# Solved: rundll32.exe



## DawnSkye (Jun 15, 2008)

Hey, I got a virus last night but got rid if it, but now I get an error saying rundll32.exe - aplaction error and it failed to initialize properly. I searched rundll32.exe on the net and downloaded it but when I put it into system32 it says the same thing.

I'm running win xp sp2 (or 3 cant remmeber and it wont let me check).


----------



## DawnSkye (Jun 15, 2008)

Can anyone help?


----------



## kniht (May 7, 2006)

Check Event Viewer, 'Start' >> 'Run'.

In 'Run' type eventvwr.msc and click ok.

In the left pane click on 'System' and in the right pane look for any errors pertaining to rundll32.exe.

Double click on the error to open 'Properties'.

Click on the 'Clipboard' icon (just below the directional arrows).

You can then come back to this thread and in a blank area of the reply box right click and select 'Paste' if you wish to post the error infromation.

Also while in Event Viewer check 'Application'.


----------



## DawnSkye (Jun 15, 2008)

I did what you said but I didnt find any errors but I didnt get a couple viruses last night they were trojan.dropper and infostealer.gamepass but I removed them


----------



## DawnSkye (Jun 15, 2008)

I had another look through the event log and found this - The master browser has received a server announcement from the computer NADIA that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9584136D-7064-48FE-B8D. The master browser is stopping or an election is being forced. Could this have something to do with the error i'm getting?


----------



## DawnSkye (Jun 15, 2008)

One other thing I found was this - Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at


----------



## DawnSkye (Jun 15, 2008)

Heres my hijack this

Logfile of HijackThis v1.99.1
Scan saved at 2:24:26 a.m., on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\system tools\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\system tools\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\System Tools\Diskeeper Corporation\Diskeeper\DkService.exe
C:\system tools\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\system tools\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\misc\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
D:\steam\steam.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/intl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FF35E1D7-3F79-48C9-88A0-9DAF7859331F} - C:\WINDOWS\system32\mlJAQkig.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Misc\ReGetDx\iebar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\misc\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\system tools\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\misc\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [BMb3ccadcc] Rundll32.exe "C:\WINDOWS\system32\yflibemc.dll",s
O4 - HKLM\..\Run: [b0ff9e50] rundll32.exe "C:\WINDOWS\system32\yhiwfmbg.dll",b
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\system tools\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Reader 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Misc\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00417BA.dat
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\system tools\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\System Tools\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\system tools\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


----------



## kniht (May 7, 2006)

You may want to post your HJT logfile in the Malware forum. Be patient waiting for an expert to check it out for they are very busy.


----------



## DawnSkye (Jun 15, 2008)

ok thanks


----------



## cybertech (Apr 16, 2002)

Hi Welcome to TSG!!

Please download *Malwarebytes Anti-Malware* and save it to your desktop. _alternate download link 1_ _alternate download link 2_
Make sure you are connected to the Internet.
Double-click on *Download_mbam-setup.exe* to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
*Update Malwarebytes' Anti-Malware*
*Launch Malwarebytes' Anti-Malware*

Then click *Finish*.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the *OK* button to close that box and continue. _If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install._
On the Scanner tab:
Make sure the "*Perform Quick Scan*" option is selected.
Then click on the *Scan* button.

If asked to select the drives to scan, leave all the drives selected and click on the *Start Scan* button.
The scan will begin and "_Scan in progress_" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "_The scan completed successfully. Click 'Show Results' to display all objects found_".
Click *OK* to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the *Show Results* button to see a list of any malware that was found.
Make sure that *everything is checked*, and click *Remove Selected*.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. _(see Note below)_
The log is automatically saved and can be viewed by clicking the *Logs* tab in MBAM.
Copy and paste the contents of that report in your next reply with a new hijackthis log.
_*Note*: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware._


----------



## DawnSkye (Jun 15, 2008)

When I restarted my comp It came up with a bad image error evertime a new process started and whenever I open a program. Heres the Hijack and malware scan log.

Logfile of HijackThis v1.99.1
Scan saved at 4:27:54 a.m., on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\system tools\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\system tools\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\System Tools\Diskeeper Corporation\Diskeeper\DkService.exe
C:\system tools\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\system tools\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\misc\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
D:\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/intl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Misc\ReGetDx\iebar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\misc\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\system tools\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\misc\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\system tools\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Reader 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Misc\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00417BA.dat
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\system tools\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\System Tools\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\system tools\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Malwarebytes' Anti-Malware 1.17
Database version: 857

4:21:38 a.m. 16/06/2008
mbam-log-6-16-2008 (04-21-38).txt

Scan type: Quick Scan
Objects scanned: 42765
Time elapsed: 7 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 10
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\mlJAQkig.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\__c00417BA.dat (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff35e1d7-3f79-48c9-88a0-9daf7859331f} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ff35e1d7-3f79-48c9-88a0-9daf7859331f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\473d1b29f95b96241830b6a6ade19368 (Rogue.RegistryBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5a144bd76064d1645b6e74c0734ee406 (Rogue.RegistryBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\965dcc82bc551df439b28676f8ab79e0 (Rogue.RegistryBot) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\diablo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b0ff9e50 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMb3ccadcc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljaqkig -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljaqkig -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\__c00417ba.dat -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mlJAQkig.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gikQAJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gikQAJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qhkdacgb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bgcadkhq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yhiwfmbg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gbmfwihy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtqnlKC.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfGaxwx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\diabunin.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yflibemc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00417BA.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c006978C.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00EED00.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
I found the log and here it is


----------



## DawnSkye (Jun 15, 2008)

this is from the scan I did after restarting the comp 

Malwarebytes' Anti-Malware 1.17
Database version: 857

4:37:27 a.m. 16/06/2008
mbam-log-6-16-2008 (04-37-27).txt

Scan type: Quick Scan
Objects scanned: 42352
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\__c00417ba.dat -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mlJAQkig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gikQAJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gikQAJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00417BA.dat (Trojan.Agent) -> Quarantined and deleted successfully.


----------



## DawnSkye (Jun 15, 2008)

I can access the programs I couldnt b4 but I still cant turn my anti virus auto protect on it keeps turning it's self off 
and when i right click on things like my computer, folders or my anti virus a windows installer pops up but cant install coz the location of the file its after is missing, it wanted 2 install something in the temp net folder where there was a virus.


----------



## cybertech (Apr 16, 2002)

Please download *ATF Cleaner* by Atribune. 
*This program is for XP and Windows 2000 only*

Double-click *ATF-Cleaner.exe* to run the program. 
Under *Main* choose: *Select All* 
Click the *Empty Selected* button. 

Click *Exit* on the Main menu to close the program.

*Download (save and select your desktop to save it to)* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation. 
An icon will be created on your desktop. Double-click that icon to launch the program. 
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._) 
Under "*Configuration and Preferences*", click the *Preferences* button. 
Click the *Scanning Control* tab. 
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._ 
_Scan for tracking cookies._ 
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen. 
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*. 
On the left, make sure you check *C:\Fixed Drive and all other fixed drives.*. 
On the right, under "*Complete Scan*", choose *Perform Complete Scan*. 
Click "*Next*" to start the scan. Please be patient while it scans your computer. 
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*". 
Make sure everything has a checkmark next to it and click "*Next*". 
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu. 
If asked if you want to reboot, click "*Yes*". 
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._ 
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._ 
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._ 
*Please copy and paste the Scan Log results in your next reply with a new hijackthis log.*

Click *Close* to exit the program.

Please perform a scan with *Kaspersky Webscan Online Virus Scanner* 

 Read the Requirements and Privacy statement, then select "*Accept*". 
 A new window will appear promting you to install an ActiveX component from Kaspersky - "*Do you want to install this software*?". 
 Click "*Yes*" or select "*Install*" to download the ActiveX controls that allows ActiveScan to run. 
 When the download is complete it will say ready, click "*Next*". 
 Click "*Scan Settings*" and check the option to use the *Extended Database* if available otherwise Standard). 
 Click "*Scan Options*" and select both "*Scan Archives*" and "*Scan Mail Bases*". 
 Click "*OK*". 
 Under "*Select a target to scan*", click on "*My Computer*". 
 When the scan is complete choose to save the results as "*Save as Text*" named kaspersky.txt to your desktop and post them in your next reply. 

Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for _Free Online Virus Scanner_. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps *here* and reboot afterwards if your system does not reboot automatically or it will show '_Kaspersky Online Scanner license key was not found!_


----------



## DawnSkye (Jun 15, 2008)

Heres my superantivirus log with my kaspersky log underneath it.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/16/2008 at 05:38 AM

Application Version : 4.15.1000

Core Rules Database Version : 3482
Trace Rules Database Version: 1473

Scan type : Complete Scan
Total Scan Time : 00:28:44

Memory items scanned : 383
Memory threats detected : 0
Registry items scanned : 5030
Registry threats detected : 0
File items scanned : 15296
File threats detected : 0

Adware.Tracking Cookie
.indextools.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
 .yadro.ru [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.toplist.cz [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.gostats.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.gostats.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.gostats.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.crackserialkeygen.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.crackserialkeygen.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.media.cardomain.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.pornbase.org [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.pornbase.org [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.pornoinside.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.pornoinside.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.porno-shack.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.porno-shack.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.masternewmedia.org [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.masternewmedia.org [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
www.masternewmedia.org [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
www.masternewmedia.org [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
www.masternewmedia.org [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
www.masternewmedia.org [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
www.masternewmedia.org [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.newmediaexplorer.org [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.smscountry.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.smscountry.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
ads.gamesbannernet.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
ads.gamesbannernet.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.onclickvideos.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.onclickvideos.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.warezreleases.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.warezreleases.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.usenext.de [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.usenext.de [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.usenext.de [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.usenext.de [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.usenext.de [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.usenext.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.usenext.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.usenext.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.usenext.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.usenext.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.teenwag.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.almostpornstars.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.almostpornstars.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
.dmtracker.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
tracker.mediatracker.co.nz [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
m.rmbclick.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
www.bedroommedia.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]
www.bedroommedia.com [ C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\tl8zrr1c.default\cookies.txt ]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, June 16, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 15, 2008 15:51:15
Records in database: 867762
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\

Scan statistics:
Files scanned: 98335
Threat name: 5
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 02:39:47

File name / Threat name / Threats count
C:\Documents and Settings\Dawn\Desktop\****\Incomplete\T-2403010-Top of Charts - 2003.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\Dawn\Desktop\****\Incomplete\T-3545425-lalala dj markski.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Dawn\Desktop\****\Incomplete\T-5745425-lalala dj markski.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Dawn\My Documents\My Downloads\Remaster\XP_Codec_Pack_2.06.zip Infected: not-a-virus:AdWare.Win32.SeeCha.e 1
C:\WINDOWS\system32\adousjwv.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\fioenbhf.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ojcifwcx.dll Infected: Trojan.Win32.Monder.qg 1
C:\WINDOWS\system32\qpudsarb.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\rykfoqbh.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\xnctfxfu.dll Infected: Trojan.Win32.Monder.gen 1

The selected area was scanned.


