Need help with WinNT/Bubnix.gen!B

[twinsmom]

I've been getting Windows Live OneCare Scan Reports that Bubnix.gen!B has been removed and to reboot for the past week. I've run MalwareBytes and SuperAntiSpyWare but neither find anything. Every morning I have the same alert. Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:14:15 AM, on 8/29/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17080)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\CSHelper.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe

C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Microsoft Windows OneCare Live\winss.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Kari Horst\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jeffcoweb.jeffco.k12.co.us/connections/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090204

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Qwest 1.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Qwest 1.0)" -"http://www.cartoonnetwork.com/games/knd/rail/index.html"

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Qwest Live - {76F72F84-8AE5-4547-AD3E-DFB11FAD2150} - http://qwest.live.com (file missing) (HKCU)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/w.../p3dactivex.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://jeffco.us/activex/AMC.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://office.gscolorado.org/dana-cached/s...perSetupSP1.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--

End of file - 12655 bytes

[LDTate]

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

We've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

[twinsmom]

My computer had been slower than usual and when I closed IE7 with multiple tabs another window would open with multiple tabs of the main window. I also kept getting the alert that I had the bubnix.gen!B trojan. I did get 2 IP alerts but blocked both and don't remember what they were.

ComboFix 10-08-28.02 - Kari Horst 08/29/2010 9:51.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2601 [GMT -6:00]

Running from: c:\documents and settings\Kari Horst\Desktop\ComboFix.exe

AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}

FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Kari Horst\Application Data\JuniperExtXP.exe

c:\windows\system32\Thumbs.db

E:\install.exe

N:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))

.

2010-08-27 22:56 . 2010-08-27 22:56 -------- d-----w- c:\documents and settings\Kari Horst\Application Data\SUPERAntiSpyware.com

2010-08-27 22:56 . 2010-08-27 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-23 12:18 . 2010-08-23 12:18 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-08-23 12:06 . 2010-08-23 12:06 -------- d-----w- c:\documents and settings\Kari Horst\Local Settings\Application Data\Sunbelt Software

2010-08-23 11:54 . 2010-08-23 11:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-17 01:44 . 2010-08-29 16:00 585504 ----a-w- c:\windows\system32\drivers\chttq.sys

2010-08-10 19:31 . 2010-08-10 19:31 -------- d-----w- c:\program files\Common Files\Windows Live

2010-08-05 03:31 . 2010-08-05 03:31 -------- d-----w- c:\documents and settings\Kari Horst\Local Settings\Application Data\Flickr

2010-08-05 03:31 . 2010-08-05 03:31 -------- d-----w- c:\documents and settings\Kari Horst\Application Data\Flickr

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-29 15:59 . 2009-02-09 03:30 336 ----a-w- c:\windows\system32\tablet.dat

2010-08-29 01:01 . 2009-02-09 04:55 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

2010-08-27 22:51 . 2009-03-22 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-08-18 22:34 . 2009-10-15 02:16 -------- d-----w- c:\program files\AGEod's American Civil War

2010-08-17 03:18 . 2010-08-17 03:18 20 ----a-w- c:\documents and settings\LocalService\Application Data\bawuho.dat

2010-08-17 01:44 . 2010-08-17 01:44 20 ----a-w- c:\windows\system32\config\systemprofile\Application Data\bawuho.dat

2010-08-15 18:12 . 2009-02-09 00:21 156024 ----a-w- c:\documents and settings\Kari Horst\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-14 13:08 . 2009-02-04 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-12 12:16 . 2010-08-23 11:54 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

2010-08-12 12:15 . 2009-03-22 15:14 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-12 12:15 . 2009-03-22 14:57 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-05 03:31 . 2010-06-23 02:39 -------- d-----w- c:\program files\Flickr Uploadr

2010-07-31 00:56 . 2010-07-29 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-31 00:56 . 2010-03-24 17:24 -------- d-----w- c:\program files\Common Files\Logitech

2010-07-31 00:51 . 2010-01-24 04:02 -------- d-----w- c:\program files\SophieSew

2010-07-31 00:51 . 2010-03-24 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech

2010-07-29 11:42 . 2010-07-29 11:42 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2010-07-17 04:48 . 2009-12-27 04:00 -------- d-----w- c:\program files\CCleaner

2010-07-17 04:15 . 2009-09-22 11:57 101740 ---ha-w- c:\windows\system32\mlfcache.dat

2010-07-13 12:25 . 2010-07-13 12:25 -------- d-----w- c:\program files\Common Files\EZB Systems

2010-07-13 12:25 . 2010-07-13 12:25 -------- d-----w- c:\program files\UltraISO

2010-07-11 04:05 . 2009-03-14 23:33 -------- d-----w- c:\program files\HP

2010-07-11 04:05 . 2010-07-11 04:05 -------- d-----w- c:\documents and settings\Kari Horst\Application Data\Share-to-Web Upload Folder

