[seth69]

help please it keeps coming back when ive cleaned deleted it many times
http://img366.imageshack.us/img366/7034/trojanov9.jpg

together with this error
http://img373.imageshack.us/img373/5444/mutexpn6.jpg

 

[sjpritch25]

Welcome to TSG

Please download HJT setup.exe Here
Let it Place Hijackthis in C:\Program Files\Hijackthis
Open Hijackthis.exe
Click on Do a System Scan and Save log file
Don't Fix any Items!!!
Just copy and paste the contents of the log file to your reply.

 

[seth69]

Logfile of HijackThis v1.99.1
Scan saved at 10:58:54 AM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
D:\Application\Utorrent\utorrent.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.np.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.108.125.98:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = npstd.npnet.np.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = npstd.npnet.np.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = npstd.npnet.np.edu.sg
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe

 

[sjpritch25]

Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/zh/BetaB/combofix.exe

Note: It is important that it is saved directly to your desktop

Close any open browsers.

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[seth69]

"Administrator" - 07-01-01 11:17:19.21 Service Pack 2
ComboFix 06-12-29W-BetaE2 - Running from: "C:\Documents and Settings\Administrator\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

e:\autorun.inf
C:\INSTALL.LOG
f:\autorun.inf" . . . . failed to delete

((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 ))))))))))))))))))))))))))))))))))

2007-01-01 10:58 d-------- C:\Program Files\Hijackthis
2006-12-31 14:27 d-------- C:\WINDOWS\pss
2006-12-31 09:31 d--h-c--- C:\WINDOWS\ie7
2006-12-31 09:31 d-------- C:\WINDOWS\WBEM
2006-12-31 09:31 d-------- C:\WINDOWS\system32\en-US
2006-12-31 09:29 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-31 09:28 d-------- C:\WINDOWS\network diagnostic
2006-12-26 22:40 155,648 --a------ C:\WINDOWS\system32\libssl32.dll
2006-12-04 17:24 d-------- C:\DOCUME~1\S10034~3\.grasp_settings
2006-12-04 17:23 d-------- C:\RRBACK~1\DOCUME~1\S10034~3\APPLIC~1\ThinkVantage
2006-12-04 17:20 d---s---- C:\DOCUME~1\S10034~3\UserData
2006-12-04 17:20 d-------- C:\DOCUME~1\S10034~3\Bluetooth Software
2006-12-04 17:20 d-------- C:\DOCUME~1\S10034~3\APPLIC~1\ThinkVantage
2006-12-04 17:20 d-------- C:\DOCUME~1\S10034~3\APPLIC~1\Symantec
2006-12-04 17:20 d-------- C:\DOCUME~1\S10034~3\APPLIC~1\Sun
2006-12-04 17:20 d-------- C:\DOCUME~1\S10034~3\APPLIC~1\IBM
2006-12-04 17:20 d-------- C:\DOCUME~1\S10034~3\APPLIC~1\Google
2006-12-04 17:20 d-------- C:\DOCUME~1\S10034~3\APPLIC~1\Apple Computer

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-01 11:22 -------- d-------- C:\Program Files\symantec antivirus
2007-01-01 11:20 -------- d-------- C:\Documents and Settings\Administrator\Application Data\utorrent
2006-12-31 09:26 -------- d-------- C:\Program Files\java
2006-12-31 09:16 5427 --a------ C:\WINDOWS\system32\egathdrv.sys
2006-12-07 14:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-30 13:34 -------- d-------- C:\Program Files\jgrasp
2006-11-29 23:41 327680 -ra------ C:\WINDOWS\system32\grdupdater.exe
2006-11-24 19:26 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-11-15 15:47 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\microsoft
2006-11-12 20:03 2829 --a------ C:\WINDOWS\war3unin.pif
2006-11-12 20:03 139264 --a------ C:\WINDOWS\war3unin.exe
2006-11-08 17:05 -------- d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2006-11-08 13:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 22:53 1220608 -ra------ C:\WINDOWS\system32\clubbox.exe
2006-11-02 17:29 61440 --a------ C:\WINDOWS\system32\nod.dll
2006-10-24 22:53 122880 -ra------ C:\WINDOWS\system32\downengine.dll
2006-10-19 21:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 20:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 20:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 20:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BitTorrent"="\"D:\\bittorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"TPKMAPHELPER"="C:\\Program Files\\ThinkPad\\Utilities\\TpKmapAp.exe -helper"
"TpShocks"="TpShocks.exe"
"TP4EX"="tp4ex.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"EZEJMNAP"="C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\EzEjMnAp.Exe"
"TPHOTKEY"="C:\\PROGRA~1\\Lenovo\\PkgMgr\\HOTKEY\\TPHKMGR.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"suScheduler"="C:\\Program Files\\ThinkVantage\\SystemUpdate\\UCLauncher.exe /SCHEDULER"
"LPManager"="C:\\PROGRA~1\\THINKV~2\\PrdCtr\\LPMGR.exe"
"AMSG"="C:\\Program Files\\ThinkVantage\\AMSG\\Amsg.exe"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"cssauth"="\"C:\\Program Files\\IBM ThinkVantage\\Client Security Solution\\cssauth.exe\" silent"
"PDService.exe"="\"C:\\Program Files\\IBM ThinkVantage\\SafeGuard PrivateDisk\\pdservice.exe\""
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"ACTray"="C:\\Program Files\\ThinkPad\\ConnectUtilities\\ACTray.exe"
"ACWLIcon"="C:\\Program Files\\ThinkPad\\ConnectUtilities\\ACWLIcon.exe"
"PWRMGRTR"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\PWRMGRTR.DLL,PwrMgrBkGndMonitor"
"BLOG"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatLogEx.DLL,StartBattLog"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~2\\VPTray.exe"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"Task"="C:\\DOCUME~1\\ADMINI~1\\taskmgr.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
Shell\Open\command Boot.exe e

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\autoplay.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6be0f5c5-0807-11db-880a-00130210cb51}]
Shell\Auto\command RavMonE.exe e
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cf84025-6aeb-11db-88e3-0014a4d6d952}]
Shell\Auto\command RavMonE.exe e
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d060c008-7509-11db-8901-0014a4d6d952}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
Shell\Open\command G:\Boot.exe e

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da70718e-7a8a-11db-8911-0014a4d6d952}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
Shell\Open\command G:\Boot.exe e

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fab033f4-e605-11da-87ce-00130210cb51}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
Shell\Open\command G:\Boot.exe e

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\PMTask.job

Completion time: 07-01-01 11:25:09.43

 

[sjpritch25]

There are some things in the Combofix that i don't like. It failed to delete one file and i am going to contact the developer. Please be patient while i wait to recieve a message.

 

[seth69]

ok thanks ill wait

 

[Byteman]

Seth,. Do you use any flash drives or other removable drives, and were they connected during the use of ComboFix?

 

[seth69]

i use thumb drive but it was weeks ago so they were not connected during combofix

 

[seth69]

no one can help me??

 

[sjpritch25]

You have a flash/removal drive infection!!!!

You have a file i would like you to get anaylzed. Please go to VirusTotal. On the very top of the Website, you will see a Browse button. You will more than likely need to use Windows Search to find those files.

Boot.exe
Ravmon.exe
. Then Click on Send. This could take between 30 Second-a couple of minutes. When you get the Results, Open Notepad, please highlight the results, copy them to Notepad and save it as "Scan.txt, Scan2.txt". Save the text file "Scan.txt and Scan2.txt" to your desktop. Please include the file in your next post.