----------



## DawnSkye (Jun 15, 2008)

bump


----------



## cybertech (Apr 16, 2002)

Please *download* the *OTMoveIt2 by OldTimer*.
 *Save* it to your *desktop*.
 Please double-click *OTMoveIt2.exe* to run it. (Vista users, please right click on *OTMoveit2.exe* and select "Run as an *Administrator*")
*Copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
[b]C:\Documents and Settings\Dawn\Desktop\****\Incomplete\T-2403010-Top of Charts - 2003.wma
C:\Documents and Settings\Dawn\Desktop\****\Incomplete\T-3545425-lalala dj markski.mp3
C:\Documents and Settings\Dawn\Desktop\****\Incomplete\T-5745425-lalala dj markski.mp3
C:\Documents and Settings\Dawn\My Documents\My Downloads\Remaster\XP_Codec_Pack_2.06.zip
C:\WINDOWS\system32\adousjwv.dll
C:\WINDOWS\system32\fioenbhf.dll
C:\WINDOWS\system32\ojcifwcx.dll
C:\WINDOWS\system32\qpudsarb.dll
C:\WINDOWS\system32\rykfoqbh.dll
C:\WINDOWS\system32\xnctfxfu.dll[/b]
```

 Return to OTMoveIt2, right click in the *"Paste List of Files/Folders to Move"* window (under the light *Yellow* bar) and choose *Paste*.
Click the red *Moveit!* button.
A log of files and folders moved will be created in the *c:\_OTMoveIt\MovedFiles* folder in the form of Date and Time (*mmddyyyy_hhmmss.log*). Please open this log in Notepad and post its contents in your next reply.
Close *OTMoveIt2*
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

Please post a new hijackthis log and let me know if you are still having problems.


----------



## DawnSkye (Jun 15, 2008)

Heres that OTmoveit txt and the hijack this underneath.

My anti virus is still turning auto protect off by its self

< C:\Documents and Settings\Dawn\Desktop\****\Incomplete\T-2403010-Top of Charts - 2003.wma >
File/Folder C:\Documents and Settings\Dawn\Desktop\****\Incomplete\T-2403010-Top of Charts - 2003.wma not found.
< C:\Documents and Settings\Dawn\Desktop\****\Incomplete\T-3545425-lalala dj markski.mp3 >
File/Folder C:\Documents and Settings\Dawn\Desktop\****\Incomplete\T-3545425-lalala dj markski.mp3 not found.
< C:\Documents and Settings\Dawn\Desktop\****\Incomplete\T-5745425-lalala dj markski.mp3 >
File/Folder C:\Documents and Settings\Dawn\Desktop\****\Incomplete\T-5745425-lalala dj markski.mp3 not found.
C:\Documents and Settings\Dawn\My Documents\My Downloads\Remaster\XP_Codec_Pack_2.06.zip moved successfully.
File/Folder C:\WINDOWS\system32\adousjwv.dll not found.
File/Folder C:\WINDOWS\system32\fioenbhf.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ojcifwcx.dll
C:\WINDOWS\system32\ojcifwcx.dll NOT unregistered.
C:\WINDOWS\system32\ojcifwcx.dll moved successfully.
File/Folder C:\WINDOWS\system32\qpudsarb.dll not found.
File/Folder C:\WINDOWS\system32\rykfoqbh.dll not found.
File/Folder C:\WINDOWS\system32\xnctfxfu.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06172008_071007

Logfile of HijackThis v1.99.1
Scan saved at 7:12:31 a.m., on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\system tools\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\system tools\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\System Tools\Diskeeper Corporation\Diskeeper\DkService.exe
C:\system tools\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\system tools\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\misc\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
D:\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\system tools\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Dawn\Desktop\OTMoveIt2.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = goggle.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Misc\ReGetDx\iebar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\misc\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\system tools\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\misc\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\system tools\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Reader 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\system tools\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Misc\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\system tools\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\system tools\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\System Tools\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\system tools\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


----------



## cybertech (Apr 16, 2002)

DawnSkye said:


> Heres that OTmoveit txt and the hijack this underneath.
> 
> My anti virus is still turning auto protect off by its self


http://service1.symantec.com/SUPPORT/nav.nsf/docid/1997121131456

Please visit *this webpage* for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.


----------



## DawnSkye (Jun 15, 2008)

ComboFix 08-06-16.2 - Dawn 2008-06-17 16:40:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1059 [GMT 12:00]
Running from: C:\Documents and Settings\Dawn\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dawn\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMb3ccadcc.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cpwxgdmq.ini
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-17 07:10 . 2008-06-17 07:10 d-------- C:\_OTMoveIt
2008-06-16 05:04 . 2008-06-16 05:04 d-------- C:\Documents and Settings\Dawn\Application Data\SUPERAntiSpyware.com
2008-06-16 05:04 . 2008-06-16 05:04 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-16 04:10 . 2008-06-16 04:10 d-------- C:\Documents and Settings\Dawn\Application Data\Malwarebytes
2008-06-16 04:10 . 2008-06-16 04:10 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 04:10 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-16 04:10 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-16 00:47 . 2008-06-16 00:47 d-------- C:\VundoFix Backups
2008-06-16 00:41 . 2008-06-16 00:50 d-------- C:\Program Files\Exterminate It!
