ABBYY FineReader 6.0 Sprint
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
CCleaner (remove only)
Create Your Own Greeting Cards
DiamondCS ProcessGuard v3.410
Driving Test Success 2003-2004
DVD Solution
Focus Multimedia's Create Your Own Posters && Signs
Google Earth
Hazard Perception Training 2003-2004
HijackThis 1.99.1
InCD
Intel(R) 536EP Modem
Kaspersky Anti-Virus 6.0
Lexmark 4300 Series
Lexmark Fax Solutions
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Multimedia Launcher
Nero OEM
PowerDVD
PowerProducer
SAMSUNG Mobile USB Modem 1.0 Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Shockwave
SoundMAX
SpywareGuard v2.2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Voyager 105 ADSL Modem
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2

tried to do the next thing but i cannot find these when you say brows just says no such file i must be doing something wrong can you advise step by step sorry i do try ???

I should of had you do this first:


Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

Re-hide after we are done


Try again please on those files from combofix log

did these scan files nothing found, but could not send you them i am fighting to stay very long on the computer as it shuts down fairly quick getting worse ???

Dawn - 06-11-16 7:40:20.10 Service Pack 2
ComboFix 06.09.25 - Running from: "C:\Documents and Settings\Dawn\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-12 to 2006-11-12 ))))))))))))))))))))))))))))))))))


2006-11-04 07:00 21,312 --a------ C:\WINDOWS\choice.exe
2006-11-04 07:00 21,312 --a------ C:\WINDOWS\choice.exe
2006-10-15 19:24 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2006-10-15 19:24 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2006-10-15 19:24 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2006-10-15 19:24 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2006-10-15 19:24 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2006-10-15 19:24 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2006-11-16 06:09 -------- d-------- C:\Program Files\Lx_cats
2006-11-16 04:08 -------- d-------- C:\Program Files\Lexmark 4300 Series
2006-11-09 11:03 -------- d-------- C:\Program Files\SpywareGuard
2006-11-06 09:56 -------- d-------- C:\Program Files\MSN Messenger
2006-11-04 11:13 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-11-04 11:13 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-11-04 10:59 -------- d-------- C:\Program Files\Google
2006-11-04 08:59 -------- d-------- C:\Program Files\Kaspersky Lab
2006-10-31 04:37 -------- d---s---- C:\Documents and Settings\Dawn\Application Data\Microsoft
2006-10-29 06:32 502272 --a------ C:\WINDOWS\system32\winlogon.exe
2006-10-28 03:47 -------- d-------- C:\Documents and Settings\Dawn\Application Data\AdobeAUM
2006-10-21 01:56 -------- d-------- C:\Documents and Settings\Dawn\Application Data\AdobeUM
2006-10-20 04:44 -------- d-------- C:\Documents and Settings\Dawn\Application Data\Google
2006-10-17 19:18 -------- d-------- C:\Program Files\directx
2006-10-17 19:16 -------- d-------- C:\Program Files\Hazard Perception 2003-2004
2006-10-17 19:02 -------- d-------- C:\Program Files\Driving Test Success 2003-2004
2006-10-15 20:06 -------- d-------- C:\Program Files\Alwil Software
2006-10-15 19:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-15 19:34 -------- d-------- C:\Program Files\Defenza
2006-10-08 21:17 -------- d-------- C:\Program Files\Create Your Own Greeting Cards
2006-10-08 06:51 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-07 09:53 -------- d-------- C:\Program Files\ProcessGuard
2006-10-03 06:00 -------- d-------- C:\Program Files\Adobe
2006-10-03 05:58 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-29 01:36 53248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-29 01:36 40960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-29 01:36 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-29 01:36 135168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-28 11:17 1492 --a------ C:\WINDOWSvundofix.reg
2006-09-25 05:59 -------- d-------- C:\Documents and Settings\Dawn\Application Data\SearchToolbarCorp
2006-09-25 05:23 -------- d-------- C:\Program Files\VSToolbar
2006-09-24 09:01 -------- d-------- C:\Program Files\Voyager 105 ADSL Modem
2006-09-23 05:22 -------- d-------- C:\Program Files\HijackThis
2006-09-12 17:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 00:08 -------- d-------- C:\Program Files\CCleaner
2006-09-12 00:05 -------- d-a------ C:\Program Files\Common Files
2006-08-30 14:25 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-08-30 14:25 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-08-30 14:16 44 --a------ C:\WINDOWS\system32\msssc.dll
2006-08-30 14:06 0 -rahs---- C:\MSDOS.SYS
2006-08-30 14:06 0 -rahs---- C:\IO.SYS
2006-08-30 14:06 0 --a------ C:\CONFIG.SYS
2006-08-30 14:06 0 --a------ C:\AUTOEXEC.BAT
2006-08-30 08:49 1233 --a------ C:\WINDOWS\system32\ojdc962f.sys
2006-08-30 06:54 62 --ahs---- C:\Documents and Settings\Dawn\Application Data\desktop.ini
2006-08-25 03:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 00:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-20 21:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-15 23:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroChec k.exe"
"DSLSTATEXE"="C:\\Program Files\\Voyager 105 ADSL Modem\\dslstat.exe icon"
"D@@@@ENTEXE"="C:\\Program Files\\Voyager 105 ADSL Modem\\d@@@@ent.exe"
"LXCECATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\ LXCEtime.dll,_RunDLLEntry@16"
"lxcemon.exe"="\"C:\\Program Files\\Lexmark 4300 Series\\lxcemon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 4300 Series\\ezprint.exe\""
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SpywareBot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"!1_pgaccount"="\"C:\\Program Files\\ProcessGuard\\pgaccount.exe\""
"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
@=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.ramblincameras.com/Omwin5.jpg"
"SubscribedURL"="http://www.ramblincameras.com/Omwin5.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,10,02,00,00,13,01,00,00 ,e0,00,00,00,d4,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,12,02,00,00,23 ,00,00,00,11,03,00,00,11,02,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,72,05,41,c0,b4,74,98 ,0c,4a,04,68,de,72,05,20,6d,\
72,05,82,be,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00 ,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff ,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23 ,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"VCS Host"="vcshost.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VCS Host"="vcshost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 16/11/2006 7:44:51.56
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
ComboFixresults.txt

Excellent, found a very bad guy in that last combofix log.



Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

• In Safe Mode, right click the SDFix.zip folder and choose Extract All,
• Open the extracted folder and double click RunThis.bat to start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

having problems downloaded sdfix but your instructions dont coincide tried what i thought got some sort of scan and it closed the computer down again but i dont know if it was right it did not say type y it had numbers with diff scans choose full scan but dont know if was right can you look at this prog and see if i was doing right thanks

tried again i soon as i extract it starts scan and goes off

you say bad file which one on the scan