 

[seth69]

ive searched for both files including in hidden folders + system + all drives and no results

 

[sjpritch25]

Ok, lets make sure the infection is gone

Download and scan with Sysclean Package.
1. Create a new folder on drive "C:\" ("C:\New Folder") and rename it Sysclean.
2. Place the sysclean.com inside that folder.
3. Then download the latest Virus Pattern Files (lptXXX.zip).
4. Extract the lptXXX.zip pattern file into the same folder you created for sysclean.com.
5. Close all open applications and DISABLE your current anti-virus software. Some anti-virus programs such as Avast will alert you to a virus attack when running sysclean so it's best to disable them first. DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 . To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
7. Open the Sysclean folder and double-click on sysclean.com to run.
8. It will take some time to complete. Be patient and let it clean whatever it finds.
9. Exit when done, reboot normally and re-enable your anti-virus program.

Note: This tool generates a log file (sysclean.log) in the same folder where the scan is completed. When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have the rights to scan some locations resulting in Access is denied log entries.

 

[seth69]

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2007-01-02, 14:35:28, Auto-clean mode specified.
2007-01-02, 14:35:28, Running scanner "C:\sysclean\TSC.BIN"...
2007-01-02, 14:36:05, Scanner "C:\sysclean\TSC.BIN" has finished running.
2007-01-02, 14:36:05, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)

Start time : Tue Jan 02 2007 14:35:28

Load Damage Cleanup Template (DCT) "C:\sysclean\tsc.ptn" (version 822) [success]

Complete time : Tue Jan 02 2007 14:36:05
Execute pattern count(3029), Virus found count(0), Virus clean count(0), Clean failed count(0)

2007-01-02, 14:38:17, An error was detected on "D:\Downloads\(MUGEN) ????? ~????????????~ ??(MG-007)@Burn.U??AVI\*.*": The filename, directory name, or volume label syntax is incorrect.
2007-01-02, 14:38:17, An error was detected on "D:\Downloads\(??caribbeancom)?????~?????????????~sogood??~??18p2p\*.*": The filename, directory name, or volume label syntax is incorrect.
2007-01-02, 14:38:29, An error was detected on "D:\System Volume Information\*.*": Access is denied.
2007-01-02, 14:38:29, An error was detected on "E:\System Volume Information\*.*": Access is denied.
2007-01-02, 15:01:48, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/2/2007 14:38:30
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 155 (148263 Patterns) (2007/01/01) (415500)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\sysclean

82325 files have been read.
82325 files have been checked.
77948 files have been scanned.
252751 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/2/2007 15:01:47
---------*---------*---------*---------*---------*---------*---------*---------*
2007-01-02, 15:01:48, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/2/2007 14:38:30
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 155 (148263 Patterns) (2007/01/01) (415500)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\sysclean

82325 files have been read.
82325 files have been checked.
77948 files have been scanned.
252751 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/2/2007 15:01:47 23 minutes 16 seconds (1396.47 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-01-02, 15:01:48, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/2/2007 14:38:30
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 155 (148263 Patterns) (2007/01/01) (415500)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\sysclean

82325 files have been read.
82325 files have been checked.
77948 files have been scanned.
252751 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/2/2007 15:01:47 23 minutes 16 seconds (1396.47 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-01-02, 15:01:48, Scanner "C:\sysclean\VSCANTM.BIN" has finished running.
2007-01-02, 15:06:09, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/2/2007 15:01:48
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 155 (148263 Patterns) (2007/01/01) (415500)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\sysclean

5676 files have been read.
5676 files have been checked.
4202 files have been scanned.
22952 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/2/2007 15:06:09
---------*---------*---------*---------*---------*---------*---------*---------*
2007-01-02, 15:06:09, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/2/2007 15:01:48
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 155 (148263 Patterns) (2007/01/01) (415500)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\sysclean

5676 files have been read.
5676 files have been checked.
4202 files have been scanned.
22952 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/2/2007 15:06:09 4 minutes 19 seconds (259.28 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-01-02, 15:06:09, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/2/2007 15:01:48
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 155 (148263 Patterns) (2007/01/01) (415500)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\sysclean

