16 replies to this topic

[zyk0rg]

So far this is what I have identified:

msa.exe
b.exe
find.exe

Whatever malware is present is denying access to antimalware programs. You can install them, run them, but once they start scanning they die. After that you cannot rename the .exe nor can you open it again.

Here's a list of what I've tried:

Malwarebytes: doesnt work
Spybot : doesnt work
Hijackthis: doesnt work
Rootrepeal: works, but you cannot scan the registry without it crashing
Combofix: if I reinstall and change the name of combo fix it starts working, but crashes after the disclaimer.
FixPolicies.exe : didn't seem to work at all.
OldTimer: doesnt work.

SUPERAntispyware: works if you run it's alternate start, however it never find any malware if I scan.

System Restore backups have been deleted.

Can't use msn.

Computer doesnt start sometimes

Can't run kaspersky online scanner because java is disabled somehow.

The BitDefender Scan doesn't work.

Oddly the computers performance isn't hindered at ALL.

Please help. Thanks.

[MAM]

Hello, please read this carefully, http://www.xp-vista.com/spyware-removal/ms...al-instructions

Please first post here a HijackThis Log. I'm infected - What do I do now?, Please follow these instructions to clean your system,
http://www.malwareby...?showtopic=9573 .


MAM

[zyk0rg]

Thank you for the super fast reply.

Hijackthis does not work, so I cannot create a log.

[MAM]

Jump in the safe mode, and try it again this a HijackthisLog


Getting into Windows Safe Mode. ----> http://www.computerh...sues/chsafe.htm

MAM

[sjpritch25]

Welcome to Malwarebytes!!!!


Please download Win32kDiag.exe by AD to your Desktop.
Double-click on Win32kDiag.exe.
It will create Win32kDiag.txt on your Desktop.
In your next reply, please include the log. Thanks

[zyk0rg]

Running from: E:\Documents and Settings\Robert\My Documents\Downloads\Win32kDiag.exe

Log file at : E:\Documents and Settings\Robert\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'E:\WINDOWS'...



Found mount point : E:\WINDOWS\$hf_mig$\KB936021\KB936021

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\$hf_mig$\KB936357\KB936357

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\$hf_mig$\KB938127\KB938127

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\$hf_mig$\KB938828\KB938828

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\$hf_mig$\KB938829\KB938829

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\$hf_mig$\KB941202\KB941202

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\$hf_mig$\KB941644\KB941644

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\$hf_mig$\KB942763\KB942763

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\$hf_mig$\KB942840\KB942840

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\$hf_mig$\KB943055\KB943055

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\$hf_mig$\KB943485\KB943485

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\$hf_mig$\KB944653\KB944653

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\$hf_mig$\KB946026\KB946026

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\A6W_DATA\A6W_DATA

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Cannot access: E:\WINDOWS\MEMORY.DMP

[1] 2007-09-19 14:45:00 69504 E:\WINDOWS\MEMORY.DMP ()



Found mount point : E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\PCHealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: E:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe

[1] 2002-08-29 08:00:00 703488 E:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2004-08-04 01:56:52 743936 E:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe ()

[1] 2004-08-04 01:56:52 743936 E:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : E:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\Download\1eec13b5c1997fc7de00e3422db4b84d\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\Download\26a7ba71936ef28fcb3bb73b860e289e\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\Download\3a4c74ad66aac0b11d953bbcf3937ae6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\Download\561854573350299cf5c23eea1e0cff28\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\Download\a8a198f29fa1e0036a0893ee4e32b46a\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\Download\b4a99ee77ab6fc9b948ad07f463a379f\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\Download\d201072cb58fab95908d9431c4a9ed6f\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\config\systemprofile\Local Settings\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\Lang\Lang

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\Macromed\update\update

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\spool\drivers\w32x86\3\New\New

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\ZoneLabs\streamapi\streamapi

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\ZoneLabs\Updates\anti_spyware\anti_spyware

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\system32\ZoneLabs\Updates\TrialScreens\TrialScreens

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\Temp\AskBarDis\RSS\RSS

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\Temp\AVSETUP_4a63bd6a\AVSETUP_4a63bd6a

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Found mount point : E:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!

