Cannot Stop Antivirus 2009 Popups!

I have a few issues here, not sure what i can.


Havent had much help so far from anyone :(


virus1.jpganotherpopup.jpg


Bfenderissue1.jpg


Firewall.jpg


secuirtycentre.jpg


virus01.jpg


See attached files if they will help?


I have ran a scan of Bitdefender and for some reason it wont even save a scan log!!!! so i cant show you what it ast found.


I believe it found a few aroud 6 viruses, some trojan's,


Last one i found was the follwing, trojan.generic.368316 and it couldnt be deleted or dealt with in anyway!!!


/applications/core/interface/file/attachment.php?id=2524" data-fileid="2524" rel="">sysdump.tar

/applications/core/interface/file/attachment.php?id=2525" data-fileid="2525" rel="">BDFileInfo.log

Comments

  • Hello imhardlyeva@hotmail.com,


    Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post. So I or someone else can see if there is still some infections.


    Kind regards,


    Niels

  • ComboFix 08-07-21.2 - JARROD 2008-07-23 11:12:45.1 - NTFSx86


    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1147 [GMT -7:00]


    Running from: C:\Users\JARROD.JARRODS.002\DOWNLOADS\ComboFix.exe


    * Created a new restore point


    * Resident AV is active


    .


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    .


    C:\Program Files\ContextTool


    C:\Program Files\ContextTool\ContextHelper.dat


    C:\Program Files\ContextTool\pcre3.dll


    C:\Program Files\ContextTool\uninstall.exe


    C:\Windows\system32\arrhmdec.dll


    C:\Windows\system32\calnlofo.ini


    C:\Windows\system32\dehwsemo.dll


    C:\Windows\System32\dhdvcgus.ini


    C:\Windows\system32\gogkpwbp.dll


    C:\Windows\System32\IOrqAJlm.ini


    C:\Windows\System32\IOrqAJlm.ini2


    C:\Windows\system32\ipfajbqt.dll


    C:\Windows\system32\mcrh.tmp


    C:\Windows\system32\mlJAqrOI.dll


    C:\Windows\system32\msmrvemb.dll


    C:\Windows\system32\ofolnlac.dll


    C:\Windows\System32\OrXHOqru.ini


    C:\Windows\System32\OrXHOqru.ini2


    C:\Windows\system32\sysogg.dll


    C:\Windows\system32\urqOHXrO.dll


    C:\Windows\system32\uylswntd.dll


    C:\Windows\system32\zdaqkb.dll


    .


    ((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))


    .


    2008-07-23 11:09 . 2008-07-23 11:10 <DIR> d-------- C:\327882R2FWJFW


    2008-07-22 23:42 . 2008-07-22 23:42 <DIR> d-------- C:\Program Files\Enigma Software Group


    2008-07-22 19:27 . 2008-07-22 19:52 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy


    2008-07-22 19:27 . 2008-07-22 19:52 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy


    2008-07-22 19:27 . 2008-07-22 19:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy


    2008-07-22 18:18 . 2008-07-22 18:18 <DIR> d-------- C:\Users\JARROD.JARRODS.002\AppData\Roaming\BitDefender


    2008-07-22 18:15 . 2008-07-22 18:18 <DIR> d-------- C:\Users\All Users\BitDefender


    2008-07-22 18:15 . 2008-07-22 18:18 <DIR> d-------- C:\ProgramData\BitDefender


    2008-07-22 18:15 . 2008-07-22 18:15 <DIR> d-------- C:\Program Files\BitDefender


    2008-07-22 18:13 . 2008-07-22 18:15 <DIR> d-------- C:\Program Files\Common Files\BitDefender


    2008-07-22 17:57 . 2008-07-22 17:57 <DIR> d-------- C:\Local Settings


    2008-07-22 11:10 . 2008-07-22 11:12 <DIR> d-------- C:\Users\All Users\Lavasoft


    2008-07-22 11:10 . 2008-07-22 11:12 <DIR> d-------- C:\ProgramData\Lavasoft


    2008-07-22 11:10 . 2008-07-22 11:10 <DIR> d-------- C:\Program Files\Lavasoft


    2008-07-22 11:09 . 2008-07-22 11:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard


    2008-07-22 10:58 . 2008-07-22 11:05 <DIR> d-a------ C:\Users\All Users\TEMP


    2008-07-22 10:58 . 2008-07-22 11:05 <DIR> d-a------ C:\ProgramData\TEMP


    2008-07-22 10:57 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll


    2008-07-21 16:40 . 2008-07-21 19:50 <DIR> d-------- C:\Users\JARROD.JARRODS.002\DoctorWeb


    2008-07-12 05:53 . 2008-07-12 05:55 674,074 --a------ C:\Windows\unins000.exe


    2008-07-12 05:53 . 2006-09-27 14:56 110,592 --a------ C:\Windows\System32\vcmimm4.dll


    2008-07-12 05:53 . 2008-07-12 05:55 1,072 --a------ C:\Windows\unins000.dat


    2008-07-11 12:55 . 2008-06-25 18:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll


    2008-07-11 12:55 . 2008-06-25 18:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll


    2008-07-11 12:55 . 2008-06-25 20:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll


    2008-07-09 07:16 . 2008-04-26 01:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe


    2008-07-09 07:16 . 2008-04-26 01:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe


    2008-07-09 07:16 . 2008-04-26 01:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys


    2008-07-09 07:16 . 2008-04-11 20:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll


    2008-07-09 07:16 . 2008-05-09 20:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll


    2008-07-09 07:16 . 2008-04-04 18:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys


    2008-07-09 07:16 . 2008-04-04 20:34 15,360 --a------ C:\Windows\System32\pacerprf.dll


    2008-07-09 07:15 . 2008-05-08 14:59 430,080 --a------ C:\Windows\System32\vbscript.dll


    2008-07-09 07:15 . 2008-05-08 14:59 180,224 --a------ C:\Windows\System32\scrobj.dll


    2008-07-09 07:15 . 2008-05-08 14:59 172,032 --a------ C:\Windows\System32\scrrun.dll


    2008-07-09 07:15 . 2008-05-08 14:59 155,648 --a------ C:\Windows\System32\wscript.exe


    2008-07-09 07:15 . 2008-05-08 14:58 135,168 --a------ C:\Windows\System32\wshom.ocx


    2008-07-09 07:15 . 2008-05-08 14:58 135,168 --a------ C:\Windows\System32\cscript.exe


    2008-07-09 07:15 . 2008-05-08 14:59 90,112 --a------ C:\Windows\System32\wshext.dll


    2008-07-03 10:32 . 2008-07-23 11:29 81,984 --a------ C:\Windows\System32\bdod.bin


    2008-07-01 15:56 . 2008-07-21 17:15 <DIR> d-------- C:\Netgear


    2008-06-28 11:02 . 2008-06-28 11:02 <DIR> d-------- C:\Program Files\Morgan


    2008-06-28 11:02 . 2002-11-15 05:11 77,824 --a------ C:\Windows\System32\MMSwitch.dll


    2008-06-28 11:02 . 2002-11-18 08:02 40,960 --a------ C:\Windows\System32\MMAVILNG.exe


    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    2008-07-23 17:42 63,128 ----a-w C:\Users\JARROD.JARRODS.002\AppData\Roaming\nvModes.dat


    2008-07-22 17:57 --------- d-----w C:\Users\JARROD.JARRODS.002\AppData\Roaming\Download Manager


    2008-07-22 00:17 --------- d-----w C:\Users\JARROD.JARRODS.002\AppData\Roaming\LimeWire


    2008-07-19 19:06 --------- d-----w C:\Program Files\Windows Live Safety Center


    2008-07-10 10:10 --------- d-----w C:\Program Files\Windows Mail


    2008-06-30 18:49 --------- d-----w C:\Program Files\LimeWire


    2008-06-02 23:16 86,792 ----a-w C:\Windows\system32\drivers\bdfndisf.sys


    2008-05-29 18:06 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf


    2008-05-24 01:26 --------- d-----w C:\Users\JARROD.JARRODS.002\AppData\Roaming\DivX


    2008-05-24 00:50 --------- d-----w C:\Users\JARROD.JARRODS.002\AppData\Roaming\LG Electronics


    2008-05-24 00:44 --------- d-----w C:\Program Files\DivX


    2008-05-24 00:13 --------- d-----w C:\Program Files\Common Files\PX Storage Engine


    2008-05-24 00:04 --------- d--h--w C:\Program Files\InstallShield Installation Information


    2008-05-24 00:04 --------- d-----w C:\Program Files\LG PC Suite 2


    2008-05-24 00:04 --------- d-----w C:\Program Files\LG Electronics


    2008-05-23 00:32 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf


    2008-05-23 00:28 --------- d-----w C:\Program Files\Microsoft Silverlight


    2008-05-20 08:49 174 --sha-w C:\Program Files\desktop.ini


    2008-05-20 08:18 101,888 ----a-w C:\Windows\System32\ifxcardm.dll


    2008-05-20 08:17 82,432 ----a-w C:\Windows\System32\axaltocm.dll


    2008-05-20 07:30 47,560 ----a-w C:\Windows\System32\SPReview.exe


    2008-05-20 07:30 152,576 ----a-w C:\Windows\System32\SPWizUI.dll


    2008-05-16 18:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe


    2008-05-13 01:53 524,288 ----a-w C:\Windows\System32\DivXsm.exe


    2008-05-13 01:53 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll


    2008-05-13 01:51 200,704 ----a-w C:\Windows\System32\ssldivx.dll


    2008-05-13 01:51 1,044,480 ----a-w C:\Windows\System32\libdivx.dll


    2008-05-13 01:49 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe


    2008-05-13 01:49 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll


    2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll


    2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll


    2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll


    2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll


    2007-11-22 19:25 22,328 ----a-w C:\Users\JARROD.JARRODS.002\AppData\Roaming\PnkBstrK.sys


    2007-10-26 17:46 1,145,896 ----a-w C:\Program Files\GoogleToolbarInstaller.exe


    .


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    .


    *Note* empty entries & legit default entries are not shown


    REGEDIT4


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]


    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"


    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]


    2007-11-14 12:22 3186440 --a------ C:\Program Files\Protector Suite QL\farchns.dll


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]


    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"


    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]


    2007-11-14 12:22 3186440 --a------ C:\Program Files\Protector Suite QL\farchns.dll


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]


    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 15:22 417792]


    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]


    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-06 16:05 171448]


    "ares"="C:\Program Files\Ares\Ares.exe" [2007-05-07 20:48 963072]


    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]


    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 09:12 1029416]


    "Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 09:30 405504]


    "PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-11-14 11:38 49416]


    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-06 16:05 185896]


    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-12 18:40 90191]


    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-12 18:40 7766016]


    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-12 18:40 81920]


    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]


    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16 368640]


    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]


    "RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 02:50 4374528 C:\Windows\RtHDVCpl.exe]


    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\


    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 22:38:14 2756608]


    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-22 09:43:23 91440]


    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-16 19:30:45 784912]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]


    "EnableLUA"= 0 (0x0)


    "DisableCAD"= 1 (0x1)


    "EnableUIADesktopToggle"= 0 (0x0)


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]


    2007-11-14 12:07 96008 C:\Windows\System32\psqlpwd.dll


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]


    "AppInit_DLLs"=C:\Windows\system32\__c00A6144.dat


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]


    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm


    "msacm.divxa32"= divxa32.acm


    "vidc.imm4"= vcmimm4.dll


    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]


    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk


    backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup


    backupExtension=.CommonStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]


    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]


    --a------ 2007-05-07 20:48 963072 C:\Program Files\Ares\Ares.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]


    --a------ 2007-10-23 15:18 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]


    --a------ 2007-11-02 19:36 267048 C:\Program Files\iTunes\iTunesHelper.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]


    --a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]


    --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]


    --a------ 2007-10-19 21:16 286720 C:\Program Files\QuickTime\QTTask.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]


    --a------ 2008-05-06 16:05 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]


    "DisableMonitoring"=dword:00000001


    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]


