Completely screwed up pc

[AdvancedSetup]

Okay Dee, the computer should be running good enough now to do the full scan, cleanup routine.

 

Please follow these instructions in the exact order. You can ignore the Tea Timer as I don't think you have it running.

 

 

Your computer could be infected with Malware.

 

• Malware is software designed to infiltrate or damage a computer system without the owner's informed consent.
  It is a combination of the words malicious and software.
  The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
  

 

• Required Cleanup Steps
  
  1. Disable the Spybot Search & Destroy TEA TIMER if you use it and if it is enabled
     
  2. Run a Temporary file and cache cleaner (ATF)
     
  3. Run 2 Anti-Malware scanners (Listed Below)
     
  4. Run an Online Anti-Virus / Anti-Malware Scanner (Listed Below)
     
  5. Clear out old System Restore points
     
  6. If continued Malware type activity is present you may be asked to post a TrendMicro™ HijackThis™ Log file, do not do so unless requested.
     

   

The reason to run multiple scanners is to ensure that no single scanner is missing something.

The time it takes will vary depending on your system and your internet connection speed.

Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 10 to 90 minutes.

The ESET online scan should take between 1 to 3 hours.

In most cases, these scans will suffice to clean and disinfect your computer.

Heavily infected systems or slower PCs can take much longer to scan and clean.

 

For best results print the following instructions and bookmark this Web page

To keep this guide printer-friendly, use your cursor to highlight the contents below.

From your browser select File - Print and in the printer dialog box under "Print range"

click the

Selection

choice to print out these instructions for removal of malware.

http://kixhelp.com/wr/images-freepchelp/printer-selection.gif

__________________________________________________

STEP 1

• Disable Spybot Search & Destroys' TEA TIMER: (if installed)
  
  
  1. Run Spybot-S&D in Advanced Mode.
     
     
  2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
     
     
  3. On the left hand side, Click on Tools
     
     
  4. Then click on the Resident Icon in the List
     
     
  5. Uncheck "Resident TeaTimer" and OK any prompts.
     
     
  6. Restart your computer.
     
     
   

__________________________________________________

STEP 2

• Follow these instructions carefully.
  
  
• Download ATF-Cleaner from
  Snapfiles.com
  to remove un-needed temporary files from your computer that may contain malware.
  
  
• You can also download it from
  Majorgeeks.com
  
  
• When you run ATF-Cleaner, check the items as shown below for Main.
  
  
• For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox
  
  
• NOTE:
  If you don't have FireFox or Opera installed then they will be grayed out and can be ignored
  
  
• Then click on "Empty Selected".
  
  

http://kixhelp.com/wr/images-freepchelp/atf-cleaner01.gif

.

http://kixhelp.com/wr/images-freepchelp/atf-cleaner02.gif

__________________________________________________

STEP 3

• Install and run the free version (not the Professional version) of SUPERAntiSpyware from
  SUPERAntiSpyware.com
  
  
  • Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files.
    
    
  • You do not have to send them your e-mail address, just click next.
    
    
  • You can leave the automated check for updates on.
    
    
  • You can uncheck "Send a diagnostic report to research center" if you don't want to send the information.
    
    
  • DO NOT
    allow SUPERAntiSpyware to protect your Home Page settings.
    
    
  • On the
    Top Left
    select the
    Scan your computer
    button.
    
    
  • Make sure there is a CHECK MARK on all
    Fixed Drives
    .
    
    
  • Click "Perform a Complete Scan". Click "Next" to Repair issues found and reboot the computer when prompted to do so.
    
    
   

__________________________________________________

STEP 4

• Install and run
  Malwarebytes' Anti-Malware
  from
  Malwarebytes - (direct download)
  
  
  • Accept all defaults for the installer
    
    
  • Allow the program to update the definitions
    
    
  • Click on the
    Quick Scan
    and click Next.
    
    
  • If any items are found allow it to clean them and then Reboot your computer.
    
    
   

__________________________________________________

STEP 5

• Run an online scan with ESET from
  Free Virus Scan: Use ESET's Online Antivirus Scanner
  
  
  • You
    must
    use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan.
    
    
  • If your computer is running Window's Vista, then you
    must first
    start Internet Explorer as an Administrator. To do so, right-click on the
    Internet Explorer
    icon in the Start Menu and select "
    Run as administrator
    " from the popup context menu.
    
    
   
  • Accept the terms and click "Start".
    
    
  • Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".
    
    
  • Click "Start" to begin the scan.
    
    
  • When completed restart your computer
    
    
   

__________________________________________________

Make sure your internet firewall security is enabled, and then please return to

Extreme Tech Support - Free PC Help

and tell us how the computer seems to be operating.

 

 

.

[Dee_Collins]

Can I just hark back and ask why all system files etc are on D: rather than C:

 

What happened to make you change the drive letter?

 

Basically a few years ago we had kazaa on the pc, and it really screwed things up and we had to send it it to someone to be fixed and they changed everything over to D Drive for some reason (to be honest we dont really know why)

[Dee_Collins]

Well Avast is now pulling something up constantly whether its spyware or a Trojan or Virus, I feel like getting a hammer out to the pc lol.........

 

What now, I did all that was suggested and Im still getting pop ups, they keep freezin my pc up

 

OK my pc seems to b wrse now, Avas was pulling something up saying the location was SuperAntiSpyware

It also keeps pulling up the following malware:

 

Win32:VunDrop [Drp]

 

D:\Documents and Settings\IAN\Local Settings\Temporary Internet Files\Content.IE5\VMHJAESJ\kb111653[1]

Edited July 4, 2008 by Dee_Collins

[Goku]

Please bear with us till our Malware experts get online, Dee. They will advise you appropriately as soon as possible. Thanks for your patience and co-operation. :)

 

-- Goku

[maynardvdm]

Hi

 

Can you please post the Malwarebytes log. You can find it here:

 

C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

 

Thank you!

[Dee_Collins]

Malwarebytes' Anti-Malware 1.19

Database version: 901

Windows 5.1.2600 Service Pack 2

14:18:29 04/07/2008

mbam-log-7-4-2008 (14-18-29).txt

Scan type: Quick Scan

Objects scanned: 43251

Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 7

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

D:\WINDOWS\system32\kedjkgwq.dll (Trojan.Vundo) -> Unloaded module successfully.

D:\WINDOWS\system32\wvUoLdcA.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41873d7c-f89a-4392-b637-78f0fe72fb40} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{41873d7c-f89a-4392-b637-78f0fe72fb40} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0873b249 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

D:\WINDOWS\system32\wvUoLdcA.dll (Trojan.Vundo) -> Delete on reboot.

D:\WINDOWS\system32\AcdLoUvw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\AcdLoUvw.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\kedjkgwq.dll (Trojan.Vundo) -> Delete on reboot.

D:\WINDOWS\system32\qwgkjdek.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\qodwkedk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\kdekwdoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

D:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

[Seth]

Hi Dee.

 

If you haven't already, run the scans again with SuperAntiSpyware, MalwareBytes, and Eset. Do so from Safe Mode With Networking and make sure that you run "complete or full" scans on the "C" and "D" drive.

 

Restart the computer after each scan, then please post a new HijackThis log.

[Dee_Collins]

OK Seth will do now

[Dee_Collins]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:41:53, on 05/07/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Safe mode with network support

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

D:\WINDOWS\system32\WgaTray.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland

O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - D:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [AAWTray] D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user')

O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: &Yahoo! Search - http://file:///D:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites

O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Lookup on Merriam Webster - http://file://D:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - http://file://D:\Program Files\ieSpell\wikipedia.HTM

O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?96385411e23941a59bda1d2f2bc5bbc

O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?96385411e23941a59bda1d2f2bc5bbc

O8 - Extra context menu item: Yahoo! &Dictionary - http://file:///D:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\Program Files\ieSpell\iespell.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1215014298896&h=8f0c63d8de7f6272a79a95a72cb38429/&filename=jinstall-6u6-windows-i586-jc.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - D:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 7725 bytes

[Dee_Collins]

Even in safe mode now i kep getting opo ups saying my pc is infected so download this program etc

[RandyL]

Dee if your getting these popup messages in safe mode you probably have a serious infection issue. Please wait for the techs to advise you further.

 

In my humble opinion I would back up everything at this point just to be safe. A reinstall may be in order.

 

Wait for the techs to get back to you first please.

[Seth]

Your HijackThis log doesn't show any sign of infection. However, the HT and MB logs that you posted only show the "D" drive. The default hard drive should be "C". Where is your C drive and what's installed on it?

[AdvancedSetup]

Hi Dee,

 

Let me review this but you need to post back the LOGS as requested each time, otherwise I don't know for sure what's going on. I'm not there at your desk seeing what you see, so I rely on these logs to let me know what's going on. THANKS.