2010-07-11 04:04 . 2010-07-11 04:04 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2010-07-11 04:04 . 2010-07-11 04:04 -------- d-----w- c:\program files\Hewlett-Packard

2010-06-30 12:31 . 2004-08-11 22:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-26 16:13 . 2010-06-26 16:13 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-24 12:15 . 2004-08-11 22:00 832512 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:15 . 2009-12-27 03:37 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:15 . 2004-08-11 22:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-06-24 02:14 . 2004-08-11 22:00 1861120 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-11 22:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-11 22:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-16 02:03 . 2010-06-16 02:03 50354 ----a-w- c:\documents and settings\Kari Horst\Application Data\Facebook\uninstall.exe

2010-06-14 14:31 . 2004-08-11 22:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2004-08-11 22:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-14 02:03 . 2010-06-14 01:31 102833 ----a-w- c:\windows\HPFins09.dat

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-03-17 2387968]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2010-02-05 65256]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]

"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]

"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-14 50472]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\documents and settings\Kari Horst\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-8 110592]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]

TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-2-8 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-02-04 18:55 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPoint.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk

backup=c:\windows\pss\SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk

backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kari Horst^Start Menu^Programs^Startup^Event Reminder.lnk]

path=c:\documents and settings\Kari Horst\Start Menu\Programs\Startup\Event Reminder.lnk

backup=c:\windows\pss\Event Reminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard]

LBTWiz.exe -silent [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2010-06-16 23:20 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]

2010-08-12 12:15 864624 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 14:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-04 00:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-28 01:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2007-06-25 14:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2007-01-12 01:15 101136 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LxrAutorun]

2007-03-07 17:51 24576 ----a-w- c:\documents and settings\Kari Horst\Local Settings\Application Data\Lexar Media\LxrAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]

2005-10-12 23:25 65536 ----a-w- c:\program files\Duck Tape

[LDTate]

We need to get a copy of a file.

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

http://forums.malwarebytes.org/index.php?showtopic=61517

Collect::
c:\windows\system32\drivers\chttq.sys


Driver::
chttq

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\chttq]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

[twinsmom]

I'm getting ad-ware alerts I can't stop but I think that's my fault.ComboFix 10-08-28.02 - Kari Horst 08/29/2010 10:27:04.2.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2553 [GMT -6:00]

Running from: c:\documents and settings\Kari Horst\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Kari Horst\Desktop\CFScript.txt

AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}

FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

file zipped: c:\windows\system32\drivers\chttq.sys

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\chttq.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_CHTTQ

-------\Service_chttq

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))

.

2010-08-27 22:56 . 2010-08-27 22:56 -------- d-----w- c:\documents and settings\Kari Horst\Application Data\SUPERAntiSpyware.com

2010-08-27 22:56 . 2010-08-27 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-23 12:18 . 2010-08-23 12:18 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-08-23 12:06 . 2010-08-23 12:06 -------- d-----w- c:\documents and settings\Kari Horst\Local Settings\Application Data\Sunbelt Software

2010-08-23 11:54 . 2010-08-23 11:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-10 19:31 . 2010-08-10 19:31 -------- d-----w- c:\program files\Common Files\Windows Live

2010-08-05 03:31 . 2010-08-05 03:31 -------- d-----w- c:\documents and settings\Kari Horst\Local Settings\Application Data\Flickr

2010-08-05 03:31 . 2010-08-05 03:31 -------- d-----w- c:\documents and settings\Kari Horst\Application Data\Flickr

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-29 16:32 . 2009-02-09 03:30 336 ----a-w- c:\windows\system32\tablet.dat

2010-08-29 01:01 . 2009-02-09 04:55 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

2010-08-27 22:51 . 2009-03-22 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-08-18 22:34 . 2009-10-15 02:16 -------- d-----w- c:\program files\AGEod's American Civil War

2010-08-17 03:18 . 2010-08-17 03:18 20 ----a-w- c:\documents and settings\LocalService\Application Data\bawuho.dat

2010-08-17 01:44 . 2010-08-17 01:44 20 ----a-w- c:\windows\system32\config\systemprofile\Application Data\bawuho.dat

2010-08-15 18:12 . 2009-02-09 00:21 156024 ----a-w- c:\documents and settings\Kari Horst\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-14 13:08 . 2009-02-04 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-12 12:16 . 2010-08-23 11:54 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

2010-08-12 12:15 . 2009-03-22 15:14 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-12 12:15 . 2009-03-22 14:57 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-05 03:31 . 2010-06-23 02:39 -------- d-----w- c:\program files\Flickr Uploadr

2010-07-31 00:56 . 2010-07-29 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-31 00:56 . 2010-03-24 17:24 -------- d-----w- c:\program files\Common Files\Logitech

2010-07-31 00:51 . 2010-01-24 04:02 -------- d-----w- c:\program files\SophieSew

2010-07-31 00:51 . 2010-03-24 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech

2010-07-29 11:42 . 2010-07-29 11:42 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2010-07-17 04:48 . 2009-12-27 04:00 -------- d-----w- c:\program files\CCleaner

2010-07-17 04:15 . 2009-09-22 11:57 101740 ---ha-w- c:\windows\system32\mlfcache.dat

2010-07-13 12:25 . 2010-07-13 12:25 -------- d-----w- c:\program files\Common Files\EZB Systems

2010-07-13 12:25 . 2010-07-13 12:25 -------- d-----w- c:\program files\UltraISO

2010-07-11 04:05 . 2009-03-14 23:33 -------- d-----w- c:\program files\HP

2010-07-11 04:05 . 2010-07-11 04:05 -------- d-----w- c:\documents and settings\Kari Horst\Application Data\Share-to-Web Upload Folder

2010-07-11 04:04 . 2010-07-11 04:04 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2010-07-11 04:04 . 2010-07-11 04:04 -------- d-----w- c:\program files\Hewlett-Packard

2010-06-30 12:31 . 2004-08-11 22:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-26 16:13 . 2010-06-26 16:13 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-24 12:15 . 2004-08-11 22:00 832512 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:15 . 2009-12-27 03:37 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:15 . 2004-08-11 22:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-06-24 02:14 . 2004-08-11 22:00 1861120 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-11 22:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-11 22:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-16 02:03 . 2010-06-16 02:03 50354 ----a-w- c:\documents and settings\Kari Horst\Application Data\Facebook\uninstall.exe

2010-06-14 14:31 . 2004-08-11 22:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2004-08-11 22:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-14 02:03 . 2010-06-14 01:31 102833 ----a-w- c:\windows\HPFins09.dat

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-03-17 2387968]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2010-02-05 65256]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]

"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]

"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-14 50472]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\documents and settings\Kari Horst\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-8 110592]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]

TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-2-8 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-02-04 18:55 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPoint.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk

backup=c:\windows\pss\SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk

backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kari Horst^Start Menu^Programs^Startup^Event Reminder.lnk]

path=c:\documents and settings\Kari Horst\Start Menu\Programs\Startup\Event Reminder.lnk

backup=c:\windows\pss\Event Reminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard]

LBTWiz.exe -silent [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2010-06-16 23:20 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]

2010-08-12 12:15 864624 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 14:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-28 01:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2007-06-25 14:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2007-01-12 01:15 101136 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LxrAutorun]

2007-03-07 17:51 24576 ----a-w- c:\documents and settings\Kari Horst\Local Settings\Application Data\Lexar Media\LxrAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]

2005-10-12 23:25 65536 ----a-w- c:\program files\Duck Tape

[LDTate]

I can't find any information on either of these:

c:\documents and settings\LocalService\Application Data\bawuho.dat

c:\windows\system32\config\systemprofile\Application Data\bawuho.dat

Please go to http://virusscan.jotti.org, click on Browse, and upload the following file for analysis:

c:\documents and settings\LocalService\Application Data\bawuho.dat

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virscan.org is too busy you can try these.

http://virscan.org/

http://www.kaspersky.com/scanforvirus.html

http://www.virustotal.com/en/indexf.html

[twinsmom]

2010-08-29 Found nothing 2010-08-29 Found nothing

2010-08-29 Found nothing 2010-08-29 Found nothing

2010-08-29 Found nothing 2010-08-29 Found nothing

2010-08-28 Found nothing 2010-08-29 Found nothing

2010-08-29 Found nothing 2010-08-29 Found nothing

2010-08-29 Found nothing 2010-08-27 Found nothing

2010-08-29 Found nothing 2010-08-29 Found nothing

2010-08-29 Found nothing 2010-08-27 Found nothing

2010-08-28 Found nothing 2010-08-29 Found nothing

2010-08-29 Found nothing

What do I do? How do I get rid of Bubnix.gen!B

[LDTate]

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

[twinsmom]

I could not get the scanner to finish. Crashed my computer 3x. I'm no longer getting bubnix but now the chttq.sys is attempting to run. It's locked, how to do I get rid of it?

[twinsmom]

I could not get the scanner to finish. Crashed my computer 3x. I'm no longer getting bubnix but now the chttq.sys is attempting to run. It's locked, how to do I get rid of it?

I'm also getting the IE window opening again, with 3 tabs of the last window I had open when I close using the red X.

[LDTate]

Run a new Combofix scan.

Note: You should install the Recover Console

[LDTate]

Due to inactivity this topic will be closed.

If you need help please start a new thread and post a new HJT log