!Help My Computer Is Infected! What Should i do?

Customer

• June 10, 2021 16:48

Hi,

 

I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• 
  Viewpoint
  
  


• 
  Viewpoint Manager
  
  


• 
  Viewpoint Media Player
  
  

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

 

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

0

• 

  Customer

  • June 10, 2021 16:48

  cool mate much thank's everything's back to normal! <3

  0
• 

  Customer

  • June 10, 2021 16:48

  
  

  Hi,

   

  Then, * Please visit this webpage for instructions for downloading and running ComboFix:

   

  http://www.bleepingcomputer.com/combofix/how-to-use-combofix

   

  This includes installing the Windows XP Recovery Console in case you have not installed it yet.

   

  Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

  You are supposed to post the log, because that log is REALLY important, even though everything appears to be back to normal again. Many leftovers may still be present, and because of that the infection can respawn again.

  0
• 

  Customer

  • June 10, 2021 16:48

  ill do it later.

  0
• 

  Customer

  • June 10, 2021 16:48

  everything seems to be 100% clean ty for the help.

  0
• 

  Customer

  • June 10, 2021 16:49

  Ok, your choice if you don't want to delete the leftovers that are still present

  0
• 

  Customer

  • June 10, 2021 16:49

  truth is i dont no how to use it >.< seem's to complacted the hijack log file seems to be good but?

  0
• 

  Customer

  • June 10, 2021 16:49

  
  

  Ah, ok - no problem.

   

  Have you read the instruction page? Because it's explained there with screenshots as well.

  Let me know what part you don't understand, then I will explain it

  0
• 

  Customer

  • June 10, 2021 16:49

  
  

  ok im sorry for the delay i finally figured it out!

   

  combo fix log file

  ComboFix 08-04-29.5 - Justin 2008-05-01 3:00:23.1 - NTFSx86

  Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1443 [GMT 10:00]

  Running from: C:\Documents and Settings\Justin\Desktop\ComboFix.exe

  * Created a new restore point

   

  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

  .

   

  ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

  .

   

  C:\WINDOWS\system32\babIPXyb.ini

  C:\WINDOWS\system32\babIPXyb.ini2

  C:\WINDOWS\system32\drivers\npf.sys

  C:\WINDOWS\system32\packet.dll

  C:\WINDOWS\system32\pthreadVC.dll

  C:\WINDOWS\system32\wanpacket.dll

  C:\WINDOWS\system32\wpcap.dll

   

  .

  ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

  .

   

  -------\Legacy_NPF

  -------\Service_NPF

   

   

  ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))

  .

   

  2008-04-27 15:10 . 2008-04-27 15:10 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\Apple Computer

  2008-04-27 15:10 . 2008-04-30 15:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn

  2008-04-27 15:10 . 2008-04-27 15:10 1,409 --a------ C:\WINDOWS\QTFont.for

  2008-04-27 15:09 . 2008-04-27 15:09 <DIR> d-------- C:\Program Files\iTunes

  2008-04-27 15:09 . 2008-04-27 15:09 <DIR> d-------- C:\Program Files\iPod

  2008-04-27 15:08 . 2008-04-27 15:09 <DIR> d-------- C:\Program Files\QuickTime

  2008-04-27 15:08 . 2008-04-27 15:08 <DIR> d-------- C:\Program Files\Common Files\Apple

  2008-04-27 15:08 . 2008-04-27 15:08 <DIR> d-------- C:\Program Files\Apple Software Update

  2008-04-27 15:08 . 2008-04-27 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

  2008-04-27 15:08 . 2008-04-27 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

  2008-04-26 09:03 . 2008-04-26 09:03 <DIR> d-------- C:\WINDOWS\ERUNT

  2008-04-25 22:18 . 2008-04-25 22:18 396,288 --a------ C:\Program Files\HijackThis.exe

  2008-04-25 22:17 . 2008-04-25 22:17 <DIR> d-------- C:\Program Files\Trend Micro

  2008-04-25 05:22 . 2007-09-28 14:29 <DIR> d-------- C:\Documents and Settings\Justin\SmitfraudFix

  2008-04-25 04:29 . 2008-04-25 04:29 268 --ah----- C:\sqmdata02.sqm

  2008-04-25 04:29 . 2008-04-25 04:29 244 --ah----- C:\sqmnoopt02.sqm

  2008-04-25 04:29 . 2008-04-25 04:29 172 --ah----- C:\sqmnoopt03.sqm

  2008-04-25 04:29 . 2008-04-25 04:29 172 --ah----- C:\sqmdata03.sqm

  2008-04-25 04:23 . 2008-04-25 04:23 <DIR> d-------- C:\Documents and Settings\Justin\question files

  2008-04-24 20:11 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

  2008-04-24 20:11 . 2008-04-23 22:14 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

  2008-04-24 20:11 . 2008-04-23 22:14 82,944 --a------ C:\WINDOWS\system32\404Fix.exe

  2008-04-24 20:00 . 2008-04-24 20:03 65,536 --a------ C:\mxuxc.exe

  2008-04-23 08:29 . 2008-04-23 08:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

  2008-04-10 09:23 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll

  2008-04-08 02:47 . 2008-04-08 02:47 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx

  2008-04-03 18:17 . 2008-04-03 18:17 <DIR> d-------- C:\Program Files\pb

  2008-04-03 18:17 . 2006-08-25 14:54 5,431,296 -ra------ C:\Program Files\FEARMP.exe

  2008-04-03 16:38 . 2008-04-03 18:16 616,569,723 --a------ C:\Program Files\fear_update_en_100-107_108.exe

  2008-04-03 16:37 . 2006-08-25 14:46 5,423,104 -ra------ C:\Program Files\FEAR.exe

  2008-04-03 16:37 . 2003-11-04 16:47 499,712 -ra------ C:\Program Files\msvcp71.dll

  2008-04-03 16:37 . 2003-11-04 16:47 348,160 -ra------ C:\Program Files\msvcr71.dll

  2008-04-03 16:29 . 2003-10-16 13:34 2,041,744 -ra------ C:\Program Files\WMFADist.exe

  2008-04-03 16:29 . 2006-08-25 14:25 1,077,248 -ra------ C:\Program Files\EngineServer.dll

  2008-04-03 16:29 . 2003-11-04 16:47 1,060,864 -ra------ C:\Program Files\MFC71.dll

  2008-04-03 16:29 . 2003-03-18 22:12 1,047,552 -ra------ C:\Program Files\MFC71u.dll

  2008-04-03 16:29 . 2005-01-07 17:01 224,768 -ra------ C:\Program Files\fpupdate.exe

  2008-04-03 16:29 . 2006-08-25 14:27 221,184 -ra------ C:\Program Files\FEARServer.exe

  2008-04-03 16:29 . 2006-08-25 14:25 208,896 -ra------ C:\Program Files\Monolith.PropertyGrid.dll

  2008-04-03 16:29 . 2005-06-24 21:41 192,512 -ra------ C:\Program Files\binkw32.dll

  2008-04-03 16:29 . 2005-03-24 12:58 188,416 -ra------ C:\Program Files\eax.dll

  2008-04-03 16:29 . 2006-08-25 14:26 98,304 -ra------ C:\Program Files\Config.exe

  2008-04-03 16:29 . 2006-08-23 16:12 61,440 -ra------ C:\Program Files\SndDrv.dll

  2008-04-03 16:29 . 2006-08-25 14:25 61,440 -ra------ C:\Program Files\GameDatabase.dll

  2008-04-03 16:29 . 2006-08-23 16:13 28,160 -ra------ C:\Program Files\LTMemory.dll

  2008-04-03 16:29 . 2006-08-25 14:25 14,336 -ra------ C:\Program Files\StringEditRuntime.dll

  2008-04-01 22:13 . 2008-04-03 09:02 <DIR> d-------- C:\Program Files\World of Warcraft

  2008-04-01 15:09 . 2008-04-01 15:09 <DIR> d-------- C:\WINDOWS\PaltalkScene

  2008-04-01 15:09 . 2008-04-01 15:09 <DIR> d-------- C:\Program Files\Paltalk Messenger

  2008-04-01 15:09 . 2008-04-01 15:10 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\Paltalk

  2008-03-31 03:49 . 2008-03-31 06:23 <DIR> d-------- C:\Program Files\Game Cam V2

  2008-03-30 11:40 . 2008-03-30 11:40 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\Sony

  2008-03-30 11:40 . 2008-03-30 11:40 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\Publish Providers

  2008-03-30 11:40 . 2008-04-26 20:35 156 --a------ C:\WINDOWS\Twunk001.MTX

  2008-03-30 11:40 . 2008-04-26 20:35 3 --a------ C:\WINDOWS\Twain001.Mtx

  2008-03-30 11:40 . 2008-03-30 11:40 0 --a------ C:\WINDOWS\Twunk002.MTX

  2008-03-30 11:31 . 2008-03-30 11:31 <DIR> d-------- C:\Program Files\Vstplugins

  2008-03-30 11:31 . 2008-03-30 11:31 <DIR> d-------- C:\Program Files\Sony

  2008-03-30 11:31 . 2008-03-30 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony

  2008-03-30 11:26 . 2008-03-30 11:26 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

  2008-03-30 11:26 . 2008-03-30 11:26 <DIR> d-------- C:\Program Files\Reference Assemblies

  2008-03-30 11:25 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

  2008-03-30 11:20 . 2008-03-30 11:20 <DIR> d-------- C:\Program Files\Sony Setup

  2008-03-30 11:20 . 2008-03-30 11:20 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\Sony Setup

  2008-03-30 06:21 . 2008-03-30 06:25 <DIR> d-------- C:\Sound Recorder

  2008-03-30 06:21 . 2008-03-04 12:59 1,052,672 --a------ C:\WINDOWS\system32\AdjMmsEng.dll

  2008-03-30 06:21 . 2008-03-02 22:58 843,776 --a------ C:\WINDOWS\system32\asrecmms.ocx

  2008-03-30 06:21 . 1998-02-12 16:54 149,504 --a------ C:\WINDOWS\system32\mpegdll.dll

  2008-03-30 06:21 . 2005-11-05 18:34 145,408 --a------ C:\WINDOWS\system32\Lame.exe

  2008-03-29 13:40 . 2008-03-29 13:46 <DIR> d-------- C:\Program Files\CamStudio

  2008-03-29 13:28 . 2008-03-29 13:38 <DIR> d-------- C:\Program Files\NCH Swift Sound

  2008-03-29 13:28 . 2008-03-29 13:28 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\NCH Swift Sound

  2008-03-29 13:28 . 2008-03-29 13:28 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\Recordpad

  2008-03-29 13:28 . 2008-03-29 13:28 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\NCH Swift Sound

  2008-03-29 13:28 . 2008-03-29 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

  2008-03-29 13:28 . 2008-03-29 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software

  2008-03-29 13:27 . 2008-03-29 13:38 <DIR> d-------- C:\Program Files\NCH Software

  2008-03-29 13:27 . 2008-03-29 13:37 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\NCH Software

  2008-03-29 06:42 . 2008-04-21 09:02 <DIR> d-------- C:\Program Files\Garena

  2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

  2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

  2008-03-28 05:06 . 2008-03-28 05:06 2,557,858 --a------ C:\WINDOWS\system32\Homie.wav

  2008-03-27 23:56 . 2008-03-27 23:56 <DIR> d-------- C:\AcCs_Manager

  2008-03-27 09:44 . 2008-03-27 09:44 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\Codemasters

  2008-03-27 09:43 . 2008-03-27 09:43 <DIR> d-------- C:\WINDOWS\system32\AGEIA

  2008-03-27 09:43 . 2008-03-27 09:43 <DIR> d-------- C:\Program Files\AGEIA Technologies

  2008-03-26 16:30 . 2008-03-26 16:30 <DIR> d-------- C:\Program Files\AT&T WorldNet Setup

  2008-03-26 16:30 . 2008-04-02 12:18 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll

  2008-03-26 16:30 . 2008-04-02 12:18 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll

  2008-03-26 16:30 . 2008-04-02 12:18 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll

  2008-03-26 16:28 . 2008-03-26 16:28 218 --a------ C:\WINDOWS\SIERRA.INI

  2008-03-26 13:41 . 2008-03-26 13:41 <DIR> d-------- C:\WINDOWS\system32\SteamApps

  2008-03-26 13:41 . 2008-03-26 13:41 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll

  2008-03-26 13:29 . 2008-03-26 13:29 <DIR> d-------- C:\WINDOWS\system32\PlayLinc

  2008-03-26 13:29 . 2008-03-26 13:29 <DIR> d-------- C:\Program Files\PlayLinc

  2008-03-26 13:08 . 2008-03-26 13:08 <DIR> d-------- C:\Program Files\Ubisoft

  2008-03-26 13:07 . 2008-03-30 01:44 <DIR> d-------- C:\Program Files\Steam

  2008-03-25 16:13 . 2008-03-25 16:13 <DIR> d-------- C:\WINDOWS\system32\SolidStateNetworks

  2008-03-25 16:13 . 2008-03-25 16:13 1,375 --a------ C:\WINDOWS\mozver.dat

  2008-03-22 21:56 . 2008-03-22 22:22 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory

  2008-03-21 09:19 . 2008-03-28 12:57 382,595 --a------ C:\WINDOWS\system32\ClientRegistry.blob

  2008-03-17 08:45 . 2008-03-17 08:45 <DIR> d--h----- C:\WINDOWS\PIF

  2008-03-17 08:25 . 2008-03-17 08:29 103 --a------ C:\WINDOWS\system32\kbdcom.dat

  2008-03-17 08:22 . 2008-03-17 08:22 165,189 --a------ C:\WINDOWS\system32\dmdcache.dll

  2008-03-17 00:34 . 2008-03-17 00:34 337 --a------ C:\WINDOWS\ST6UNST.009

  2008-03-17 00:34 . 2008-03-17 00:34 337 --a------ C:\WINDOWS\ST6UNST.008

  2008-03-17 00:34 . 2008-03-17 00:34 337 --a------ C:\WINDOWS\ST6UNST.007

  2008-03-17 00:34 . 2008-03-17 00:34 337 --a------ C:\WINDOWS\ST6UNST.006

  2008-03-17 00:34 . 2008-03-17 00:34 337 --a------ C:\WINDOWS\ST6UNST.005

  2008-03-17 00:34 . 2008-03-17 00:34 337 --a------ C:\WINDOWS\ST6UNST.004

  2008-03-17 00:30 . 2008-03-17 00:30 337 --a------ C:\WINDOWS\ST6UNST.003

  2008-03-17 00:30 . 2008-03-17 00:30 337 --a------ C:\WINDOWS\ST6UNST.002

  2008-03-17 00:29 . 2008-03-17 00:29 337 --a------ C:\WINDOWS\ST6UNST.001

  2008-03-17 00:25 . 2008-03-17 00:34 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