 

I'll be back in a little bit with some other routines to run. If you have a printer you may want to print out the instructions that I'll provide when I get back, while you do the work.

 

.

[AdvancedSetup]

Please post the SUPERAntispyware log and where is the ESET/NOD32 online scanner log?

 

Okay.... post those logs when you can please. Then follow these instructions exactly as shown and in the order shown. Remember when done I need to see the logs.

 

This file should not be here if you successfully ran the CCLEANER program

D:\Documents and Settings\IAN\Local Settings\Temporary Internet Files\Content.IE5\VMHJAESJ\kb111653[1]

as this removes all the temporary cache files which this is one of them.

 

Please run the following below as shown.

 

 

Download and Run ComboFix

from your DESKTOP (it must be saved or copied and run from the Desktop)

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file
  from one of the three below listed places and place it at your
  DESKTOP
  :
  
  
  For information regarding this download, please visit this webpage:
  
  
  http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  
  
   
  
  
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  
  
  http://www.forospyware.com/sUBs/ComboFix.exe
  
  
  http://subs.geekstogo.com/ComboFix.exe
  
  
   
  
  
• Very Important!
  Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  
  
• Then double click
  combofix.exe
  & follow the prompts.
  
  
• When finished, it shall produce
  a log
  for you.
  Post that log
  in your next reply
  
  

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open

Task Manager

then

Processes

tab (press ctrl, alt and del at the same time) and end any processes of

findstr, find, sed or swreg

, then combofix should continue.

If that happened we want to know, and also what process you had to end

 

Please have patience as this can be a long and tedious process at times to remove Malware.

[Dee_Collins]

Sorry for the delay but I dont work weekens and this is a work pc that is plsying up. Sorry it wasnt 100% clear t me that logs needed to be posted after each scan, as I said I dont really know that much about pc's In terms of the C Drive as I explained before in this thread we had to take the pc to be fixed to someone before and they said there was a problem with the C Drive and transferred everything over to the D Drive, something to do with Kazaa, but that was a good couple of years ago now.

 

So should I re-do all those scans in safe mode again and then post a log after each scan in safe mode? and is the log I need to post the Hijack this log?

[Dee_Collins]

SUPERAntiSpyware Scan Log

SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 07/05/2008 at 02:36 PM

Application Version : 4.15.1000

Core Rules Database Version : 3497

Trace Rules Database Version: 1488

Scan type : Quick Scan

Total Scan Time : 00:11:00

Memory items scanned : 195

Memory threats detected : 1

Registry items scanned : 436

Registry threats detected : 7

File items scanned : 10193

File threats detected : 15

Adware.Vundo Variant/Resident

D:\WINDOWS\SYSTEM32\GEBURJJA.DLL

D:\WINDOWS\SYSTEM32\GEBURJJA.DLL

Trojan.Vundo-Variant/Small-GEN

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D82AA899-121E-4F7F-9C28-04852CFC696B}

HKCR\CLSID\{D82AA899-121E-4F7F-9C28-04852CFC696B}

HKCR\CLSID\{D82AA899-121E-4F7F-9C28-04852CFC696B}\InprocServer32

HKCR\CLSID\{D82AA899-121E-4F7F-9C28-04852CFC696B}\InprocServer32#ThreadingModel

HKCR\TypeLib\{FFBC50F3-043C-11D1-911D-006097C99383}

Adware.Tracking Cookie

D:\Documents and Settings\IAN\Cookies\ian@ehg-eset.hitbox[1].txt

D:\Documents and Settings\IAN\Cookies\ian@atdmt[2].txt

D:\Documents and Settings\IAN\Cookies\ian@serving-sys[2].txt

D:\Documents and Settings\IAN\Cookies\ian@ad.yieldmanager[1].txt

D:\Documents and Settings\IAN\Cookies\ian@adopt.euroclick[2].txt

D:\Documents and Settings\IAN\Cookies\ian@software-traffic[1].txt

D:\Documents and Settings\IAN\Cookies\ian@tradedoubler[2].txt

D:\Documents and Settings\IAN\Cookies\ian@bs.serving-sys[2].txt

D:\Documents and Settings\IAN\Cookies\ian@rocku.adbureau[2].txt

D:\Documents and Settings\IAN\Cookies\ian@hitbox[2].txt

D:\Documents and Settings\IAN\Cookies\ian@questionmarket[1].txt

D:\Documents and Settings\IAN\Cookies\ian@doubleclick[2].txt

D:\Documents and Settings\IAN\Cookies\ian@scanner.vav-scanner[2].txt

Adware.Vundo Variant/Rel

HKLM\SOFTWARE\Microsoft\FCOVM

HKLM\SOFTWARE\Microsoft\RemoveRP

Adware.Vundo Variant

D:\WINDOWS\SYSTEM32\DFFMPWSI.DLL

[Dee_Collins]

Your HijackThis log doesn't show any sign of infection. However, the HT and MB logs that you posted only show the "D" drive. The default hard drive should be "C". Where is your C drive and what's installed on it?

 

I dont think there is anything installed on it, basically we just use it as a storage drive for photos. I made sure that both C and D were scanned.

[Dee_Collins]

ESET Results are as follows:

 

1 threat found

Win32/Adware.Agent.NIY application (unablt to clean - deleted)

D:\Documents and Settings\IAN\Local Settings\Temporary Internet Files\Content.IE5\9ARP6AND\kb111653[1]

[Dee_Collins]

ComboFix 08-07-05.1 - IAN 2008-07-07 12:02:37.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.652 [GMT 1:00]

Running from: D:\Documents and Settings\IAN\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

D:\WINDOWS\BM8b4abea7.txt

D:\WINDOWS\cookies.ini

D:\WINDOWS\pskt.ini

D:\WINDOWS\system32\albcxaag.ini

D:\WINDOWS\system32\artloskh.ini

D:\WINDOWS\system32\ehhgQqss.ini

D:\WINDOWS\system32\ehhgQqss.ini2

D:\WINDOWS\system32\gaaxcbla.dll

D:\WINDOWS\system32\geBuVPjh.dll

D:\WINDOWS\system32\hjPVuBeg.ini

D:\WINDOWS\system32\hjPVuBeg.ini2

D:\WINDOWS\system32\htpqnyas.dll

D:\WINDOWS\system32\hwyqvmjq.dll

D:\WINDOWS\system32\iocydi.dll

D:\WINDOWS\system32\iqbuyz.dll

D:\WINDOWS\system32\ixugjhdp.dll

D:\WINDOWS\system32\lhoskcdj.dll

D:\WINDOWS\system32\licabpel.ini

D:\WINDOWS\system32\lwbyiojh.dll

D:\WINDOWS\system32\mcrh.tmp

D:\WINDOWS\system32\mcxbua.dll

D:\WINDOWS\system32\mjpcytgk.dll

D:\WINDOWS\system32\mnfgqvdg.ini

D:\WINDOWS\system32\MWyGffii.ini

D:\WINDOWS\system32\MWyGffii.ini2

D:\WINDOWS\system32\mxvextio.dll

D:\WINDOWS\system32\necyaq.dll

D:\WINDOWS\system32\resymcem.ini

D:\WINDOWS\system32\rQHaXoPi.dll

D:\WINDOWS\system32\smtdhx.dll

D:\WINDOWS\system32\soltge.dll

D:\WINDOWS\system32\srqdoitv.ini

D:\WINDOWS\system32\SuCIiSBc.ini

D:\WINDOWS\system32\SuCIiSBc.ini2

D:\WINDOWS\system32\tofascwd.dll

D:\WINDOWS\system32\uakuypqu.ini

D:\WINDOWS\system32\uelmsxpm.dll

D:\WINDOWS\system32\xujunn.dll

D:\WINDOWS\system32\yhijidmy.ini

D:\WINDOWS\system32\zbrihi.dll

.

((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))

.

2008-07-02 16:59 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl

2008-07-02 16:58 . 2008-07-02 16:59 <DIR> d-------- D:\Program Files\Java

2008-07-02 16:57 . 2008-07-02 16:57 <DIR> d-------- D:\Program Files\Common Files\Java

2008-07-02 16:53 . 2008-07-02 16:53 <DIR> d-------- D:\Program Files\SDM20

2008-07-02 12:28 . 2008-07-02 12:54 <DIR> d-------- D:\Documents and Settings\IAN\DoctorWeb

2008-06-30 15:48 . 2008-06-30 15:48 <DIR> d-------- D:\Program Files\Trend Micro

2008-06-29 18:01 . 2008-07-07 10:32 <DIR> d-------- D:\Program Files\EsetOnlineScanner

2008-06-29 14:19 . 2008-06-29 15:06 <DIR> d-------- D:\Program Files\CA Yahoo! Anti-Spy