    "DisableMonitoring"=dword:00000001


    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]


    "DisableMonitoring"=dword:00000001


    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2249877449-3608405973-2885732789-1000]


    "EnableNotificationsRef"=dword:00000001


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]


    "EnableFirewall"= 0 (0x0)


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]


    "{AB3AEB0D-516A-4BEC-A120-FAE673166A6B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire


    "{2E608778-360F-45F1-8640-9A8B903C1E5F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire


    "TCP Query User{2EB05168-39B1-481A-AF48-3BF9100547DE}C:\\program files\\aresgalaxydownloaderp2p\\aresgalaxydownloader.exe"= UDP:C:\program files\aresgalaxydownloaderp2p\aresgalaxydownloader.exe:AresGalaxyDownloader


    "UDP Query User{4C783992-6CB7-4BED-9DF1-87FFF479C3AB}C:\\program files\\aresgalaxydownloaderp2p\\aresgalaxydownloader.exe"= TCP:C:\program files\aresgalaxydownloaderp2p\aresgalaxydownloader.exe:AresGalaxyDownloader


    "{97ED723E-2EDD-4CAC-81AA-ACCE8BAD9F94}"= UDP:C:\Windows\Temp\~osD9DB.tmp\ossproxy.exe:ossproxy.exe


    "{D0780B01-8609-4161-B021-156BE77BC496}"= UDP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe


    "{412ED02F-CFF1-4A28-B26B-AC4953F458B4}"= TCP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe


    "TCP Query User{B86DFAA7-DFDA-4F0F-A0E1-D00528238108}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows


    "UDP Query User{E1053654-D5AE-4219-BB3F-E2FAC274BF36}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows


    "TCP Query User{D9EDE6E1-8107-4B17-8C9C-8EE9D658D418}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire


    "UDP Query User{C8E6EA13-DDA9-4BFD-9FFF-DD99DA5DD77D}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire


    "TCP Query User{C0A233DE-7B46-4A46-B56C-E6959E7F4695}C:\\program files\\optusnet dsl internet\\dsc.exe"= UDP:C:\program files\optusnet dsl internet\dsc.exe:OptusNet Desktop Service Centre


    "UDP Query User{C3218300-BB0D-421E-92A0-3C2DC03C508C}C:\\program files\\optusnet dsl internet\\dsc.exe"= TCP:C:\program files\optusnet dsl internet\dsc.exe:OptusNet Desktop Service Centre


    "TCP Query User{10B21A88-9597-479D-9310-9D45DE812F66}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows


    "UDP Query User{123E1A32-D81C-4EF2-8697-55338C9C6EA7}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows


    "{2391B21E-2F5B-43CF-B5D0-DEB307EDBD44}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes


    "{788FFCCA-FFEA-46F9-8F05-CCB7C936CD24}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes


    "{8D98D870-043D-42EE-96C5-4766AC8FAF40}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA


    "{8F602349-8745-436F-8A00-0F3F10EF12AA}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA


    "{378DAF26-9013-4AB5-8370-116D61360692}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB


    "{B1AC4CD4-A5E3-4827-AFD2-3564D7EAC9D4}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB


    "TCP Query User{E3385FD9-EC34-499B-A663-E8093902A313}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes


    "UDP Query User{236961D4-A306-4703-A97E-36CEB66A8A67}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes


    "{29B1FEE6-5D3D-49FB-BEA2-107201CE06E2}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:AVG Control Center


    "{18244FA0-7D6C-4783-8E5C-DC6F7F5BF03A}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:AVG Control Center


    "{450B4A47-5F07-4173-B953-D80EFEBEDB8A}"= UDP:C:\Program Files\Grisoft\AVG7\avgw.exe:AVG Test Center


    "{5A6FD600-F65E-4794-B089-D623C7EAFC3B}"= TCP:C:\Program Files\Grisoft\AVG7\avgw.exe:AVG Test Center


    "{97FCFD57-0608-4026-867E-91D256725F5F}"= UDP:C:\Program Files\Grisoft\AVG7\avgvv.exe:AVG Virus Vault


    "{ED60DECF-9A7B-4430-B8BF-1A81913A387C}"= TCP:C:\Program Files\Grisoft\AVG7\avgvv.exe:AVG Virus Vault


    "{6F5AA93A-4477-4463-8566-207EC2375A9E}"= UDP:C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe:AVG Anti-Spyware


    "{F451CC08-85F5-4296-BDF0-6277B4DD7548}"= TCP:C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe:AVG Anti-Spyware


    "TCP Query User{5F13D175-E3E8-481F-B77B-01F9246884D2}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar


    "UDP Query User{F03AB11E-E355-49FB-97AC-6F3FFB9D197C}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar


    "{5AA69953-DBB5-457B-A63A-1F60B25D77EA}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare


    "{4CBC1A1A-1B02-4DA9-91EE-13247306DE2A}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare


    "{2866677A-DAE8-4C9F-AE55-BA3BEDCE911A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)


    "{7BE5FB5E-5C31-4F18-B7E0-70A4BEDEDD7D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)


    "{D0AF0721-85CF-4F45-BF6D-B049E4155ED7}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger


    "{F264CB5B-B40A-4B44-AA03-B45E60DD3A93}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger


    "{C9F8D942-5B50-48BF-A3CF-A68F764FD404}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger


    "{604D76B2-736C-4086-A7C8-A4D58D31A8DA}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger


    "{F417D172-28C9-4087-8AE8-D156CEAE87D3}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger


    "{260EBC62-CC15-48D5-A103-DCD267217650}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger


    "{C559D763-A74E-4345-ABA7-55624A2EACBF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]


    "EnableFirewall"= 0 (0x0)


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]


    "EnableFirewall"= 0 (0x0)


    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-06-02 16:16]


    R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 23:11]


    S3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16:20]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]


    bdx REG_MULTI_SZ scan


    .


    - - - - ORPHANS REMOVED - - - -


    WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)


    HKCU-Run-BMad897e68 - C:\Windows\system32\uylswntd.dll


    MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe


    .


    ------- Supplementary Scan -------


    .


    R0 -: HKCU-Main,Start Page =


    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


    O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll


    O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab


    C:\Windows\Downloaded Program Files\OSDED4D.OSD


    C:\Windows\Downloaded Program Files\InstallerControl.dll


    **************************************************************************


    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net


    Rootkit scan 2008-07-23 11:29:31


    Windows 6.0.6001 Service Pack 1 NTFS


    scanning hidden processes ...


    scanning hidden autostart entries ...


    scanning hidden files ...


    **************************************************************************


    .


    ------------------------ Other Running Processes ------------------------


    .


    C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe


    C:\Windows\System32\audiodg.exe


    C:\Program Files\Protector Suite QL\upeksvr.exe


    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe


    C:\Windows\System32\agrsmsvc.exe


    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe


    C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE


    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe


    C:\Windows\System32\PnkBstrA.exe


    C:\Windows\System32\rlservice.exe


    C:\Windows\System32\TODDSrv.exe


    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe


    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe


    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe


    C:\Program Files\Toshiba\SmoothView\SmoothView.exe


    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe


    C:\Program Files\Synaptics\SynTP\SynToshiba.exe


    C:\Windows\System32\rundll32.exe


    C:\Program Files\Protector Suite QL\psqltray.exe


    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe


    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe


    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe


    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe


    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe


    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe


    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe


    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe


    C:\Program Files\Windows Live\Messenger\usnsvc.exe


    C:\Windows\servicing\TrustedInstaller.exe


    .


    **************************************************************************


    .


    Completion time: 2008-07-23 11:39:28 - machine was rebooted


    ComboFix-quarantined-files.txt 2008-07-23 18:38:05


    Pre-Run: 115,814,330,368 bytes free


    Post-Run: 115,511,042,048 bytes free


    317 --- E O F --- 2008-07-11 20:04:35

  • Here is a list of a couple of viruses that seem to not want to diassapear.


    Viruses.jpg

  • UPDATE: I HAVE NO ISSUES NOW WITH PERFOMING SCANS AND HAVE RECENTLY INSTALLED BITDEFENDER TOTOAL SECURITY 2008.


    BITDEFENDER IS RUNNING WELL AND HAS BLOCKED THE ABOVE VIRUSES SINCE THE NEW INSTALL.


    SORRY FOR NOT CLEARING THAT UP EARLIER, BUT I STILL HAVE THE POPUP ISSUES IN THE FIRST POST :(

  • UPDATE:


    Well it appears as though my problem has dissapeared. Im not sure whether it can happen however i beliive combifix.exe fixed my computer, possibly from restoring an old point on my computer? Not sure whether this can acutally happen but i believe it did.


    I havent had any further issues since my last post. So very happy.


    Can someone confirm my suggestion as a fix for this issue?

  • rootkit
    rootkit ✭✭✭

    Run a full scan with SUPERAntiSpyware Free ;)

  • Hello imhardlyeva@hotmail.com,


    Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post. So I or someone else can see if there is still some infections.


    Kind regards,


    Niels


    I had the same problem and because of the advise of Mr Niels my PC is now 100% again. You are my new hero!!!

  • I ran the combofix and it is still there, keeps blocking my web pages and the google page says i need to install it.


    ComboFix 09-01-17.01 - Scott 2009-01-17 12:29:57.1 - NTFSx86


    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.128 [GMT -5:00]


    Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe


    AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)


    * Created a new restore point


    .


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    .


    C:\bold.log


    c:\documents and settings\Scott\Application Data\FunWebProducts


    c:\documents and settings\Scott\Application Data\FunWebProducts\Data\Scott\avatar.dat


    c:\documents and settings\Scott\Application Data\FunWebProducts\Data\Scott\register.dat


    c:\windows\system32\apewaped.ini


    c:\windows\system32\depemtka.ini


    c:\windows\system32\ejetasem.ini


    c:\windows\system32\gihubiro.dll


    c:\windows\system32\hgmmmahl.ini


    c:\windows\system32\imiveked.ini


    c:\windows\system32\iteramij.ini


    c:\windows\system32\itinivoh.ini


    c:\windows\system32\jemehaga.dll


    c:\windows\system32\jepunulu.dll


    c:\windows\system32\jqtsdyeh.ini


    c:\windows\system32\mwukyugj.ini


    c:\windows\system32\nyxqoygw.ini


    c:\windows\system32\odalusig.ini


    c:\windows\system32\okelemar.ini


    c:\windows\system32\owepamiw.ini


    c:\windows\system32\squtuwds.ini


    c:\windows\system32\srnlengv.ini


    c:\windows\system32\tonetupi.dll


    c:\windows\system32\urabunir.ini


    c:\windows\system32\urihuhip.ini


    c:\windows\system32\xqrnijyo.ini


    c:\windows\system32\YHPAaccf.ini


    c:\windows\system32\YHPAaccf.ini2


    .


    ((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))


    .


    2009-01-17 12:19 . 2009-01-17 12:19 <DIR> d--hs---- c:\documents and settings\LocalService\UserData


    2009-01-16 21:38 . 2009-01-16 21:38 <DIR> d-------- c:\program files\CCleaner


    2009-01-16 19:28 . 2009-01-16 19:28 <DIR> d-------- c:\documents and settings\Scott\Application Data\Malwarebytes


    2009-01-16 19:27 . 2009-01-16 20:25 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware


    2009-01-16 19:27 . 2009-01-16 19:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes


    2009-01-16 19:27 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys


    2009-01-16 19:27 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys


    2009-01-04 12:51 . 2009-01-04 12:50 410,984 --a------ c:\windows\system32\deploytk.dll


    2009-01-02 10:57 . 2009-01-02 14:58 <DIR> d-------- c:\documents and settings\Scott\.housecall6.6


    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    2009-01-17 17:38 --------- d-----w c:\program files\Symantec AntiVirus


    2009-01-04 17:50 --------- d-----w c:\program files\Java


    2009-01-03 22:43 --------- d-----w c:\program files\Apple Software Update


    2008-12-16 02:56 --------- d-----w c:\program files\MSECache


    2008-12-15 22:55 --------- d--h--w c:\program files\InstallShield Installation Information


    2008-12-15 22:55 --------- d-----w c:\program files\Common Files\Nikon


    2008-12-15 22:55 --------- d-----w c:\documents and settings\Scott\Application Data\OfficeUpdate12


    2008-12-15 22:50 --------- d-----w c:\program files\Microsoft ActiveSync


    2008-12-15 22:30 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage


    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys


    2007-10-01 10:31 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT


    .


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    .


    *Note* empty entries & legit default entries are not shown


    REGEDIT4


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}]


    2004-08-04 07:00 296448 --a------ c:\windows\system32\winsystems.dll


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]


    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-12 68856]


    "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]


    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 655360]


    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]


    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-01 257088]


    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]


    "vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2005-11-15 85744]


    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]


    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk


    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup


    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]


    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk


    backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]


    --a------ 2005-10-04 11:42 48752 c:\program files\Common Files\Symantec Shared\ccApp.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]


    --a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]


    --a------ 2007-06-01 15:51 257088 c:\program files\iTunes\iTunesHelper.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]


    --a------ 2007-04-27 08:41 282624 c:\program files\QuickTime\qttask.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]


    --a------ 2005-11-15 12:28 85744 c:\progra~1\SYMANT~1\VPTray.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\security center]


    "UpdatesDisableNotify"=dword:00000001


    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]


    "DisableMonitoring"=dword:00000001


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]


    "%windir%\\system32\\sessmgr.exe"=


    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=


    "c:\\Program Files\\iTunes\\iTunes.exe"=


    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager


    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager


    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application


    "c:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\Directcd.exe"=


    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpsvc.exe"=


    "c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_2_6.EXE"=


    "c:\\Program Files\\Symantec AntiVirus\\DWHWizrd.exe"=


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-10 99376]


    S0 rytt;rytt;c:\windows\system32\drivers\iusvdp.sys --> c:\windows\system32\drivers\iusvdp.sys [?]


    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-11-15 169200]


    .


    Contents of the 'Scheduled Tasks' folder


    2009-01-17 c:\windows\Tasks\xrxafhuy.job


    - c:\windows\system32\rundll32.exe [2008-04-13 19:12]


    .


    - - - - ORPHANS REMOVED - - - -


    BHO-{6AC502AD-C559-4CC1-AEA8-96732641EA6C} - (no file)


    Notify-geBrpoPI - geBrpoPI.dll


    .


    ------- Supplementary Scan -------


    .


    uStart Page = hxxp://www.yahoo.com/


    uInternet Connection Wizard,ShellNext = iexplore


    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


    .


    **************************************************************************


    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net


    Rootkit scan 2009-01-17 12:38:41


    Windows 5.1.2600 Service Pack 3 NTFS


    scanning hidden processes ...


    scanning hidden autostart entries ...


    scanning hidden files ...


    scan completed successfully


    hidden files: 0


    **************************************************************************


    .


    --------------------- DLLs Loaded Under Running Processes ---------------------


    - - - - - - - > 'winlogon.exe'(516)


    c:\windows\system32\msacm32.drv


    .


    ------------------------ Other Running Processes ------------------------


    .


    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe


    c:\program files\Symantec AntiVirus\DefWatch.exe


    c:\program files\Java\jre6\bin\jqs.exe


    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


    c:\program files\Symantec AntiVirus\Rtvscan.exe


    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe


    c:\program files\iPod\bin\iPodService.exe


    c:\program files\Symantec AntiVirus\DoScan.exe


    c:\progra~1\MI3AA1~1\rapimgr.exe


    .


    **************************************************************************


    .


    Completion time: 2009-01-17 12:44:24 - machine was rebooted


    ComboFix-quarantined-files.txt 2009-01-17 17:44:00


    Pre-Run: 30,626,930,688 bytes free


    Post-Run: 30,968,905,728 bytes free


    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe


    [boot loader]


    timeout=2


    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS


    [operating systems]


    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons


    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect


    172 --- E O F --- 2009-01-17 04:40:27

  • i had this same problem. i installed malwarebytes anti maleware and it removed it