  2008-03-17 00:25 . 2008-03-17 00:25 583 --a------ C:\WINDOWS\ST6UNST.000

  2008-03-15 21:43 . 2005-05-26 14:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

  2008-03-13 19:28 . 2008-03-15 05:46 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\Hamachi

  2008-03-13 19:28 . 2008-03-13 19:28 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

  2008-03-13 16:16 . 2008-03-13 16:16 <DIR> d-------- C:\Documents and Settings\Justin\AIMPro

  2008-03-13 16:15 . 2008-03-13 16:15 <DIR> d-------- C:\Program Files\Common Files\Nullsoft

  2008-03-13 16:15 . 2008-03-13 16:15 <DIR> d-------- C:\Program Files\AIM

  2008-03-13 16:15 . 2008-03-13 16:15 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\AIMPro

  2008-03-13 16:15 . 2008-03-13 16:15 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\AIM

  2008-03-11 23:34 . 2008-03-11 23:34 268 --ah----- C:\sqmdata01.sqm

  2008-03-11 23:34 . 2008-03-11 23:34 244 --ah----- C:\sqmnoopt01.sqm

   

  .

  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  2008-04-30 16:55 --------- d-----w C:\Program Files\Warcraft III

  2008-04-30 09:51 --------- d-----w C:\Documents and Settings\Justin\Application Data\Skype

  2008-04-30 09:50 --------- d-----w C:\Documents and Settings\Justin\Application Data\skypePM

  2008-04-30 05:01 --------- d-----w C:\Program Files\Xfire

  2008-04-29 11:38 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

  2008-04-29 11:38 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

  2008-04-29 03:07 --------- d-----w C:\Documents and Settings\Justin\Application Data\Xfire

  2008-04-28 13:12 6,144 --sha-w C:\Program Files\Thumbs.db

  2008-04-27 05:09 --------- d-----w C:\Program Files\Bonjour

  2008-04-27 05:00 --------- d-----w C:\Program Files\Windows Live Safety Center

  2008-04-26 10:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

  2008-04-25 12:18 7,878 ----a-w C:\Program Files\hijackthis.log

  2008-04-25 06:38 33,280 ----a-w C:\WINDOWS\system32\rundll32.exe

  2008-04-25 05:08 --------- d-----w C:\Program Files\SUPERAntiSpyware

  2008-04-25 04:43 --------- d-----w C:\Documents and Settings\Justin\Application Data\uTorrent

  2008-04-24 19:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

  2008-04-07 12:25 --------- d-----w C:\Documents and Settings\Justin\Application Data\Ahead

  2008-04-03 08:19 1,809 ----a-w C:\Program Files\Uninstall F.E.A.R..lnk

  2008-04-03 08:16 --------- d--h--w C:\Program Files\InstallShield Installation Information

  2008-04-03 06:37 1,584 ----a-w C:\Program Files\Shortcut to User directory.lnk

  2008-03-30 01:29 --------- d-----w C:\Program Files\MSBuild

  2008-03-28 15:48 --------- d-----w C:\Program Files\America's Army

  2008-03-26 23:44 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

  2008-03-26 03:19 --------- d-----w C:\Program Files\Common Files\Adobe

  2008-03-21 06:31 --------- d-----w C:\Documents and Settings\Justin\Application Data\Ventrilo

  2008-03-19 06:50 --------- d-----w C:\Program Files\Java

  2008-03-11 11:43 --------- d-----w C:\Program Files\Real

  2008-03-11 11:42 --------- d-----w C:\Program Files\Google

  2008-03-04 14:45 --------- d--h--r C:\Documents and Settings\Justin\Application Data\yahoo!

  2008-03-04 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!

  2008-03-03 13:26 --------- d-----w C:\Program Files\Xvid

  2008-03-03 13:26 --------- d-----w C:\Program Files\DivX

  2008-02-27 20:44 29,184 ----a-w C:\WINDOWS\system32\cjpg.dll

  2008-02-13 14:18 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

  2008-02-11 15:04 2,829 ----a-w C:\WINDOWS\War3Unin.pif

  2008-02-11 15:04 139,264 ----a-w C:\WINDOWS\War3Unin.exe

  2008-02-11 12:21 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

  2008-02-11 10:32 315,392 ----a-w C:\WINDOWS\HideWin.exe

  2008-01-31 16:21 245,408 ----a-w C:\WINDOWS\system32\unicows.dll

  2008-01-29 04:47 16,859,648 ----a-w C:\WINDOWS\RTHDCPL.exe

  2008-01-29 02:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

  2008-01-09 11:18 524,288 ----a-w C:\WINDOWS\system32\nsa28C.tmp

  2008-01-09 11:18 3,596,288 ----a-w C:\WINDOWS\system32\nsu28B.tmp

  2008-01-09 11:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

  2008-01-09 11:18 129,784 ------w C:\WINDOWS\system32\pxafs.dll

  2008-01-09 11:18 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

  2008-01-09 11:18 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

  2008-01-09 11:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

  2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

  2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

  2008-01-09 11:16 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

  2008-01-09 11:16 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

  2008-01-09 11:16 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

  2008-01-09 11:16 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

  2008-01-09 11:15 630,784 ----a-w C:\WINDOWS\system32\nsq28D.tmp

  2006-08-30 15:02 883,997 ----a-w C:\Program Files\FEARL_8.Arch00

  2006-08-30 15:02 7,983,473 ----a-w C:\Program Files\FEARA_8.Arch00

  2006-08-30 15:02 7,367,024 ----a-w C:\Program Files\FEAR_8.Arch00

  2006-08-30 15:02 4,579,744 ----a-w C:\Program Files\FEARE_8.Arch00

  2006-08-23 03:53 66,060 ----a-r C:\Program Files\readme.txt

  2006-08-10 07:19 2,268 ----a-r C:\Program Files\Config.Strdb00p

  2006-08-10 05:20 557 ----a-r C:\Program Files\Default.archcfg

  2006-07-27 01:48 901,351 ----a-r C:\Program Files\FEARL_7.Arch00

  2006-07-27 01:48 67,315,875 ----a-r C:\Program Files\FEAR_7.Arch00

  2006-07-27 01:48 4,575,648 ----a-r C:\Program Files\FEARE_7.Arch00

  2006-07-27 01:48 1,245,833 ----a-r C:\Program Files\FEARA_7.Arch00

  2006-06-30 07:12 160 ----a-r C:\Program Files\gamecfg.txt

  2006-05-23 07:13 4,514,208 ----a-r C:\Program Files\FEARE_6.Arch00

  2006-05-23 07:13 214 ----a-r C:\Program Files\FEARL_6.Arch00

  2006-05-23 07:13 214 ----a-r C:\Program Files\FEARA_6.Arch00

  2006-05-23 07:13 1,221,119 ----a-r C:\Program Files\FEAR_6.Arch00

  2006-04-27 07:34 4,518,304 ----a-r C:\Program Files\FEARE_5.Arch00

  2006-04-27 07:34 3,065,242 ----a-r C:\Program Files\FEARL_5.Arch00

  2006-04-27 07:34 214 ----a-r C:\Program Files\FEARA_5.Arch00

  2006-04-27 07:34 144,143,987 ----a-r C:\Program Files\FEAR_5.Arch00

  2006-04-17 08:19 43,954 ----a-r C:\Program Files\serverreadme.txt

  2006-03-27 10:28 4,428,192 ----a-r C:\Program Files\FEARE_4.Arch00

  2006-03-27 10:28 214 ----a-r C:\Program Files\FEARL_4.Arch00

  2006-03-27 10:28 214 ----a-r C:\Program Files\FEARA_4.Arch00

  2006-03-27 10:28 214 ----a-r C:\Program Files\FEAR_4.Arch00

  2006-01-30 09:58 6,081,873 ----a-r C:\Program Files\FEARL_3.Arch00

  2006-01-30 09:58 4,436,384 ----a-r C:\Program Files\FEARE_3.Arch00

  2006-01-30 09:58 14,145,578 ----a-r C:\Program Files\FEARA_3.Arch00

  2006-01-30 09:58 120,324,052 ----a-r C:\Program Files\FEAR_3.Arch00

  2005-10-27 08:44 4,354,464 ----a-r C:\Program Files\FEARE_2.Arch00

  2005-10-27 08:44 214 ----a-r C:\Program Files\FEARL_2.Arch00

  2005-10-27 08:44 18,956,671 ----a-r C:\Program Files\FEARA_2.Arch00

  2005-10-27 08:44 159,119,476 ----a-r C:\Program Files\FEAR_2.Arch00

  2005-10-17 08:22 42,247,471 ----a-r C:\Program Files\FEAR_1.Arch00

  2005-10-17 08:22 4,354,464 ----a-r C:\Program Files\FEARE_1.Arch00

  2005-10-17 08:22 214 ----a-r C:\Program Files\FEARL_1.Arch00

  2005-10-17 08:22 214 ----a-r C:\Program Files\FEARA_1.Arch00

  2005-08-31 08:55 945,252,701 ----a-w C:\Program Files\FEARA.Arch00

  2005-08-31 08:53 4,346,068 ----a-w C:\Program Files\FEARE.Arch00

  2005-08-31 08:53 114,951,668 ----a-w C:\Program Files\FEARL.Arch00

  2005-08-31 08:52 3,846,960,665 ----a-w C:\Program Files\FEAR.Arch00

  2005-08-28 01:00 25,094 ------r C:\Program Files\eula.rtf

  2005-06-20 02:52 3,336 ----a-r C:\Program Files\enginemsg.txt

  2005-01-11 11:31 1,078 ----a-r C:\Program Files\GameSpy.ico

  .

   

  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  .

  *Note* empty entries & legit default entries are not shown

  REGEDIT4

   

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:07 15360]

  "Aim6"="" []

  "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]

  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 17:54 68856]

   

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]

  "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]

  "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 00:41 8523776]

  "nwiz"="nwiz.exe" [2007-12-05 00:41 1626112 C:\WINDOWS\system32\nwiz.exe]

  "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 00:41 81920]

  "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 14:47 16859648 C:\WINDOWS\RTHDCPL.exe]

  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]

  "FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 12:08 20480]

  "tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-06 16:39 110592]

  "snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 12:57 344064]

  "AIMPro"="C:\Program Files\AIM\AIM Pro\aimpro.exe" [2007-10-09 02:45 5043528]

  "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

  "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

   

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:07 15360]

  "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-02 06:32 8699904]

   

  C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

  Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

  PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2007-12-12 07:34:40 10252288]

   

  [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

  "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

   

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

  C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

   

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

  "VIDC.XFR1"= xfcodec.dll

   

  [HKEY_LOCAL_MACHINE\software\microsoft\security center]

  "AntiVirusDisableNotify"=dword:00000001

  "FirewallDisableNotify"=dword:00000001

  "UpdatesDisableNotify"=dword:00000001

   

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

  "EnableFirewall"= 0 (0x0)

   

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

  "%windir%\\system32\\sessmgr.exe"=

  "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

  "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

  "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

  "C:\\WINDOWS\\system32\\dpvsetup.exe"=

  "C:\\WINDOWS\\system32\\rundll32.exe"=

  "C:\\Program Files\\Messenger\\msmsgs.exe"=

  "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

  "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

  "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

  "C:\\Program Files\\uTorrent\\uTorrent.exe"=

  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

  "C:\\Program Files\\FEAR.exe"=

  "C:\\Program Files\\FEARMP.exe"=

  "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

  "C:\\Program Files\\iTunes\\iTunes.exe"=

  "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

  "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

   

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

  "9111:TCP"= 9111:TCP:*:Disabled:SolidNetworkManager

  "9111:UDP"= 9111:UDP:*:Disabled:SolidNetworkManager

  "60126:TCP"= 60126:TCP:*:Disabled:SolidNetworkManager

  "60126:UDP"= 60126:UDP:*:Disabled:SolidNetworkManager

  "10032:TCP"= 10032:TCP:*:Disabled:SolidNetworkManager

  "10032:UDP"= 10032:UDP:*:Disabled:SolidNetworkManager

  "34469:TCP"= 34469:TCP:*:Disabled:SolidNetworkManager

  "34469:UDP"= 34469:UDP:*:Disabled:SolidNetworkManager

  "86:TCP"= 86:TCP:BroadCam Web Server

   

  R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-02-25 15:46]

  R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-05 07:38]

  S0 amdkex;amdkex;C:\WINDOWS\system32\drivers\amdkex.sys []

  S1 ipnat2k;ipnat2k;C:\WINDOWS\system32\drivers\ipnat2k.sys []

  S1 splittnt;splittnt;C:\WINDOWS\system32\drivers\splittnt.sys []

  S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys []

  S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-04 16:42]

   

   

  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6017B}]

  C:\WINDOWS\Csrss.exe

   

  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{e7ccdb6e-ae6d-11cf-96b8-444553540000}]

  C:\WINDOWS\system32\telnetsvc32.exe /hide

  .

  Contents of the 'Scheduled Tasks' folder

  "2008-04-27 05:08:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

  - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

  .

  **************************************************************************

   

  catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

  Rootkit scan 2008-05-01 03:10:16

  Windows 5.1.2600 Service Pack 2 NTFS

   

  scanning hidden processes ...

   

  scanning hidden autostart entries ...

   

  scanning hidden files ...

   

  scan completed successfully

  hidden files: 73

   

  **************************************************************************

  .

  ------------------------ Other Running Processes ------------------------

  .

  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

  C:\Program Files\Bonjour\mDNSResponder.exe

  C:\WINDOWS\system32\nvsvc32.exe

  C:\WINDOWS\system32\PnkBstrA.exe

  C:\WINDOWS\system32\rundll32.exe

  C:\Program Files\iPod\bin\iPodService.exe

  .

  **************************************************************************

  .