2008-06-16 00:22 . 2001-08-23 12:00 31,744 --a------ C:\WINDOWS\system32\rundll32.EXE
2008-06-15 19:08 . 2008-06-15 19:08 d-------- C:\Documents and Settings\Dawn\Application Data\Uniblue
2008-06-15 19:07 . 2008-06-15 19:10 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 18:46 . 2008-06-17 07:12 d-------- C:\HijackThis
2008-06-15 17:26 . 2008-06-15 17:26 d-------- C:\Documents and Settings\Dawn\Application Data\True Sword
2008-06-15 17:24 . 2008-06-15 17:25 5,810,981 --a------ C:\Documents and Settings\Dawn\Application Data\TrueSword4.exe
2008-06-15 14:25 . 2008-06-15 14:27 d-------- C:\Documents and Settings\Dawn\Application Data\ErrorSmart
2008-06-15 02:30 . 2008-06-15 02:30 d-------- C:\Documents and Settings\Dawn\Application Data\Apple Computer
2008-06-15 02:21 . 2008-06-15 02:21 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 02:20 . 2008-06-15 02:20 d-------- C:\Program Files\Apple Software Update
2008-06-15 02:20 . 2008-06-15 02:20 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-15 00:15 . 2008-06-15 00:15 d-------- C:\Program Files\GLOBEtrotter Software Inc
2008-06-15 00:14 . 2008-06-15 00:14 d-------- C:\Documents and Settings\Dawn\WINDOWS
2008-06-15 00:14 . 2006-11-22 10:01 693,760 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-06-14 20:00 . 2008-06-14 20:00 d-------- C:\Python25
2008-06-14 19:17 . 2008-06-15 00:45 d-------- C:\ModuleSystem
2008-06-14 19:11 . 2008-06-14 19:23 d-------- C:\Documents and Settings\Dawn\.idlerc
2008-06-13 13:13 . 2008-06-13 13:13 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-13 13:07 . 2008-06-13 13:07 d-------- C:\Program Files\Bonjour
2008-06-13 12:52 . 2008-06-13 12:52 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-13 06:25 . 2008-06-13 06:25 d-------- C:\Documents and Settings\Dawn\Application Data\Wings3D
2008-06-13 05:57 . 2008-06-13 05:57 d-------- C:\Program Files\CyberLink
2008-06-12 02:18 . 2008-04-14 23:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 02:18 . 2008-04-14 23:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 14:54 . 2008-06-17 16:45 19,039 --a------ C:\WINDOWS\system32\drivers\GVTDrv.sys
2008-06-08 14:54 . 2008-06-17 16:48 5,112 --a------ C:\WINDOWS\GPCIDrv.sys
2008-06-08 14:54 . 2008-06-17 16:45 4 --a------ C:\WINDOWS\system32\GVTunner.ref
2008-06-08 14:54 . 2008-06-17 16:48 4 --a------ C:\WINDOWS\system32\GVGenl.ref
2008-06-07 23:53 . 2008-06-07 23:53 d-------- C:\Documents and Settings\Dawn\Application Data\CyberLink
2008-06-07 23:51 . 2008-06-07 23:51 d-------- C:\Program Files\GigaByte
2008-06-07 23:51 . 2008-06-07 23:51 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-07 23:49 . 2004-05-02 20:47 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys
2008-06-02 18:03 . 2008-06-02 21:11 d-------- C:\Documents and Settings\Dawn\Application Data\Mount&Blade
2008-05-28 22:47 . 2008-05-28 22:47 1 --a------ C:\WINDOWS\system32\SI.bin
2008-05-27 11:24 . 2005-08-03 01:17 209,608 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-05-27 11:23 . 2004-02-23 01:00 1,386,496 --a------ C:\WINDOWS\system32\MSVBVM60.DLL
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 17:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 08:26 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-15 05:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-14 12:15 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll
2008-06-14 12:15 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2008-06-14 12:15 264,704 ----a-w C:\WINDOWS\system32\hlvdd.dll
2008-06-13 01:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-10 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-07 11:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 00:33 --------- d-----w C:\Documents and Settings\Dawn\Application Data\DNA
2008-05-29 08:34 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-15 23:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-15 09:54 --------- d-----w C:\Program Files\LimeWire
2008-05-11 10:10 --------- d-----w C:\Documents and Settings\Dawn\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-28 23:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-28 23:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-28 23:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 09:08 --------- d-----w C:\Documents and Settings\Dawn\Application Data\Smart S.T.A.L.K.E.R. Mod Manager
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-09 01:05 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-11-29 12:40 22,328 -c--a-w C:\Documents and Settings\Dawn\Application Data\PnkBstrK.sys
.

------- Sigcheck -------

2005-03-12 04:01 502272 2b2b73167621f5431c44f57825f8cea3 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2008-03-28 16:25 1271032]
"NVIDIA nTune"="C:\system tools\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 18:25 81920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"updateMgr"="C:\Program Files\Adobe\Reader 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"SUPERAntiSpyware"="C:\system tools\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-16 01:28 85744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 13:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 13:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 13:07 81920]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13 988584]
"RemoteControl"="C:\misc\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"VGAUtil"="C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [2006-07-12 15:27 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\system tools\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\system tools\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\System Tools\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-05-08 16:45 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a--c--- 2004-08-22 16:05 81920 C:\misc\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart]
C:\system\ErrorSmart\ErrorSmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\misc\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 C:\misc\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Steam\\SteamApps\\dazed_animal\\counter-strike source\\hl2.exe"=
"D:\\Steam\\SteamApps\\the_true_slug\\counter-strike source\\hl2.exe"=
"C:\\Misc\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Misc\\ReGetDx\\regetdx.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"D:\\Activision\\Star Trek Armada II\\Armada2.exe"=
"D:\\Diablo II\\Diablo II.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"D:\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-06 00:46]
R3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [2008-01-22 21:00]
R3 GPCIDrv;GPCIDrv;C:\WINDOWS\GPCIDrv.sys [2008-06-17 16:48]
R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [2008-06-17 16:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 14:20:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-16 15:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\system\ErrorSmart\ErrorSmart.ex
- C:\system\ErrorSmart
"2008-06-17 04:48:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\system tools\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 16:45:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\System Tools\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\System Tools\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\System Tools\Diskeeper Corporation\Diskeeper\DkService.exe
C:\System Tools\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.EXE
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
.
**************************************************************************
.
Completion time: 2008-06-17 16:54:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 04:53:51

Pre-Run: 1,999,212,544 bytes free
Post-Run: 2,816,233,472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

217 --- E O F --- 2008-06-15 16:47:43


----------



## cybertech (Apr 16, 2002)

Update your version of Hijackthis:
*Click here* to download *HJTInstall.exe*

Save *HJTInstall.exe* to your desktop.
Doubleclick on the *HJTInstall.exe* icon on your desktop.
By default it will install to *C:\Program Files\Trend Micro\HijackThis* . 
Click on *Install*.
It will create a HijackThis icon on the desktop.
Once installed, it will launch *Hijackthis*.

Please post a new hijackthis log and let me know if you are still having problems.


----------



## DawnSkye (Jun 15, 2008)

I uninstalled my old anti virus and installed norton anit virus 2008.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:10 a.m., on 18/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\system tools\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\system tools\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\System Tools\Diskeeper Corporation\Diskeeper\DkService.exe
C:\system tools\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\misc\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
D:\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Norton AntiVirus\navw32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\system tools\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dawn\Desktop\HJTInstall.exe
C:\system tools\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Misc\ReGetDx\iebar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\misc\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\misc\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\system tools\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Reader 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AntiSpyCheck] C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe 
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\system tools\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Misc\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O20 - Winlogon Notify: !SASWinLogon - C:\system tools\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\system tools\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\System Tools\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\system tools\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8280 bytes


----------



## cybertech (Apr 16, 2002)

*Run HJT again and put a check in the following:*

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com

*Close all applications and browser windows before you click "fix checked".*








Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 6*.
Scroll down to where it says * Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications* (the fifth one in the list)..
Click the "*Download*" button to the right. A new page will open.
Select your platform and check the box that says: *I agree to the Java SE Runtime Environment 6 License Agreement*.
Click *Continue*.
Click on the link under *Windows Offline Installation* (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager.
Go to *Start* - *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on the download to install the newest version.

How is it running now? Any problems?


----------



## DawnSkye (Jun 15, 2008)

Hey, I did what you said and everything seems to be running a lot better and no viruses! Thanks you so much and I'd love to donate something but I'm a poor student at the moment.


----------



## cybertech (Apr 16, 2002)

*Follow these steps to uninstall Combofix and tools used in the removal of malware*

 Click *START* then *RUN*
 Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there.









It's a good idea to Flush your System Restore after removing malware: 
Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405

Now you should Clean up your PC

Here are some additional links for you to check out to help you with your computer security.

How did I get infected in the first place. *by Tony Klein*

Good free tools and advice on how to tighten your security settings.

Security Help Tools

You're welcome!


----------

