Post by: guestolo on January 23, 2008, 01:44:57 AM
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color] (http://\"http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe\")
For an alternate download location, you can try HERE (http://\"http://fileforum.betanews.com/detail/HijackThis/1071179190/1\")
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install
Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!
Post by: some1ok on January 23, 2008, 05:46:18 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:12 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvgoc.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 7663 bytes
Post by: some1ok on January 23, 2008, 07:29:10 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:18 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvgoc.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 7859 bytes
Post by: guestolo on January 28, 2008, 07:41:02 PM
Can you post a fresh hijackthis log please
Post by: some1ok on January 29, 2008, 03:02:10 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:26 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvgoc.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 7720 bytes
Post by: guestolo on January 29, 2008, 07:39:22 PM
Do a "System scan only" with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvgoc.dll,startup
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Afterwards
Download [color=\"blue\"]VundoFix.exe[/color] (http://\"http://www.atribune.org/ccount/click.php?id=4\")
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."
I'll need to see this report from Vundofix later>>C:\Vundofix.txt
Afterwards:
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post back all the following after the above is done, even if it takes more than one reply to do so
1. Post the log from Combofix, it's default location is >>C:\Combofix.txt
2. Post the log from Vundofix, it's default location is >>C:\Vundofix.txt
3. Run a fresh Scan>Save logfile with Hijackthis and post it's log also
Post by: some1ok on January 30, 2008, 10:33:28 AM
...so here is the log for ComboFix.
ComboFix 08-01-30.6 - Mathew 2008-01-30 10:22:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.533 [GMT -5:00]
Running from: C:\Documents and Settings\Mathew\Desktop\ComboFix.exe
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\vtuurol.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Mathew\Application Data\searchtoolbarcorp
C:\Documents and Settings\Mathew\Favorites\Error Cleaner.url
C:\Documents and Settings\Mathew\Favorites\Privacy Protector.url
C:\Documents and Settings\Mathew\Favorites\Spyware&Malware Protection.url
C:\Program Files\Common Files\{08466~1
C:\Program Files\cowabanga
C:\Program Files\cowabanga\License.txt
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\vsadd-in
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\duruaknp.dll
C:\WINDOWS\system32\fravaxbv.dll
C:\WINDOWS\system32\gdrileax.dll
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.exe
C:\WINDOWS\system32\jsnardlx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdnsnjsd.dll
C:\WINDOWS\system32\oplsisoj.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\vtuurol.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\x64
C:\WINDOWS\system32\yosvesth.dll
C:\WINDOWS\system32\yrideqtt.dll
----- BITS: Possible infected sites -----
hxxp://77.91.228.186
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\NPF
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.
2008-01-30 09:57 . 2008-01-30 10:15 <DIR> d-------- C:\VundoFix Backups
2008-01-24 18:15 . 2008-01-24 18:15 <DIR> d-------- C:\Program Files\Nsasoft
2008-01-24 18:15 . 2008-01-24 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 09:04 . 2008-01-30 10:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-24 09:04 . 2008-01-24 09:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 19:15 . 2008-01-23 20:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-23 19:14 . 2008-01-23 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-23 19:06 . 2008-01-23 20:59 <DIR> d-------- C:\Program Files\Windows Live
2008-01-23 18:52 . 2008-01-24 15:09 <DIR> d-------- C:\Program Files\MSECACHE
2008-01-23 16:55 . 2008-01-23 16:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-23 15:58 . 2008-01-23 15:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-23 15:58 . 2008-01-23 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 15:34 . 2008-01-23 15:34 <DIR> d-------- C:\Program Files\CCleaner
2008-01-23 15:20 . 2008-01-23 15:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 15:05 . 2008-01-23 15:05 1,024 --a------ C:\WINDOWS\system32\drivers\DAA59A82-9E4E-40FD-B02D-276A22231BCF.cxv
2008-01-22 13:00 . 2008-01-22 13:01 2,048 --a------ C:\WINDOWS\system32\drivers\5049CA52-0F31-41EA-B004-D73A5858207A.cxv
2008-01-22 12:39 . 2008-01-22 12:39 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Grisoft
2008-01-22 12:39 . 2008-01-22 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 12:39 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 11:23 . 2008-01-22 11:23 5,120 --a------ C:\WINDOWS\system32\drivers\D6E4E5D4-36A3-4B90-8C4C-1C5228221F20.cxv
2008-01-22 11:21 . 2008-01-23 15:10 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-22 11:21 . 2008-01-23 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-22 10:55 . 2008-01-22 11:25 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-22 10:36 . 2008-01-22 10:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-21 22:51 . 2008-01-22 13:00 <DIR> d-------- C:\Program Files\PrevxCSI
2008-01-21 22:38 . 2008-01-21 22:53 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\PrevxCSI
2008-01-21 22:38 . 2008-01-21 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 22:28 . 2008-01-22 10:39 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-21 21:19 . 2008-01-22 10:38 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2008-01-21 21:18 . 2008-01-22 10:38 114,688 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-21 21:18 . 2008-01-22 10:38 98,304 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-21 21:18 . 2008-01-22 10:38 94,208 --a------ C:\WINDOWS\system32\igfxpers .exe
2008-01-21 21:13 . 2008-01-22 11:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 21:13 . 2008-01-22 11:26 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\SUPERAntiSpyware.com
2008-01-21 21:13 . 2008-01-21 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-21 21:09 . 2008-01-21 21:34 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-01-21 21:08 . 2008-01-21 21:08 <DIR> d-------- C:\Program Files\Greatis
2008-01-21 21:08 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-21 20:24 . 2008-01-21 20:24 103,936 --a------ C:\WINDOWS\system32\drvgoc.dll
2008-01-21 20:13 . 2008-01-21 20:16 <DIR> d-------- C:\Program Files\UltraISO
2008-01-21 20:13 . 2008-01-21 20:13 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-01-21 20:00 . 2008-01-22 14:12 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-21 20:00 . 2008-01-21 20:00 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\DAEMON Tools
2008-01-21 19:55 . 2008-01-21 19:55 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Yahoo!
2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-08 18:10 . 2008-01-16 15:16 <DIR> d-------- C:\Program Files\Graboid
2007-12-28 16:55 . 2007-12-11 17:34 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-12-28 16:55 . 2007-12-11 17:34 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-28 16:55 . 2007-12-11 17:34 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-27 17:14 . 2007-12-27 17:14 <DIR> d-------- C:\Program Files\eRightSoft
2007-12-27 16:48 . 2007-12-27 16:48 <DIR> d-------- C:\Program Files\Red Kawa
2007-12-27 16:42 . 2007-12-27 16:42 <DIR> d-------- C:\Program Files\E-Zsoft
2007-12-23 23:15 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-23 23:15 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2007-12-13 21:14 . 2007-12-13 21:14 <DIR> d-------- C:\Program Files\Veoh Networks
2007-12-11 17:33 . 2007-12-11 17:33 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-12-11 17:33 . 2007-12-11 17:33 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-12-11 17:32 . 2007-12-11 17:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-02 17:27 . 2008-01-30 10:27 <DIR> d-------- C:\Program Files\iTunes
2007-12-02 17:27 . 2007-12-02 17:27 <DIR> d-------- C:\Program Files\iPod
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-01-30 14:53 --------- d-----w C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-29 23:43 --------- d-----w C:\Program Files\FlashGet
2008-01-24 02:08 --------- d-----w C:\Program Files\MSN Messenger
2008-01-24 01:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-23 21:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-23 20:57 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Lavasoft
2008-01-23 20:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 20:05 --------- d-----w C:\Program Files\QuickTime
2008-01-22 16:30 --------- d-----w C:\Program Files\DellSupport
2008-01-22 16:24 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-20 21:11 --------- d-----w C:\Program Files\DivX
2008-01-16 22:04 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Azureus
2008-01-16 20:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 23:11 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Move Networks
2008-01-04 22:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-04 22:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-04 22:50 --------- d-----w C:\Program Files\NetWaiting
2008-01-04 22:50 --------- d-----w C:\Program Files\Modem Helper
2008-01-04 22:50 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-01-04 22:50 --------- d-----w C:\Program Files\GemMaster
2008-01-04 22:50 --------- d-----w C:\Program Files\ESPNMotion
2008-01-04 22:50 --------- d-----w C:\Program Files\AOL 9.0
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-02 22:25 --------- d-----w C:\Program Files\Apple Software Update
2007-12-01 00:03 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Apple Computer
2007-04-28 13:06 173,376 -c--a-w C:\Program Files\AO
2006-08-09 17:58 251 ----a-w C:\Program Files\wt3d.ini
2006-08-09 02:00 149 ----a-w C:\Program Files\INSTALL.LOG
2006-08-08 23:00 88 --sh--r C:\WINDOWS\system32\110E035EBA.sys
2006-08-24 19:45 56 --sh--r C:\WINDOWS\system32\BA5E030E11.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2006-08-24 19:48 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2006-12-06 21:05 351 --sha-w C:\WINDOWS\system32\SoftwareDistribution\vbmc.ini2
.
Code: [Select]
<pre>
----a-w 61,440 2008-01-22 15:38:48 C:\dell\bldbubg .exe
----a-w 57,344 2008-01-22 15:38:49 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w 81,920 2008-01-22 15:38:33 C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w 451,872 2008-01-22 15:39:18 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel .exe
----a-w 180,269 2008-01-22 03:28:18 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 460,784 2008-01-22 16:30:01 C:\Program Files\DellSupport\DSAgnt .exe
----a-w 267,048 2008-01-30 15:18:24 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 110,592 2008-01-22 15:39:29 C:\Program Files\McAfee\SpamKiller\MskAgent .exe
----a-w 1,117,184 2008-01-22 15:38:42 C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
----a-w 303,104 2008-01-22 15:39:27 C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w 212,992 2008-01-22 15:38:38 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 999,424 2008-01-22 15:38:47 C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
----a-w 5,674,352 2008-01-24 02:03:34 C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w 229,376 2008-01-22 15:38:58 C:\Program Files\Nokia\Nokia PC Suite 6\LAUNCH~1 .EXE
----a-w 536,576 2008-01-22 15:39:10 C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree .exe
----a-w 67,584 2008-01-22 15:38:30 C:\WINDOWS\ehome\ehtray .exe
----a-w 15,360 2008-01-22 15:39:17 C:\WINDOWS\system32\ctfmon .exe
----a-w 114,688 2008-01-22 15:38:51 C:\WINDOWS\system32\hkcmd .exe
----a-w 94,208 2008-01-22 15:38:53 C:\WINDOWS\system32\igfxpers .exe
----a-w 98,304 2008-01-22 15:38:50 C:\WINDOWS\system32\igfxtray .exe
----a-w 155,648 2008-01-22 15:38:57 C:\WINDOWS\system32\NeroCheck .exe
----a-w 122,940 2008-01-22 15:38:43 C:\WINDOWS\system32\DLA\DLACTRLW .EXE
</pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EE430F9-85E7-44B2-B7D2-1BE83735913A}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr .exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-08 17:21:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 21:25:49 24576]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-08-08 13:53:59 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-05-03 02:12 98304 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
R3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2001-07-03 12:00]
R3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2001-07-03 12:00]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 13:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-21 21:34]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 23:16:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-30 14:45:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-23 20:40:09 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-01-30 10:29:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-01-30 10:32:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-30 15:32:32
.