[sjpritch25]

Please download the attached file Junction.zip. Extract Junction folder to your desktop. Open folder, double-click on junction.bat. In your next reply, please post the log. Thanks

Attached Files

•  Junction.zip   45.28K   11 downloads

[zyk0rg]

Junction v1.05 - Windows junction creator and reparse point viewer
Copyright © 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com


Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

.No reparse points found.

[sjpritch25]

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a report for you.

• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

[zyk0rg]

Combofix does not work even when renamed. It simply stalls.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:26 AM, on 9/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\Program Files\xampp\apache\bin\apache.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\AskBarDis\bar\bin\AskService.exe
E:\Program Files\NCH Swift Sound\Axon\axon.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Google\Update\GoogleUpdate.exe
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
E:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
E:\Program Files\xampp\apache\bin\apache.exe
E:\Program Files\Common Files\Motive\McciCMService.exe
E:\Program Files\xampp\mysql\bin\mysqld-nt.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
e:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Bell\Access Manager\app\TangoService.exe
E:\Program Files\NCH Swift Sound\VRS\vrs.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
E:\Program Files\Logitech\QuickCam\Quickcam.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\PowerArchiver\PASTARTER.EXE
E:\Program Files\DAEMON Tools\daemon.exe
E:\Documents and Settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
E:\Program Files\UnHackMe\hackmon.exe
E:\Documents and Settings\Robert\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
E:\Program Files\UnHackMe\gwebupdate.exe
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
E:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Program Files\Trend Micro\Hijack-This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - E:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - E:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - E:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - E:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - E:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - E:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Ink Monitor] E:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PowerArchiver Tray] E:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NBJ] "E:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PopRock] E:\DOCUME~1\Robert\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] E:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\6c579bdd-489b-4931-9ead-17f9e063a9d0.exe
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: FIFA 09 Registration.lnk.disabled (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: FIFA 09 Registration.lnk.disabled (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: FIFA 09 Registration.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Winamp Search - E:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - E:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://pbctbc.bc.motive.com
O15 - Trusted Zone: http://pbctbcivr.bc.motive.com
O15 - Trusted Zone: http://fix.sympatico.ca
O15 - Trusted Zone: http://rc.sympatico.ca
O15 - Trusted Zone: http://rcfr.sympatico.ca
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207550378453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207550374734
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_4.0.21.0.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E550B919-9C54-44A7-AA69-7BDC887FD331}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{E550B919-9C54-44A7-AA69-7BDC887FD331}: NameServer = 67.69.184.143,206.47.244.53
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\Program Files\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - E:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Axon Virtual PBX (AxonService) - NCH Software - E:\Program Files\NCH Swift Sound\Axon\axon.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - E:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - E:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9cd388456b08a) (gupdate1c9cd388456b08a) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Local Service - Unknown owner - E:\WINDOWS\wuauapl.exe (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - E:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - E:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - E:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: mysql (MySQL) - Unknown owner - E:\Program Files\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - E:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - E:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - E:\Program Files\Bell\Access Manager\app\TangoService.exe
O23 - Service: Ventrilo - Unknown owner - E:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: VRS Recording System (VRSService) - NCH Software - E:\Program Files\NCH Swift Sound\VRS\vrs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - E:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - E:\Program Files\Windows Defender\MsMpEng.exe

--
End of file - 16281 bytes

[sjpritch25]

You need to make sure your security programs are all disabled. That includes Avira, SuperAnti-spyware, Stopzilla, and Windows Defender. That is likely causing the hangups.

[zyk0rg]

ComboFix 09-09-16.05 - Robert 09/17/2009 12:02.1.2 - NTFSx86
Running from: e:\documents and settings\Robert\Desktop\Combo-Fi-x.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\recycler\S-1-5-21-1396786598-1080533028-2633743212-1006
e:\recycler\S-1-5-21-1396786598-1080533028-2633743212-500
e:\windows\Downloaded Program Files\bdcore.dll
e:\windows\Downloaded Program Files\libfn.dll
e:\windows\run.log
e:\windows\system32\drivers\Sonyhcp.dll
e:\windows\system32\UACsiyiqrotmv.db
e:\windows\system32\xa.tmp
e:\windows\TEMP\logishrd\LVPrcInj03.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-08-17 to 2009-09-17 )))))))))))))))))))))))))))))))
.

2009-09-16 14:48 . 2009-09-16 14:48 -------- d-----w- e:\program files\Trend Micro
2009-09-11 17:19 . 2009-09-11 17:19 -------- d-----w- e:\program files\ERUNT
2009-09-11 16:50 . 2009-09-11 16:50 0 ----a-w- e:\documents and settings\Robert\settings.dat
2009-09-11 15:10 . 2009-09-11 15:14 -------- d-----w- e:\program files\Softwin
2009-09-11 10:51 . 2009-09-11 10:51 -------- d-----w- e:\documents and settings\All Users\Application Data\SITEguard
2009-09-11 10:50 . 2009-09-11 10:50 -------- d-----w- e:\program files\STOPzilla!
2009-09-11 10:50 . 2009-09-11 10:51 -------- d-----w- e:\documents and settings\All Users\Application Data\STOPzilla!
2009-09-11 10:50 . 2009-09-11 10:50 -------- d-----w- e:\program files\Common Files\iS3
2009-09-10 13:32 . 2009-09-10 13:39 -------- d-----w- E:\VIRUSfighter
2009-09-09 04:51 . 2009-09-09 04:51 -------- d-----w- e:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-09-09 04:46 . 2009-09-09 04:46 39322 ----a-w- E:\MGlogs.zip
2009-09-09 04:44 . 2009-09-09 04:46 -------- d-----w- E:\MGtools
2009-09-09 04:20 . 2009-09-09 04:20 -------- d-----w- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-09 04:20 . 2009-09-17 16:07 -------- d-----w- e:\program files\SUPERAntiSpyware
2009-09-09 04:20 . 2009-09-09 04:20 -------- d-----w- e:\documents and settings\Robert\Application Data\SUPERAntiSpyware.com
2009-09-09 03:53 . 2009-09-09 03:53 24416 ----a-w- e:\windows\system32\drivers\regguard.sys
2009-09-09 03:42 . 2009-09-09 03:42 2 --shatr- e:\windows\winstart.bat
2009-09-09 03:42 . 2009-09-09 03:53 35040 ----a-w- e:\windows\system32\Partizan.exe
2009-09-09 03:42 . 2009-09-09 03:42 32290 ----a-w- e:\windows\system32\drivers\Partizan.sys
2009-09-09 03:42 . 2009-07-27 23:51 12728 ----a-w- e:\windows\system32\drivers\UnHackMeDrv.sys
2009-09-09 03:42 . 2009-09-09 03:51 -------- d-----w- e:\program files\UnHackMe
2009-09-09 01:52 . 2009-09-09 01:56 -------- d--h--w- e:\windows\PIF
2009-09-09 01:13 . 2009-09-09 01:13 -------- d-----w- e:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-09-09 01:13 . 2009-09-09 01:13 -------- d-----w- e:\documents and settings\Administrator\Application Data\Apple Computer
2009-09-09 01:01 . 2009-09-09 01:01 -------- d-----w- e:\documents and settings\All Users\Application Data\F-Secure
2009-09-09 00:49 . 2009-09-15 05:15 411368 ----a-w- e:\windows\system32\deploytk.dll
2009-08-31 20:19 . 2009-09-02 19:32 25 ----a-w- e:\windows\popcinfot.dat
2009-08-31 16:45 . 2009-08-31 16:45 -------- d-----w- e:\program files\PC-home
2009-08-18 22:18 . 2009-08-18 22:18 -------- d-----w- e:\program files\Microsoft.NET
2009-08-18 22:18 . 2009-08-18 22:18 -------- d-----w- e:\program files\MSXML 6.0
2009-08-18 22:15 . 2009-08-18 22:18 -------- d-----w- e:\program files\Microsoft SQL Server
2009-08-18 22:12 . 2009-09-02 19:43 -------- d-----w- e:\program files\Sony
2009-08-18 22:11 . 2009-08-18 22:15 -------- d-----w- e:\program files\Sony Setup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 16:12 . 2008-05-09 21:50 1164088608 --sha-w- e:\windows\system32\drivers\fidbox.dat
2009-09-17 16:09 . 2008-05-09 21:50 15592232 --sha-w- e:\windows\system32\drivers\fidbox.idx
2009-09-15 23:37 . 2009-06-10 00:55 0 ----a-w- e:\windows\system32\drivers\lvuvc.hs
2009-09-15 23:37 . 2009-06-10 00:55 0 ----a-w- e:\windows\system32\drivers\logiflt.iad
2009-09-15 15:05 . 2009-06-03 16:53 139016 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2009-09-15 15:05 . 2009-06-03 16:53 189488 ----a-w- e:\windows\system32\PnkBstrB.exe
2009-09-15 05:15 . 2007-09-07 03:02 -------- d-----w- e:\program files\Java
2009-09-15 05:06 . 2007-09-19 11:52 -------- d-----w- e:\program files\PowerArchiver
2009-09-10 13:32 . 2007-09-06 13:06 -------- d--h--w- e:\program files\InstallShield Installation Information
2009-09-10 03:20 . 2007-09-18 00:23 -------- d-----w- e:\documents and settings\Robert\Application Data\uTorrent
2009-09-09 04:19 . 2009-05-14 15:39 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2009-09-09 01:58 . 2008-01-24 05:21 -------- d-----w- e:\program files\Spybot - Search & Destroy
2009-09-09 01:51 . 2008-10-02 14:07 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2009-09-08 20:32 . 2007-10-30 03:17 -------- d-----w- e:\program files\Google
2009-08-18 22:12 . 2007-11-24 02:30 -------- d-----w- e:\program files\VstPlugins
2009-08-15 15:36 . 2009-07-20 02:03 55656 ----a-w- e:\windows\system32\drivers\avgntflt.sys
2009-07-20 18:57 . 2009-07-20 18:57 17408 ----a-r- e:\windows\system32\SZIO5.dll
2009-07-20 18:56 . 2009-07-20 18:56 311296 ----a-r- e:\windows\system32\SZBase5.dll
2009-07-20 18:56 . 2009-07-20 18:56 540672 ----a-r- e:\windows\system32\SZComp5.dll
2009-07-20 02:03 . 2009-07-20 02:03 -------- d-----w- e:\program files\Avira
2009-07-20 02:03 . 2009-07-20 02:03 -------- d-----w- e:\documents and settings\All Users\Application Data\Avira
2009-07-09 19:52 . 2009-07-09 19:52 126976 ----a-r- e:\windows\system32\IS3HTUI5.dll
2009-07-09 19:52 . 2009-07-09 19:52 393216 ----a-r- e:\windows\system32\IS3DBA5.dll
2009-07-09 19:51 . 2009-07-09 19:51 385024 ----a-r- e:\windows\system32\IS3UI5.dll
2009-07-09 19:51 . 2009-07-09 19:51 61440 ----a-r- e:\windows\system32\IS3Hks5.dll
2009-07-09 19:51 . 2009-07-09 19:51 23040 ----a-r- e:\windows\system32\IS3XDat5.dll
2009-07-09 19:50 . 2009-07-09 19:50 225280 ----a-r- e:\windows\system32\IS3Win325.dll
2009-07-09 19:50 . 2009-07-09 19:50 94208 ----a-r- e:\windows\system32\IS3Inet5.dll
2009-07-09 19:50 . 2009-07-09 19:50 90112 ----a-r- e:\windows\system32\IS3Svc5.dll
2009-07-09 19:47 . 2009-07-09 19:47 724992 ----a-r- e:\windows\system32\IS3Base5.dll
2009-06-28 14:16 . 2003-03-19 03:14 499712 ----a-w- e:\windows\system32\msvcp71.dll
2009-01-30 14:20 . 2009-01-30 14:17 20938728 ----a-w- e:\program files\FLV PlayerRCSetup.exe
2005-04-01 03:17 . 2008-03-08 21:37 40960 ----a-w- e:\program files\Uninstall_CDS.exe
2004-08-04 19:00 . 2008-01-08 22:37 413696 ----a-w- e:\program files\mozilla firefox\plugins\msvcp60.dll
.

------- Sigcheck -------

[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . e:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2002-08-29 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . e:\windows\$NtServicePackUninstall$\eventlog.dll

e:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 23:22 333192 ----a-w- e:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "e:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "e:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="e:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"PowerArchiver Tray"="e:\program files\PowerArchiver\PASTARTER.EXE" [2007-08-10 140328]
"DAEMON Tools"="e:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Google Update"="e:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-08-30 133104]
"NBJ"="e:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-20 1957888]
"UnHackMe Monitor"="e:\program files\UnHackMe\hackmon.exe" [2009-07-27 236744]
"SUPERAntiSpyware"="e:\program files\SUPERAntiSpyware\6c579bdd-489b-4931-9ead-17f9e063a9d0.exe" [2009-09-04 1994480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\System32\NvCpl.dll" [2007-06-29 8466432]
"NvMediaCenter"="e:\windows\System32\NvMcTray.dll" [2007-06-29 81920]
"PWRISOVM.EXE"="e:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"Ink Monitor"="e:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2001-06-15 254022]
"NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ZoneAlarm Client"="e:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"AppleSyncNotifier"="e:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"LogitechCommunicationsManager"="e:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="e:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"TkBellExe"="e:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-28 198160]
"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-09-15 149280]
"nwiz"="nwiz.exe" - e:\windows\system32\nwiz.exe [2007-06-29 1626112]
"RTHDCPL"="RTHDCPL.EXE" - e:\windows\RTHDCPL.exe [2007-04-12 16132608]

e:\documents and settings\Robert\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - e:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
FIFA 09 Registration.lnk.disabled [2009-6-2 1037]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - e:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-6-9 66864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="e:\program files\Steam\Steam.exe" -silent
"PowerBar"=
"TVPlanet"=
"RadioPlanet"=
"71036967127490973606182840621756"=e:\program files\Antivirus 2009\av2009.exe
"Gadu-Gadu"="e:\documents and settings\Robert\My Documents\Gadu-Gadu\gg.exe" /tray
"Installer"=e:\windows\system32\~.exe
"PopRock"=e:\docume~1\Robert\LOCALS~1\Temp\b.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Console"=wkssvc.exe
"BellCanada_McciTrayApp"=e:\program files\BellCanada\McciTrayApp.exe
"SunJavaUpdateSched"="e:\program files\Java\jre1.5.0_12\bin\jusched.exe"
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime
"Axon"="e:\program files\NCH Swift Sound\Axon\axon.exe" -logon
"VRS"="e:\program files\NCH Swift Sound\VRS\vrs.exe" -logon
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"e:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=
"e:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"<NO NAME>"=

R2 gupdate1c9cd388456b08a;Google Update Service (gupdate1c9cd388456b08a);e:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 133104]
R2 Local Service;Local Service;e:\windows\wuauapl.exe [x]
R2 WinDefend;Windows Defender;e:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
R3 ENDETECT;ENDETECT;e:\progra~1\Bell\ACCESS~1\app\ENDETECT.SYS [2003-03-27 7752]
R3 fsssvc;Windows Live Family Safety;e:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 getPlus® Helper;getPlus® Helper;e:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);e:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R3 NTSTPL1;NTSTPL1;e:\progra~1\Bell\ACCESS~1\app\NTSTPL1.SYS [2003-03-27 16160]
R3 NTSTPL2;NTSTPL2;e:\progra~1\Bell\ACCESS~1\app\NTSTPL2.SYS [2003-03-27 16160]
R3 Partizan;Partizan;e:\windows\system32\drivers\Partizan.sys [2009-09-09 32290]
R3 RAWESR;RAWESR;e:\progra~1\Bell\ACCESS~1\app\RAWESR.SYS [2003-03-27 16256]
R3 RegGuard;RegGuard;e:\windows\system32\Drivers\regguard.sys [2009-09-09 24416]
R3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-04 7408]
R3 TAPBIND;TAPBIND;e:\progra~1\Bell\ACCESS~1\app\TAPBIND1.SYS [2003-03-27 44736]
S0 szkg5;szkg;e:\windows\system32\DRIVERS\szkg.sys [2009-05-12 61328]
S1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-04 9968]
S1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-04 74480]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Apache2.2;Apache2.2;e:\program files\xampp\apache\bin\apache.exe [2008-01-17 24635]
S2 ASKService;ASKService;e:\program files\AskBarDis\bar\bin\AskService.exe [2008-10-16 464264]
S2 AxonService;Axon Virtual PBX;e:\program files\NCH Swift Sound\Axon\axon.exe [2008-04-21 499716]
S2 fssfltr;fssfltr;e:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 VRSService;VRS Recording System;e:\program files\NCH Swift Sound\VRS\vrs.exe [2008-04-21 610308]
S3 ENETNT5;Efficient Networks, tango Access PPPoE WAN Miniport;e:\windows\system32\DRIVERS\enetnt.sys [2003-03-27 40832]

.
Contents of the 'Scheduled Tasks' folder

2009-09-11 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-11 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 04:18]

2009-09-11 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 04:18]

2009-09-11 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-484061587-839522115-1004Core.job
- e:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-07-15 01:23]

2009-09-11 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-484061587-839522115-1004UA.job
- e:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-07-15 01:23]

2009-09-11 e:\windows\Tasks\MP Scheduled Scan.job
- e:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - e:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: motive.com\pbctbc.bc
Trusted Zone: motive.com\pbctbcivr.bc
Trusted Zone: sympatico.ca\assistance
Trusted Zone: sympatico.ca\fix
Trusted Zone: sympatico.ca\rc
Trusted Zone: sympatico.ca\rcfr
Trusted Zone: sympatico.ca\service
TCP: {E550B919-9C54-44A7-AA69-7BDC887FD331} = 67.69.184.143,206.47.244.53
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - e:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://e:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\windows\Java\classes\xmldso.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
FF - ProfilePath - e:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\wwflzxd8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: e:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\wwflzxd8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
FF - component: e:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: e:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\wwflzxd8.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: e:\documents and settings\Robert\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: e:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: e:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: e:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npUMediaPlayer.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npUMediaPlayer5.dll
FF - plugin: e:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - e:\documents and settings\Robert\Desktop\HijackThis.exe
AddRemove-Trickster Online - e:\documents and settings\Robert\Desktop\Anna's Junk\Trickster Online\uninst.exe
AddRemove-Winamp Toolbar for Firefox - e:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\wwflzxd8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-17 12:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-484061587-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*V*"j%]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1606980848-484061587-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*V*"j%\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1606980848-484061587-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C47BA96B-8835-E4CB-6D7A-F3142F3468E0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jacooiofcfaddcgncbjb"=hex:6a,61,63,6e,6e,64,67,66,66,69,67,6b,64,6f,6e,6a,63,
68,6d,68,00,f2
"oaaoajcfpgojpcbgfdhadpbalcagoj"=hex:6a,61,65,6c,68,64,69,6c,61,65,66,67,63,67,
68,62,64,6e,70,6e,00,00
"nakaemggppdkedgmjpffblhjpbck"=hex:6a,61,63,6e,6e,64,67,66,66,69,67,6b,64,6f,
6e,6a,63,68,6d,68,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
e:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(4244)
e:\windows\System32\shdoclc.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
e:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
e:\program files\Common Files\Motive\McciCMService.exe
e:\windows\system32\nvsvc32.exe
e:\program files\Raxco\PerfectDisk10\PDAgent.exe
e:\windows\system32\PnkBstrA.exe
e:\windows\system32\PnkBstrB.exe
e:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
e:\windows\system32\ZoneLabs\vsmon.exe
e:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
e:\windows\system32\rundll32.exe
e:\documents and settings\Robert\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
e:\program files\UnHackMe\GWebUpdate.exe
e:\program files\iPod\bin\iPodService.exe
e:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-09-17 12:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-17 16:17
ComboFix2.txt 2009-05-02 18:52

Pre-Run: 188,181,028,864 bytes free
Post-Run: 188,087,681,024 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
336

[zyk0rg]

There is still a rootkit mbr I believe. Antimalware programs cannot be opened and access is denied.

[zyk0rg]

zyk0rg, on Sep 17 2009, 04:23 PM, said:

There is still a rootkit mbr I believe. Antimalware programs cannot be opened and access is denied.

I was searching the web, and it seems the route of this problem is system32\eventlog.dll is missing

The original has been renamed logevent.dll.

[sjpritch25]

Sorry for the delay

How are things running?

[zyk0rg]

sjpritch25, on Sep 22 2009, 12:19 AM, said:

Sorry for the delay

How are things running?

As before the computer's performance is unhindered.

I still cant run most antimalware programs.

and when i run a virus scan it frequently finds new things.

[sjpritch25]

Please delete your copy of ComboFix, we need to download a fresh copy.

Download Combofix from this webpage: http://www.bleepingc...to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall