-w 180,224 2006-02-16 15:35:38 C:\WINDOWS\system32\ActiveScan\pavoe.dll
----a-w 122,880 2006-10-05 13:15:38 C:\WINDOWS\system32\ActiveScan\pavpz.dll
----a-w 8,704 2006-06-30 11:13:38 C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
----a-w 49,152 2004-02-04 11:08:42 C:\WINDOWS\system32\ActiveScan\port32.dll
----a-w 10,752 2006-08-17 08:38:14 C:\WINDOWS\system32\ActiveScan\pskalloc.dll
----a-w 61,440 2006-09-04 08:49:54 C:\WINDOWS\system32\ActiveScan\pskas.dll
----a-w 233,472 2006-10-05 13:15:26 C:\WINDOWS\system32\ActiveScan\ascontrol.dll
----a-w 94,208 2006-02-14 10:05:38 C:\WINDOWS\system32\ActiveScan\pavinas.dll
----a-w 1,388,544 2006-08-23 10:06:08 C:\WINDOWS\system32\ActiveScan\pskahk.dll
----a-w 33,624 2007-07-30 16:18:40 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
----a-w 43,352 2007-07-30 16:19:12 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
----a-w 16,384 2007-09-04 18:59:46 C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat
----a-w 163,328 2007-03-13 07:57:12 C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
----a-w 23,040 2005-12-31 21:00:00 C:\WINDOWS\LastGood\system32\DRIVERS\mouclass.sys
----a-w 12,160 2005-12-31 21:00:00 C:\WINDOWS\LastGood\system32\DRIVERS\mouhid.sys
----a-w 141,424 2006-08-24 05:28:54 C:\WINDOWS\Downloaded Program Files\asinst.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\b54528191e99a817679c5ba3ee641572\spuninst.exe
----a-w 14,048 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\b54528191e99a817679c5ba3ee641572\spmsg.dll
----a-w 716,000 2005-10-12 23:12:30 C:\WINDOWS\SoftwareDistribution\Download\b54528191e99a817679c5ba3ee641572\update\update.exe
----a-w 22,752 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\b54528191e99a817679c5ba3ee641572\update\spcustom.dll
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\b54528191e99a817679c5ba3ee641572\update\updspapi.dll
------w 1,287,680 2005-12-31 21:00:00 C:\WINDOWS\SoftwareDistribution\Download\b54528191e99a817679c5ba3ee641572\backup\sp2gdr\quartz.dll
------w 1,287,680 2005-12-31 21:00:00 C:\WINDOWS\SoftwareDistribution\Download\b54528191e99a817679c5ba3ee641572\backup\sp2qfe\quartz.dll
----a-w 14,048 2005-02-24 17:35:06 C:\WINDOWS\SoftwareDistribution\Download\aebb83db003f77a45671fd2c1557da38\spmsg.dll
----a-w 209,632 2005-02-24 17:35:06 C:\WINDOWS\SoftwareDistribution\Download\aebb83db003f77a45671fd2c1557da38\spuninst.exe
----a-w 718,048 2005-02-24 17:35:06 C:\WINDOWS\SoftwareDistribution\Download\aebb83db003f77a45671fd2c1557da38\update\update.exe
----a-w 371,936 2005-02-24 17:35:08 C:\WINDOWS\SoftwareDistribution\Download\aebb83db003f77a45671fd2c1557da38\update\updspapi.dll
----a-w 22,240 2005-02-24 17:35:06 C:\WINDOWS\SoftwareDistribution\Download\aebb83db003f77a45671fd2c1557da38\update\spcustom.dll
----a-w 30,720 2005-08-22 15:01:30 C:\WINDOWS\SoftwareDistribution\Download\aebb83db003f77a45671fd2c1557da38\update\arpidfix.exe
------w 118,272 2005-12-31 21:00:00 C:\WINDOWS\SoftwareDistribution\Download\aebb83db003f77a45671fd2c1557da38\backup\sp2gdr\umpnpmgr.dll
------w 118,272 2005-12-31 21:00:00 C:\WINDOWS\SoftwareDistribution\Download\aebb83db003f77a45671fd2c1557da38\backup\sp2qfe\umpnpmgr.dll
----a-w 13,536 2005-06-28 07:20:24 C:\WINDOWS\SoftwareDistribution\Download\1e354442629d28d789283ed99200860a\spmsg.dll
----a-w 5,537,792 2007-04-30 05:20:24 C:\WINDOWS\SoftwareDistribution\Download\1e354442629d28d789283ed99200860a\wmp.dll
----a-w 213,216 2005-06-28 07:23:26 C:\WINDOWS\SoftwareDistribution\Download\1e354442629d28d789283ed99200860a\spuninst.exe
----a-w 22,752 2005-06-28 07:21:34 C:\WINDOWS\SoftwareDistribution\Download\1e354442629d28d789283ed99200860a\spupdsvc.exe
----a-w 371,424 2005-06-28 07:23:54 C:\WINDOWS\SoftwareDistribution\Download\1e354442629d28d789283ed99200860a\update\updspapi.dll
----a-w 716,000 2005-06-28 07:24:52 C:\WINDOWS\SoftwareDistribution\Download\1e354442629d28d789283ed99200860a\update\update.exe
----a-w 213,216 2005-10-12 23:16:50 C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\spuninst.exe
----a-w 14,048 2005-10-12 23:16:50 C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\spmsg.dll
----a-w 716,000 2005-10-12 23:16:52 C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\update\update.exe
----a-w 22,752 2005-10-12 23:16:50 C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\update\spcustom.dll
----a-w 371,424 2005-10-12 23:16:56 C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\update\updspapi.dll
------w 262,400 2005-12-31 21:00:00 C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\backup\sp2gdr\http.sys
------w 263,040 2004-08-03 20:00:14 C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\backup\sp2qfe\http.sys
----a-w 213,216 2006-01-19 19:29:20 C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\spuninst.exe
----a-w 14,048 2006-01-19 19:29:20 C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\spmsg.dll
----a-w 716,000 2006-01-19 19:29:20 C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\update\update.exe
----a-w 22,752 2006-01-19 19:29:20 C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\update\spcustom.dll
----a-w 371,424 2006-01-19 19:29:20 C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\update\updspapi.dll
------w 144,896 2005-12-31 21:00:00 C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\backup\sp2gdr\schannel.dll
------w 144,896 2005-12-31 21:00:00 C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\backup\sp2qfe\schannel.dll
----a-w 213,216 2005-10-12 23:16:50 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\spuninst.exe
----a-w 14,048 2005-10-12 23:16:50 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\spmsg.dll
----a-w 716,000 2005-10-12 23:16:52 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\update\update.exe
----a-w 22,752 2005-10-12 23:16:50 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\update\spcustom.dll
----a-w 371,424 2005-10-12 23:16:56 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\update\updspapi.dll
------w 41,984 2005-12-31 21:00:00 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\backup\sp2gdr\agentdp2.dll
------w 256,512 2005-12-31 21:00:00 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\backup\sp2gdr\agentsvr.exe
----a-w 7,168 2004-10-14 08:34:52 C:\WINDOWS\SoftwareDistribution\Download\adc42e4e6905251cac80b18a8dccd42a\spmsg.dll
----a-w 169,984 2004-10-14 08:36:18 C:\WINDOWS\SoftwareDistribution\Download\adc42e4e6905251cac80b18a8dccd42a\spuninst.exe
----a-w 654,848 2004-10-14 08:34:54 C:\WINDOWS\SoftwareDistribution\Download\adc42e4e6905251cac80b18a8dccd42a\update\update.exe
----a-w 21,504 2004-10-14 08:36:16 C:\WINDOWS\SoftwareDistribution\Download\adc42e4e6905251cac80b18a8dccd42a\update\spcustom.dll

----a-w 32,768 2007-08-21 12:24:56 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-08-21 12:24:56 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w 16,384 2007-08-21 12:24:56 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 36,352 2005-12-31 21:00:00 C:\WINDOWS\system32\drivers\disk.sys
----a-w 23,040 2005-12-31 21:00:00 C:\WINDOWS\system32\drivers\mouclass.sys
----a-w 26,496 2005-12-31 21:00:00 C:\WINDOWS\system32\drivers\usbstor.sys
----a-w 12,160 2005-12-31 21:00:00 C:\WINDOWS\system32\drivers\mouhid.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [06/28/2007 12:51 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/30/2004 03:55 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [01/01/2006 12:00 AM]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/27/2007 03:58 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"WinAVX"=C:\WINDOWS\system32\WinAvXX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=00000000
"MaxRecentDocs"=10 (0xa)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Abdul^Start Menu^Programs^Startup^system.exe]
path=C:\Documents and Settings\Abdul\Start Menu\Programs\Startup\system.exe
backup=C:\WINDOWS\pss\system.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^system.exe]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\system.exe
backup=C:\WINDOWS\pss\system.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
backup=C:\WINDOWS\pss\autorun.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^iZone Internet Turbo.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\iZone Internet Turbo.lnk
backup=C:\WINDOWS\pss\iZone Internet Turbo.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12Voip]
"C:\Program Files\12Voip.com\12Voip\12Voip.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]
C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide IP Platinum]
C:\Program Files\Hide IP Platinum\hideippla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
D:\hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
D:\Program Files\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.2]
msime80.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]
"C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsServer]
msfir80.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoOE]
C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoSA]
"C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
C:\WINDOWS\system32\keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
"C:\Program Files\iZone Internet Turbo\iZonecore.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svcshare]
C:\WINDOWS\system32\drivers\spoclsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]
C:\WINDOWS\system32\WinAvXX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"MDM"=2 (0x2)
"xmlprov"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"usprserv"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NOD32krn"=2 (0x2)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"AudioSrv"=2 (0x2)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"AVP"=2 (0x2)
"SDhelper"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)

Contents of the 'Scheduled Tasks' folder
2007-08-28 01:42:36 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
2007-08-29 19:41:40 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2007-08-29 19:41:42 C:\WINDOWS\Tasks\RegCure Program Check.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-05 13:22:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Altap = 63
LongClock = 63
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Altap = 63
LongClock = 63

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AntiVirScheduler]
"ImagePath"="\"C:\Program Files\AntiVir PersonalEdition Classic\sched.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AntiVirService]
"ImagePath"="\"C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\avgio]
"ImagePath"="\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\avgntflt]
"ImagePath"="\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\avipbb]
"ImagePath"="system32\DRIVERS\avipbb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ssmdrv]
"ImagePath"="system32\DRIVERS\ssmdrv.sys"

Completion time: 09/05/2007 13:24:32
C:\ComboFix-quarantined-files.txt ... 09/05/2007 01:24 PM
C:\ComboFix2.txt ... 08/31/2007 05:37 PM

--- E O F ---

Edited by The killer, 05 September 2007 - 04:38 AM.

#12 jwbirdsong

Authentic Member

Authentic Member
31 posts

Posted 05 September 2007 - 09:05 AM

While I am going through, this would you please post the following.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results .

#13 jwbirdsong

Authentic Member

Authentic Member
31 posts

Posted 07 September 2007 - 01:57 PM

Sorry I overlooked you for a couple of days because I had the last post. I'll post after work today.

#14 jwbirdsong

Authentic Member

Authentic Member
31 posts

Posted 07 September 2007 - 10:16 PM

Actually the log looks pretty good infection wise. It's still a bit 'cluttered' with remenamts from OLD Anti-Virus programs (et.al). Make sure to uninstall ALL old AV products other than the one you decided to keep.
I'm gonna also reccomend you uninstall RegCure. There have been some less than flattering comments/articles on it lately and I also have some issues with the advertising policy.

Make sure to include the Uninstall List I asked for in last post.

Open Notepad and copy/paste the text in the quotebox below into it:

Registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"WinAVX"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoOE]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoSA]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoOE]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoSA]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]

Save this as CFScript.txt

Then drag/drop the CFScript.txt onto ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

When done post the Kaspersky log and a fresh HijackThis log.

Please post

Combofix log
Uninstall list from previous post
Kaspersky log
Any comments on how the computer is running

in your next reply

Body Background

skin color theme