2008-01-30 03:38:04 --- E O F ---
k....one more thing....it delted my live messenger...i need it to do work...and stuff...so i installed it back...so wht do u say bout that?..
k
then
-----------------------------------------------------------------------------
here is VundoFix log
VundoFix V6.7.7
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 9:57:29 AM 1/30/2008
Listing files found while scanning....
C:\Documents and settings\Mathew\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Mathew\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\windows\system32\aeuketyb.exe
C:\windows\system32\aldbpxki.exe
C:\windows\system32\bsiphhlh.exe
C:\windows\system32\dkeklfqu.exe
C:\windows\system32\dpllaehs.exe
C:\windows\system32\dyjkjnor.exe
C:\windows\system32\gryrgnyv.exe
C:\windows\system32\hpkfnpgn.exe
C:\windows\system32\hsoncatk.exe
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini2
C:\windows\system32\ikaufucs.exe
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.exe
C:\windows\system32\jngkwjjm.exe
C:\windows\system32\jnrxdkbu.exe
C:\windows\system32\mhyrwhnv.exe
C:\windows\system32\mrsfpnet.exe
C:\windows\system32\mrwfmwvp.exe
C:\windows\system32\nncdfxer.exe
C:\windows\system32\ogoluuoe.exe
C:\windows\system32\pthyprtn.exe
C:\windows\system32\rdbfjubl.exe
C:\windows\system32\rwouqdwi.exe
C:\windows\system32\tiftdcaf.exe
C:\windows\system32\tkmgdgfr.exe
C:\windows\system32\tkmyxdnr.exe
C:\WINDOWS\system32\vtuurol.dll
C:\windows\system32\weumsjux.exe
C:\windows\system32\woqgqnxl.exe
C:\windows\system32\xwuxefbv.exe
C:\windows\system32\ykiwcned.exe
C:\windows\system32\ykuantjj.exe
Beginning removal...
Attempting to delete C:\Documents and settings\Mathew\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Mathew\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!
Attempting to delete C:\Documents and settings\Mathew\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Mathew\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!
Attempting to delete C:\windows\system32\aeuketyb.exe
C:\windows\system32\aeuketyb.exe Has been deleted!
Attempting to delete C:\windows\system32\aldbpxki.exe
C:\windows\system32\aldbpxki.exe Has been deleted!
Attempting to delete C:\windows\system32\bsiphhlh.exe
C:\windows\system32\bsiphhlh.exe Has been deleted!
Attempting to delete C:\windows\system32\dkeklfqu.exe
C:\windows\system32\dkeklfqu.exe Has been deleted!
Attempting to delete C:\windows\system32\dpllaehs.exe
C:\windows\system32\dpllaehs.exe Has been deleted!
Attempting to delete C:\windows\system32\dyjkjnor.exe
C:\windows\system32\dyjkjnor.exe Has been deleted!
Attempting to delete C:\windows\system32\gryrgnyv.exe
C:\windows\system32\gryrgnyv.exe Has been deleted!
Attempting to delete C:\windows\system32\hpkfnpgn.exe
C:\windows\system32\hpkfnpgn.exe Has been deleted!
Attempting to delete C:\windows\system32\hsoncatk.exe
C:\windows\system32\hsoncatk.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\ijkkj.ini2 Has been deleted!
Attempting to delete C:\windows\system32\ikaufucs.exe
C:\windows\system32\ikaufucs.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkji.exe
C:\WINDOWS\system32\jkkji.exe Has been deleted!
Attempting to delete C:\windows\system32\jngkwjjm.exe
C:\windows\system32\jngkwjjm.exe Has been deleted!
Attempting to delete C:\windows\system32\jnrxdkbu.exe
C:\windows\system32\jnrxdkbu.exe Has been deleted!
Attempting to delete C:\windows\system32\mhyrwhnv.exe
C:\windows\system32\mhyrwhnv.exe Has been deleted!
Attempting to delete C:\windows\system32\mrsfpnet.exe
C:\windows\system32\mrsfpnet.exe Has been deleted!
Attempting to delete C:\windows\system32\mrwfmwvp.exe
C:\windows\system32\mrwfmwvp.exe Has been deleted!
Attempting to delete C:\windows\system32\nncdfxer.exe
C:\windows\system32\nncdfxer.exe Has been deleted!
Attempting to delete C:\windows\system32\ogoluuoe.exe
C:\windows\system32\ogoluuoe.exe Has been deleted!
Attempting to delete C:\windows\system32\pthyprtn.exe
C:\windows\system32\pthyprtn.exe Has been deleted!
Attempting to delete C:\windows\system32\rdbfjubl.exe
C:\windows\system32\rdbfjubl.exe Has been deleted!
Attempting to delete C:\windows\system32\rwouqdwi.exe
C:\windows\system32\rwouqdwi.exe Has been deleted!
Attempting to delete C:\windows\system32\tiftdcaf.exe
C:\windows\system32\tiftdcaf.exe Has been deleted!
Attempting to delete C:\windows\system32\tkmgdgfr.exe
C:\windows\system32\tkmgdgfr.exe Has been deleted!
Attempting to delete C:\windows\system32\tkmyxdnr.exe
C:\windows\system32\tkmyxdnr.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtuurol.dll
C:\WINDOWS\system32\vtuurol.dll Could not be deleted.
Attempting to delete C:\windows\system32\weumsjux.exe
C:\windows\system32\weumsjux.exe Has been deleted!
Attempting to delete C:\windows\system32\woqgqnxl.exe
C:\windows\system32\woqgqnxl.exe Has been deleted!
Attempting to delete C:\windows\system32\xwuxefbv.exe
C:\windows\system32\xwuxefbv.exe Has been deleted!
Attempting to delete C:\windows\system32\ykiwcned.exe
C:\windows\system32\ykiwcned.exe Has been deleted!
Attempting to delete C:\windows\system32\ykuantjj.exe
C:\windows\system32\ykuantjj.exe Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\vtuurol.dll
C:\WINDOWS\system32\vtuurol.dll Could not be deleted.
Performing Repairs to the registry.
Done!
------------------------------------------------------------------------------------------
finally here is the new hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:20 AM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8EE430F9-85E7-44B2-B7D2-1BE83735913A} - (value not set) (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 8127 bytes
so....tell me ...is it alrite if windows messenger is installed on spu again?....thx....btw...for helpin me out
Post by: guestolo on January 31, 2008, 07:30:24 PM
Quote
k....one more thing....it delted my live messenger.actually, a file related to messenger is infected
Do the next step please
==Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work
Quote
RenV::Save this as txtfile on your desktop
C:\dell\bldbubg .exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\McAfee\SpamKiller\MskAgent .exe
C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\McAfee.com\Agent\McUpdate .exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\Nokia\Nokia PC Suite 6\LAUNCH~1 .EXE
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree .exe
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\NeroCheck .exe
C:\WINDOWS\system32\DLA\DLACTRLW .EXE
File::
C:\WINDOWS\system32\drvgoc.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EE430F9-85E7-44B2-B7D2-1BE83735913A}]
CFScript
(http://img.photobucket.com/albums/v666/sUBs/CFScript.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Don't mouse click on it, let it complete
When finished, it shall produce a log for you again, with the same name C:\ComboFix.txt..
Post back all the following
1. Post the log from combofix >>C:\Combofix.txt
2. Run a fresh Scan>>save logfile with Hijackthis and post it's log too
Post by: some1ok on February 01, 2008, 02:48:52 PM
ComboFix 08-02.01.6 - Mathew 2008-02-01 14:41:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.525 [GMT -5:00]
Running from: C:\Documents and Settings\Mathew\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mathew\Desktop\CFScript.txt
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
FILE
C:\WINDOWS\system32\drvgoc.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\drvgoc.dll
----- BITS: Possible infected sites -----
hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.
2008-02-01 14:17 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-01 14:14 . 2008-02-01 14:14 <DIR> d-------- C:\Program Files\MSBuild
2008-02-01 14:08 . 2008-02-01 14:08 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-31 15:33 . 2008-01-31 15:33 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-30 23:09 . 2008-02-01 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-30 22:43 . 2008-01-30 22:43 <DIR> d-------- C:\Program Files\PowerISO
2008-01-30 12:22 . 2008-01-30 12:22 <DIR> d-------- C:\Program Files\Cakewalk
2008-01-30 11:30 . 2008-01-31 12:49 <DIR> d-------- C:\Program Files\AdVantage
2008-01-30 11:28 . 2008-01-30 11:30 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-30 09:57 . 2008-01-30 10:15 <DIR> d-------- C:\VundoFix Backups
2008-01-24 18:15 . 2008-01-24 18:15 <DIR> d-------- C:\Program Files\Nsasoft
2008-01-24 18:15 . 2008-01-24 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 09:04 . 2008-02-01 14:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-24 09:04 . 2008-01-30 11:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 19:15 . 2008-01-23 20:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-23 19:14 . 2008-01-30 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-23 19:06 . 2008-01-23 20:59 <DIR> d-------- C:\Program Files\Windows Live
2008-01-23 18:52 . 2008-01-31 15:33 <DIR> d-------- C:\Program Files\MSECACHE
2008-01-23 16:55 . 2008-01-23 16:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-23 15:58 . 2008-01-23 15:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-23 15:58 . 2008-01-23 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 15:34 . 2008-01-23 15:34 <DIR> d-------- C:\Program Files\CCleaner
2008-01-23 15:20 . 2008-01-23 15:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 15:05 . 2008-01-23 15:05 1,024 --a------ C:\WINDOWS\system32\drivers\DAA59A82-9E4E-40FD-B02D-276A22231BCF.cxv
2008-01-22 13:00 . 2008-01-22 13:01 2,048 --a------ C:\WINDOWS\system32\drivers\5049CA52-0F31-41EA-B004-D73A5858207A.cxv
2008-01-22 12:39 . 2008-01-22 12:39 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Grisoft
2008-01-22 12:39 . 2008-01-22 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 12:39 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 11:23 . 2008-01-22 11:23 5,120 --a------ C:\WINDOWS\system32\drivers\D6E4E5D4-36A3-4B90-8C4C-1C5228221F20.cxv
2008-01-22 11:21 . 2008-01-23 15:10 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-22 11:21 . 2008-01-23 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-22 10:55 . 2008-01-22 11:25 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-22 10:36 . 2008-01-22 10:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-21 22:51 . 2008-01-22 13:00 <DIR> d-------- C:\Program Files\PrevxCSI
2008-01-21 22:38 . 2008-01-21 22:53 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\PrevxCSI
2008-01-21 22:38 . 2008-01-21 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 22:28 . 2008-01-22 10:39 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-21 22:28 . 2008-01-22 10:39 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-21 21:19 . 2008-01-22 10:38 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-21 21:18 . 2008-01-22 10:38 114,688 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-01-21 21:18 . 2008-01-22 10:38 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-21 21:18 . 2008-01-22 10:38 94,208 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-01-21 21:13 . 2008-01-22 11:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 21:13 . 2008-01-22 11:26 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\SUPERAntiSpyware.com
2008-01-21 21:13 . 2008-01-21 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-21 21:09 . 2008-01-21 21:34 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-01-21 21:08 . 2008-01-21 21:08 <DIR> d-------- C:\Program Files\Greatis
2008-01-21 21:08 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-21 20:13 . 2008-01-21 20:16 <DIR> d-------- C:\Program Files\UltraISO
2008-01-21 20:13 . 2008-01-21 20:13 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-01-21 20:00 . 2008-01-21 20:00 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\DAEMON Tools
2008-01-21 19:55 . 2008-01-21 19:55 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Yahoo!