2008-06-29 12:38 . 2008-06-28 14:16 34,296 --a------ D:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-29 12:38 . 2008-06-28 14:16 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys

2008-06-28 00:59 . 2008-07-04 11:02 110,419 --a------ D:\WINDOWS\BM8b4abea7.xml

2008-06-21 22:05 . 2008-06-21 22:05 188 --a------ D:\Documents and Settings\IAN\Application Data\wklnhst.dat

2008-06-11 04:58 . 2008-06-13 14:10 272,128 --------- D:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 04:58 . 2008-06-13 14:10 272,128 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys

2008-06-07 23:22 . 2008-06-07 23:22 <DIR> d-------- D:\Program Files\Common Files\xing shared

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-04 09:00 --------- d-----w D:\Program Files\SUPERAntiSpyware

2008-07-04 09:00 --------- d-----w D:\Documents and Settings\IAN\Application Data\SUPERAntiSpyware.com

2008-07-04 08:59 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard

2008-07-02 15:40 --------- d-----w D:\Program Files\mIRC

2008-06-29 11:38 --------- d-----w D:\Program Files\Malwarebytes' Anti-Malware

2008-06-27 19:56 --------- d-----w D:\Program Files\InterActual

2008-06-21 20:10 --------- d--h--r D:\Documents and Settings\IAN\Application Data\yahoo!

2008-06-21 20:10 --------- d-----w D:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-06-07 22:22 --------- d-----w D:\Program Files\Common Files\Real

2008-06-02 01:19 --------- d-----w D:\Program Files\Picasa2

2008-05-12 07:43 --------- d-----w D:\Documents and Settings\IAN\Application Data\Samsung

2008-05-12 07:42 --------- d--h--w D:\Program Files\InstallShield Installation Information

2008-05-12 07:39 --------- d-----w D:\Program Files\Samsung

2008-05-12 05:42 --------- d-----w D:\Program Files\Passwords Plus

2008-05-10 21:59 --------- d-----w D:\Documents and Settings\IAN\Application Data\U3

2008-05-08 12:28 202,752 ------w D:\WINDOWS\system32\drivers\rmcast.sys

2008-04-12 13:34 744 -c--a-w D:\Documents and Settings\IAN\Application Data\filterclsid.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 08:46 68856]

"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AAWTray"="D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53 88024]

"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-07 23:21 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="D:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 02:23 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-03 23:16 49152 D:\WINDOWS\mididef.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.DVSD"= pdvcodec.dll

"msacm.dvacm"= D:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]

path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk

backup=D:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]

path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk

backup=D:\WINDOWS\pss\Status Monitor.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^IAN^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=D:\Documents and Settings\IAN\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=D:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]

--a------ 2007-08-08 15:53 88024 D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a--c--- 2008-01-11 23:16 39792 D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

-ra------ 2007-03-01 11:37 2321600 D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]

--a--c--- 2002-10-07 00:23 90112 D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]

--------- 2005-05-17 17:42 933888 D:\Program Files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

-----c--- 2004-08-03 23:56 15360 D:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a--c--- 2003-05-07 20:56 188416 D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

--a--c--- 2005-03-17 14:45 40960 D:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

--a--c--- 2005-01-18 17:07 196608 D:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

--a--c--- 2005-01-18 17:47 458752 D:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

--a------ 2005-01-18 17:37 217088 D:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

--a------ 2004-10-08 11:52 221184 D:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 12:34 5724184 D:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

--a------ 2001-07-09 02:50 155648 D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

--a--c--- 2005-03-17 14:25 57393 D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2008-02-26 02:23 443968 D:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

-----c--- 2005-06-10 01:48 98304 D:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]

--------- 2005-01-26 18:02 49152 D:\Program Files\Brother\Brmfl05a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

--a--c--- 2002-04-17 11:42 69632 D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

-ra--c--- 2003-10-14 10:22 155648 D:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

--a------ 2008-05-28 10:33 1506544 D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-09-10 08:46 68856 D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-06-07 23:21 185896 D:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

--------- 2003-08-19 01:01 110592 D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 17:43 4670704 D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

--a------ 2003-05-28 18:59 28672 D:\WINDOWS\system32\cthelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"D:\\Program Files\\Messenger\\msmsgs.exe"=

"D:\\Documents and Settings\\IAN\\Desktop\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]

R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]

R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16);D:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys [2003-12-02 16:23]

S3 av100s2k;av100s2k;D:\WINDOWS\system32\DRIVERS\av100s2k.sys [2003-02-18 20:25]

S3 av100u2k;av100u2k;D:\WINDOWS\system32\DRIVERS\av100u2k.sys [2003-03-12 06:05]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);D:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;D:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;D:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{621016f2-c154-11dc-a25f-00173f901d36}]

\Shell\AutoRun\command - K:\LaunchU3.exe -a

.

Contents of the 'Scheduled Tasks' folder

"2008-07-07 08:27:00 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-06-24 16:46:00 D:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#240#CN386230RMJ5.job"

- D:\Program Files\HP\hpcoretech\comp\hpdarc.exe#/#Hewlett-Packard#240#CN386230RMJ5

.

- - - - ORPHANS REMOVED - - - -

BHO-{6EA695DA-7CBA-4424-A819-F54B93548890} - D:\WINDOWS\system32\opnnnnND.dll

BHO-{7062A567-23A9-42CC-A94A-1EA27D5D2D3A} - D:\WINDOWS\system32\ssqQghhe.dll

BHO-{8AB5FF87-4173-4FFE-80A7-A512D98A6419} - D:\WINDOWS\system32\iiffGyWM.dll

BHO-{FFBAA195-D7B4-4872-AFAD-73349920EADC} - D:\WINDOWS\system32\cBSiICuS.dll

HKLM-Run-0873b249 - D:\WINDOWS\system32\gaaxcbla.dll

MSConfigStartUp-0873b249 - D:\WINDOWS\system32\hneeqsdk.dll

MSConfigStartUp-BM8b4abea7 - D:\WINDOWS\system32\gbaopiqy.dll

MSConfigStartUp-ImInstaller_IncrediMail - D:\DOCUME~1\IAN\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe

MSConfigStartUp-tbon - D:\Program Files\TBONBin\tbon.exe

MSConfigStartUp-Uniblue RegistryBooster 2 - D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

MSConfigStartUp-updateMgr - D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

MSConfigStartUp-VideoCall - D:\Program Files\Logitech\VideoCall\VideoCall.exe

 

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-07 12:16:20

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

D:\Program Files\Alwil Software\Avast4\ashServ.exe

D:\WINDOWS\system32\brss01a.exe

D:\WINDOWS\system32\imapi.exe

D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

D:\WINDOWS\system32\wdfmgr.exe

D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

D:\WINDOWS\system32\WgaTray.exe

.

**************************************************************************

.

Completion time: 2008-07-07 12:22:31 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-07 11:22:26

Pre-Run: 137,730,969,600 bytes free

Post-Run: 139,066,327,040 bytes free

246 --- E O F --- 2008-06-20 02:02:00

[RandyL]

Dee please wait for our experts on this matter.

 

In my opinion though your system is a mess. Your Windows installation makes no sense. The hard drive it's installed on etc. For that matter both hard drives.

 

I don't know who has been screwing around with this or what they have done to your computer, Windows or installation. But is not right.

 

It seems to me by the information you provided that you do indeeed have a serious infection and a very strange Windows set up that could be complicating clean up measures. I suspect a cross installation infestation.

 

If it were my computer I would back up all SAFE files (not unsafe programs) and do a total re-install. Granted you would still probably lose a lot including dodgy programs and also infestastions.

[Dee_Collins]

We bought this pc in 2003 from a major retail store but one thing we didnt get was an XP disc, when the guy fixed it and changed everything over to the D Drive, we have since always on start up got a message that says our windows isnt genuine and we could be a victim of software counterfeiting, we would get a new xp disc but just cant afford one, is this going to be a huge problem?

[Dalo Harkin]

Yes this is a huge problem :eek:

We do not/will not provide help for people who are using counterfit software - are you 100% sure there is no recovery partition on the original HDD that the retailer provided.

 

If not I am afraid we will not be able to provide anymore assistance.

 

I will leave the thread open for you to reply -

[Guest Wolfeymole]

It seems to me that some issues occurred on the original installation of XP, you then called someone to fix it and he has installed a pirate version of XP..

 

Dalo is absolutely correct in his assertion and it would be in your best interests to obtain a new XP disk from a reputable store and if needed we will guide you through the installation.

 

We cannot offer further advice as your situation currently stands.

[Goku]

This thread appears to be solved and is now closed

 

If you are the original poster of this thread and need it re-opened, then please PM (Private Message) an Administrator or Moderator

 

-- Goku