5676 files have been read.
5676 files have been checked.
4202 files have been scanned.
22952 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/2/2007 15:06:09 4 minutes 19 seconds (259.28 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-01-02, 15:06:09, Scanner "C:\sysclean\VSCANTM.BIN" has finished running.
2007-01-02, 15:06:10, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/2/2007 15:06:09
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 155 (148263 Patterns) (2007/01/01) (415500)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\sysclean

10 files have been read.
10 files have been checked.
10 files have been scanned.
10 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/2/2007 15:06:10
---------*---------*---------*---------*---------*---------*---------*---------*
2007-01-02, 15:06:10, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/2/2007 15:06:09
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 155 (148263 Patterns) (2007/01/01) (415500)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\sysclean

10 files have been read.
10 files have been checked.
10 files have been scanned.
10 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/2/2007 15:06:10 0.05 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-01-02, 15:06:10, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/2/2007 15:06:09
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 155 (148263 Patterns) (2007/01/01) (415500)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\sysclean

10 files have been read.
10 files have been checked.
10 files have been scanned.
10 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/2/2007 15:06:10 0.05 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-01-02, 15:06:10, Scanner "C:\sysclean\VSCANTM.BIN" has finished running.

err after i rebooted and on my anti virus the auto protect thing comes up again but thois time with more trojan cleaned, is my case hopeless?

 

[sjpritch25]

Do you have a F: partition on your hard drive???? I think the F:is probably related to your CD drive or flash drive. If you can find F:\autoplay.exe

Please go to Virustotal, click on Browse, locate the file and then post the results.

What did Norton find????

Next, please run Combofix again the post the results. Thanks.

 

[seth69]

i have a f drive which is for CDs but file autoplay.exe cant be found

mine is using symantec antivirus and the auto protect functions brings up this
--> http://img366.imageshack.us/img366/7034/trojanov9.jpg
except that there were 5 backdoor.trojans auto*cleaned today rather than the usual 3 which u can see at the link. The auto protect box comes out randomly and the mutex error as well
--> http://img373.imageshack.us/img373/5444/mutexpn6.jpg

Heres the new combo fix:

 

[sjpritch25]

I have attached a file named Seth69.zip, please Extract/Unzip Seth69.reg to your Desktop. Double-click on Seth69.reg and allow it to be merged into Windows Registry.

Download KILLBOX, extract it to your desktop.

Open killbox.exe.

First

Click on Tools>Delete Temp Files

A box will open with a list of all user profiles.

Check the following boxes at a minimum for each profile by clicking on the drop down and checking the boxes that are enabled. Some will not apply and those boxes will not be available to check. Make sure you do this for all the profiles listed.

Temporary Internet Files
Temp Files
XP Prefetch

If you want to clean your cookies, history, and list of recent files run you may check those boxes as well.

Then,,

Check on the Button titled "Delete Selected Temp Files"

Exit by clicking the Button titled "Exit(Save Settings)"

Once back into the main killbox program.

Check the following boxes:

Delete on Reboot

Highlight all the entries in the quote box below and then Copy them.

C:\WINDOWS\system32\grdupdater.exe
C:\DOCUME~1\ADMINI~1\taskmgr.exe

Then in killbox click File>>Paste from Clipboard

At this point the "All Files" button should be enabled so you can click it.

Click the "All Files" button.

Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes

A second message will ask to Reboot now? you will need to click Yes to allow the reboot.

Note: Killbox will let you know if a file does not exist.

If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot

========================================

What is located in your G:\ Drive????

 

[seth69]

g drive is for thumb drive
i finished what u told me to do but i get this error
windows cannot find C:\DOCUME~1\ADMINI~1\taskmgr.exe at the startup
actually i had this error before but i pasted the taskmgr.exe at that location and since then
my task manager always come up during startup (this was before)

 

[sjpritch25]

Did you do the regfix?????

 

[sjpritch25]

Currenly, is your thumb drive connected to your computer????