Virus ( i think ) problem

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Chriscj, Jul 9, 2008.

  1. Chriscj

    Chriscj Private E-2

    Hi, im new to this kind of thing, but i REALLY need help, ive been putting up with this for a long time! Okay, so I went on a world of warcraft site that helps you with quests etc, and my anti virus was turned off >.<. Next thing i know it downloads all this windows security crap. Obviously i delete it. But afterwards ive noticed, after 2 hours pretty much precisely, my internet goes off, and nothing to do with the internet responds, ive tried everything! Ive tried combofix, crap cleaner, aol spyware thing, avira anti vir and pretty much anything you can think of. I have a log from combofix if this helps: ComboFix 08-06-19.1 - cpu 2008-06-19 23:34:40.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.874 [GMT 2:00]
    Running from: C:\Documents and Settings\cpu\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\cpu\Desktop\WinXP_EN_PRO_BF.EXE
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\IE Extensions
    C:\Program Files\iSecurity
    C:\Program Files\iSecurity\axpdefender.bmp
    C:\Program Files\iSecurity\axpdefender.ico
    C:\Program Files\iSecurity\axpdefenderi.bmp
    C:\Program Files\iSecurity\axpfixer.bmp
    C:\Program Files\iSecurity\axpfixer.ico
    C:\Program Files\iSecurity\axpfixeri.bmp
    C:\Program Files\iSecurity\iSecurity.dat
    C:\Program Files\iSecurity\iSecurity.html
    C:\Program Files\iSecurity\systemdefender.bmp
    C:\Program Files\iSecurity\systemdefender.ico
    C:\Program Files\iSecurity\systemdefenderi.bmp
    C:\Program Files\MyWay
    C:\Program Files\MyWay\bar\History\search
    C:\Program Files\MyWay\bar\Settings\settings.dat
    C:\Program Files\MyWay\bar\Settings\settings.htm
    C:\WINDOWS\resources\SrvDrive.dll
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\ystem3~1

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IPRIP
    -------\Legacy_NETDOWN
    -------\Service_NETDown


    ((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
    .

    2008-06-09 21:40 . 2008-06-09 21:40 <DIR> d-------- C:\Documents and Settings\cpu\.jnlp-applet
    2008-06-06 18:06 . 2008-06-06 18:06 <DIR> d-------- C:\Program Files\LimeWire
    2008-06-05 19:10 . 2008-06-06 15:15 <DIR> d-------- C:\WINDOWS\system32\905757
    2008-06-03 21:38 . 2008-06-03 21:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-03 21:38 . 2008-06-03 21:38 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-01 22:51 . 2008-06-01 22:51 <DIR> d-------- C:\Logs
    2008-05-30 17:25 . 2008-05-30 17:28 <DIR> d-------- C:\Documents and Settings\cpu\.frugoo_file_store_32
    2008-05-26 10:49 . 2008-05-26 10:49 <DIR> d-------- C:\Documents and Settings\cpu\Application Data\gslist
    2008-05-26 02:24 . 2008-05-26 02:24 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
    2008-05-26 02:24 . 2008-05-26 02:24 <DIR> d-------- C:\Program Files\Adobe Media Player

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-08 10:17 --------- d-----w C:\Program Files\World of Warcraft
    2008-06-01 16:57 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-05-27 13:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-27 13:26 --------- d-----w C:\Program Files\Warcraft III
    2008-05-26 21:42 --------- d-----w C:\Program Files\TechniSat DVB
    2008-05-26 21:40 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
    2008-05-26 10:48 --------- d-----w C:\Documents and Settings\cpu\Application Data\IGN_DLM
    2008-05-26 09:00 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-05-26 00:26 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-05-25 23:46 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
    2008-05-25 23:45 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-05-25 23:41 --------- d-----w C:\Program Files\Yahoo!
    2008-05-25 23:39 --------- d-----w C:\Program Files\DivX
    2008-05-25 23:37 --------- d-----w C:\Program Files\DVBViewerTE
    2008-05-25 23:36 --------- d-----w C:\Program Files\Super GSM Reader
    2008-05-25 23:28 --------- d-----w C:\Program Files\System Soap Pro
    2008-05-25 23:28 --------- d-----w C:\Program Files\QuickTime
    2008-05-25 23:28 --------- d-----w C:\Program Files\Quake III Arena
    2008-05-25 23:28 --------- d-----w C:\Program Files\NoLimits Coasters v1.262
    2008-05-25 23:28 --------- d-----w C:\Program Files\Microsoft Games
    2008-05-25 23:28 --------- d-----w C:\Program Files\Common Files\Nullsoft
    2008-05-25 23:28 --------- d-----w C:\Program Files\Common Files\AOL
    2008-05-25 23:27 --------- d-----w C:\Program Files\BitComet
    2008-05-25 23:27 --------- d-----w C:\Program Files\AOL 9.0
    2008-05-25 15:00 --------- d-----w C:\Program Files\SD EnterNET
    2008-05-10 17:15 230,432 ----a-w C:\StiImg.dat
    2008-05-10 11:57 --------- d-----w C:\Program Files\Rigs of Rods 0.35
    2008-05-09 16:56 --------- d-----w C:\Documents and Settings\cpu\Application Data\Viewpoint
    2008-04-28 15:31 --------- d-----w C:\Program Files\Abe's Exoddus
    2006-11-29 19:56 24,192 ----a-w C:\Documents and Settings\cpu\usbsermptxp.sys
    2006-11-29 19:56 22,768 ----a-w C:\Documents and Settings\cpu\usbsermpt.sys
    2004-08-30 18:08 516,671 ----a-w C:\Program Files\despenaperros01
    2004-01-23 10:27 115,152 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
    2003-05-24 23:06 46,080 --sha-w C:\Program Files\Thumbs.db
    2007-03-27 22:02 35,964 --sha-w C:\WINDOWS\system32\etad2pu.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E28F671C-3D83-4149-BA2F-546A67702B49}]
    C:\WINDOWS\System32\905757\905757.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus C62"="C:\Windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-12-10 05:06 75776]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 17:30 71008]
    "AIMWDInstallFilename"="C:\PROGRA~1\AIM\AIMWDI~1.EXE" [2004-01-12 22:29 102400]
    "HostManager"="C:\Program Files\Common Files\AOL\1161993683\ee\AOLSoftware.exe" [2006-11-17 15:21 50736]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-19 22:18 262401]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\Windows\System32\CTFMON.EXE" [2002-08-29 04:41 13312]
    "VCXD Settings"="phqg.EXE" []
    "VIEW POINT DRIVERS"="phqghum.exe" []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2006-10-25 20:13:49 156784]
    IEEE 802.11g Wireless LAN Utility.lnk - C:\Program Files\IEEE 802.11g Wireless LAN Utility\WLANUTL.exe [2006-11-27 01:48:07 626688]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\up2date]
    up2date.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.NSGSM"= NSGSM32.ACM
    "MSACM.NSTSP"= NSTSP32.ACM
    "MSACM.sx5363s"= sx5363s.acm
    "MSACM.CEGSM"= mobilev.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DHCP Client]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 8.0 Tray Icon.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 8.0 Tray Icon.lnk
    backup=C:\WINDOWS\pss\AOL 8.0 Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
    backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
    backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Family & Friends Reminders.LNK]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel Family & Friends Reminders.LNK
    backup=C:\WINDOWS\pss\Corel Family & Friends Reminders.LNKCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVBViewer.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVBViewer.lnk
    backup=C:\WINDOWS\pss\DVBViewer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCSuiteForNokiaN-Gage Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCSuiteForNokiaN-Gage Detect.lnk
    backup=C:\WINDOWS\pss\PCSuiteForNokiaN-Gage Detect.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCSuiteForNokiaN-Gage TS.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCSuiteForNokiaN-Gage TS.lnk
    backup=C:\WINDOWS\pss\PCSuiteForNokiaN-Gage TS.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Server4PC.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Server4PC.lnk
    backup=C:\WINDOWS\pss\Server4PC.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 3.0 SE Calendar Checker.lnk
    backup=C:\WINDOWS\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^cpu^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
    path=C:\Documents and Settings\cpu\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
    --a------ 2001-05-02 14:19 94208 C:\Program Files\CyberLink\PowerVCRII\Agent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    -ra------ 2007-12-07 17:30 71008 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
    C:\Program Files\BitComet\BitComet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CallControl 4.5]
    C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]
    C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader]
    C:\Program Files\ClearSearch\Loader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
    C:\Program Files\Common Files\CMEII\CMESys.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Loader]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPQEASYACC]
    C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2002-08-29 04:41 13312 C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    C:\Program Files\D-Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
    --a------ 2002-12-12 01:14 46592 C:\WINDOWS\System32\dxdllreg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C44 Series]
    --a------ 2002-12-10 05:06 75776 C:\Windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C62 Series]
    --a------ 2002-12-10 05:06 75776 C:\Windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FMTZG]
    C:\WINDOWS\FMTZG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSICONEXE]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoftf DDEs ContrDL]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoftm EEGS Cuntrol]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
    C:\Program Files\nCase\msbb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2003-04-14 21:30 1491216 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    -ra------ 2001-07-09 11:50 155648 C:\Windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
    --a------ 2002-04-29 18:22 401408 C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2005-11-03 10:11 7110656 C:\WINDOWS\System32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2005-11-03 10:11 86016 C:\WINDOWS\System32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2005-11-03 10:11 1519616 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\precpop2]
    C:\Program Files\Precpop2\starter.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMon.exe]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-06-29 07:24 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    --a------ 2004-01-29 22:58 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
    --a------ 2001-04-30 18:12 28672 C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
    --a------ 2002-01-31 08:01 81920 C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2005-02-24 03:13 77824 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stcloader]
    C:\Windows\System32\stcloader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systems]
    C:\WINDOWS\System32\itDDD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCXD Settings]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIEW POINT DRIVERS]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
    C:\Program Files\Save\Save.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
    C:\Program Files\WhenUSearch\Search.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winamp Agent]
    C:\WINDOWS\System32\winamp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "NMSSvc"=2 (0x2)
    "NVSvc"=2 (0x2)
    "hwclock"=2 (0x2)
    "EPSONStatusAgent2"=2 (0x2)
    "DHCP Client"=2 (0x2)
    "IDriverT"=3 (0x3)
    "AVGEMS"=2 (0x2)
    "Avg7UpdSvc"=2 (0x2)
    "Avg7Alrt"=2 (0x2)

    R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-04-19 22:18]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-04-19 22:18]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
    R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\System32\DRIVERS\pfc027.sys [2005-02-24 12:29]
    R3 SKYNET;B2C2 Broadband Receiver PCI Adapter;C:\WINDOWS\System32\DRIVERS\SkyNET.SYS [2004-05-02 21:30]
    R4 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\ZDCNDIS5.sys [2006-04-05 10:57]
    S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
    S2 ULRQEUPY;ULRQEUPY;C:\WINDOWS\System32\ulrqeupy.mqq []
    S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\TEMP\3D1.tmp []
    S3 Am772;AMD Alchemy(tm) Solutions Wireless 802.11 Adapter;C:\WINDOWS\System32\DRIVERS\Am772.sys [2003-10-27 05:49]
    S3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\System32\DRIVERS\cccp106.sys []
    S3 FXDRV;FXDRV;I:\Fxdrv.sys []
    S3 NB762_XP;NB 802.11g XG762 1211B Driver;C:\WINDOWS\System32\DRIVERS\WlanUZXP.sys [2006-04-05 10:57]
    S3 OEMFVNETusb(505_2958)(R);OEM FVNETusb(505_2958)(R) Service for 802.11b Pen Size Wireless USB Adapter;C:\WINDOWS\System32\DRIVERS\vnet558x.sys [2003-10-31 09:47]
    S3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\System32\DRIVERS\PPPoEWin.SYS []
    S4 DHCP Client;Handling the DHCP requests;C:\WINDOWS\System32\dhcpclient.exe []
    S4 hwclock;Hardware Clock Driver;C:\WINDOWS\System32\hwclock.exe []

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-06-19 21:14:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-19 23:42:54
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ULRQEUPY]
    "ImagePath"="\??\C:\WINDOWS\System32\ulrqeupy.mqq"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
    "ImagePath"="\??\C:\WINDOWS\TEMP\3D1.tmp"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\PAStiSvc.exe
    C:\Program Files\Common Files\AOL\1161993683\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2008-06-19 23:53:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-19 21:53:47

    Pre-Run: 23,896,739,840 bytes free
    Post-Run: 23,854,325,760 bytes free

    WinXP_EN_PRO_BF.EXE
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    316
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not. Please do not post logs inline like you did in your first message. You will need to re-run ComboFix as instructed in the below instructions and run it the way requested and at the point requested. Make sure you put your PC into Normal Startup mode with MSconfig as requested in step 1 of the below

    READ & RUN ME FIRST. Malware Removal Guide
     
  3. Chriscj

    Chriscj Private E-2

    Hi, thanks for the telling off (lol), but im afraid ive tried and retryed everything in the list, but my computer still disconnects from the internet irrevesably every 2 hours :cry
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I' sorry but you need to finish the instructions already given. I stated that you need to attach the requested logs from the procedure and the READ & RUN ME FIRST also states the same thing. If you are having problems and need our help, you need to help us help you by following the instructions completely. The below is a direct quote from the instructions for cleaning your version of Windows which is XP.


     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds