HijackThis Log

stulaunch · 27 July 2008 at 3:53PM

Whilst on holiday seems daughter tried to download some kind of game, she has told me that there was strange things happening after, some kind of spyware warnings.
Thats all i know, sorry.
I have a Popup coming every time i click new page in browser, IE.
Have done steps in Spyware/Malware removal guide, but popups still there.

Could somebody check my HijackThis Log for any problems.
Running Windows XP service pack3.

Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:54, on 27/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\MYSECR~1\MSFMON.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: !!63a33c1d-4a0f-8dea-32d4-76de96054942} - !!24945069-ed67-4d23-aed8-f0a4d1c33a36} - C:\WINDOWS\system32\cbjwvw.dll
O2 - BHO: Spybot-S&D IE Protection - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - !!72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [!!0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [08515c38] rundll32.exe "C:\WINDOWS\system32\ftmxtqtw.dll",b
O4 - HKLM\..\Run: [BM0b626fa4] Rundll32.exe "C:\WINDOWS\system32\eaxvffaa.dll",s
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - !!85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - !!85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digital.WebStore.Portal/Pages/System/Secure/HMV.Digital.Downloader.cab
O16 - DPF: !!1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: !!215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: !!2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: !!3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: !!5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: !!6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159734638750
O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159734626453
O16 - DPF: !!9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E97FF5C4-99A6-41B6-A440-B424D580081C}: NameServer = 62.24.222.135 62.24.222.134
O18 - Protocol: grooveLocalGWS - !!88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: urqRJbBT - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 12044 bytes

Browntoa · 27 July 2008 at 4:49PM

fix these

O2 - BHO: !!63a33c1d-4a0f-8dea-32d4-76de96054942} - !!24945069-ed67-4d23-aed8-f0a4d1c33a36} - C:\WINDOWS\system32\cbjwvw.dll

O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [08515c38] rundll32.exe "C:\WINDOWS\system32\ftmxtqtw.dll",b

O4 - HKLM\..\Run: [BM0b626fa4] Rundll32.exe "C:\WINDOWS\system32\eaxvffaa.dll",s

016 - DPF: !!1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: !!3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O20 - Winlogon Notify: urqRJbBT - C:\WINDOWS\

Browntoa · 27 July 2008 at 4:50PM

Malware Bytes

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
- Make sure the "Perform Quick Acan" option is selected.
- Then click on the Scan button.
The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Browntoa · 27 July 2008 at 4:51PM

and also run this

http://forums.majorgeeks.com/showthread.php?t=152072

and then post the combifix log here

stulaunch · 27 July 2008 at 6:36PM

Thanks Browntoa,

1st Malwarebytes

Malwarebytes' Anti-Malware 1.23
Database version: 998
Windows 5.1.2600 Service Pack 3
17:12:19 27/07/2008
mbam-log-7-27-2008 (17-12-19).txt
Scan type: Quick Scan
Objects scanned: 46133
Time elapsed: 4 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\cbshqbrb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brbqhsbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brbqhsbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ikpvvvyg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gyvvvpki.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\martulid.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nlgrywra.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bofkmeap.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM0b626fa4.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM0b626fa4.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Now ComboFix

ComboFix 08-07-27.1 - Stu 2008-07-27 18:08:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.620 [GMT 1:00]
Running from: C:\Documents and Settings\Stu.STUART\Desktop\combo-fix.exe.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Stu.STUART\Application Data\inst.exe
C:\Documents and Settings\Stu.STUART\Application Data\macromedia\Flash Player\#SharedObjects\LCQY36TV\interclick.com
C:\Documents and Settings\Stu.STUART\Application Data\macromedia\Flash Player\#SharedObjects\LCQY36TV\interclick.com\ud.sol
C:\Documents and Settings\Stu.STUART\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Stu.STUART\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\cbjwvw.dll
C:\WINDOWS\system32\dheuoeky.dll
C:\WINDOWS\system32\hOWxayxx.ini
C:\WINDOWS\system32\hOWxayxx.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\SAHQBJlm.ini
C:\WINDOWS\system32\SAHQBJlm.ini2
C:\WINDOWS\system32\uouagwir.ini
.
((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.
2008-07-27 17:04 . 2008-07-27 17:04 <DIR> d

C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 17:04 . 2008-07-27 17:04 <DIR> d

C:\Documents and Settings\Stu.STUART\Application Data\Malwarebytes
2008-07-27 17:04 . 2008-07-27 17:04 <DIR> d

C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 17:04 . 2008-07-23 20:09 38,472 --a

C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-27 17:04 . 2008-07-23 20:09 17,144 --a

