WiredWX Hobby Weather ToolsLog in

 


cannot open HijackThis

3 posters

descriptionSolvedRe: cannot open HijackThis

more_horiz

  • Download combofix from here, use the top links - combofix.exe
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    cannot open HijackThis - Page 2 RcAuto1

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes

    cannot open HijackThis - Page 2 Whatnext

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionSolvedRe: cannot open HijackThis

more_horiz
I did that, but it ended weird..
it looked like it was finished and a notepad file opened and behind that was just my desktop picture and nothing else.
I waited, but nothing changed so I saved the notepad file, and after that i could not do anything so I restarted.

is everything good now ??

here is what the notepad file said:

ComboFix 08-11-18.03 - Katrin 2008-11-23 22:27:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.494 [GMT 0:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Katrin\Cookies\atygypum.bat
c:\documents and settings\Katrin\Cookies\avetadurip.pif
c:\documents and settings\Katrin\Cookies\gakosoh.pif
c:\documents and settings\Katrin\Cookies\ydugiwas.reg
c:\documents and settings\Katrin\Local Settings\Temporary Internet Files\onelemar.lib
c:\documents and settings\Katrin\Local Settings\Temporary Internet Files\ycexy.db
c:\documents and settings\Katrin\Local Settings\Temporary Internet Files\yqolu.dll
c:\documents and settings\Katrin\Local Settings\Temporary Internet Files\yranixafi.reg
c:\windows\system32\_scui.cpl
c:\windows\system32\a.exe
c:\windows\system32\drivers\TDSSmqlt.sys
c:\windows\system32\TDSShrxr.dll
c:\windows\system32\TDSSkkbi.log
c:\windows\system32\TDSSlrvd.dat
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSotut.dll
c:\windows\system32\TDSSrhyp.log
c:\windows\system32\TDSSrtql.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\wini10895.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))))
.

2008-11-23 22:17 . 2008-11-23 22:32 d-------- C:\-Combo-Fix-
2008-11-23 18:24 . 2008-11-23 18:24 16,635 --a------ c:\program files\Common Files\otuvamyzev.bin
2008-11-23 18:24 . 2008-11-23 18:24 16,127 --a------ c:\documents and settings\All Users\Application Data\yfojuxy.bat
2008-11-23 16:43 . 2008-11-23 16:43 19,921 --a------ c:\windows\icyjywuqid.lib
2008-11-23 16:43 . 2008-11-23 16:43 19,774 --a------ c:\documents and settings\All Users\Application Data\hurefa.pif
2008-11-23 16:43 . 2008-11-23 16:43 18,377 --a------ c:\windows\amuli.ban
2008-11-23 16:43 . 2008-11-23 16:43 16,730 --a------ c:\windows\xabyj._dl
2008-11-23 16:43 . 2008-11-23 16:43 16,365 --a------ c:\program files\Common Files\jabylyw.scr
2008-11-23 16:43 . 2008-11-23 16:43 15,927 --a------ c:\documents and settings\All Users\Application Data\ulybi.com
2008-11-23 16:43 . 2008-11-23 16:43 13,501 --a------ c:\windows\SYSTEM32\cywo.exe
2008-11-23 16:43 . 2008-11-23 16:43 12,972 --a------ c:\program files\Common Files\usatujuro.vbs
2008-11-23 16:43 . 2008-11-23 16:43 12,215 --a------ c:\program files\Common Files\xeqakejacy.vbs
2008-11-23 16:43 . 2008-11-23 16:43 11,992 --a------ c:\windows\tuxucerys.sys
2008-11-23 16:43 . 2008-11-23 16:43 11,729 --a------ c:\windows\SYSTEM32\uwawonoqos.pif
2008-11-23 16:43 . 2008-11-23 16:43 11,096 --a------ c:\windows\SYSTEM32\peni.exe
2008-11-22 00:21 . 2008-11-22 00:21 27,792 --a------ c:\windows\SYSTEM32\DLLCACHE\figaro_b40.VIR
2008-11-22 00:21 . 2008-11-22 00:21 152 --a------ c:\documents and settings\Katrin\delself.bat
2008-11-12 09:35 . 2008-10-24 11:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-11-12 09:33 . 2008-09-04 17:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2008-10-25 04:31 . 2008-10-15 16:34 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\scripting
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\en
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\bits
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\l2schemas
2008-10-24 15:39 . 2008-10-24 15:51 d-------- c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 22:19 --------- d-----w c:\program files\Ordabok
2008-11-23 18:24 17,156 ----a-w c:\windows\lylasykedo.bin
2008-11-23 18:24 15,529 ----a-w c:\windows\SYSTEM32\afuci.dll
2008-11-23 18:24 15,180 ----a-w c:\windows\SYSTEM32\asyqapyk.bin
2008-11-23 18:24 14,885 ----a-w c:\windows\SYSTEM32\jujaz.pif
2008-11-23 18:24 12,363 ----a-w c:\windows\eteloh.exe
2008-11-22 20:39 --------- d-----w c:\documents and settings\Katrin\Application Data\uTorrent
2008-11-22 20:39 --------- d-----w c:\documents and settings\Katrin\Application Data\LimeWire
2008-10-24 17:52 --------- d-----w c:\program files\MSN Messenger
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 23:09 --------- d-----w c:\program files\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-02-15 22:01 61,480 ----a-w c:\documents and settings\Katrin\GoToAssistDownloadHelper.exe
2004-08-11 16:27 4,128 ----a-w c:\program files\INFCACHE.1
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-08-31 335872]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-24 67128]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=


*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 22:35]

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-11-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Katrin\Application Data\Mozilla\Firefox\Profiles\qiwl626e.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.visir.is
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 22:32:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Katrin\LOCALS~1\Temp\TMP4352$.TMP 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSmqlt.sys"
.
Completion time: 2008-11-23 22:33:16
ComboFix-quarantined-files.txt 2008-11-23 22:33:10

Pre-Run: 5,492,936,704 bytes free
Post-Run: 5,670,191,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

170 --- E O F --- 2008-11-12 14:19:02

descriptionSolvedRe: cannot open HijackThis

more_horiz
Thanks. Lets get rid of the leftovers.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\program files\Common Files\otuvamyzev.bin
c:\documents and settings\All Users\Application Data\yfojuxy.bat
c:\windows\icyjywuqid.lib
c:\documents and settings\All Users\Application Data\hurefa.pif
C:\windows\amuli.ban
c:\windows\xabyj._dl
c:\program files\Common Files\jabylyw.scr
c:\documents and settings\All Users\Application Data\ulybi.com
c:\windows\SYSTEM32\cywo.exe
c:\program files\Common Files\usatujuro.vbs
c:\program files\Common Files\xeqakejacy.vbs
c:\windows\tuxucerys.sys
c:\windows\SYSTEM32\uwawonoqos.pif
c:\windows\SYSTEM32\peni.exe
c:\windows\SYSTEM32\DLLCACHE\figaro_b40.VIR
c:\documents and settings\Katrin\delself.bat
c:\windows\lylasykedo.bin
c:\windows\SYSTEM32\afuci.dll
c:\windows\SYSTEM32\asyqapyk.bin
c:\windows\SYSTEM32\jujaz.pif
c:\windows\eteloh.exe
c:\docume~1\Katrin\LOCALS~1\Temp\TMP4352$.TMP

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
cannot open HijackThis - Page 2 Sfxdaw

This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

descriptionSolvedRe: cannot open HijackThis

more_horiz
it did not ask for a reboot.

ComboFix 08-11-18.03 - Katrin 2008-11-24 0:13:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.335 [GMT 0:00]
Running from: c:\documents and settings\Katrin\Desktop\-Combo-Fix-.exe
Command switches used :: c:\documents and settings\Katrin\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\docume~1\Katrin\LOCALS~1\Temp\TMP4352$.TMP
c:\documents and settings\All Users\Application Data\hurefa.pif
c:\documents and settings\All Users\Application Data\ulybi.com
c:\documents and settings\All Users\Application Data\yfojuxy.bat
c:\documents and settings\Katrin\delself.bat
c:\program files\Common Files\jabylyw.scr
c:\program files\Common Files\otuvamyzev.bin
c:\program files\Common Files\usatujuro.vbs
c:\program files\Common Files\xeqakejacy.vbs
c:\windows\amuli.ban
c:\windows\eteloh.exe
c:\windows\icyjywuqid.lib
c:\windows\lylasykedo.bin
c:\windows\SYSTEM32\afuci.dll
c:\windows\SYSTEM32\asyqapyk.bin
c:\windows\SYSTEM32\cywo.exe
c:\windows\SYSTEM32\DLLCACHE\figaro_b40.VIR
c:\windows\SYSTEM32\jujaz.pif
c:\windows\SYSTEM32\peni.exe
c:\windows\SYSTEM32\uwawonoqos.pif
c:\windows\tuxucerys.sys
c:\windows\xabyj._dl
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hurefa.pif
c:\documents and settings\All Users\Application Data\ulybi.com
c:\documents and settings\All Users\Application Data\yfojuxy.bat
c:\documents and settings\Katrin\delself.bat
c:\program files\Common Files\jabylyw.scr
c:\program files\Common Files\otuvamyzev.bin
c:\program files\Common Files\usatujuro.vbs
c:\program files\Common Files\xeqakejacy.vbs
c:\windows\amuli.ban
c:\windows\eteloh.exe
c:\windows\icyjywuqid.lib
c:\windows\lylasykedo.bin
c:\windows\SYSTEM32\afuci.dll
c:\windows\SYSTEM32\asyqapyk.bin
c:\windows\SYSTEM32\cywo.exe
c:\windows\SYSTEM32\DLLCACHE\figaro_b40.VIR
c:\windows\SYSTEM32\jujaz.pif
c:\windows\SYSTEM32\peni.exe
c:\windows\SYSTEM32\uwawonoqos.pif
c:\windows\tuxucerys.sys
c:\windows\xabyj._dl

.
((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-24 00:12 . 2008-11-24 00:16 d-------- C:\-Combo-Fix-
2008-11-23 18:24 . 2008-11-23 18:24 19,777 --a------ c:\windows\binaly._sy
2008-11-23 18:24 . 2008-11-23 18:24 17,923 --a------ c:\windows\wypyca._sy
2008-11-23 18:24 . 2008-11-23 18:24 16,697 --a------ c:\windows\qafupu._dl
2008-11-23 18:24 . 2008-11-23 18:24 16,444 --a------ c:\windows\SYSTEM32\wawoduw.dat
2008-11-23 18:24 . 2008-11-23 18:24 16,153 --a------ c:\windows\odiputyro._sy
2008-11-23 18:24 . 2008-11-23 18:24 13,386 --a------ c:\windows\zydo.dat
2008-11-23 18:24 . 2008-11-23 18:24 11,543 --a------ c:\windows\vimigal._dl
2008-11-23 18:24 . 2008-11-23 18:24 11,376 --a------ c:\windows\wevu.lib
2008-11-12 09:35 . 2008-10-24 11:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-11-12 09:33 . 2008-09-04 17:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2008-10-25 04:31 . 2008-10-15 16:34 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\scripting
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\en
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\bits
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\l2schemas
2008-10-24 15:39 . 2008-10-24 15:51 d-------- c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 22:19 --------- d-----w c:\program files\Ordabok
2008-11-22 20:39 --------- d-----w c:\documents and settings\Katrin\Application Data\uTorrent
2008-11-22 20:39 --------- d-----w c:\documents and settings\Katrin\Application Data\LimeWire
2008-10-24 17:52 --------- d-----w c:\program files\MSN Messenger
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 23:09 --------- d-----w c:\program files\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-02-15 22:01 61,480 ----a-w c:\documents and settings\Katrin\GoToAssistDownloadHelper.exe
2004-08-11 16:27 4,128 ----a-w c:\program files\INFCACHE.1
.

((((((((((((((((((((((((((((( snapshot@2008-11-23_22.32.33.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-31 15:18:42 172,099 ----a-w c:\windows\temp\FAF8DD.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-08-31 335872]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-24 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 22:35]

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-11-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 00:16:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-24 0:18:03
ComboFix-quarantined-files.txt 2008-11-24 00:17:32
ComboFix2.txt 2008-11-23 22:33:17

Pre-Run: 5.658.140.672 bytes free
Post-Run: 5,642,436,608 bytes free

159 --- E O F --- 2008-11-12 14:19:02

descriptionSolvedRe: cannot open HijackThis

more_horiz
I've just noticed something.
You aren't running Anti Virus Software

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors NOW:

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) AVG Anti-Virus Free Edition
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.
I would prefer it if you don't use Avast!, Avast! and CF do not like each other and fight alot.


Please stay off the internet until we get this cleaned.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\binaly._sy
c:\windows\wypyca._sy
c:\windows\qafupu._dl
c:\windows\SYSTEM32\wawoduw.dat
c:\windows\odiputyro._sy
c:\windows\zydo.dat
c:\windows\vimigal._dl
c:\windows\wevu.lib


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
cannot open HijackThis - Page 2 Sfxdaw

This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

descriptionSolvedRe: cannot open HijackThis

more_horiz
I thougt trend micro office scan was my antivirus sofware. But I have now downloaded and installed nr. 1 you suggested.
should I delete trend micro ?

here is the log
ComboFix 08-11-18.03 - Katrin 2008-11-24 0:13:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.335 [GMT 0:00]
Running from: c:\documents and settings\Katrin\Desktop\-Combo-Fix-.exe
Command switches used :: c:\documents and settings\Katrin\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\docume~1\Katrin\LOCALS~1\Temp\TMP4352$.TMP
c:\documents and settings\All Users\Application Data\hurefa.pif
c:\documents and settings\All Users\Application Data\ulybi.com
c:\documents and settings\All Users\Application Data\yfojuxy.bat
c:\documents and settings\Katrin\delself.bat
c:\program files\Common Files\jabylyw.scr
c:\program files\Common Files\otuvamyzev.bin
c:\program files\Common Files\usatujuro.vbs
c:\program files\Common Files\xeqakejacy.vbs
c:\windows\amuli.ban
c:\windows\eteloh.exe
c:\windows\icyjywuqid.lib
c:\windows\lylasykedo.bin
c:\windows\SYSTEM32\afuci.dll
c:\windows\SYSTEM32\asyqapyk.bin
c:\windows\SYSTEM32\cywo.exe
c:\windows\SYSTEM32\DLLCACHE\figaro_b40.VIR
c:\windows\SYSTEM32\jujaz.pif
c:\windows\SYSTEM32\peni.exe
c:\windows\SYSTEM32\uwawonoqos.pif
c:\windows\tuxucerys.sys
c:\windows\xabyj._dl
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hurefa.pif
c:\documents and settings\All Users\Application Data\ulybi.com
c:\documents and settings\All Users\Application Data\yfojuxy.bat
c:\documents and settings\Katrin\delself.bat
c:\program files\Common Files\jabylyw.scr
c:\program files\Common Files\otuvamyzev.bin
c:\program files\Common Files\usatujuro.vbs
c:\program files\Common Files\xeqakejacy.vbs
c:\windows\amuli.ban
c:\windows\eteloh.exe
c:\windows\icyjywuqid.lib
c:\windows\lylasykedo.bin
c:\windows\SYSTEM32\afuci.dll
c:\windows\SYSTEM32\asyqapyk.bin
c:\windows\SYSTEM32\cywo.exe
c:\windows\SYSTEM32\DLLCACHE\figaro_b40.VIR
c:\windows\SYSTEM32\jujaz.pif
c:\windows\SYSTEM32\peni.exe
c:\windows\SYSTEM32\uwawonoqos.pif
c:\windows\tuxucerys.sys
c:\windows\xabyj._dl

.
((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-24 00:12 . 2008-11-24 00:16 d-------- C:\-Combo-Fix-
2008-11-23 18:24 . 2008-11-23 18:24 19,777 --a------ c:\windows\binaly._sy
2008-11-23 18:24 . 2008-11-23 18:24 17,923 --a------ c:\windows\wypyca._sy
2008-11-23 18:24 . 2008-11-23 18:24 16,697 --a------ c:\windows\qafupu._dl
2008-11-23 18:24 . 2008-11-23 18:24 16,444 --a------ c:\windows\SYSTEM32\wawoduw.dat
2008-11-23 18:24 . 2008-11-23 18:24 16,153 --a------ c:\windows\odiputyro._sy
2008-11-23 18:24 . 2008-11-23 18:24 13,386 --a------ c:\windows\zydo.dat
2008-11-23 18:24 . 2008-11-23 18:24 11,543 --a------ c:\windows\vimigal._dl
2008-11-23 18:24 . 2008-11-23 18:24 11,376 --a------ c:\windows\wevu.lib
2008-11-12 09:35 . 2008-10-24 11:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-11-12 09:33 . 2008-09-04 17:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2008-10-25 04:31 . 2008-10-15 16:34 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\scripting
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\en
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\bits
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\l2schemas
2008-10-24 15:39 . 2008-10-24 15:51 d-------- c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 22:19 --------- d-----w c:\program files\Ordabok
2008-11-22 20:39 --------- d-----w c:\documents and settings\Katrin\Application Data\uTorrent
2008-11-22 20:39 --------- d-----w c:\documents and settings\Katrin\Application Data\LimeWire
2008-10-24 17:52 --------- d-----w c:\program files\MSN Messenger
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 23:09 --------- d-----w c:\program files\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-02-15 22:01 61,480 ----a-w c:\documents and settings\Katrin\GoToAssistDownloadHelper.exe
2004-08-11 16:27 4,128 ----a-w c:\program files\INFCACHE.1
.

((((((((((((((((((((((((((((( snapshot@2008-11-23_22.32.33.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-31 15:18:42 172,099 ----a-w c:\windows\temp\FAF8DD.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-08-31 335872]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-24 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 22:35]

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-11-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 00:16:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-24 0:18:03
ComboFix-quarantined-files.txt 2008-11-24 00:17:32
ComboFix2.txt 2008-11-23 22:33:17

Pre-Run: 5.658.140.672 bytes free
Post-Run: 5,642,436,608 bytes free

159 --- E O F --- 2008-11-12 14:19:02

descriptionSolvedRe: cannot open HijackThis

more_horiz
My bad, didn't see trend there.
Uninstall whatever AV you installed from my mistake.

Also, you ran the old CFScript or posted the old log. See the last post on page 1, I posted a new CFScript.

descriptionSolvedRe: cannot open HijackThis

more_horiz
ComboFix 08-11-18.03 - Katrin 2008-11-24 1:41:33.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.328 [GMT 0:00]
Running from: c:\documents and settings\Katrin\Desktop\-Combo-Fix-.exe
Command switches used :: c:\documents and settings\Katrin\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\windows\binaly._sy
c:\windows\odiputyro._sy
c:\windows\qafupu._dl
c:\windows\SYSTEM32\wawoduw.dat
c:\windows\vimigal._dl
c:\windows\wevu.lib
c:\windows\wypyca._sy
c:\windows\zydo.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\binaly._sy
c:\windows\odiputyro._sy
c:\windows\qafupu._dl
c:\windows\SYSTEM32\wawoduw.dat
c:\windows\vimigal._dl
c:\windows\wevu.lib
c:\windows\wypyca._sy
c:\windows\zydo.dat

.
((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-24 01:40 . 2008-11-24 01:45 d-------- C:\-Combo-Fix-
2008-11-24 01:35 . 2008-11-24 01:35 d-------- c:\program files\Avira
2008-11-24 01:35 . 2008-11-24 01:35 d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-12 09:35 . 2008-10-24 11:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-11-12 09:33 . 2008-09-04 17:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2008-10-25 04:31 . 2008-10-15 16:34 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\scripting
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\en
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\bits
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\l2schemas
2008-10-24 15:39 . 2008-10-24 15:51 d-------- c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 22:19 --------- d-----w c:\program files\Ordabok
2008-11-22 20:39 --------- d-----w c:\documents and settings\Katrin\Application Data\uTorrent
2008-11-22 20:39 --------- d-----w c:\documents and settings\Katrin\Application Data\LimeWire
2008-10-24 17:52 --------- d-----w c:\program files\MSN Messenger
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 23:09 --------- d-----w c:\program files\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-02-15 22:01 61,480 ----a-w c:\documents and settings\Katrin\GoToAssistDownloadHelper.exe
2004-08-11 16:27 4,128 ----a-w c:\program files\INFCACHE.1
.

((((((((((((((((((((((((((((( snapshot@2008-11-23_22.32.33.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-09 13:15:51 45,376 ----a-w c:\windows\SYSTEM32\DRIVERS\avgntdd.sys
+ 2008-01-21 18:11:28 22,336 ----a-w c:\windows\SYSTEM32\DRIVERS\avgntmgr.sys
+ 2008-11-24 01:39:03 75,072 ----a-w c:\windows\SYSTEM32\DRIVERS\avipbb.sys
+ 2007-03-01 10:34:22 28,352 ----a-w c:\windows\SYSTEM32\DRIVERS\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-08-31 335872]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-24 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=


*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 22:35]

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-11-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 01:44:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-24 1:47:20
ComboFix-quarantined-files.txt 2008-11-24 01:46:30
ComboFix2.txt 2008-11-24 00:18:05
ComboFix3.txt 2008-11-23 22:33:17

Pre-Run: 5.523.570.688 bytes free
Post-Run: 5,514,752,000 bytes free

136 --- E O F --- 2008-11-12 14:19:02

descriptionSolvedRe: cannot open HijackThis

more_horiz
Please uninstall Avira.

How is the machine now?

descriptionSolvedRe: cannot open HijackThis

more_horiz
It's fine now I think Smile...
but I was thinking shouldn't I rather uninstall the trend since it was not protecting the computer from what infected it ?
I got I at my school long time ago must be out of date or something ?

descriptionSolvedRe: cannot open HijackThis

more_horiz
Heh, maybe.
No AV is perfect.
Uninstall Trend Micro if you want to.

Please delete this folder:
C:\Qoobox

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Post back when you've done that, cause we have to do some updating.

descriptionSolvedRe: cannot open HijackThis

more_horiz
okay, I have finished making a new restore point now..

descriptionSolvedRe: cannot open HijackThis

more_horiz
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6 update 10.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe that you downloaded to install the newest version.

Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.

descriptionSolvedRe: cannot open HijackThis

more_horiz
Java SE Runtime Environment (JRE) 6 Update 10
this one ?

I don't see anything with no "SE"

descriptionSolvedRe: cannot open HijackThis

more_horiz
Yes , that's the one. My speech needs editing, thanks for finding that. LMBO or ROFL

descriptionSolvedRe: cannot open HijackThis

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum