[RB211]

When I hit send file I just get a message saying no bytes received

[evilfantasy]

Download Combofix by sUBs from one of the below links.

• Link #1
• Link #2

Important! Combofix.exe MUST be saved to and ran from the Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
• Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
  • Click this link to see a list of security programs that should be disabled and how to disable them.
  • If yours is not listed and you don't know how to disable it, please ask.
• Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
• Double click combofix.exe & follow the prompts.
  • Choose Yes to accept the Disclaimers.
• When finished, it will produce a log for you.
• Post that log in your next reply.

Warning: Do not mouseclick Combofix's window while it is running. That may cause it to stall

• If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
• Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

If needed, see this Combofix tutorial with screenshots that will detail more thoroughly the downloading and running of Combofix.

----------

Next post add
Combofix log

[RB211]

Next log

ComboFix 08-07-04.6 - Danny 2008-07-05 23:12:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.110 [GMT 1:00]
Running from: C:\Documents and Settings\Danny\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Rozzie\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.
2008-07-05 21:02 . 2008-07-05 21:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-05 20:21 . 2008-07-05 20:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 19:35 . 2008-07-05 19:35 <DIR> d-------- C:\Program Files\Sun
2008-07-05 18:39 . 2008-07-05 18:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 18:39 . 2008-07-05 18:39 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Malwarebytes
2008-07-05 18:39 . 2008-07-05 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 18:39 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-05 18:39 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-05 18:13 . 2008-07-05 18:13 <DIR> d-------- C:\Program Files\CCleaner
2008-07-05 17:08 . 2008-07-05 17:08 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-05 17:08 . 2008-07-05 17:08 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\SUPERAntiSpyware.com
2008-07-05 17:08 . 2008-07-05 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 17:07 . 2008-07-05 17:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 16:38 . 2008-07-05 16:38 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\rhcpv6j0erel
2008-07-05 15:40 . 2008-07-05 15:40 0 --a------ C:\WINDOWS\system32\41.tmp
2008-07-05 15:21 . 2008-07-05 15:21 0 --a------ C:\WINDOWS\system32\3C.tmp
2008-07-05 14:55 . 2008-07-05 16:33 <DIR> d-------- C:\$AVG8.VAULT$
2008-07-05 14:53 . 2008-07-05 14:55 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-07-05 14:53 . 2008-07-05 16:34 <DIR> d-------- C:\Program Files\AVG(2)
2008-07-05 14:52 . 2008-07-05 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-07-05 14:40 . 2008-07-05 14:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\rhcpv6j0erel
2008-07-05 13:10 . 2008-07-05 18:00 <DIR> d-------- C:\AA
2008-07-05 11:33 . 2006-03-22 13:53 337,320 --a------ C:\WINDOWS\difxapi.dll
2008-07-05 11:25 . 2008-07-05 11:25 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-05 11:23 . 2008-07-05 11:23 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-05 11:23 . 2008-07-05 11:24 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-05 10:27 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-05 10:17 . 2008-07-05 10:17 <DIR> d-------- C:\WINDOWS\EHome
2008-07-05 10:08 . 2008-04-14 01:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-07-05 10:07 . 2008-04-14 01:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-07-05 10:06 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-07-05 09:39 . 2008-04-13 19:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-05 09:37 . 2008-04-14 01:12 151,552 --a------ C:\WINDOWS\system32\irftp.exe
2008-07-05 09:37 . 2008-04-13 19:51 101,120 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-07-05 09:37 . 2008-04-13 19:46 59,136 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2008-07-05 09:37 . 2008-04-14 01:11 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-07-05 09:37 . 2008-04-13 19:46 18,944 --a------ C:\WINDOWS\system32\drivers\bthusb.sys
2008-07-05 09:37 . 2008-04-13 19:46 17,024 --a------ C:\WINDOWS\system32\drivers\bthenum.sys
2008-07-05 09:37 . 2008-04-14 01:12 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-07-04 18:43 . 2008-07-04 18:43 <DIR> d-------- C:\Program Files\DNA
2008-07-04 18:43 . 2008-07-05 23:09 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\DNA
2008-06-27 06:54 . 2008-06-27 06:54 9,728 --a------ C:\WINDOWS\system32\SiSPIns2.dll
2008-06-22 19:06 . 2008-06-22 19:06 738 --a------ C:\WINDOWS\cdplayer.ini
2008-06-22 16:41 . 2008-06-22 16:41 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Talkback
2008-06-22 16:40 . 2008-06-22 16:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-22 15:29 . 2008-06-13 12:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-22 15:29 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-22 15:28 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-05 20:30 --------- d-----w C:\Program Files\SPAMfighter
2008-07-05 18:49 --------- d-----w C:\Program Files\Java
2008-07-05 11:10 --------- d-----w C:\Program Files\Microsoft Works
2008-07-05 10:22 --------- d-----w C:\Program Files\Windows Media Connect
2008-07-04 17:43 --------- d-----w C:\Program Files\BitTorrent_DNA
2008-07-04 17:43 --------- d-----w C:\Documents and Settings\Danny\Application Data\BitTorrent DNA
2008-06-27 06:19 19,072 ----a-w C:\WINDOWS\system32\drivers\srvkp.sys
2008-06-27 06:19 1,571,001 ----a-w C:\WINDOWS\system32\sisgl.dll
2008-06-27 06:02 3,467,264 ----a-w C:\WINDOWS\system32\sisgrv.dll
2008-06-27 05:57 323,584 ----a-w C:\WINDOWS\system32\drivers\sisgrp.sys
2008-06-27 05:53 49,152 ----a-w C:\WINDOWS\system32\SiSBase.dll
2008-06-27 05:53 258,048 ----a-w C:\WINDOWS\system32\SiSParse.dll
2008-06-27 05:53 172,032 ----a-w C:\WINDOWS\system32\SiSInst.dll
2008-06-27 05:53 12,288 ----a-w C:\WINDOWS\InstFunc.dll
2008-05-28 16:27 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-28 16:27 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-28 16:26 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-28 16:26 --------- d-----w C:\Program Files\Common Files\Real
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 04:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:26 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-02-02 13:54 4,154 ----a-w C:\Program Files\INSTALL.LOG
2008-01-04 16:30 32,408 ----a-w C:\Documents and Settings\Rozzie\Application Data\GDIPFONTCACHEV1.DAT
2005-10-02 17:49 32,408 ----a-w C:\Documents and Settings\Danny\Application Data\GDIPFONTCACHEV1.DAT
2005-01-26 17:03 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"United Alerts"="C:\Program Files\United Alerts\UnitedAlerts.exe" [2005-01-25 13:25 477880]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-08-28 14:01 68856]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-04 18:43 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SB"="C:\WINDOWS\system32\SB.exe" [2003-12-19 17:01 241664]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-05 11:00 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-05 11:00 499712]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 17:15 106496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 20:50 155648]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-07 02:14 504080]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-13 10:50 98304]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16 278528]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 14:03 53248]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 18:03 308880]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-28 17:27 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 15:00 88363 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-04-12 11:31 49152 C:\WINDOWS\system32\SiSPower.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 01:12 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM 83360]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [7/14/2005 11:32:50 AM 266240]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe [9/20/2005 7:10:04 PM 238080]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/7/2005 5:17:03 PM 122880]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\Program Files\United Alerts\UnitedAlerts.exe"= C:\Program Files\United Alerts\UnitedAlerts.exe
"C:\\Program Files\\CA\\eTrust Antivirus\\Shellscn.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2007-12-14 10:57]
R3 MTC0001_SB;SB device driver;C:\WINDOWS\system32\ntSB.sys [2001-11-27 09:11]
R3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-02-20 12:05]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8a1b5396-d452-11d9-99a2-0040d068e23b}]
\Shell\AutoRun\command - G:\loader.exe /no hidden
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SMrhcpv6j0erel - C:\Program Files\rhcpv6j0erel\rhcpv6j0erel.exe

************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 23:17:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-07-05 23:19:12
ComboFix-quarantined-files.txt 2008-07-05 22:19:07
Pre-Run: 20,027,408,384 bytes free
Post-Run: 20,279,582,720 bytes free
212 --- E O F --- 2008-07-05 11:15:54

[evilfantasy]

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

Folder::
C:\Documents and Settings\NetworkService\Application Data\rhcpv6j0erel
C:\Documents and Settings\Danny\Application Data\rhcpv6j0erel

File::
C:\WINDOWS\system32\41.tmp
C:\WINDOWS\system32\3C.tmp

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"United Alerts"=-

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

----------

Next post add
New combofix log

Also let me know how things are now.

[RB211]

ComboFix 08-07-04.6 - Danny 2008-07-05 23:48:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.205 [GMT 1:00]
Running from: C:\Documents and Settings\Danny\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Danny\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\3C.tmp
C:\WINDOWS\system32\41.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Danny\Application Data\rhcpv6j0erel
C:\Documents and Settings\NetworkService\Application Data\rhcpv6j0erel
C:\WINDOWS\system32\3C.tmp
C:\WINDOWS\system32\41.tmp
.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.
2008-07-05 21:02 . 2008-07-05 21:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-05 20:21 . 2008-07-05 20:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 19:35 . 2008-07-05 19:35 <DIR> d-------- C:\Program Files\Sun
2008-07-05 18:39 . 2008-07-05 18:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 18:39 . 2008-07-05 18:39 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Malwarebytes
2008-07-05 18:39 . 2008-07-05 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 18:39 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-05 18:39 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-05 18:13 . 2008-07-05 18:13 <DIR> d-------- C:\Program Files\CCleaner
2008-07-05 17:08 . 2008-07-05 17:08 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-05 17:08 . 2008-07-05 17:08 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\SUPERAntiSpyware.com
2008-07-05 17:08 . 2008-07-05 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 17:07 . 2008-07-05 17:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 14:55 . 2008-07-05 16:33 <DIR> d-------- C:\$AVG8.VAULT$
2008-07-05 14:53 . 2008-07-05 14:55 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-07-05 14:53 . 2008-07-05 16:34 <DIR> d-------- C:\Program Files\AVG(2)
2008-07-05 14:52 . 2008-07-05 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-07-05 13:10 . 2008-07-05 18:00 <DIR> d-------- C:\AA
2008-07-05 11:33 . 2006-03-22 13:53 337,320 --a------ C:\WINDOWS\difxapi.dll
2008-07-05 11:25 . 2008-07-05 11:25 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-05 11:23 . 2008-07-05 11:23 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-05 11:23 . 2008-07-05 11:24 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-05 10:30 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-05 10:27 . 2008-07-05 10:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-05 10:17 . 2008-07-05 10:17 <DIR> d-------- C:\WINDOWS\EHome
2008-07-05 10:08 . 2008-04-14 01:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-07-05 10:07 . 2008-04-14 01:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-07-05 10:06 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-07-05 09:39 . 2008-04-13 19:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-05 09:37 . 2008-04-14 01:12 151,552 --a------ C:\WINDOWS\system32\irftp.exe
2008-07-05 09:37 . 2008-04-13 19:51 101,120 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-07-05 09:37 . 2008-04-13 19:46 59,136 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2008-07-05 09:37 . 2008-04-14 01:11 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-07-05 09:37 . 2008-04-13 19:46 18,944 --a------ C:\WINDOWS\system32\drivers\bthusb.sys
2008-07-05 09:37 . 2008-04-13 19:46 17,024 --a------ C:\WINDOWS\system32\drivers\bthenum.sys
2008-07-05 09:37 . 2008-04-14 01:12 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-07-04 18:43 . 2008-07-04 18:43 <DIR> d-------- C:\Program Files\DNA
2008-07-04 18:43 . 2008-07-05 23:39 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\DNA
2008-06-27 06:54 . 2008-06-27 06:54 9,728 --a------ C:\WINDOWS\system32\SiSPIns2.dll
2008-06-22 19:06 . 2008-06-22 19:06 738 --a------ C:\WINDOWS\cdplayer.ini
2008-06-22 16:41 . 2008-06-22 16:41 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Talkback
2008-06-22 16:40 . 2008-06-22 16:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-22 15:29 . 2008-06-13 12:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-22 15:29 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-22 15:28 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-05 22:53 --------- d-----w C:\Program Files\SPAMfighter
2008-07-05 18:49 --------- d-----w C:\Program Files\Java
2008-07-05 11:10 --------- d-----w C:\Program Files\Microsoft Works
2008-07-05 10:22 --------- d-----w C:\Program Files\Windows Media Connect
2008-07-04 17:43 --------- d-----w C:\Program Files\BitTorrent_DNA
2008-07-04 17:43 --------- d-----w C:\Documents and Settings\Danny\Application Data\BitTorrent DNA
2008-06-27 06:19 19,072 ----a-w C:\WINDOWS\system32\drivers\srvkp.sys
2008-06-27 05:57 323,584 ----a-w C:\WINDOWS\system32\drivers\sisgrp.sys
2008-06-27 05:53 12,288 ----a-w C:\WINDOWS\InstFunc.dll
2008-05-28 16:26 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-28 16:26 --------- d-----w C:\Program Files\Common Files\Real
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-02-02 13:54 4,154 ----a-w C:\Program Files\INSTALL.LOG
2008-01-04 16:30 32,408 ----a-w C:\Documents and Settings\Rozzie\Application Data\GDIPFONTCACHEV1.DAT
2005-10-02 17:49 32,408 ----a-w C:\Documents and Settings\Danny\Application Data\GDIPFONTCACHEV1.DAT
2005-01-26 17:03 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-05_23.18.56.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-05 20:18:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-05 22:52:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-08-28 14:01 68856]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-04 18:43 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SB"="C:\WINDOWS\system32\SB.exe" [2003-12-19 17:01 241664]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-05 11:00 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-05 11:00 499712]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 17:15 106496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 20:50 155648]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-07 02:14 504080]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-13 10:50 98304]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16 278528]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 14:03 53248]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 18:03 308880]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-28 17:27 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 15:00 88363 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-04-12 11:31 49152 C:\WINDOWS\system32\SiSPower.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 01:12 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM 83360]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [7/14/2005 11:32:50 AM 266240]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe [9/20/2005 7:10:04 PM 238080]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/7/2005 5:17:03 PM 122880]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\Program Files\United Alerts\UnitedAlerts.exe"= C:\Program Files\United Alerts\UnitedAlerts.exe
"C:\\Program Files\\CA\\eTrust Antivirus\\Shellscn.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2007-12-14 10:57]
R3 MTC0001_SB;SB device driver;C:\WINDOWS\system32\ntSB.sys [2001-11-27 09:11]
R3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-02-20 12:05]
R3 WinSer;WinSer;C:\WINDOWS\System32\WinSer.sys [2004-05-14 18:29]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8a1b5396-d452-11d9-99a2-0040d068e23b}]
\Shell\AutoRun\command - G:\loader.exe /no hidden
*Newly Created Service* - WINSER
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 23:54:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
C:\WINDOWS\explorer.exe [248] 0x84B1FB38
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\OSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\WINDOWS\system32\msiexec.exe
.
************************************************** ************************
.
Completion time: 2008-07-05 23:59:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-05 22:58:56
ComboFix2.txt 2008-07-05 22:19:13
Pre-Run: 20,262,662,144 bytes free
Post-Run: 20,254,003,200 bytes free
192 --- E O F --- 2008-07-05 11:15:54


Machine seems to be running ok...its definately faster

[evilfantasy]

• Click START then RUN
• Now type Combofix /u in the runbox
• Make sure there's a space between Combofix and /u
• Then hit Enter.

The above procedure will:

• Delete:
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:\Deckard folder, if present
  • The C:_OtMoveIt folder, if present
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

----------

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it)

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

• When finished exit out of OTMoveIt2

----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
• Click OK
• Click the More Options Tab.
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

----------

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.

• Click Start Now
• Check the box next to Enable thorough system inspection.
• Click Start
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

----------

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[RB211]

Secunia website is down..Cant access it

[evilfantasy]

Happens now and then. Usually no longer than a few hours.

[RB211]

ok off to bed now thanks again mate

[RB211]

Site is now open but it says Java applet wont run in my browser?