coolpics.com woes

Discussion in 'malware problems & news' started by heart_break_kid, Oct 29, 2006.

Thread Status:
Not open for further replies.
  1. heart_break_kid

    heart_break_kid Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    7
    i have a broadband connection n i once surfed without the firewall turned on,, n now i m not able to use the run command n sometimes the task manager,, n i cant edit my registry,,,, moreover,, a status message telling others to click on some coolpics.com link is appearing in my yahoo messanger n it sends this message rite in front of me automatically to the ones wid whom i m chatting,,,.. in my IE6, the home page is set to coolpics.com,,, (dat i managed to change it)
    i ran spybot search n destroy n i found something called browser embedded something,,,, n i deleted it twice still all the above mentioned problems occur,,,
    can u tell me which spyware/virus m i infected with n how to remove it??
    thanx
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    1. Download this file - combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Please post the combofix log.

    Regards,

    Pieter
     
  3. heart_break_kid

    heart_break_kid Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    7
    tenz_in_jam_reloaded - 06-10-29 15:53:25.44 Service Pack 2
    ComboFix 06.10.19 - Running from: "C:\Documents and Settings\tenz_in_jam_reloaded\My Documents"

    ((((((((((((((((((((((((((((((( Files Created from 2006-09-29 to 2006-10-29 ))))))))))))))))))))))))))))))))))


    2006-10-28 17:18 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
    2006-10-28 17:18 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
    2006-10-28 17:18 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
    2006-10-28 17:18 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
    2006-10-15 16:39 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2006-10-15 15:03 18,004 -ra------ C:\WINDOWS\system32\drivers\slnt.sys
    2006-10-13 22:25 46,080 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
    2006-10-13 22:25 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2006-10-13 22:25 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2006-10-12 22:58 81,920 --------- C:\WINDOWS\system32\BrWebIns.dll
    2006-10-12 22:58 65,536 --------- C:\WINDOWS\system32\Brwebup.exe
    2006-10-12 22:58 65,536 --------- C:\WINDOWS\system32\Brmfrmps.exe
    2006-10-12 22:58 51,200 --------- C:\WINDOWS\system32\brinsstr.dll
    2006-10-12 22:58 176,128 --------- C:\WINDOWS\system32\Pdrvinst.dll
    2006-10-12 22:58 126,976 --------- C:\WINDOWS\system32\BrfxD04a.dll
    2006-10-12 22:57 147,456 --a------ C:\WINDOWS\brunin03.dll
    2006-10-12 22:22 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2006-10-09 21:26 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
    2006-10-09 21:26 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
    2006-10-09 21:26 27,136 --a------ C:\WINDOWS\system32\irmon.dll
    2006-10-09 21:26 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
    2006-10-09 21:26 152,576 --a------ C:\WINDOWS\system32\irftp.exe
    2006-10-09 21:25 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
    2006-10-05 22:14 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
    2006-10-02 21:55 12 --a------ C:\WINDOWS\system32\vfw_32.reg
    2006-10-01 13:22 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll
    2006-10-01 13:22 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll
    2006-10-01 13:22 65,536 --a------ C:\WINDOWS\system32\mplapx.dll
    2006-10-01 13:22 65,536 --a------ C:\WINDOWS\system32\mplam6.dll
    2006-10-01 13:22 157,696 --a------ C:\WINDOWS\system32\unrar.dll
    2006-10-01 13:22 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll
    2006-10-01 13:22 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll
    2006-10-01 13:22 1,552,384 --a------ C:\WINDOWS\system32\mplvm6.dll
    2006-10-01 13:22 1,122,304 --a------ C:\WINDOWS\system32\mplvpx.dll
    2006-10-01 13:21 86,016 --a------ C:\WINDOWS\system32\dpl100.dll
    2006-10-01 13:21 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
    2006-10-01 13:21 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
    2006-10-01 13:21 574,976 --a------ C:\WINDOWS\system32\divx.dll
    2006-10-01 13:21 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
    2006-10-01 13:21 457,234 --a------ C:\WINDOWS\system32\x264vfw.dll
    2006-10-01 13:21 413,760 --a------ C:\WINDOWS\system32\msmpeg4.dll
    2006-10-01 13:21 413,760 --a------ C:\WINDOWS\system32\DivXc32f.dll
    2006-10-01 13:21 413,760 --a------ C:\WINDOWS\system32\DivXc32.dll
    2006-10-01 13:21 339,968 --a------ C:\WINDOWS\system32\dpus11.dll
    2006-10-01 13:21 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2006-10-01 13:21 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
    2006-10-01 13:21 286,720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
    2006-10-01 13:21 245,408 --a------ C:\WINDOWS\system32\unicows.dll
    2006-10-01 13:21 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2006-10-01 13:21 200,704 --a------ C:\WINDOWS\system32\dtu100.dll
    2006-10-01 13:21 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
    2006-10-01 13:21 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2006-10-01 13:21 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
    2006-10-01 13:21 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2006-10-01 13:21 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
    2006-09-30 22:14 92,160 --a------ C:\WINDOWS\system32\lameEnc.dll
    2006-09-30 22:14 70,018 --a------ C:\WINDOWS\system32\akrip32.dll
    2006-09-30 22:14 193,024 --a------ C:\WINDOWS\system32\AKRipAX.dll
    2006-09-30 22:13 90,112 --a------ C:\WINDOWS\system32\AVMiniWeb.exe
    2006-09-30 22:13 520,192 --a------ C:\WINDOWS\system32\AVmmfecd.exe
    2006-09-30 22:13 438,272 --a------ C:\WINDOWS\system32\AVawbecd.exe
    2006-09-30 22:13 380,928 --a------ C:\WINDOWS\system32\AVawbdcd.exe
    2006-09-30 22:13 266,240 --a------ C:\WINDOWS\system32\AVamrecd.exe
    2006-09-30 22:13 208,896 --a------ C:\WINDOWS\system32\lame_enc.dll
    2006-09-30 21:44 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
    2006-09-30 21:44 249,856 --------- C:\WINDOWS\Setup1.exe
    2006-09-30 21:22 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
    2006-09-30 20:58 97,056 --a------ C:\WINDOWS\system32\drivers\W700mdm.sys
    2006-09-30 20:58 9,264 --a------ C:\WINDOWS\system32\drivers\W700mdfl.sys
    2006-09-30 20:58 88,560 --a------ C:\WINDOWS\system32\drivers\W700mgmt.sys
    2006-09-30 20:58 86,368 --a------ C:\WINDOWS\system32\drivers\W700obex.sys
    2006-09-30 20:58 61,536 --a------ C:\WINDOWS\system32\drivers\W700bus.sys
    2006-09-30 20:58 6,208 --a------ C:\WINDOWS\system32\drivers\W700cmnt.sys
    2006-09-30 20:58 6,208 --a------ C:\WINDOWS\system32\drivers\W700cm.sys
    2006-09-30 20:58 5,840 --a------ C:\WINDOWS\system32\drivers\W700whnt.sys
    2006-09-30 20:58 5,840 --a------ C:\WINDOWS\system32\drivers\W700wh.sys
    2006-09-30 19:44 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
    2006-09-30 19:44 0 -rahs---- C:\MSDOS.SYS
    2006-09-30 19:44 0 -rahs---- C:\IO.SYS
    2006-09-30 19:44 0 --a------ C:\CONFIG.SYS
    2006-09-30 19:44 0 --a------ C:\AUTOEXEC.BAT
    2006-09-30 19:39 11,264 --a------ C:\WINDOWS\system32\atrace.dll
    2006-09-30 19:38 81,920 --a------ C:\WINDOWS\system32\ils.dll
    2006-09-30 19:38 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
    2006-09-30 19:38 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
    2006-09-30 19:38 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
    2006-09-30 19:38 69,632 --a------ C:\WINDOWS\system32\msconf.dll
    2006-09-30 19:38 67,584 --a------ C:\WINDOWS\system32\srclient.dll
    2006-09-30 19:38 64,512 --a------ C:\WINDOWS\system32\acctres.dll
    2006-09-30 19:38 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
    2006-09-30 19:38 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
    2006-09-30 19:38 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
    2006-09-30 19:38 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
    2006-09-30 19:38 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
    2006-09-30 19:38 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
    2006-09-30 19:38 36,864 --a------ C:\WINDOWS\system32\wups.dll
    2006-09-30 19:38 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
    2006-09-30 19:38 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
    2006-09-30 19:38 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
    2006-09-30 19:38 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
    2006-09-30 19:38 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
    2006-09-30 19:38 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
    2006-09-30 19:38 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
    2006-09-30 19:38 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
    2006-09-30 19:38 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2006-09-30 19:38 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2006-09-30 19:38 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
    2006-09-30 19:38 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
    2006-09-30 19:38 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-09-30 19:38 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
    2006-09-30 19:38 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
    2006-09-30 19:38 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
    2006-09-30 19:38 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
    2006-09-30 19:38 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
    2006-09-30 19:38 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
    2006-09-30 19:38 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
    2006-09-30 19:38 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
    2006-09-30 19:37 81,920 --a------ C:\WINDOWS\system32\isign32.dll
    2006-09-30 19:37 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
    2006-09-30 19:37 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-09-30 19:37 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
    2006-09-30 19:37 48,128 --a------ C:\WINDOWS\system32\inetres.dll
    2006-09-30 19:37 274,944 --a------ C:\WINDOWS\system32\mstask.dll
    2006-09-30 19:37 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
    2006-09-30 19:37 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
    2006-09-30 19:37 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
    2006-09-30 19:34 9,728 --a------ C:\WINDOWS\system32\reset.exe
    2006-09-30 19:34 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
    2006-09-30 19:34 80,384 --a------ C:\WINDOWS\system32\charmap.exe
    2006-09-30 19:34 73,216 --a------ C:\WINDOWS\system32\avwav.dll
    2006-09-30 19:34 605,696 --a------ C:\WINDOWS\system32\getuname.dll
    2006-09-30 19:34 56,832 --a------ C:\WINDOWS\system32\sol.exe
    2006-09-30 19:34 55,296 --a------ C:\WINDOWS\system32\freecell.exe
    2006-09-30 19:34 54,272 --a------ C:\WINDOWS\system32\stclient.dll
    2006-09-30 19:34 5,632 --a------ C:\WINDOWS\system32\write.exe
    2006-09-30 19:34 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
    2006-09-30 19:34 44,544 --a------ C:\WINDOWS\system32\hticons.dll
    2006-09-30 19:34 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
    2006-09-30 19:34 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
    2006-09-30 19:34 35,328 --a------ C:\WINDOWS\system32\winchat.exe
    2006-09-30 19:34 33,792 --a------ C:\WINDOWS\system32\regini.exe
    2006-09-30 19:34 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
    2006-09-30 19:34 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
    2006-09-30 19:34 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
    2006-09-30 19:34 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
    2006-09-30 19:34 20,992 --a------ C:\WINDOWS\system32\msg.exe
    2006-09-30 19:34 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
    2006-09-30 19:34 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
    2006-09-30 19:34 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
    2006-09-30 19:34 16,384 --a------ C:\WINDOWS\system32\tskill.exe
    2006-09-30 19:34 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
    2006-09-30 19:34 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
    2006-09-30 19:34 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
    2006-09-30 19:34 15,360 --a------ C:\WINDOWS\system32\logoff.exe
    2006-09-30 19:34 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
    2006-09-30 19:34 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
    2006-09-30 19:34 14,848 --a------ C:\WINDOWS\system32\tscon.exe
    2006-09-30 19:34 14,848 --a------ C:\WINDOWS\system32\shadow.exe
    2006-09-30 19:34 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
    2006-09-30 19:34 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
    2006-09-30 19:34 119,808 --a------ C:\WINDOWS\system32\winmine.exe
    2006-09-30 19:34 114,688 --a------ C:\WINDOWS\system32\calc.exe
    2006-09-30 19:34 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
    2006-09-30 19:33 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
    2006-09-30 19:33 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
    2006-09-30 19:33 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
    2006-09-30 19:33 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
    2006-09-30 19:33 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
    2006-09-30 19:33 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
    2006-09-30 19:33 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
    2006-09-30 19:33 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
    2006-09-30 19:33 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
    2006-09-30 19:33 62,464 --a------ C:\WINDOWS\system32\colbact.dll
    2006-09-30 19:33 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
    2006-09-30 19:33 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
    2006-09-30 19:33 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
    2006-09-30 19:33 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
    2006-09-30 19:33 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
    2006-09-30 19:33 540,160 --a------ C:\WINDOWS\system32\comuid.dll
    2006-09-30 19:33 538,624 --a------ C:\WINDOWS\system32\spider.exe
    2006-09-30 19:33 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
    2006-09-30 19:33 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
    2006-09-30 19:33 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
    2006-09-30 19:33 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
    2006-09-30 19:33 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
    2006-09-30 19:33 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
    2006-09-30 19:33 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
    2006-09-30 19:33 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
    2006-09-30 19:33 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
    2006-09-30 19:33 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
    2006-09-30 19:33 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
    2006-09-30 19:33 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
    2006-09-30 19:33 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
    2006-09-30 19:33 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
    2006-09-30 19:33 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
    2006-09-30 19:33 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
    2006-09-30 19:33 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
    2006-09-30 19:33 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
    2006-09-30 19:33 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
    2006-09-30 19:33 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
    2006-09-30 19:33 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
    2006-09-30 19:33 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
    2006-09-30 19:33 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
    2006-09-30 19:33 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
    2006-09-30 19:33 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
    2006-09-30 19:33 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
    2006-09-30 19:33 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
    2006-09-30 19:33 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
    2006-09-30 19:33 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
    2006-09-30 19:33 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
    2006-09-30 18:43 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2006-09-30 18:43 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2006-09-30 18:43 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
    2006-09-30 18:43 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2006-09-30 18:43 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2006-09-30 18:43 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2006-09-30 18:43 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2006-09-30 18:43 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
    2006-09-30 18:43 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2006-09-30 18:43 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
    2006-09-30 18:43 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
    2006-09-30 18:43 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
    2006-09-30 18:42 93,952 --a------ C:\WINDOWS\system32\drivers\cwcwdm.sys
    2006-09-30 18:42 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2006-09-30 18:42 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
    2006-09-30 18:42 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2006-09-30 18:42 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2006-09-30 18:42 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
    2006-09-30 18:42 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
    2006-09-30 18:41 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2006-09-30 18:40 68,608 --a------ C:\WINDOWS\system32\drivers\SiS6306p.sys
    2006-09-30 18:40 150,144 --a------ C:\WINDOWS\system32\SiS6306v.dll
    2006-09-30 18:39 95,424 --a------ C:\WINDOWS\system32\drivers\slnthal.sys
    2006-09-30 18:39 74,240 --a------ C:\WINDOWS\system32\usbui.dll
    2006-09-30 18:39 73,832 --a------ C:\WINDOWS\system32\slcoinst.dll
    2006-09-30 18:39 73,796 --a------ C:\WINDOWS\system32\slserv.exe
    2006-09-30 18:39 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
    2006-09-30 18:39 41,088 --a------ C:\WINDOWS\system32\drivers\SISAGP.SYS
    2006-09-30 18:39 404,990 --a------ C:\WINDOWS\system32\drivers\slntamr.sys
    2006-09-30 18:39 32,866 --a------ C:\WINDOWS\system32\slrundll.exe
    2006-09-30 18:39 3,584 --a------ C:\WINDOWS\system32\drivers\cwcos.sys
    2006-09-30 18:39 286,792 --a------ C:\WINDOWS\system32\slextspk.dll
    2006-09-30 18:39 188,508 --a------ C:\WINDOWS\system32\SLGen.dll
    2006-09-30 18:39 180,360 --a------ C:\WINDOWS\system32\drivers\ntmtlfax.sys
    2006-09-30 18:39 13,776 --a------ C:\WINDOWS\system32\drivers\RecAgent.sys
    2006-09-30 18:39 13,240 --a------ C:\WINDOWS\system32\drivers\slwdmsup.sys
    2006-09-30 18:39 126,686 --a------ C:\WINDOWS\system32\drivers\mtlmnt5.sys
    2006-09-30 18:39 111,872 --a------ C:\WINDOWS\system32\drivers\cwcspud.sys
    2006-09-30 18:39 1,309,184 --a------ C:\WINDOWS\system32\drivers\mtlstrm.sys
    2006-09-30 18:35 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
    2006-09-30 18:35 8,704 --a------ C:\WINDOWS\system32\batt.dll
    2006-09-30 18:35 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
    2006-09-30 18:35 74,752 --a------ C:\WINDOWS\system32\storprop.dll
    2006-09-30 18:35 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
    2006-09-30 18:35 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
    2006-09-30 18:35 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
    2006-09-30 18:35 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
    2006-09-30 18:35 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
    2006-09-30 18:35 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
    2006-09-30 18:35 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
    2006-09-30 18:35 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
    2006-09-30 18:35 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
    2006-09-30 18:35 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
    2006-09-30 18:35 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
    2006-09-30 18:35 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
    2006-09-30 18:35 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
    2006-09-30 18:35 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
    2006-09-30 18:35 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
    2006-09-30 18:35 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
    2006-09-30 18:35 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
    2006-09-30 18:35 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
    2006-09-30 18:35 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
    2006-09-30 18:35 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
    2006-09-30 18:35 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2006-09-30 18:35 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
    2006-09-30 18:35 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
    2006-09-30 18:35 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2006-09-30 18:35 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
    2006-09-30 18:35 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-10-29 15:35 -------- d-------- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\Broadband
    2006-10-28 13:23 -------- d-------- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\Hewlett-Packard
    2006-10-28 13:10 -------- d---s---- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\Microsoft
    2006-10-28 12:47 -------- d-------- C:\Program Files\Hewlett-Packard
    2006-10-28 12:34 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-10-25 20:14 -------- dr------- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\Brother
    2006-10-25 13:40 -------- d-------- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\Media Player Classic
    2006-10-24 18:09 -------- d-------- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\Mozilla
    2006-10-20 17:50 -------- d-------- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\Opera
    2006-10-15 16:44 -------- d-------- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\Macromedia
    2006-10-14 15:03 -------- d-------- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\Yahoo!
    2006-10-14 15:01 -------- d-------- C:\Program Files\Foxit Software
    2006-10-12 22:58 -------- d-------- C:\Program Files\Common Files\InstallShield
    2006-10-12 22:45 -------- d-------- C:\Program Files\Common Files\ScanSoft Shared
    2006-10-12 22:40 -------- d-------- C:\Program Files\Common Files
    2006-10-05 18:34 -------- d-------- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\Help
    2006-10-01 13:21 -------- d-------- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\Real
    2006-10-01 12:51 -------- d-------- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\Ringtone
    2006-10-01 00:53 62 --ahs---- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\desktop.ini
    2006-09-30 21:19 -------- d-------- C:\Program Files\Common Files\Designer
    2006-09-30 21:15 -------- d-------- C:\Program Files\Common Files\System
    2006-09-30 21:11 -------- d-------- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\Teleca
    2006-09-30 21:05 -------- d-------- C:\Program Files\Common Files\Teleca Shared
    2006-09-30 20:10 -------- d-------- C:\Program Files\Internet Explorer
    2006-09-30 20:01 -------- d--h----- C:\Program Files\Uninstall Information
    2006-09-30 20:01 -------- d-------- C:\Documents and Settings\tenz_in_jam_reloaded\Application Data\Identities
    2006-09-30 19:46 -------- d-------- C:\Program Files\xerox
    2006-09-30 19:46 -------- d-------- C:\Program Files\microsoft frontpage
    2006-09-30 19:44 -------- d-------- C:\Program Files\Windows Media Player
    2006-09-30 19:40 -------- d--h----- C:\Program Files\WindowsUpdate
    2006-09-30 19:40 -------- d-------- C:\Program Files\Online Services
    2006-09-30 19:38 -------- d-------- C:\Program Files\Outlook Express
    2006-09-30 19:38 -------- d-------- C:\Program Files\NetMeeting
    2006-09-30 19:38 -------- d-------- C:\Program Files\Movie Maker
    2006-09-30 19:38 -------- d-------- C:\Program Files\Common Files\Services
    2006-09-30 19:38 -------- d-------- C:\Program Files\Common Files\MSSoap
    2006-09-30 19:35 -------- d-------- C:\Program Files\Messenger
    2006-09-30 19:35 -------- d-------- C:\Program Files\ComPlus Applications
    2006-09-30 19:34 -------- d-------- C:\Program Files\Windows NT
    2006-09-30 19:34 -------- d-------- C:\Program Files\MSN Gaming Zone
    2006-09-30 19:33 -------- d-------- C:\Program Files\MSN
    2006-09-30 18:35 -------- d-------- C:\Program Files\Common Files\SpeechEngines
    2006-09-30 18:35 -------- d-------- C:\Program Files\Common Files\ODBC


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Yahoo! Pager"="\"F:\\software\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
    "SifyBB"="F:\\software\\Sify Broadband\\BBImpSec.exe"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "FreeRAM XP"="\"F:\\software\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
    "PaperPort PTD"="F:\\software\\ScanSoft\\PaperPort\\pptd40nt.exe"
    "SetDefPrt"="F:\\software\\Brother\\Brmfl04a\\BrStDvPt.exe"
    "OfficeScanNT Monitor"="\"F:\\software\\Trend Micro\\OfficeScan Client\\pccntmon.exe\" -HideWindow"
    "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
    "Task Manager"="C:\\WINDOWS\\system\\svchost32.exe"
    "HP Software Update"="\"F:\\software\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
    "HP Component Manager"="\"F:\\software\\HP\\hpcoretech\\hpcmpmgr.exe\""
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=dword:40000004
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "NoRun"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "DeviceDiscovery"="F:\\software\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
    "ControlCenter2.0"="F:\\software\\Brother\\ControlCenter2\\brctrcen.exe /autorun"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Status Monitor.lnk"
    "backup"="C:\\WINDOWS\\pss\\Status Monitor.lnkCommon Startup"
    "location"="Common Startup"
    "command"="F:\\software\\Brother\\Brmfcmon\\BrMfcWnd.exe Brother MFC-210C /STARTUP"
    "item"="Status Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^tenz_in_jam_reloaded^Start Menu^Programs^Startup^SpywareGuard.lnk]
    "path"="C:\\Documents and Settings\\tenz_in_jam_reloaded\\Start Menu\\Programs\\Startup\\SpywareGuard.lnk"
    "backup"="C:\\WINDOWS\\pss\\SpywareGuard.lnkStartup"
    "location"="Startup"
    "command"="F:\\software\\SPYWAR~2\\sgmain.exe "
    "item"="SpywareGuard"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="FreeRAM XP Pro"
    "hkey"="HKCU"
    "command"="\"F:\\software\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="IndexSearch"
    "hkey"="HKLM"
    "command"="F:\\software\\ScanSoft\\PaperPort\\IndexSearch.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Application Launcher"
    "hkey"="HKLM"
    "command"="\"F:\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Files Updater]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="System Files Updater"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\FlyakiteOSX\\Tools\\System Files Updater.exe /S"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="zlclient"
    "hkey"="HKLM"
    "command"="\"F:\\software\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "xmlprov"=dword:00000003
    "WZCSVC"=dword:00000002
    "wscsvc"=dword:00000002
    "UPS"=dword:00000003
    "TermService"=dword:00000003
    "SCardSvr"=dword:00000003
    "RemoteRegistry"=dword:00000002
    "Netlogon"=dword:00000003
    "mnmsrvc"=dword:00000003
    "LmHosts"=dword:00000002
    "CiSvc"=dword:00000003
    "Browser"=dword:00000002
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Please download the Killbox by Option^Explicit.

    • Save it to your desktop.
    • Please double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system\svchost32.exe


    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

    After the reboot download SDFix and save it to your Desktop.

    Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    • Finally copy and paste the contents of the results file Report.txt back onto the forum.

    Regards,

    Pieter
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Before I forget, a few questions that will be important for the next step.

    Did you remove the Run dialog box yourself or was this done by the Worm?
    And can you check when Trend Micro was last successfully updated?

    Regards,

    Pieter
     
  6. heart_break_kid

    heart_break_kid Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    7
    SDFix: Version 1.34
    -------------------

    Scan run on:
    06-10-29

    Time:
    22:13


    Microsoft Windows XP [Version 5.1.2600]

    Running from: C:\Documents and Settings\tenz_in_jam_reloaded\My Documents\SDFix

    Stage One...

    Checking Services...

    Name:
    -----


    Path:
    ----




    Repairing Registry...


    Restoring Default Hosts File...

    Stage One Complete

    Rebooting...

    Stage Two...

    Checking For Malware:
    --------------------


    Backing Up and Removing any Files Found...

    Final Check:

    Services:
    ---------


    Files:
    ------


    Any files removed are saved to the SDFix\backups Folder

    FINISHED
    :)
     
  7. heart_break_kid

    heart_break_kid Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    7
    thanx,,, i did wat u told me to do,,,
    neither did i remove the run dialog nor do i remember when did i update trend micro,,, how do i restore the run dialog?
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    First, we need to backup your registry:
    Please go to Start > Run
    Paste in the following line:
    • regedit /e c:\registrybackup.reg
    Click OK.
    It won't appear to be doing anything, that's normal.
    Your mouse pointer may turn to an hour glass for a minute.
    Please continue when it no longer has the hour glass.

    Then copy the part in bold below into notepad and save it as Appid.reg
    Set Filetype to "all files"

    REGEDIT4

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRun"=-

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "MSConfig"=-
    "Task Manager"=-


    Doubleclick that file and confirm you want to merge it with the registry.

    Then download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.

    Then reboot and let me know if Ctr-Alt-Del brings up the Taskmanager.
    Is your license for Trend Micro still valid?
    Please post the results of the AVG Anti-Spyware report scan.

    Regards,

    Pieter
     
  9. heart_break_kid

    heart_break_kid Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    7
    see, first of all thanx a lot,,,,
    fact is i can access the task manager after i used spybot search=destroy but i m not able to use the run command,,,,
    plz tell me how to restore the run dialog,,,,
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Use the Appid.reg as I described in my previous post. (quoted above)
    That will restore the Run command.

    Regards,

    Pieter
     
  11. heart_break_kid

    heart_break_kid Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    7
    when i double click on the reg file dat i created above,,,
    i get an error saying,,,
    cant inmport d"\appid.reg: the specified file is not a registry script. You can only import binary registry files from within the registry editor.
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Make sure that the first sign in Appid.reg is the "R" in REGEDIT4
    No spaces or linefeeds can be before it, or it will be rejected as a registry script.

    Let me know if you can get it to work.

    Regards,

    Pieter
     
  13. heart_break_kid

    heart_break_kid Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    7
    thanx,,,, a lot,,,,
    really,,,,
    now the run dialog is also back,,,,,
    thanq
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    My pleasure.

    Glad we could help. :)
     
Thread Status:
Not open for further replies.