  Completion time: 2008-05-01 3:18:35 - machine was rebooted

  ComboFix-quarantined-files.txt 2008-04-30 17:18:18

   

  Pre-Run: 21,493,850,112 bytes free

  Post-Run: 31,988,920,320 bytes free

   

  364

  ===================

  HiJack This Log File taken right after combo fix

   

  Logfile of Trend Micro HijackThis v2.0.2

  Scan saved at 3:21:36 AM, on 1/05/2008

  Platform: Windows XP SP2 (WinNT 5.01.2600)

  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Boot mode: Normal

   

  Running processes:

  C:\WINDOWS\System32\smss.exe

  C:\WINDOWS\system32\winlogon.exe

  C:\WINDOWS\system32\services.exe

  C:\WINDOWS\system32\lsass.exe

  C:\WINDOWS\system32\svchost.exe

  C:\WINDOWS\System32\svchost.exe

  C:\WINDOWS\system32\spoolsv.exe

  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

  C:\Program Files\Bonjour\mDNSResponder.exe

  C:\WINDOWS\system32\nvsvc32.exe

  C:\WINDOWS\system32\PnkBstrA.exe

  C:\WINDOWS\system32\svchost.exe

  C:\Program Files\Viewpoint\Common\ViewpointService.exe

  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

  C:\WINDOWS\system32\RUNDLL32.EXE

  C:\WINDOWS\RTHDCPL.EXE

  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

  C:\WINDOWS\FixCamera.exe

  C:\WINDOWS\tsnp2std.exe

  C:\WINDOWS\vsnp2std.exe

  C:\Program Files\iTunes\iTunesHelper.exe

  C:\WINDOWS\system32\ctfmon.exe

  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

  C:\Program Files\iPod\bin\iPodService.exe

  C:\WINDOWS\explorer.exe

  C:\Program Files\Mozilla Firefox\firefox.exe

  C:\Program Files\HijackThis.exe

   

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

  R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll

  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

  O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

  O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

  O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

  O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

  O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"

  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

  O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

  O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe

  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

  O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

  O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

  O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

  O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

  O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

  O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

  O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

  O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

  O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202728700234

  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

  O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...ploader_v10.cab

  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

  O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

  O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

  O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

  O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

  O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

  O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

   

  --

  End of file - 8054 bytes

  =========================================

   

  i hope i did everything correct and thx u for the time to help me i no your busy and stuff i apolzige for maken ya wait!

  0
• 

  Customer

  • June 10, 2021 16:49

  
  

  Hi,

   

  I see you have Viewpoint installed...

  Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

  I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

  
  
  
  • 
    Viewpoint
    
    
  
  
  • 
    Viewpoint Manager
    
    
  
  
  • 
    Viewpoint Media Player
    
    
  
  

  
  

  Then,

   

  * Open notepad - don't use any other texteditor than notepad or the script will fail.

  Copy/paste the text in the quotebox below into notepad:

   

  
  File::

  C:\mxuxc.exe

  Driver::

  CEDRIVER53

  splittnt

  ipnat2k

  amdkex

  Registry::

  [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6017B}]

  [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{e7ccdb6e-ae6d-11cf-96b8-444553540000}]

  [HKEY_LOCAL_MACHINE\software\microsoft\security center]

  "AntiVirusDisableNotify"=dword:00000000

  "FirewallDisableNotify"=dword:00000000

  "UpdatesDisableNotify"=dword:00000000

  
  

   

  Save this as txtfile CFScript

   

  Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

   

   

  This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

  0
• 

  Customer

  • June 10, 2021 16:49

  Ok, can you also perform the rest of the steps?

  0
• 

  Customer

  • June 10, 2021 16:49

  i found only viewpoint Manger only 1 i found.

  0
• 

  Customer

  • June 10, 2021 16:49

  What other steps?

  0
• 

  Customer

  • June 10, 2021 16:49

  Please read my previous post. I asked there more than only to uninstall Viewpoint.

  0
• 

  Customer

  • June 10, 2021 16:49

  im begging u reply soon!

  0
• 

  Customer

  • June 10, 2021 16:49

  
  

  ###### i did something and i ##### my comp again when i usally log off it has windows xp way of logging off and logging in but now idk what i did! but this comes up instead please help!

   

  heres what it shows me look plz

   

   

  =======================

  http://i26.tinypic.com/2mhy3o5.jpg

  =======================

   

  please i want it back to the normal way of the xp please help!!!

  0
• 

  Customer

  • June 10, 2021 16:49

  
  

  I don't know what you did - all I asked was to perform my instructions.

  It looks like you just selected to shut down your computer. Don't worry, you can start it again afterwards.

  0
• 

  Customer

  • June 10, 2021 16:49

  no what i mean it never preseented it self that way before was always blue and stuff if u have xp u would no what i mean if u click log off u will see it's diffrent something change the way it looks

  0
• 

  Customer

  • June 10, 2021 16:49

  
  

  Can you please perform the steps I asked and then post the logs - that's a priority now.

   

  For the logon screen:

   

  1. Click Start, and then click Control Panel.

  2. Double-click User Accounts.

  3. Click Change the way users log on or off.

  4. Check the Use the Welcome screen check box.

  0
• 

  Customer

  • June 10, 2021 16:49

  THX U!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  0
• 

  Customer

  • June 10, 2021 16:49

  Can u give me in detail instructions on what u want me to do

  0
• 

  Customer

  • June 10, 2021 16:49

  
  

  Farseer, not sure if you actually read my posts.

   

  This is what I posted previously:

   

  * Open notepad - don't use any other texteditor than notepad or the script will fail.

  Copy/paste the text in the quotebox below into notepad:

   

  
  File::

  C:\mxuxc.exe

  Driver::

  CEDRIVER53

  splittnt

  ipnat2k

  amdkex

  Registry::

  [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6017B}]

  [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{e7ccdb6e-ae6d-11cf-96b8-444553540000}]

  [HKEY_LOCAL_MACHINE\software\microsoft\security center]

  "AntiVirusDisableNotify"=dword:00000000

  "FirewallDisableNotify"=dword:00000000

  "UpdatesDisableNotify"=dword:00000000

  
  

   

  Save this as txtfile CFScript

   

  Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

   

   

  This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

  So it would be a good idea to follow the instructions, otherwise it won't make sense that I post them if you don't read it
  

  0
• 

  Customer

  • June 10, 2021 16:49

  
  

  here u go the instructions have been followeds i dont get what u see in them >.<

   

  ComboFix 08-05-01.3 - Justin 2008-05-04 1:25:48.2 - NTFSx86

  Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1212 [GMT 10:00]

  Running from: C:\Documents and Settings\Justin\Desktop\ComboFix.exe

  Command switches used :: C:\Documents and Settings\Justin\Desktop\CFScript.txt

  * Created a new restore point

   

  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

   

  FILE ::

  C:\mxuxc.exe

  .

   

  ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

  .

   

  C:\mxuxc.exe

   

  .

  ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

  .

   

  -------\Legacy_AMDKEX

  -------\Legacy_CEDRIVER53

  -------\Legacy_SPLITTNT

  -------\Service_amdkex

  -------\Service_CEDRIVER53

  -------\Service_ipnat2k

  -------\Service_splittnt

   

   

  ((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))

  .