C:\WINDOWS\system32\drivers\mbam.sys
2008-07-27 08:51 . 2008-07-27 08:51 <DIR> d

C:\Program Files\Alwil Software
2008-07-27 08:44 . 2008-07-27 08:44 <DIR> d

C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-26 15:14 . 2008-06-19 17:24 28,544 --a

C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-26 15:13 . 2008-07-26 15:13 <DIR> d

C:\Program Files\Panda Security
2008-07-24 15:17 . 2008-07-24 15:17 710,202 ---hs---- C:\WINDOWS\system32\brbqhsbc.tmp
2008-07-23 14:29 . 2008-07-24 12:07 878 ---hs---- C:\WINDOWS\system32\wtqtxmtf.ini
2008-07-23 12:55 . 2008-07-23 12:55 145 --a

C:\WINDOWS\system32\winver.bat
2008-07-23 11:37 . 2008-07-23 11:37 <DIR> d

C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-06 09:35 . 2008-07-06 09:35 <DIR> dr

C:\New Briefcase
2008-07-05 22:23 . 2008-07-05 22:23 <DIR> d

C:\Program Files\AVG
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 16:46

d

w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-27 16:01

d

w C:\Program Files\TVUPlayer
2008-07-27 07:53 498 ----a-w C:\sccfg.sys
2008-07-26 09:19

d

w C:\Documents and Settings\Stu.STUART\Application Data\wsInspector
2008-07-26 06:51

d

w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-26 06:04

d

w C:\Documents and Settings\Stu.STUART\Application Data\Registry Booster
2008-07-25 20:35

d

w C:\Program Files\Java
2008-07-25 10:36

d

w C:\Documents and Settings\Stu.STUART\Application Data\Glory of the Roman Empire
2008-07-23 12:37

d

w C:\Documents and Settings\Stu.STUART\Application Data\uTorrent
2008-07-23 12:17

d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 10:32

d

w C:\Program Files\Common Files\InstallShield
2008-07-20 19:13

d

w C:\Program Files\EA GAMES
2008-07-09 17:13

d

w C:\Program Files\Folder Lock
2008-06-28 14:30

d

w C:\Program Files\MySecretFolder XP
2008-06-24 19:50

d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-21 06:11

d

w C:\Program Files\Common Files\Totem Shared
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 08:55

d

w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-06-19 08:52

d

w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-19 08:51

d

w C:\Program Files\SlySoft
2008-06-17 21:07

d

w C:\Program Files\MSN Messenger
2008-06-17 13:59 99,648 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-06-17 07:23

d

w C:\Program Files\SUPERAntiSpyware
2008-06-13 11:05 272,128

w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 16:49

d

w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-06-06 15:29 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-06 15:29 47,360 ----a-w C:\Documents and Settings\Stu.STUART\Application Data\pcouffin.sys
2008-06-06 15:29

d

w C:\Documents and Settings\Stu.STUART\Application Data\Vso
2008-06-06 15:28

d

w C:\Program Files\LG Software Innovations
2008-06-06 14:53

d

w C:\Documents and Settings\Stu.STUART\Application Data\1ClickDVDCopy
2008-06-04 14:41

d

w C:\Documents and Settings\Stu.STUART\Application Data\CopyToDvd
2008-06-03 16:53

d

w C:\Program Files\SystemRequirementsLab
2008-06-03 16:48

d

w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-31 15:20

d

w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-31 15:18

d

w C:\Program Files\Lavasoft
2008-05-31 15:18

d

w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 15:18

d

w C:\Documents and Settings\Stu.STUART\Application Data\Lavasoft
2006-11-04 18:46 24,192 ----a-w C:\Documents and Settings\Stu.STUART\usbsermptxp.sys
2006-11-04 18:46 22,768 ----a-w C:\Documents and Settings\Stu.STUART\usbsermpt.sys
2006-09-27 18:37 10,240 --sha-w C:\WINDOWS\rnapxs\rnapxs.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 15:47 1206600]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2005-08-16 00:12 192512]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2005-12-05 01:38 437008]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 01:39 461584]
"!!0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 18:45 1169776]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 18:57 1945960]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 18:49 149024]
"MSF_Monitor"="C:\PROGRA~1\MYSECR~1\MSFMON.exe" [2007-01-25 00:00 99920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-20 20:19 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FG_Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a

2008-06-17 16:01 89024 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a

2001-12-06 13:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a

2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a

2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a

2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a

2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra

2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a

2008-06-17 08:23 1506544 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a

2007-05-10 15:30 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"C:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW-BI.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\Documents and Settings\\Stu.STUART\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Pyro Studios\\Imperial Glory\\ImperialGlory.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LG Software Innovations\\1Click DVD Copy Pro\\1ClickDvdCopyPro.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 15:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37]
R2 MSF32;MSF32;C:\Program Files\MySecretFolder XP\MSF32.SYS [2007-01-25 00:00]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 15:47]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 12:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 14:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 14:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 12:18]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 12:15]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 12:18]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 14:15]
.
Contents of the 'Scheduled Tasks' folder
2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-07-27 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
2008-07-27 C:\WINDOWS\Tasks\McAfee.com Update Check (STUART-Admin).job - C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe []
2008-07-27 C:\WINDOWS\Tasks\McAfee.com Update Check (STUART-Admin).job - C:\PROGRA~1\McAfee.com\Agent??Admin?YMcAfee SecurityCenter periodically checks for updates for your McAfee Security Services.??? []
2008-07-27 C:\WINDOWS\Tasks\McAfee.com Update Check (STUART-Stu).job - C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe []
2008-07-27 C:\WINDOWS\Tasks\McAfee.com Update Check (STUART-Stu).job - C:\PROGRA~1\McAfee.com\Agent??Stu?YMcAfee SecurityCenter periodically checks for updates for your McAfee Security Services.??? []
2008-01-11 C:\WINDOWS\Tasks\Scheduled scanning task.job - C:\PROGRA~1\TALKTA~1\ANTI-V~1??SYSTEM?#Task added by F-Secure Anti-Virus.??? []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-08515c38 - C:\WINDOWS\system32\ftmxtqtw.dll
HKLM-Run-BM0b626fa4 - C:\WINDOWS\system32\eaxvffaa.dll
MSConfigStartUp-08515c38 - C:\WINDOWS\system32\ftmxtqtw.dll
MSConfigStartUp-BgMonitor_!!79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
MSConfigStartUp-BM0b626fa4 - C:\WINDOWS\system32\eaxvffaa.dll
MSConfigStartUp-dvd43 - C:\Program Files\dvd43\dvd43_tray.exe
MSConfigStartUp-MCAgentExe - C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
MSConfigStartUp-MCUpdateExe - C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-Norton Ghost 9 - C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
MSConfigStartUp-RemoteControl - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

.

Supplementary Scan

.
R0 -: HKCU-Main,Start Page = hxxp://news.bbc.co.uk/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O16 -: !!04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} - hxxps://www.hmvdigital.com/HMV.Digital.WebStore.Portal/Pages/System/Secure/HMV.Digital.Downloader.cab
C:\WINDOWS\Downloaded Program Files\Setup.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\WMHelper.dll
C:\WINDOWS\Downloaded Program Files\HMV.Digital.Downloader.ocx

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 18:14:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

Other Running Processes

.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-07-27 18:24:30 - machine was rebooted [Stu]
ComboFix-quarantined-files.txt 2008-07-27 17:24:25
Pre-Run: 151,938,375,680 bytes free
Post-Run: 151,847,854,080 bytes free
255 --- E O F --- 2008-07-18 21:17:38

stulaunch · 27 July 2008 at 9:42PM

I have got still 2 error messages on start up which i dont seem to be able to get rid of.
I see from original hijackThis log that these are 2 i fixed.
I have tried unticking them in msconfig startup but says i am not logged on as administator to do it.
Also tried in Startupinspector but they came back when rebooting

Error loading C:\WINDOWS\system32\eaxvffaa.dll
The specified module could not be found

And

Error loading C:\WINDOWS\system32\ftmxtqtw.dll
The specified module could not be found

Haven't had the popups back so far.

Browntoa · 27 July 2008 at 9:52PM

use msconfig

http://www.netsquirrel.com/msconfig/msconfig_xp.html

in safe mode , chose the administarter user profile that show up

http://www.computerhope.com/issues/chsafe.htm

to edit out those 2 entires on start up and it should be fine on a reboot

Browntoa · 27 July 2008 at 9:55PM

and check to see if these exist

C:\WINDOWS\system32\cbjwvw.dll
C:\WINDOWS\system32\dheuoeky.dll
C:\WINDOWS\system32\hOWxayxx.ini
C:\WINDOWS\system32\hOWxayxx.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\SAHQBJlm.ini
C:\WINDOWS\system32\SAHQBJlm.ini2
C:\WINDOWS\system32\uouagwir.ini

and delete them

stulaunch · 27 July 2008 at 10:42PM

Thanks again for your time Browntoa

Well i think i've done them, but on all users in safemode Admin, Administrator and myself i got following warning when applying changes.

An access denied error was returned while attempting to change a service
You may need to log on using an administrator account to make the specific changes.

I then restaerted and the offendind entries were still unticked in msconfig,
i'll check it tomorrow.

HijackThis Log

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free