   

  2008-05-02 12:17 . 2008-05-02 12:17 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\TeamViewer

  2008-05-02 12:01 . 2008-05-02 12:01 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\TeamViewer

  2008-05-02 12:00 . 2008-05-02 12:00 <DIR> d-------- C:\Documents and Settings\Justin\temp

  2008-05-01 11:50 . 2008-05-01 11:50 <DIR> d-------- C:\Program Files\MetaStream

  2008-05-01 11:50 . 2008-05-01 11:50 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\Viewpoint

  2008-04-27 15:10 . 2008-04-27 15:10 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\Apple Computer

  2008-04-27 15:10 . 2008-05-02 12:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn

  2008-04-27 15:10 . 2008-04-27 15:10 1,409 --a------ C:\WINDOWS\QTFont.for

  2008-04-27 15:09 . 2008-04-27 15:09 <DIR> d-------- C:\Program Files\iTunes

  2008-04-27 15:09 . 2008-04-27 15:09 <DIR> d-------- C:\Program Files\iPod

  2008-04-27 15:08 . 2008-04-27 15:09 <DIR> d-------- C:\Program Files\QuickTime

  2008-04-27 15:08 . 2008-04-27 15:08 <DIR> d-------- C:\Program Files\Common Files\Apple

  2008-04-27 15:08 . 2008-04-27 15:08 <DIR> d-------- C:\Program Files\Apple Software Update

  2008-04-27 15:08 . 2008-04-27 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

  2008-04-27 15:08 . 2008-04-27 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

  2008-04-26 09:03 . 2008-04-26 09:03 <DIR> d-------- C:\WINDOWS\ERUNT

  2008-04-25 22:18 . 2008-04-25 22:18 396,288 --a------ C:\Program Files\HijackThis.exe

  2008-04-25 22:17 . 2008-04-25 22:17 <DIR> d-------- C:\Program Files\Trend Micro

  2008-04-25 05:22 . 2007-09-28 14:29 <DIR> d-------- C:\Documents and Settings\Justin\SmitfraudFix

  2008-04-25 04:29 . 2008-04-25 04:29 268 --ah----- C:\sqmdata02.sqm

  2008-04-25 04:29 . 2008-04-25 04:29 244 --ah----- C:\sqmnoopt02.sqm

  2008-04-25 04:29 . 2008-04-25 04:29 172 --ah----- C:\sqmnoopt03.sqm

  2008-04-25 04:29 . 2008-04-25 04:29 172 --ah----- C:\sqmdata03.sqm

  2008-04-25 04:23 . 2008-04-25 04:23 <DIR> d-------- C:\Documents and Settings\Justin\question files

  2008-04-24 20:11 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

  2008-04-24 20:11 . 2008-04-23 22:14 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

  2008-04-24 20:11 . 2008-04-23 22:14 82,944 --a------ C:\WINDOWS\system32\404Fix.exe

  2008-04-23 08:29 . 2008-04-23 08:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

  2008-04-10 09:23 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll

  2008-04-08 02:47 . 2008-04-08 02:47 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx

  2008-04-03 18:17 . 2008-04-03 18:17 <DIR> d-------- C:\Program Files\pb

  2008-04-03 18:17 . 2006-08-25 14:54 5,431,296 -ra------ C:\Program Files\FEARMP.exe

  2008-04-03 16:38 . 2008-04-03 18:16 616,569,723 --a------ C:\Program Files\fear_update_en_100-107_108.exe

  2008-04-03 16:37 . 2006-08-25 14:46 5,423,104 -ra------ C:\Program Files\FEAR.exe

  2008-04-03 16:37 . 2003-11-04 16:47 499,712 -ra------ C:\Program Files\msvcp71.dll

  2008-04-03 16:37 . 2003-11-04 16:47 348,160 -ra------ C:\Program Files\msvcr71.dll

  2008-04-03 16:29 . 2003-10-16 13:34 2,041,744 -ra------ C:\Program Files\WMFADist.exe

  2008-04-03 16:29 . 2006-08-25 14:25 1,077,248 -ra------ C:\Program Files\EngineServer.dll

  2008-04-03 16:29 . 2003-11-04 16:47 1,060,864 -ra------ C:\Program Files\MFC71.dll

  2008-04-03 16:29 . 2003-03-18 22:12 1,047,552 -ra------ C:\Program Files\MFC71u.dll

  2008-04-03 16:29 . 2005-01-07 17:01 224,768 -ra------ C:\Program Files\fpupdate.exe

  2008-04-03 16:29 . 2006-08-25 14:27 221,184 -ra------ C:\Program Files\FEARServer.exe

  2008-04-03 16:29 . 2006-08-25 14:25 208,896 -ra------ C:\Program Files\Monolith.PropertyGrid.dll

  2008-04-03 16:29 . 2005-06-24 21:41 192,512 -ra------ C:\Program Files\binkw32.dll

  2008-04-03 16:29 . 2005-03-24 12:58 188,416 -ra------ C:\Program Files\eax.dll

  2008-04-03 16:29 . 2006-08-25 14:26 98,304 -ra------ C:\Program Files\Config.exe

  2008-04-03 16:29 . 2006-08-23 16:12 61,440 -ra------ C:\Program Files\SndDrv.dll

  2008-04-03 16:29 . 2006-08-25 14:25 61,440 -ra------ C:\Program Files\GameDatabase.dll

  2008-04-03 16:29 . 2006-08-23 16:13 28,160 -ra------ C:\Program Files\LTMemory.dll

  2008-04-03 16:29 . 2006-08-25 14:25 14,336 -ra------ C:\Program Files\StringEditRuntime.dll

   

  .

  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  2008-05-03 15:24 --------- d-----w C:\Program Files\Warcraft III

  2008-05-03 12:30 --------- d-----w C:\Program Files\Windows Live Safety Center

  2008-05-03 12:04 --------- d-----w C:\Documents and Settings\Justin\Application Data\Xfire

  2008-05-03 02:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

  2008-05-03 02:08 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

  2008-05-03 02:06 --------- d-----w C:\Program Files\Xfire

  2008-05-01 19:03 --------- d-----w C:\Documents and Settings\Justin\Application Data\Skype

  2008-05-01 01:03 --------- d-----w C:\Program Files\Bonjour

  2008-05-01 01:01 --------- d-----w C:\Program Files\Viewpoint

  2008-04-30 17:21 8,055 ----a-w C:\Program Files\hijackthis.log

  2008-04-30 09:50 --------- d-----w C:\Documents and Settings\Justin\Application Data\skypePM

  2008-04-28 13:12 6,144 --sha-w C:\Program Files\Thumbs.db

  2008-04-26 10:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

  2008-04-25 06:38 33,280 ----a-w C:\WINDOWS\system32\rundll32.exe

  2008-04-25 05:08 --------- d-----w C:\Program Files\SUPERAntiSpyware

  2008-04-25 04:43 --------- d-----w C:\Documents and Settings\Justin\Application Data\uTorrent

  2008-04-24 19:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

  2008-04-24 10:09 11,264 ----a-w C:\WINDOWS\system32\hInstance.dll

  2008-04-24 10:07 2,106 ----a-w C:\WINDOWS\system32\tmp.reg

  2008-04-20 23:02 --------- d-----w C:\Program Files\Garena

  2008-04-07 12:25 --------- d-----w C:\Documents and Settings\Justin\Application Data\Ahead

  2008-04-03 08:19 1,809 ----a-w C:\Program Files\Uninstall F.E.A.R..lnk

  2008-04-03 08:16 --------- d--h--w C:\Program Files\InstallShield Installation Information

  2008-04-03 06:37 1,584 ----a-w C:\Program Files\Shortcut to User directory.lnk

  2008-04-02 23:02 --------- d-----w C:\Program Files\World of Warcraft

  2008-04-02 02:18 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll

  2008-04-02 02:18 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll

  2008-04-02 02:18 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll

  2008-04-01 12:22 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment

  2008-04-01 05:10 --------- d-----w C:\Documents and Settings\Justin\Application Data\Paltalk

  2008-04-01 05:09 --------- d-----w C:\Program Files\Paltalk Messenger

  2008-03-30 20:23 --------- d-----w C:\Program Files\Game Cam V2

  2008-03-30 01:40 --------- d-----w C:\Documents and Settings\Justin\Application Data\Sony

  2008-03-30 01:40 --------- d-----w C:\Documents and Settings\Justin\Application Data\Publish Providers

  2008-03-30 01:31 --------- d-----w C:\Program Files\Vstplugins

  2008-03-30 01:31 --------- d-----w C:\Program Files\Sony

  2008-03-30 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony

  2008-03-30 01:29 --------- d-----w C:\Program Files\MSBuild

  2008-03-30 01:26 --------- d-----w C:\Program Files\Reference Assemblies

  2008-03-30 01:20 --------- d-----w C:\Program Files\Sony Setup

  2008-03-30 01:20 --------- d-----w C:\Documents and Settings\Justin\Application Data\Sony Setup

  2008-03-29 15:44 --------- d-----w C:\Program Files\Steam

  2008-03-29 03:46 --------- d-----w C:\Program Files\CamStudio

  2008-03-29 03:38 --------- d-----w C:\Program Files\NCH Swift Sound

  2008-03-29 03:38 --------- d-----w C:\Program Files\NCH Software

  2008-03-29 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software

  2008-03-29 03:37 --------- d-----w C:\Documents and Settings\Justin\Application Data\NCH Software

  2008-03-29 03:28 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\NCH Swift Sound

  2008-03-29 03:28 --------- d-----w C:\Documents and Settings\Justin\Application Data\Recordpad

  2008-03-29 03:28 --------- d-----w C:\Documents and Settings\Justin\Application Data\NCH Swift Sound

  2008-03-29 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

  2008-03-28 15:48 --------- d-----w C:\Program Files\America's Army

  2008-03-26 23:44 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

  2008-03-26 23:44 --------- d-----w C:\Documents and Settings\Justin\Application Data\Codemasters

  2008-03-26 23:43 --------- d-----w C:\Program Files\AGEIA Technologies

  2008-03-26 06:30 --------- d-----w C:\Program Files\AT&T WorldNet Setup

  2008-03-26 03:41 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll

  2008-03-26 03:29 --------- d-----w C:\Program Files\PlayLinc

  2008-03-26 03:19 --------- d-----w C:\Program Files\Common Files\Adobe

  2008-03-26 03:08 --------- d-----w C:\Program Files\Ubisoft

  2008-03-22 12:22 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory

  2008-03-21 06:31 --------- d-----w C:\Documents and Settings\Justin\Application Data\Ventrilo

  2008-03-19 06:50 --------- d-----w C:\Program Files\Java

  2008-03-16 22:22 165,189 ----a-w C:\WINDOWS\system32\dmdcache.dll

  2008-03-16 14:34 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

  2008-03-14 19:46 --------- d-----w C:\Documents and Settings\Justin\Application Data\Hamachi

  2008-03-13 09:28 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

  2008-03-13 06:15 --------- d-----w C:\Program Files\Common Files\Nullsoft

  2008-03-13 06:15 --------- d-----w C:\Program Files\AIM

  2008-03-13 06:15 --------- d-----w C:\Documents and Settings\Justin\Application Data\AIMPro

  2008-03-13 06:15 --------- d-----w C:\Documents and Settings\Justin\Application Data\AIM

  2008-03-11 11:43 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

  2008-03-11 11:43 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

  2008-03-11 11:43 --------- d-----w C:\Program Files\Real

  2008-03-11 11:43 --------- d-----w C:\Program Files\Common Files\xing shared

  2008-03-11 11:43 --------- d-----w C:\Program Files\Common Files\Real

  2008-03-11 11:42 --------- d-----w C:\Program Files\Google

  2008-03-09 21:14 31,641 ----a-w C:\WINDOWS\system32\telnetsvc32.exe

  2008-03-05 22:11 37,124 ----a-w C:\WINDOWS\imsn.exe

  2008-03-05 22:11 17,920 ----a-w C:\WINDOWS\Instmsng.dll

  2008-03-05 22:10 37,124 ----a-w C:\WINDOWS\system32\imsn.exe

  2008-03-05 22:10 17,920 ----a-w C:\WINDOWS\system32\Instmsng.dll

  2008-03-04 14:45 --------- d--h--r C:\Documents and Settings\Justin\Application Data\yahoo!

  2008-03-04 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!

  2008-03-04 02:59 1,052,672 ----a-w C:\WINDOWS\system32\AdjMmsEng.dll

  2008-03-03 22:42 --------- d-----w C:\Program Files\VideoLAN

  2008-03-03 22:42 --------- d-----w C:\Documents and Settings\Justin\Application Data\vlc

  2008-03-03 13:26 --------- d-----w C:\Program Files\Xvid

  2008-03-03 13:26 --------- d-----w C:\Program Files\DivX

  2008-03-02 15:44 691,545 ----a-w C:\WINDOWS\unins000.exe

  2008-02-27 20:44 29,184 ----a-w C:\WINDOWS\system32\cjpg.dll

  2008-02-13 14:18 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

  2008-02-11 15:04 2,829 ----a-w C:\WINDOWS\War3Unin.pif

  2008-02-11 15:04 139,264 ----a-w C:\WINDOWS\War3Unin.exe

  2008-02-11 12:21 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

  2008-02-11 10:32 315,392 ----a-w C:\WINDOWS\HideWin.exe

  2006-08-30 15:02 883,997 ----a-w C:\Program Files\FEARL_8.Arch00

  2006-08-30 15:02 7,983,473 ----a-w C:\Program Files\FEARA_8.Arch00

  2006-08-30 15:02 7,367,024 ----a-w C:\Program Files\FEAR_8.Arch00

  2006-08-30 15:02 4,579,744 ----a-w C:\Program Files\FEARE_8.Arch00

  .

   

  ((((((((((((((((((((((((((((( snapshot@2008-05-01_ 3.18.06.40 )))))))))))))))))))))))))))))))))))))))))

  .

  - 2008-04-30 17:09:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  + 2008-05-03 15:29:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  - 2008-04-25 05:40:16 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

  + 2008-05-02 02:01:08 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

  - 2008-04-25 05:40:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

  + 2008-05-02 02:01:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

  + 2008-05-02 02:01:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

  + 2008-01-25 09:12:34 25,088 ----a-w C:\WINDOWS\system32\drivers\teamviewervpn.sys

  .

  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  .

  *Note* empty entries & legit default entries are not shown

  REGEDIT4

   

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:07 15360]

  "Aim6"="" []

  "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]

  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 17:54 68856]

   

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]

  "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]

  "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 00:41 8523776]

  "nwiz"="nwiz.exe" [2007-12-05 00:41 1626112 C:\WINDOWS\system32\nwiz.exe]

  "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 00:41 81920]

  "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 14:47 16859648 C:\WINDOWS\RTHDCPL.exe]

  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]

  "FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 12:08 20480]

  "tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-06 16:39 110592]

  "snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 12:57 344064]

  "AIMPro"="C:\Program Files\AIM\AIM Pro\aimpro.exe" [2007-10-09 02:45 5043528]

  "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

  "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

   

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:07 15360]

  "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-02 06:32 8699904]

   

  C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

  Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

  PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2007-12-12 07:34:40 10252288]

   

  [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

  "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

   

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

  C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

   

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

  "VIDC.XFR1"= xfcodec.dll

   

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

  "EnableFirewall"= 0 (0x0)

   

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

  "%windir%\\system32\\sessmgr.exe"=

  "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

  "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

  "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

  "C:\\WINDOWS\\system32\\dpvsetup.exe"=

  "C:\\WINDOWS\\system32\\rundll32.exe"=

  "C:\\Program Files\\Messenger\\msmsgs.exe"=

  "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

  "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

  "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

  "C:\\Program Files\\uTorrent\\uTorrent.exe"=

  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

  "C:\\Program Files\\FEAR.exe"=

  "C:\\Program Files\\FEARMP.exe"=

  "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

  "C:\\Program Files\\iTunes\\iTunes.exe"=

  "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

  "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

   

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

  "9111:TCP"= 9111:TCP:*:Disabled:SolidNetworkManager

  "9111:UDP"= 9111:UDP:*:Disabled:SolidNetworkManager

  "60126:TCP"= 60126:TCP:*:Disabled:SolidNetworkManager

  "60126:UDP"= 60126:UDP:*:Disabled:SolidNetworkManager

  "10032:TCP"= 10032:TCP:*:Disabled:SolidNetworkManager

  "10032:UDP"= 10032:UDP:*:Disabled:SolidNetworkManager

  "34469:TCP"= 34469:TCP:*:Disabled:SolidNetworkManager

  "34469:UDP"= 34469:UDP:*:Disabled:SolidNetworkManager

  "86:TCP"= 86:TCP:BroadCam Web Server

   

  R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-02-25 15:46]

  S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-04 16:42]

  S3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 19:12]

   

  .

  Contents of the 'Scheduled Tasks' folder

  "2008-04-27 05:08:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

  - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

  .

  **************************************************************************

   

  catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

  Rootkit scan 2008-05-04 01:29:46

  Windows 5.1.2600 Service Pack 2 NTFS

   

  scanning hidden processes ...

   

  scanning hidden autostart entries ...

   

  scanning hidden files ...

   

  scan completed successfully

  hidden files: 74

   

  **************************************************************************

  .

  ------------------------ Other Running Processes ------------------------

  .

  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

  C:\Program Files\Bonjour\mDNSResponder.exe

  C:\WINDOWS\system32\nvsvc32.exe

  C:\WINDOWS\system32\PnkBstrA.exe

  C:\WINDOWS\system32\wscntfy.exe

  C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe

  C:\Program Files\iPod\bin\iPodService.exe

  .

  **************************************************************************

  .

  Completion time: 2008-05-04 1:35:09 - machine was rebooted [Justin]

  ComboFix-quarantined-files.txt 2008-05-03 15:34:50

  ComboFix2.txt 2008-04-30 17:18:36

   

  Pre-Run: 31,663,054,848 bytes free

  Post-Run: 31,851,692,032 bytes free

   

  293

  0
• 

  Customer

  • June 10, 2021 16:49

  
  

  WTF?? when i did that my internet browser got scrwedd?? look at screenshot please!!! omg am i just got bad luck or some ######

   

  http://i32.tinypic.com/xoo9oy.jpg

   

  My toolbars ?? are done the layout of the browser is wierd?? it was never like this!! whathappend omg !!!!!!

  0
• 

  Customer

  • June 10, 2021 16:49

  
  

  Please stop with uninstalling and installing other programs in between, because I see you uninstalled Kaspersky and other malware is installed in between as well (Backdoor.Prorat). This is really confusing if you want to receive help! If you perform other steps in between all the time, how am I supposed to help you?

   

  We'll look at Internet Explorer afterwards, since this is not a priority. A priority here is to get rid of malware first. It would really be easier for both of us if you just perform my instructions WITHOUT performing anything else I didn't ask, because otherwise this won't make sense.

   

  Also, I cannot stress enough how important it is that you follow my instructions. In my previous reply I also asked to post a new HijackThislog. Unfortunately, it still appears that you are having problems with reading the instructions properly.

   

  First thing:!

   

  Please install an Antivirus asap again!!!!

   

  Then reboot after installing your Antivirus.

   

  After reboot,

   

  * Open notepad - don't use any other texteditor than notepad or the script will fail.

  Copy/paste the text in the quotebox below into notepad:

   

  
  File::

  C:\WINDOWS\system32\telnetsvc32.exe

  C:\WINDOWS\imsn.exe

  C:\WINDOWS\Instmsng.dll

  C:\WINDOWS\system32\imsn.exe

  C:\WINDOWS\system32\Instmsng.dll

  
  

   

  Save this as txtfile CFScript

   

  Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

   

   

  This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

  0
• 

  Customer

  • June 10, 2021 16:49

  ok i am sorry i am not as smart as you with this stuff.... no need to get mad... or pissy i no your trying to help but u must understand i am not super wiz at this and it takes me some time understanding all of this for my brain to process all of this.! bu i am tyring my best i will now do what u have asked of me.

  0
• 

  Customer

  • June 10, 2021 16:49

  
  

  when u mean anti virus is that like nortan and stuff? i am downloadoing AVG Free Edition for the anti virus and i did to the cnfscroipt thing like u said before the

  ====

  File::

  C:\mxuxc.exe

  Driver::

  CEDRIVER53

  splittnt

  ipnat2k

  amdkex

  Registry::

  [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6017B}]

  [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{e7ccdb6e-ae6d-11cf-96b8-444553540000}]

  [HKEY_LOCAL_MACHINE\software\microsoft\security center]

  "AntiVirusDisableNotify"=dword:00000000

  "FirewallDisableNotify"=dword:00000000

  "UpdatesDisableNotify"=dword:00000000

  ======

   

  and then i sent u log i did not read where u say put the hijack log next or i simply miss read or miss saw it :/

   

  i am on so reply fast

  0
• 

  Customer

  • June 10, 2021 16:49

  
  

  Hi,

   

  I'm not mad at all - but you have to understand it is really confusing if other steps are performed in between all the time. I'm trying to explain my instructions as simple as possible, so everyone can understand them. It isn't that hard to follow them - unless you are doing other stuff in between, as I have noticed already. That's why it is important that you focus on my instructions alone and don't install/uninstall/perform whatever other things in between, otherwise it's really hard to follow for me.

  0
• 

  Customer

  • June 10, 2021 16:49

  
  

  Hi,

   

  Please read my previous instructions again. This is what I posted in my previous post:

   

  * Open notepad - don't use any other texteditor than notepad or the script will fail.

  Copy/paste the text in the quotebox below into notepad:

   

  
  File::

  C:\WINDOWS\system32\telnetsvc32.exe

  C:\WINDOWS\imsn.exe

  C:\WINDOWS\Instmsng.dll

  C:\WINDOWS\system32\imsn.exe

  C:\WINDOWS\system32\Instmsng.dll

  
  

   

  Save this as txtfile CFScript

   

  Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

   

   

  This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

  
  

   

  Yes, AVG is good for Antivirus. Please install it first and then reboot before performing the instructions with CFScript.

  0
• 

  Customer

  • June 10, 2021 16:49

  ok doing that

  0
• 

  Customer

  • June 10, 2021 16:49

  i am scanning with avg now it taken 4ever!

  0

Please sign in to leave a comment.