2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-20 02:07 . 2008-01-20 02:07 33,292 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-08 18:10 . 2008-01-16 15:16 <DIR> d-------- C:\Program Files\Graboid
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 19:46 --------- d-----w C:\Program Files\iTunes
2008-02-01 19:41 --------- d-----w C:\Program Files\MSN Messenger
2008-02-01 19:41 --------- d-----w C:\Program Files\DellSupport
2008-02-01 19:41 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-01 19:35 --------- d-----w C:\Program Files\Microsoft Works
2008-01-31 04:01 --------- d-----w C:\Program Files\FlashGet
2008-01-30 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-01-30 14:53 --------- d-----w C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-24 01:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-23 21:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-23 20:57 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Lavasoft
2008-01-23 20:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 20:05 --------- d-----w C:\Program Files\QuickTime
2008-01-20 21:11 --------- d-----w C:\Program Files\DivX
2008-01-16 22:04 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Azureus
2008-01-16 20:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 23:11 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Move Networks
2008-01-04 22:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-04 22:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-04 22:50 --------- d-----w C:\Program Files\NetWaiting
2008-01-04 22:50 --------- d-----w C:\Program Files\Modem Helper
2008-01-04 22:50 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-01-04 22:50 --------- d-----w C:\Program Files\GemMaster
2008-01-04 22:50 --------- d-----w C:\Program Files\ESPNMotion
2008-01-04 22:50 --------- d-----w C:\Program Files\AOL 9.0
2007-12-27 22:14 --------- d-----w C:\Program Files\eRightSoft
2007-12-27 21:48 --------- d-----w C:\Program Files\Red Kawa
2007-12-27 21:42 --------- d-----w C:\Program Files\E-Zsoft
2007-12-14 02:14 --------- d-----w C:\Program Files\Veoh Networks
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-02 22:27 --------- d-----w C:\Program Files\iPod
2007-12-02 22:25 --------- d-----w C:\Program Files\Apple Software Update
2007-12-01 00:03 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Apple Computer
2007-04-28 13:06 173,376 -c--a-w C:\Program Files\AO
2006-08-09 17:58 251 ----a-w C:\Program Files\wt3d.ini
2006-08-09 02:00 149 ----a-w C:\Program Files\INSTALL.LOG
2006-08-08 23:00 88 --sh--r C:\WINDOWS\system32\110E035EBA.sys
2006-08-24 19:45 56 --sh--r C:\WINDOWS\system32\BA5E030E11.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2006-08-24 19:48 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2006-12-06 21:05 351 --sha-w C:\WINDOWS\system32\SoftwareDistribution\vbmc.ini2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EE430F9-85E7-44B2-B7D2-1BE83735913A}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 11:51 486856]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2007-11-05 11:12 884176]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-22 10:39 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-30 10:19 6731312]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-30 10:18 267048]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 02:05 217088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2008-01-22 10:38 212992]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-08 17:21:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 21:25:49 24576]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-08-08 13:53:59 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-05-03 02:12 98304 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-30 10:18 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
R3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2001-07-03 12:00]
R3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2001-07-03 12:00]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 13:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-21 21:34]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 23:16:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 19:45:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-30 20:40:13 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-02-01 14:48:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
.
**************************************************************************
.
Completion time: 2008-02-01 14:52:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 19:52:15
ComboFix2.txt 2008-01-30 15:32:34
.
2008-01-31 15:12:53 --- E O F ---
---------------------------------------------------------------------------------------------------------------------------------
HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:44 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {8EE430F9-85E7-44B2-B7D2-1BE83735913A} - (value not set) (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 9889 bytes
Post by: guestolo on February 01, 2008, 07:21:12 PM
Double-click on the AVG Tray Icon on the bottom right.
Double-click on "AVG Resident Shield"
Uncheck "Turn on AVG Resident Shield Protection" then click OK.
Can you access your add/remove programs and remove the following if found
Advantage or MediaAdVantage.
NEXT:
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: (no name) - {8EE430F9-85E7-44B2-B7D2-1BE83735913A} - (value not set) (file missing)
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Back in Windows
Can you temporarily disable McAfee's realtime protections
Then
use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color] (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html\")
Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.
- Once the files are downloaded click on Next
- Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
- Scan using the following Anti-Virus database:
- Scan Options:
[/list]
[/list]
- Click OK and, under select a target to scan, select My Computer
There is no option to clean/disinfect, however, we need to analyze the information on the report.
(http://img.photobucket.com/albums/v666/sUBs/Kas-SaveReport-1.gif)
(http://img.photobucket.com/albums/v666/sUBs/Kas-Savetxt.gif)
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.
Along with a fresh hijackthis log
Post by: some1ok on February 02, 2008, 01:00:00 PM
so...
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
i couldnt delte that.. i mean..i couldnt find it in the log......any how
here is the
KScan
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 02, 2008 12:57:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/02/2008
Kaspersky Anti-Virus database records: 545970
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 119550
Number of viruses found: 20
Number of infected objects: 303
Number of suspicious objects: 0
Duration of the scan process: 02:12:46
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd001.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010025.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl5.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf36.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf37.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_5d0.dat Object is locked skipped
C:\Documents and Settings\Mathew\Application Data\Microsoft\Templates\Normal.dotm Object is locked skipped
C:\Documents and Settings\Mathew\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\dfsr.db Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsr.log Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\tmp.edb Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows Live Contacts\joelm4jcEmail Removed\real\members.stg Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows Live Contacts\joelm4jcEmail Removed\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\History\History.IE5\MSHist012008020220080203\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF31F5.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF3203.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF43D9.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF45EC.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DFDEA3.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\Content.Word\~WRS{0DB0DFE7-77AD-4C1C-829A-2F5EA68C8688}.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\Content.Word\~WRS{4FF17810-2DA5-4E6D-8706-8052AEA133A5}.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\Content.Word\~WRS{AD0D789E-79DB-4B9B-9137-6DDDAEB5BB5F}.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\Content.Word\~WRS{EFFCCDB1-5879-40B7-8D18-9ACB557A6756}.tmp Object is locked skipped
C:\Documents and Settings\Mathew\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\Mathew\ntuser.dat Object is locked skipped
C:\Documents and Settings\Mathew\ntuser.dat.LOG Object is locked skipped
C:\Downloads\SUPERsetup200723.exe Infected: not-a-virus:AdWare.Win32.DealHelper.ak skipped
C:\Joel\Logs\February 2008\rondantEmail Removed.txt Object is locked skipped
C:\Joel\SCHOOL\Chem\Lab 3\LAB FINAL.doc Object is locked skipped
C:\Program Files\eRightSoft\SUPER\Setup.exe Infected: not-a-virus:AdWare.Win32.DealHelper.ak skipped
C:\QooBox\Quarantine\C\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\MsnMsgr.Exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drvgoc.dll.vir Infected: Trojan.Win32.Dialer.yz skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\duruaknp.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fravaxbv.dll.vir Infected: Packed.Win32.Klone.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gdrileax.dll.vir Infected: Packed.Win32.Klone.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkji.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkji.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jsnardlx.dll.vir Infected: Packed.Win32.Klone.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mdnsnjsd.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oplsisoj.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yosvesth.dll.vir Infected: Packed.Win32.Klone.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yrideqtt.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\QooBox\Quarantine\catchme2008-01-30_102951.21.zip/vtuurol.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\QooBox\Quarantine\catchme2008-01-30_102951.21.zip ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-3328300367-836374498-26292964-500\Dc1.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP492\A0131258.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP492\A0131259.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP621\A0145194.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Agent.htu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP621\A0145194.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP621\A0145194.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP621\A0145194.exe/data.rar/install.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP621\A0145194.exe/data.rar Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP621\A0145194.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP621\A0145198.exe Infected: Trojan-Downloader.Win32.Agent.htu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP624\A0145242.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145246.dll Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145247.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145248.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145248.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145249.exe Infected: Trojan-Downloader.Win32.Agent.hjs skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP626\A0145437.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP626\A0145548.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP626\A0145739.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP628\A0145769.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP628\A0145773.exe Infected: Trojan-Downloader.Win32.Agent.hat skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP628\A0145779.exe Infected: not-a-virus:FraudTool.Win32.MalwareCrush.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP630\A0146132.dll Infected: Trojan-Downloader.Win32.Small.hsj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP634\A0146660.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP636\A0146818.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP636\A0146826.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0146851.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0146852.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0146853.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0146854.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0146991.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0146996.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0147001.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0147002.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0147003.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0147004.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP644\A0147299.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP644\A0147300.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP644\A0147301.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP644\A0147313.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP645\A0147318.rbf Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP645\A0147385.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP645\A0147386.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147428.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147429.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147430.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147444.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147445.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147623.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147745.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147749.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147752.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147753.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147754.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147755.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP653\A0147776.rbf Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP653\A0147800.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP653\A0147801.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP653\A0147802.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0147836.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0147837.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP656\A0147850.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP656\A0147851.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP656\A0147852.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP656\A0147878.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0147887.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0147888.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0147899.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0147900.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP659\A0148252.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP659\A0148253.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0148288.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0148289.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0148290.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0149287.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0149288.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0149295.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP661\A0149306.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP661\A0149307.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP661\A0149310.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP662\A0149332.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP662\A0149334.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP662\A0149355.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP662\A0149368.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP662\A0149369.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP662\A0149370.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0149387.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0149389.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0149390.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0149412.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0149413.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP667\A0149435.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP667\A0149436.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP667\A0150435.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP668\A0150440.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP669\A0150448.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP669\A0150452.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP669\A0150453.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP670\A0150467.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP670\A0150468.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP670\A0150471.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150490.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150492.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150502.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150503.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150504.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150505.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150506.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150507.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150508.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150509.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150510.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150511.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150512.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150513.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150514.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150515.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150516.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150517.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150518.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150519.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150520.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150521.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150522.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150523.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150524.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150525.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150526.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150527.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150528.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150529.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150530.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150543.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150545.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP672\A0150550.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP672\A0150552.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP672\A0150553.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150556.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150557.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150558.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150559.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150560.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150561.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150562.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150563.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150564.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150565.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150570.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150571.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150572.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150573.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150574.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150575.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150576.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150577.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150578.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150584.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP685\A0157015.dll Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157105.dll Infected: not-a-virus:AdTool.Win32.WhenU.r skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157106.exe Infected: not-a-virus:AdTool.Win32.WhenU.t skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP693\change.log Object is locked skipped
C:\VundoFix Backups\aeuketyb.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\aldbpxki.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\bsiphhlh.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\dkeklfqu.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\dpllaehs.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\dyjkjnor.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\gryrgnyv.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\hpkfnpgn.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\hsoncatk.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ikaufucs.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\jkkji.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\VundoFix Backups\jkkji.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\VundoFix Backups\jngkwjjm.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\jnrxdkbu.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\mhyrwhnv.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\mrsfpnet.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\mrwfmwvp.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\nncdfxer.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ogoluuoe.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\pthyprtn.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\rdbfjubl.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\rwouqdwi.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\tiftdcaf.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\tkmgdgfr.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\tkmyxdnr.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\vtuurol.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\VundoFix Backups\weumsjux.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\woqgqnxl.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\xwuxefbv.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ykiwcned.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ykuantjj.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{1F93E6B1-8E1E-4DC2-B216-98C43CBFDC8A}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{886ABB51-2775-45C2-BDAB-4EA40FED35CE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\afclphcl.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\aofhowyy.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\awmtyiop.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\axngxfum.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\bbjjseyv.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\bdpeqctw.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\brqpwybf.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\btjsvbaq.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\bxkselcu.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\bynedhug.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cybkvget.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\dudfovud.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\dunfhdjs.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\duoonbvd.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\egvccocs.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\elowntrq.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\fcfokshy.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\fjuwbcsa.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\fowyhsxj.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\fwivhisp.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\gxphnjwt.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hfdksuik.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\hlwpcugk.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\hnqdmvrg.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\hntgtvos.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\hqgsmriy.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\hvhmwiiy.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ieroawar.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ipllfccv.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ippnefck.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ivlmkvgn.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\jbugsbix.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\jeiipcsi.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\jnacioyq.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\jxnaorra.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\jydtqvbb.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\kfepkutf.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\kguhpelp.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\kkkduksp.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\leqpfbxa.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\lhephphs.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\louggdya(2).dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\louggdya(3).dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\louggdya(4).dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\mhkjyfxn.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\mitnheou.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\msbwkwqc.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\nebvrlkb.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\nfxloqyy.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\nllekavm.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\nnlvxtnh.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\nqdrfkrv.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\nythtitw.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\oumeseis.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\phyvbbvk.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\pnjuhkcr.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\pxkonjug.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\rjhhkwgb.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\rtlqrwwj.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ruxhjjyy.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\sclfrbhw.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\sehkywog.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\sfsecrrw.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\slaeinkp.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\stokaygw.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\tgwcxqaw.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ttcqlmmh.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ttcuuktb.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\tyxcuwmf.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ucxittxc.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ufutgxpk.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\uyauncnt.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\virgsvje.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\vjjxpvtx.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\vplcglyp.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\vqxxgwxy.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\wamilqvn.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wryafqwe.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\wshvpnhu.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\xbckvfdo.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\xlvlaxap.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\xobbsvip.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\xokrmyvd.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\xurqyxkv.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\xwctnyxc.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ytcekcdh.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\yxghwhui.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\yygqlcjj.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
------------------------------------------------------------------------
Post by: guestolo on February 02, 2008, 10:18:30 PM
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it.
- Copy the entries below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
C:\WINDOWS\system32\afclphcl.exe
C:\WINDOWS\system32\aofhowyy.exe
C:\WINDOWS\system32\awmtyiop.exe
C:\WINDOWS\system32\axngxfum.exe
C:\WINDOWS\system32\bbjjseyv.exe
C:\WINDOWS\system32\bdpeqctw.exe
C:\WINDOWS\system32\brqpwybf.exe
C:\WINDOWS\system32\btjsvbaq.exe
C:\WINDOWS\system32\bxkselcu.exe
C:\WINDOWS\system32\bynedhug.exe
C:\WINDOWS\system32\wryafqwe.exe
C:\WINDOWS\system32\wshvpnhu.exe
C:\WINDOWS\system32\xbckvfdo.exe
C:\WINDOWS\system32\xlvlaxap.exe
C:\WINDOWS\system32\xobbsvip.exe
C:\WINDOWS\system32\xokrmyvd.exe
C:\WINDOWS\system32\xurqyxkv.exe
C:\WINDOWS\system32\xwctnyxc.exe
C:\WINDOWS\system32\ytcekcdh.exe
C:\WINDOWS\system32\yxghwhui.exe
C:\WINDOWS\system32\cybkvget.exe
C:\WINDOWS\system32\dudfovud.exe
C:\WINDOWS\system32\dunfhdjs.exe
C:\WINDOWS\system32\duoonbvd.exe
C:\WINDOWS\system32\egvccocs.exe
C:\WINDOWS\system32\elowntrq.exe
C:\WINDOWS\system32\fcfokshy.exe
C:\WINDOWS\system32\fjuwbcsa.exe
C:\WINDOWS\system32\fowyhsxj.exe
C:\WINDOWS\system32\fwivhisp.exe
C:\WINDOWS\system32\gxphnjwt.exe
C:\WINDOWS\system32\h323log.txt
C:\WINDOWS\system32\hfdksuik.exe
C:\WINDOWS\system32\hlwpcugk.exe
C:\WINDOWS\system32\hnqdmvrg.exe
C:\WINDOWS\system32\hntgtvos.exe
C:\WINDOWS\system32\hqgsmriy.exe
C:\WINDOWS\system32\hvhmwiiy.exe
C:\WINDOWS\system32\ieroawar.exe
C:\WINDOWS\system32\ipllfccv.exe
C:\WINDOWS\system32\ippnefck.exe
C:\WINDOWS\system32\ivlmkvgn.exe
C:\WINDOWS\system32\jbugsbix.exe
C:\WINDOWS\system32\jeiipcsi.exe
C:\WINDOWS\system32\jnacioyq.exe
C:\WINDOWS\system32\jxnaorra.exe
C:\WINDOWS\system32\jydtqvbb.exe
C:\WINDOWS\system32\kfepkutf.exe
C:\WINDOWS\system32\kguhpelp.exe
C:\WINDOWS\system32\kkkduksp.exe
C:\WINDOWS\system32\leqpfbxa.exe
C:\WINDOWS\system32\lhephphs.exe
C:\WINDOWS\system32\louggdya(2).dll
C:\WINDOWS\system32\louggdya(3).dll
C:\WINDOWS\system32\mhkjyfxn.exe
C:\WINDOWS\system32\mitnheou.exe
C:\WINDOWS\system32\msbwkwqc.exe
C:\WINDOWS\system32\nebvrlkb.exe
C:\WINDOWS\system32\nfxloqyy.exe
C:\WINDOWS\system32\nllekavm.exe
C:\WINDOWS\system32\nnlvxtnh.exe
C:\WINDOWS\system32\nqdrfkrv.exe
C:\WINDOWS\system32\nythtitw.exe
C:\WINDOWS\system32\oumeseis.exe
C:\WINDOWS\system32\phyvbbvk.exe
C:\WINDOWS\system32\pnjuhkcr.exe
C:\WINDOWS\system32\pxkonjug.exe
C:\WINDOWS\system32\rjhhkwgb.exe
C:\WINDOWS\system32\rtlqrwwj.exe
C:\WINDOWS\system32\ruxhjjyy.exe
C:\WINDOWS\system32\sclfrbhw.exe **
C:\WINDOWS\system32\sfsecrrw.exe
C:\WINDOWS\system32\slaeinkp.exe
C:\WINDOWS\system32\stokaygw.exe
C:\WINDOWS\system32\tgwcxqaw.exe
C:\WINDOWS\system32\ttcqlmmh.exe
C:\WINDOWS\system32\ttcuuktb.exe
C:\WINDOWS\system32\tyxcuwmf.exe
C:\WINDOWS\system32\ucxittxc.exe
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\WINDOWS\system32\ufutgxpk.exe
C:\WINDOWS\system32\uyauncnt.exe
C:\WINDOWS\system32\virgsvje.exe
C:\WINDOWS\system32\vjjxpvtx.exe
C:\WINDOWS\system32\vplcglyp.exe
C:\WINDOWS\system32\vqxxgwxy.exe
C:\Program Files\AdVantage
====================================================== - Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt when it has completed.
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
After the above, delete your version of combofix
Then REDOWNLOAD it from Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post back all the following after the above is done, even if it takes more than one reply to do so
1. Post the log from Combofix, it's default location is >>C:\Combofix.txt
2. Post the log from OTMoveit
3. Run a fresh scan/Save log file with hijackthis and post a fresh log
LET ME KNOW HOW THINGS ARE RUNNING!
Post by: some1ok on February 03, 2008, 04:41:51 PM
here are the logs...
ComboFix log
ComboFix 08-02.03.1 - Mathew 2008-02-03 16:35:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.620 [GMT -5:00]
Running from: C:\Documents and Settings\Mathew\Desktop\ComboFix.exe
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.
2008-02-03 15:15 . 2008-02-03 15:15 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Cakewalk
2008-02-03 15:10 . 2008-02-03 15:10 118,784 --a------ C:\WINDOWS\dsdxirmv.exe
2008-02-03 15:01 . 2006-11-30 15:49 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-02-03 15:01 . 2004-04-13 14:48 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-02-03 15:00 . 2008-02-03 15:00 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-03 15:00 . 2008-02-03 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-02-03 15:00 . 2008-02-03 15:27 <DIR> d-------- C:\Cakewalk Projects
2008-02-03 00:15 . 2008-02-03 08:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-03 00:15 . 2008-02-03 00:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-03 00:13 . 2008-02-03 00:13 <DIR> d-------- C:\_OTMoveIt
2008-02-02 10:30 . 2008-02-02 10:30 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-02 10:30 . 2008-02-02 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-01 15:22 . 2008-02-01 15:22 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Windows Desktop Search
2008-02-01 15:21 . 2008-02-01 15:21 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-02-01 15:21 . 2008-02-01 15:21 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-02-01 15:20 . 2006-09-15 07:36 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-02-01 15:20 . 2006-09-15 07:36 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-02-01 15:20 . 2006-09-15 07:36 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-02-01 14:57 . 2008-02-01 14:58 <DIR> d-------- C:\Program Files\Microsoft Expression
2008-02-01 14:17 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-01 14:14 . 2008-02-01 14:14 <DIR> d-------- C:\Program Files\MSBuild
2008-02-01 14:08 . 2008-02-01 14:08 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-31 15:33 . 2008-01-31 15:33 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-30 23:09 . 2008-02-02 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-30 22:43 . 2008-01-30 22:43 <DIR> d-------- C:\Program Files\PowerISO
2008-01-30 12:22 . 2008-02-03 15:08 <DIR> d-------- C:\Program Files\Cakewalk
2008-01-30 11:28 . 2008-01-30 11:30 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-30 09:57 . 2008-01-30 10:15 <DIR> d-------- C:\VundoFix Backups
2008-01-24 18:15 . 2008-01-24 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-23 19:15 . 2008-01-23 20:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-23 19:14 . 2008-01-30 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-23 19:06 . 2008-01-23 20:59 <DIR> d-------- C:\Program Files\Windows Live
2008-01-23 18:52 . 2008-01-31 15:33 <DIR> d-------- C:\Program Files\MSECACHE
2008-01-23 16:55 . 2008-01-23 16:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-23 15:58 . 2008-01-23 15:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-23 15:58 . 2008-01-23 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 15:34 . 2008-01-23 15:34 <DIR> d-------- C:\Program Files\CCleaner
2008-01-23 15:20 . 2008-01-23 15:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 15:05 . 2008-01-23 15:05 1,024 --a------ C:\WINDOWS\system32\drivers\DAA59A82-9E4E-40FD-B02D-276A22231BCF.cxv
2008-01-22 13:00 . 2008-01-22 13:01 2,048 --a------ C:\WINDOWS\system32\drivers\5049CA52-0F31-41EA-B004-D73A5858207A.cxv
2008-01-22 12:39 . 2008-01-22 12:39 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Grisoft
2008-01-22 12:39 . 2008-01-22 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 12:39 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 11:23 . 2008-01-22 11:23 5,120 --a------ C:\WINDOWS\system32\drivers\D6E4E5D4-36A3-4B90-8C4C-1C5228221F20.cxv
2008-01-22 11:21 . 2008-01-23 15:10 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-22 11:21 . 2008-01-23 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-22 10:55 . 2008-01-22 11:25 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-22 10:36 . 2008-01-22 10:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-21 22:51 . 2008-01-22 13:00 <DIR> d-------- C:\Program Files\PrevxCSI
2008-01-21 22:38 . 2008-01-21 22:53 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\PrevxCSI
2008-01-21 22:38 . 2008-01-21 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 22:28 . 2008-01-22 10:39 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-21 22:28 . 2008-01-22 10:39 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-21 21:19 . 2008-01-22 10:38 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-21 21:18 . 2008-01-22 10:38 114,688 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-01-21 21:18 . 2008-01-22 10:38 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-21 21:18 . 2008-01-22 10:38 94,208 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-01-21 21:13 . 2008-01-22 11:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 21:13 . 2008-01-22 11:26 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\SUPERAntiSpyware.com
2008-01-21 21:13 . 2008-01-21 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-21 21:09 . 2008-01-21 21:34 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-01-21 21:08 . 2008-01-21 21:08 <DIR> d-------- C:\Program Files\Greatis
2008-01-21 21:08 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-21 20:13 . 2008-02-01 15:12 <DIR> d-------- C:\Program Files\UltraISO
2008-01-21 20:00 . 2008-01-21 20:00 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\DAEMON Tools
2008-01-21 19:55 . 2008-01-21 19:55 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 14:47 . 2008-02-01 15:08 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Yahoo!
2008-01-20 02:07 . 2008-01-20 02:07 33,292 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-08 18:10 . 2008-01-16 15:16 <DIR> d-------- C:\Program Files\Graboid
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 20:15 --------- d-----w C:\Program Files\FlashGet
2008-02-01 20:09 --------- d-----w C:\Program Files\DivX
2008-02-01 19:46 --------- d-----w C:\Program Files\iTunes
2008-02-01 19:41 --------- d-----w C:\Program Files\MSN Messenger
2008-02-01 19:41 --------- d-----w C:\Program Files\DellSupport
2008-02-01 19:41 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-01 19:35 --------- d-----w C:\Program Files\Microsoft Works
2008-01-30 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-01-30 14:53 --------- d-----w C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-24 01:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-23 21:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-23 20:57 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Lavasoft
2008-01-23 20:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 20:05 --------- d-----w C:\Program Files\QuickTime
2008-01-16 22:04 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Azureus
2008-01-16 20:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 23:11 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Move Networks
2008-01-04 22:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-04 22:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-04 22:50 --------- d-----w C:\Program Files\NetWaiting
2008-01-04 22:50 --------- d-----w C:\Program Files\Modem Helper
2008-01-04 22:50 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-01-04 22:50 --------- d-----w C:\Program Files\GemMaster
2008-01-04 22:50 --------- d-----w C:\Program Files\ESPNMotion
2008-01-04 22:50 --------- d-----w C:\Program Files\AOL 9.0
2007-12-27 22:14 --------- d-----w C:\Program Files\eRightSoft
2007-12-27 21:48 --------- d-----w C:\Program Files\Red Kawa
2007-12-27 21:42 --------- d-----w C:\Program Files\E-Zsoft
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-14 02:14 --------- d-----w C:\Program Files\Veoh Networks
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-04-28 13:06 173,376 -c--a-w C:\Program Files\AO
2006-08-09 17:58 251 ----a-w C:\Program Files\wt3d.ini
2006-08-09 02:00 149 ----a-w C:\Program Files\INSTALL.LOG
2006-08-08 23:00 88 --sh--r C:\WINDOWS\system32\110E035EBA.sys
2006-08-24 19:45 56 --sh--r C:\WINDOWS\system32\BA5E030E11.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2006-08-24 19:48 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2006-12-06 21:05 351 --sha-w C:\WINDOWS\system32\SoftwareDistribution\vbmc.ini2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 11:51 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-22 10:39 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-30 10:19 6731312]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-30 10:18 267048]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 02:05 217088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2008-01-22 10:38 212992]
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [2008-01-22 10:38 999424]
C:\Documents and Settings\Mathew\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-08 17:21:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 21:25:49 24576]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-08-08 13:53:59 118784]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-05-03 02:12 98304 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-30 10:18 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
R3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2001-07-03 12:00]
R3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2001-07-03 12:00]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 13:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-21 21:34]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 23:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-03 20:45:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-30 20:40:13 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-02-03 16:39:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MPFEXE = "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-03 16:39:39
ComboFix-quarantined-files.txt 2008-02-03 21:39:36
ComboFix2.txt 2008-02-01 19:52:17
ComboFix3.txt 2008-01-30 15:32:34
.
2008-02-02 14:52:20 --- E O F ---
--------------------------------------------------------------------------------------------------------------------------
OTMoveit
C:\WINDOWS\system32\afclphcl.exe moved successfully.
C:\WINDOWS\system32\aofhowyy.exe moved successfully.
C:\WINDOWS\system32\awmtyiop.exe moved successfully.
C:\WINDOWS\system32\axngxfum.exe moved successfully.
C:\WINDOWS\system32\bbjjseyv.exe moved successfully.
C:\WINDOWS\system32\bdpeqctw.exe moved successfully.
C:\WINDOWS\system32\brqpwybf.exe moved successfully.
C:\WINDOWS\system32\btjsvbaq.exe moved successfully.
C:\WINDOWS\system32\bxkselcu.exe moved successfully.
C:\WINDOWS\system32\bynedhug.exe moved successfully.
C:\WINDOWS\system32\wryafqwe.exe moved successfully.
C:\WINDOWS\system32\wshvpnhu.exe moved successfully.
C:\WINDOWS\system32\xbckvfdo.exe moved successfully.
C:\WINDOWS\system32\xlvlaxap.exe moved successfully.
C:\WINDOWS\system32\xobbsvip.exe moved successfully.
C:\WINDOWS\system32\xokrmyvd.exe moved successfully.
C:\WINDOWS\system32\xurqyxkv.exe moved successfully.
C:\WINDOWS\system32\xwctnyxc.exe moved successfully.
C:\WINDOWS\system32\ytcekcdh.exe moved successfully.
C:\WINDOWS\system32\yxghwhui.exe moved successfully.
C:\WINDOWS\system32\cybkvget.exe moved successfully.
C:\WINDOWS\system32\dudfovud.exe moved successfully.
C:\WINDOWS\system32\dunfhdjs.exe moved successfully.
C:\WINDOWS\system32\duoonbvd.exe moved successfully.
C:\WINDOWS\system32\egvccocs.exe moved successfully.
C:\WINDOWS\system32\elowntrq.exe moved successfully.
C:\WINDOWS\system32\fcfokshy.exe moved successfully.
C:\WINDOWS\system32\fjuwbcsa.exe moved successfully.
C:\WINDOWS\system32\fowyhsxj.exe moved successfully.
C:\WINDOWS\system32\fwivhisp.exe moved successfully.
C:\WINDOWS\system32\gxphnjwt.exe moved successfully.
File move failed. C:\WINDOWS\system32\h323log.txt scheduled to be moved on reboot.
C:\WINDOWS\system32\hfdksuik.exe moved successfully.
C:\WINDOWS\system32\hlwpcugk.exe moved successfully.
C:\WINDOWS\system32\hnqdmvrg.exe moved successfully.
C:\WINDOWS\system32\hntgtvos.exe moved successfully.
C:\WINDOWS\system32\hqgsmriy.exe moved successfully.
C:\WINDOWS\system32\hvhmwiiy.exe moved successfully.
C:\WINDOWS\system32\ieroawar.exe moved successfully.
C:\WINDOWS\system32\ipllfccv.exe moved successfully.
C:\WINDOWS\system32\ippnefck.exe moved successfully.
C:\WINDOWS\system32\ivlmkvgn.exe moved successfully.
C:\WINDOWS\system32\jbugsbix.exe moved successfully.
C:\WINDOWS\system32\jeiipcsi.exe moved successfully.
C:\WINDOWS\system32\jnacioyq.exe moved successfully.
C:\WINDOWS\system32\jxnaorra.exe moved successfully.
C:\WINDOWS\system32\jydtqvbb.exe moved successfully.
C:\WINDOWS\system32\kfepkutf.exe moved successfully.
C:\WINDOWS\system32\kguhpelp.exe moved successfully.
C:\WINDOWS\system32\kkkduksp.exe moved successfully.
C:\WINDOWS\system32\leqpfbxa.exe moved successfully.
C:\WINDOWS\system32\lhephphs.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\louggdya(2).dll
C:\WINDOWS\system32\louggdya(2).dll NOT unregistered.
C:\WINDOWS\system32\louggdya(2).dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\louggdya(3).dll
C:\WINDOWS\system32\louggdya(3).dll NOT unregistered.
C:\WINDOWS\system32\louggdya(3).dll moved successfully.
C:\WINDOWS\system32\mhkjyfxn.exe moved successfully.
C:\WINDOWS\system32\mitnheou.exe moved successfully.
C:\WINDOWS\system32\msbwkwqc.exe moved successfully.
C:\WINDOWS\system32\nebvrlkb.exe moved successfully.
C:\WINDOWS\system32\nfxloqyy.exe moved successfully.
C:\WINDOWS\system32\nllekavm.exe moved successfully.
C:\WINDOWS\system32\nnlvxtnh.exe moved successfully.
C:\WINDOWS\system32\nqdrfkrv.exe moved successfully.
C:\WINDOWS\system32\nythtitw.exe moved successfully.
C:\WINDOWS\system32\oumeseis.exe moved successfully.
C:\WINDOWS\system32\phyvbbvk.exe moved successfully.
C:\WINDOWS\system32\pnjuhkcr.exe moved successfully.
C:\WINDOWS\system32\pxkonjug.exe moved successfully.
C:\WINDOWS\system32\rjhhkwgb.exe moved successfully.
C:\WINDOWS\system32\rtlqrwwj.exe moved successfully.
C:\WINDOWS\system32\ruxhjjyy.exe moved successfully.
File/Folder C:\WINDOWS\system32\sclfrbhw.exe ** not found.
C:\WINDOWS\system32\sfsecrrw.exe moved successfully.
C:\WINDOWS\system32\slaeinkp.exe moved successfully.
C:\WINDOWS\system32\stokaygw.exe moved successfully.
C:\WINDOWS\system32\tgwcxqaw.exe moved successfully.
C:\WINDOWS\system32\ttcqlmmh.exe moved successfully.
C:\WINDOWS\system32\ttcuuktb.exe moved successfully.
C:\WINDOWS\system32\tyxcuwmf.exe moved successfully.
C:\WINDOWS\system32\ucxittxc.exe moved successfully.
C:\WINDOWS\QTFont.qfn moved successfully.
C:\WINDOWS\QTFont.for moved successfully.
C:\WINDOWS\system32\ufutgxpk.exe moved successfully.
C:\WINDOWS\system32\uyauncnt.exe moved successfully.
C:\WINDOWS\system32\virgsvje.exe moved successfully.
C:\WINDOWS\system32\vjjxpvtx.exe moved successfully.
C:\WINDOWS\system32\vplcglyp.exe moved successfully.
C:\WINDOWS\system32\vqxxgwxy.exe moved successfully.
File/Folder C:\Program Files\AdVantage not found.
OTMoveIt2 v1.0.17 log created on 02032008_001353
--------------------------------------------------------------------------------------------------------------------------
HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:30 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 10110 bytes
Post by: guestolo on February 03, 2008, 05:02:24 PM
Can you do the following
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
OTMoveit2
- Please double-click OTMoveIt2.exe to run it.
- Copy the entries below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
C:\WINDOWS\system32\wamilqvn.exe
C:\WINDOWS\system32\wryafqwe.exe
C:\WINDOWS\system32\wshvpnhu.exe
C:\WINDOWS\system32\xbckvfdo.exe
C:\WINDOWS\system32\xlvlaxap.exe
C:\WINDOWS\system32\xobbsvip.exe
C:\WINDOWS\system32\xokrmyvd.exe
C:\WINDOWS\system32\xurqyxkv.exe
C:\WINDOWS\system32\xwctnyxc.exe
C:\WINDOWS\system32\ytcekcdh.exe
C:\WINDOWS\system32\yxghwhui.exe
C:\WINDOWS\system32\yygqlcjj.exe
====================================================== - Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt when it has completed.
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Afterwards: I suggest that you go back and rescan with Kaspersky's to ensure we don't find any new infected files
Post back the new report
Also post the log again from OTMoveIt as well as a fresh hijackthis log
Post by: some1ok on March 17, 2008, 07:38:49 PM
File/Folder C:\WINDOWS\system32\wamilqvn.exe not found.
File/Folder C:\WINDOWS\system32\wryafqwe.exe not found.
File/Folder C:\WINDOWS\system32\wshvpnhu.exe not found.
File/Folder C:\WINDOWS\system32\xbckvfdo.exe not found.
File/Folder C:\WINDOWS\system32\xlvlaxap.exe not found.
File/Folder C:\WINDOWS\system32\xobbsvip.exe not found.
File/Folder C:\WINDOWS\system32\xokrmyvd.exe not found.
File/Folder C:\WINDOWS\system32\xurqyxkv.exe not found.
File/Folder C:\WINDOWS\system32\xwctnyxc.exe not found.
File/Folder C:\WINDOWS\system32\ytcekcdh.exe not found.
File/Folder C:\WINDOWS\system32\yxghwhui.exe not found.
File/Folder C:\WINDOWS\system32\yygqlcjj.exe not found.
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03172008_162242
Kaspersky Log
KASPERSKY ONLINE SCANNER REPORTKASPERSKY ONLINE SCANNER REPORT
Monday, March 17, 2008 7:49:46 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build
2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/03/2008
Kaspersky Anti-Virus database records: 636169
Scan Settings
Scan using the following antivirus databaseextended
Scan Archivestrue
Scan Mail Basestrue
Scan TargetMy Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects135147
Number of viruses found21
Number of infected objects203
Number of suspicious objects0
Duration of the scan process02:28:56
Infected Object NameVirus NameLast Action
C:\Documents and Settings\All Users\Application
Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked
skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked
skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is
locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wsb
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy2.gthr
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked
skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is
locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked
skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked
skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_bcc.dat Object
is locked skipped
C:\Documents and Settings\Mathew\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\cert8.db Object is locked
skipped
C:\Documents and Settings\Mathew\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\formhistory.dat Object is
locked skipped
C:\Documents and Settings\Mathew\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\history.dat Object is
locked skipped
C:\Documents and Settings\Mathew\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\key3.db Object is locked
skipped
C:\Documents and Settings\Mathew\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\search.sqlite Object is
locked skipped
C:\Documents and Settings\Mathew\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\urlclassifier2.sqlite
Object is locked skipped
C:\Documents and Settings\Mathew\Cookies\index.dat Object is locked
skipped
C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Logs\Dfsr00005.log
Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\pending.dat
Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\dfsr.db
Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsr.log
Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsrtmp.log
Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\tmp.edb
Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Windows Live Contacts\joelm4jcEmail Removed\real\members.stg
Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_001_ Object is
locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_002_ Object is
locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_003_ Object is
locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_MAP_ Object is
locked skipped
C:\Documents and Settings\Mathew\Local
Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local
Settings\History\History.IE5\MSHist012008031720080318\index.dat Object is
locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\snapsnet.exe/data0006
Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\snapsnet.exe NSIS:
infected - 1 skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF2B3D.tmp Object is
locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF702E.tmp Object is
locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF7039.tmp Object is
locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is
locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\0WY8F8TH\wavvsnet[1].exe Infected:
Trojan-Downloader.Win32.Small.swa skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\74VE2V6T\17PHolmes[1].cmt Infected:
Trojan-Downloader.Win32.Agent.lbx skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\MA2TXEZJ\css4[1] Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\MA2TXEZJ\hctp[1] Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\NPAKQ9VN\ptch[1] Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\WD388BOH\17PHolmes[1].cmt Infected:
Trojan-Downloader.Win32.Agent.lbx skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\WD388BOH\rasesnet[1].exe Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\YPHQMV20\iddqd[1] Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\YPHQMV20\snapsnet[1].exe/data0006 Infected:
Trojan-Downloader.Win32.VB.caw skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\YPHQMV20\snapsnet[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\Mathew\My Documents\My Music\iTunes\iTunes
Library.itl Object is locked skipped
C:\Documents and Settings\Mathew\ntuser.dat Object is locked skipped
C:\Documents and Settings\Mathew\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\duruaknp.dll.vir Infected:
Trojan-Spy.Win32.VBStat.h skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fravaxbv.dll.vir Infected:
Packed.Win32.Klone.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gdrileax.dll.vir Infected:
Packed.Win32.Klone.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkji.dll.vir Infected:
not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jsnardlx.dll.vir Infected:
Packed.Win32.Klone.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mdnsnjsd.dll.vir Infected:
Trojan-Spy.Win32.VBStat.h skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oplsisoj.dll.vir Infected:
Trojan-Spy.Win32.VBStat.h skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yosvesth.dll.vir Infected:
Packed.Win32.Klone.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yrideqtt.dll.vir Infected:
Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP492\A0131258.dll
Infected: Trojan.Win32.BHO.g skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP492\A0131259.dll
Infected: Trojan.Win32.BHO.o skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145248.exe/data0002
Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145248.exe
NSIS: infected - 1 skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150502.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150503.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150504.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150505.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150506.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150507.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150508.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150509.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150510.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150511.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150512.dll
Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150513.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150514.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150515.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150516.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150517.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150518.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150519.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150520.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150521.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150522.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150523.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150524.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150525.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150526.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150527.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150528.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150529.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150530.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150557.dll
Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150558.dll
Infected: Packed.Win32.Klone.j skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150559.dll
Infected: Packed.Win32.Klone.j skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150560.dll
Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150561.dll
Infected: Packed.Win32.Klone.j skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150562.dll
Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150563.dll
Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150564.dll
Infected: Packed.Win32.Klone.j skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150565.dll
Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157105.dll
Infected: not-a-virus:AdTool.Win32.WhenU.r skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157106.exe
Infected: not-a-virus:AdTool.Win32.WhenU.t skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178911.exe
Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178912.exe
Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178913.exe
Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178914.exe
Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178915.exe
Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178916.exe
Infected: Virus.Win32.Trats.d skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178917.dll
Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178918.exe/data0001
Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178918.exe
NSIS: infected - 1 skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178919.dll
Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178920.exe/data0002
Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178920.exe
NSIS: infected - 1 skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178921.exe
Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\change.log
Object is locked skipped
C:\VundoFix Backups\aeuketyb.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\aldbpxki.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\bsiphhlh.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\dkeklfqu.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\dpllaehs.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\dyjkjnor.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\gryrgnyv.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\hpkfnpgn.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\hsoncatk.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ikaufucs.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\jkkji.dll.bad Infected:
not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\VundoFix Backups\jngkwjjm.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\jnrxdkbu.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\mhyrwhnv.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\mrsfpnet.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\mrwfmwvp.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\nncdfxer.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ogoluuoe.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\pthyprtn.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\rdbfjubl.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\rwouqdwi.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\tiftdcaf.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\tkmgdgfr.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\tkmyxdnr.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\weumsjux.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\woqgqnxl.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\xwuxefbv.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ykiwcned.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ykuantjj.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked
skipped
C:\WINDOWS\mrofinu1000106.exe Infected: Trojan-Downloader.Win32.Agent.lbx
skipped
C:\WINDOWS\mrofinu572.exe Infected: Trojan-Downloader.Win32.Agent.lbx
skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{4CB64E7B-E236-4508-99F5-329990CB0A2A}.crmlog
Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\byddnslj.dll Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\comyctgx.dll Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application
Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt Object is locked
skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\jkkll.dll Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\louggdya(4).dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\mnbmjort.dll Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\sclfrbhw.exe Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\sehkywog.exe Infected:
not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\vtuvuvt.dll Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped
C:\WINDOWS\TWF0aGV3\asappsrv.dll Infected:
not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\afclphcl.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\aofhowyy.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\awmtyiop.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\axngxfum.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bbjjseyv.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bdpeqctw.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\brqpwybf.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\btjsvbaq.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bxkselcu.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bynedhug.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\cybkvget.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\dudfovud.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\dunfhdjs.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\duoonbvd.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\egvccocs.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\elowntrq.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fcfokshy.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fjuwbcsa.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fowyhsxj.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fwivhisp.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\gxphnjwt.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hfdksuik.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hlwpcugk.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hnqdmvrg.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hntgtvos.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hqgsmriy.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hvhmwiiy.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ieroawar.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ipllfccv.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ippnefck.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ivlmkvgn.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jbugsbix.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jeiipcsi.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jnacioyq.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jxnaorra.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jydtqvbb.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kfepkutf.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kguhpelp.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kkkduksp.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\leqpfbxa.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\lhephphs.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\louggdya(2).dll
Infected: Packed.Win32.Klone.j skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\louggdya(3).dll
Infected: Packed.Win32.Klone.j skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\mhkjyfxn.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\mitnheou.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\msbwkwqc.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nebvrlkb.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nfxloqyy.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nllekavm.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nnlvxtnh.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nqdrfkrv.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nythtitw.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\oumeseis.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\phyvbbvk.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\pnjuhkcr.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\pxkonjug.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\rjhhkwgb.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\rtlqrwwj.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ruxhjjyy.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\sfsecrrw.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\slaeinkp.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\stokaygw.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\tgwcxqaw.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ttcqlmmh.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ttcuuktb.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\tyxcuwmf.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ucxittxc.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ufutgxpk.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\uyauncnt.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\virgsvje.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vjjxpvtx.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vplcglyp.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vqxxgwxy.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\wryafqwe.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\wshvpnhu.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xbckvfdo.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xlvlaxap.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xobbsvip.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xokrmyvd.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xurqyxkv.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xwctnyxc.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ytcekcdh.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\yxghwhui.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02052008_175017\WINDOWS\system32\wamilqvn.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\_OTMoveIt\MovedFiles\02052008_175017\WINDOWS\system32\yygqlcjj.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped
Scan process completed.
Hijack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:34 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [SupportAnyPC] "C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [08466b04] rundll32.exe "C:\WINDOWS\system32\lioriqcd.dll",b
O4 - HKLM\..\Run: [BM0b755898] Rundll32.exe "C:\WINDOWS\system32\prdroerp.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Mathew\APPLIC~1\SSEMBL~1\netdde.exe" -vt yazb
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWF0aGV3\command.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Out of the Box Consulting, Inc. - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe
--
End of file - 10315 bytes
its been a while lol....
Post by: guestolo on March 17, 2008, 09:24:32 PM
Can you do the following
If you still have combofix, delete your version on desktop
It updates frequently, and yours will be out of date
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Disable your Antivirus software temporarily so as it won't interfere with this next fix
Physically disconnect your connection to the internet
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Back in Windows
Post back the following:
1. Post the log from Combofix
2. Post a fresh hijackthis log
Post by: some1ok on March 17, 2008, 09:50:51 PM
ComboFix 08-03-17.1 - Mathew 2008-03-17 22:50:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.525 [GMT -4:00]
Running from: C:\Documents and Settings\Mathew\Desktop\ComboFix.exe
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mathew\Application Data\SSEMBL~1
C:\Documents and Settings\Mathew\Application Data\SSEMBL~1\?ssembly\
C:\Program Files\network monitor
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\BM0b755898.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\byddnslj.dll
C:\WINDOWS\system32\comyctgx.dll
C:\WINDOWS\system32\dcqiroil.ini
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\lioriqcd.dll
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\prdroerp.dll
C:\WINDOWS\system32\vtuvuvt.dll
C:\WINDOWS\system32\wilvcmeb.dll
C:\WINDOWS\TWF0aGV3\
C:\WINDOWS\TWF0aGV3\\asappsrv.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor
((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.
2008-03-17 16:28 . 2008-03-17 16:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-17 16:28 . 2008-03-17 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 19:01 . 2008-03-17 19:01 1,359,325 ---hs---- C:\WINDOWS\system32\trojmbnm.ini
2008-03-16 18:45 . 2008-03-16 23:20 <DIR> d-------- C:\WINDOWS\system32\xk1
2008-03-16 18:45 . 2008-03-16 23:21 <DIR> d-------- C:\WINDOWS\system32\tf5
2008-03-16 18:45 . 2008-03-16 18:45 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon
2008-03-16 18:45 . 2008-03-16 18:45 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._
2008-03-16 18:45 . 2008-03-16 18:45 687,592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-03-16 18:45 . 2008-03-16 18:45 37,376 --a------ C:\WINDOWS\mrofinu572.exe
2008-03-16 18:45 . 2008-03-16 18:45 37,376 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-03-12 12:22 . 2008-03-13 23:50 <DIR> d-------- C:\Program Files\Microsoft Games
2008-03-08 13:50 . 2008-03-08 13:50 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-06 22:38 . 2008-03-06 22:39 <DIR> d-------- C:\Program Files\Rogers
2008-03-05 23:26 . 2008-03-05 23:51 <DIR> d-------- C:\Program Files\iPod(6)
2008-03-05 15:21 . 2008-03-05 23:51 <DIR> d-------- C:\Program Files\ACW
2008-02-29 19:22 . 2008-03-05 23:51 <DIR> d-------- C:\Program Files\iPod
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 00:07 --------- d-----w C:\Program Files\FlashGet
2008-03-14 03:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 20:35 --------- d-----w C:\Program Files\DivX
2008-03-12 02:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-06 03:51 --------- d-----w C:\Program Files\QuickTime
2008-03-06 03:51 --------- d-----w C:\Program Files\iTunes
2008-02-07 22:46 --------- d-----w C:\Program Files\Cakewalk
2008-02-07 16:23 --------- d-----w C:\Program Files\Kontakt Player 2
2008-02-07 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-02-03 20:15 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Cakewalk
2008-02-03 20:10 118,784 ----a-w C:\WINDOWS\dsdxirmv.exe
2008-02-01 20:22 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Windows Desktop Search
2008-02-01 20:21 --------- d-----w C:\Program Files\Windows Desktop Search
2008-02-01 20:12 --------- d-----w C:\Program Files\UltraISO
2008-02-01 20:08 --------- d-----w C:\Program Files\Yahoo!
2008-02-01 19:58 --------- d-----w C:\Program Files\Microsoft Expression
2008-02-01 19:41 --------- d-----w C:\Program Files\MSN Messenger
2008-02-01 19:41 --------- d-----w C:\Program Files\DellSupport
2008-02-01 19:41 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-01 19:35 --------- d-----w C:\Program Files\Microsoft Works
2008-02-01 19:14 --------- d-----w C:\Program Files\MSBuild
2008-02-01 19:08 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-31 20:33 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-01-31 20:33 --------- d-----w C:\Program Files\MSECACHE
2008-01-31 03:43 --------- d-----w C:\Program Files\PowerISO
2008-01-30 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-30 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-01-30 14:53 --------- d-----w C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-24 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 01:59 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-24 01:59 --------- d-----w C:\Program Files\Windows Live
2008-01-24 01:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-23 21:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-23 21:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-23 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 20:58 --------- d-----w C:\Program Files\Lavasoft
2008-01-23 20:57 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Lavasoft
2008-01-23 20:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 20:34 --------- d-----w C:\Program Files\CCleaner
2008-01-23 20:20 --------- d-----w C:\Program Files\Trend Micro
2008-01-23 20:10 --------- d-----w C:\Program Files\STOPzilla!
2008-01-23 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-23 20:05 1,024 ----a-w C:\WINDOWS\system32\drivers\DAA59A82-9E4E-40FD-B02D-276A22231BCF.cxv
2008-01-22 18:01 2,048 ----a-w C:\WINDOWS\system32\drivers\5049CA52-0F31-41EA-B004-D73A5858207A.cxv
2008-01-22 18:00 --------- d-----w C:\Program Files\PrevxCSI
2008-01-22 17:39 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Grisoft
2008-01-22 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 16:26 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-22 16:26 --------- d-----w C:\Documents and Settings\Mathew\Application Data\SUPERAntiSpyware.com
2008-01-22 16:25 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-01-22 16:23 5,120 ----a-w C:\WINDOWS\system32\drivers\D6E4E5D4-36A3-4B90-8C4C-1C5228221F20.cxv
2008-01-22 15:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-22 03:53 --------- d-----w C:\Documents and Settings\Mathew\Application Data\PrevxCSI
2008-01-22 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-22 02:34 25,773 ----a-w C:\WINDOWS\system32\drivers\regguard.sys
2008-01-22 02:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-22 02:08 --------- d-----w C:\Program Files\Greatis
2008-01-22 01:00 --------- d-----w C:\Documents and Settings\Mathew\Application Data\DAEMON Tools
2008-01-22 00:55 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 19:47 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Yahoo!
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2007-04-28 13:06 173,376 -c--a-w C:\Program Files\AO
2006-08-09 17:58 251 ----a-w C:\Program Files\wt3d.ini
2006-08-09 02:00 149 ----a-w C:\Program Files\INSTALL.LOG
2006-08-08 23:00 88 --sh--r C:\WINDOWS\system32\110E035EBA.sys
2006-08-24 19:45 56 --sh--r C:\WINDOWS\system32\BA5E030E11.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2006-08-24 19:48 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2006-12-06 21:05 351 --sha-w C:\WINDOWS\system32\SoftwareDistribution\vbmc.ini2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E7848A1-3C96-424B-549F-2D5EFEC522D1}]
C:\Program Files\Windows Media Player\qudawuqe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DA617EF-469F-4AD0-A378-605EC78D208C}]
C:\Program Files\Movie Maker\pytegyri89104.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 12:51 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-22 11:39 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 16:51 478968]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2007-10-12 16:30 5166392]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2007-10-12 16:30 136504]
"Uaol"="C:\DOCUME~1\Mathew\APPLIC~1\SSEMBL~1\netdde.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-30 11:19 6731312]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 03:05 217088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [2008-01-22 11:38 212992]
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [2008-01-22 11:38 999424]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [2008-01-22 11:39 303104]
C:\Documents and Settings\Mathew\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-08 18:21:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 22:25:49 24576]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-08-08 14:53:59 118784]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvuvt]
vtuvuvt.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-05-03 03:12 98304 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:iPhone
"5061:UDP"= 5061:UDP:iPhone
"5062:UDP"= 5062:UDP:iPhone
"5004:UDP"= 5004:UDP:iPhone
"5005:UDP"= 5005:UDP:iPhone
"5006:UDP"= 5006:UDP:iPhone
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 14:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2001-07-03 13:00]
S3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2001-07-03 13:00]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-21 22:34]
S3 SupportAnyPC;SupportAnyPC Service;"C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe" -service []
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 22:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-18 02:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-12 19:40:07 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-03-17 22:57:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2008-03-17 23:03:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-18 03:03:06
ComboFix2.txt 2008-02-03 21:39:40
ComboFix3.txt 2008-02-01 19:52:17
ComboFix4.txt 2008-01-30 15:32:34
.
2008-03-12 02:01:04 --- E O F ---
HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:28 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: 0 - {6E7848A1-3C96-424B-549F-2D5EFEC522D1} - C:\Program Files\Windows Media Player\qudawuqe.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {8DA617EF-469F-4AD0-A378-605EC78D208C} - C:\Program Files\Movie Maker\pytegyri89104.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Mathew\APPLIC~1\SSEMBL~1\netdde.exe" -vt yazb
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: vtuvuvt - vtuvuvt.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Unknown owner - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe (file missing)
--
End of file - 11184 bytes
Post by: guestolo on March 18, 2008, 10:04:55 PM
Download [color=\"#FF0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
========================================
==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work
[color=\"#0000FF\"]File::
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\vtuvuvt.dll
C:\WINDOWS\system32\sehkywog.exe
C:\WINDOWS\system32\sclfrbhw.exe
C:\WINDOWS\system32\mnbmjort.dll
C:\WINDOWS\system32\louggdya(4).dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\comyctgx.dll
C:\WINDOWS\system32\byddnslj.dll
Folder::
C:\WINDOWS\system32\xk1
C:\WINDOWS\system32\tf5
C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon
C:\_OTMoveIt
C:\WINDOWS\TWF0aGV3
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E7848A1-3C96-424B-549F-2D5EFEC522D1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DA617EF-469F-4AD0-A378-605EC78D208C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uaol"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvuvt]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000
[/color]
Save this as txtfile on your desktop
CFScript
Disable your AntiVirus software temporarily so as it won't interfere with the next fix
(http://i184.photobucket.com/albums/x99/guestolo/CFScript.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
When finished, it shall produce a log for you with the name C:\ComboFix.txt..
I'll need to see that log again later
Please download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
1. Post the log from MBAM
2. Post the log from Combofix
3. Post a fresh hijackthis log
Post by: some1ok on March 19, 2008, 02:58:36 PM
Malwarebytes' Anti-Malware 1.08
Database version: 506
Scan type: Full Scan (C:\|)
Objects scanned: 168540
Time elapsed: 44 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 21
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\TWF0aGV3\asappsrv.dll.vir (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP632\A0146335.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178911.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178912.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178913.exe (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178914.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178915.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178917.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178918.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178919.dll (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178920.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178921.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178923.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180042.dll (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP735\A0180270.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP735\A0180271.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP735\A0180272.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
ComboFix
ComboFix 08-03-17.1 - Mathew 2008-03-18 23:26:26.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502 [GMT -4:00]
Running from: C:\Documents and Settings\Mathew\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mathew\Desktop\CFScript.txt
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
FILE ::
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\byddnslj.dll
C:\WINDOWS\system32\comyctgx.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\louggdya(4).dll
C:\WINDOWS\system32\mnbmjort.dll
C:\WINDOWS\system32\sclfrbhw.exe
C:\WINDOWS\system32\sehkywog.exe
C:\WINDOWS\system32\vtuvuvt.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\_OTMoveIt
C:\_OTMoveIt\MovedFiles\02032008_001353.log
C:\_OTMoveIt\MovedFiles\02032008_001353.res
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\QTFont.for
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\QTFont.qfn
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\afclphcl.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\aofhowyy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\awmtyiop.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\axngxfum.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bbjjseyv.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bdpeqctw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\brqpwybf.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\btjsvbaq.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bxkselcu.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bynedhug.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\cybkvget.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\dudfovud.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\dunfhdjs.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\duoonbvd.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\egvccocs.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\elowntrq.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fcfokshy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fjuwbcsa.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fowyhsxj.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fwivhisp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\gxphnjwt.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\h323log.txt
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hfdksuik.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hlwpcugk.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hnqdmvrg.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hntgtvos.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hqgsmriy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hvhmwiiy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ieroawar.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ipllfccv.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ippnefck.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ivlmkvgn.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jbugsbix.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jeiipcsi.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jnacioyq.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jxnaorra.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jydtqvbb.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kfepkutf.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kguhpelp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kkkduksp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\leqpfbxa.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\lhephphs.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\louggdya(2).dll
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\louggdya(3).dll
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\mhkjyfxn.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\mitnheou.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\msbwkwqc.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nebvrlkb.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nfxloqyy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nllekavm.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nnlvxtnh.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nqdrfkrv.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nythtitw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\oumeseis.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\phyvbbvk.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\pnjuhkcr.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\pxkonjug.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\rjhhkwgb.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\rtlqrwwj.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ruxhjjyy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\sfsecrrw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\slaeinkp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\stokaygw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\tgwcxqaw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ttcqlmmh.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ttcuuktb.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\tyxcuwmf.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ucxittxc.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ufutgxpk.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\uyauncnt.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\virgsvje.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vjjxpvtx.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vplcglyp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vqxxgwxy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\wryafqwe.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\wshvpnhu.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xbckvfdo.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xlvlaxap.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xobbsvip.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xokrmyvd.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xurqyxkv.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xwctnyxc.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ytcekcdh.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\yxghwhui.exe
C:\_OTMoveIt\MovedFiles\02052008_175017.log
C:\_OTMoveIt\MovedFiles\02052008_175017.res
C:\_OTMoveIt\MovedFiles\02052008_175017\WINDOWS\system32\wamilqvn.exe
C:\_OTMoveIt\MovedFiles\02052008_175017\WINDOWS\system32\yygqlcjj.exe
C:\_OTMoveIt\MovedFiles\02052008_175024.log
C:\_OTMoveIt\MovedFiles\02052008_175024.res
C:\_OTMoveIt\MovedFiles\03172008_162242.log
C:\_OTMoveIt\MovedFiles\03172008_162242.res
C:\VundoFix Backups
C:\VundoFix Backups\aeuketyb.exe.bad
C:\VundoFix Backups\aldbpxki.exe.bad
C:\VundoFix Backups\bsiphhlh.exe.bad
C:\VundoFix Backups\dkeklfqu.exe.bad
C:\VundoFix Backups\dpllaehs.exe.bad
C:\VundoFix Backups\dyjkjnor.exe.bad
C:\VundoFix Backups\gryrgnyv.exe.bad
C:\VundoFix Backups\hpkfnpgn.exe.bad
C:\VundoFix Backups\hsoncatk.exe.bad
C:\VundoFix Backups\ijkkj.ini.bad
C:\VundoFix Backups\ijkkj.ini2.bad
C:\VundoFix Backups\ikaufucs.exe.bad
C:\VundoFix Backups\jkkji.dll.bad
C:\VundoFix Backups\jngkwjjm.exe.bad
C:\VundoFix Backups\jnrxdkbu.exe.bad
C:\VundoFix Backups\mhyrwhnv.exe.bad
C:\VundoFix Backups\mrsfpnet.exe.bad
C:\VundoFix Backups\mrwfmwvp.exe.bad
C:\VundoFix Backups\nncdfxer.exe.bad
C:\VundoFix Backups\ogoluuoe.exe.bad
C:\VundoFix Backups\PageHistory.txt.bad
C:\VundoFix Backups\pthyprtn.exe.bad
C:\VundoFix Backups\rdbfjubl.exe.bad
C:\VundoFix Backups\rwouqdwi.exe.bad
C:\VundoFix Backups\tiftdcaf.exe.bad
C:\VundoFix Backups\tkmgdgfr.exe.bad
C:\VundoFix Backups\tkmyxdnr.exe.bad
C:\VundoFix Backups\WebHistory.txt.bad
C:\VundoFix Backups\weumsjux.exe.bad
C:\VundoFix Backups\woqgqnxl.exe.bad
C:\VundoFix Backups\xwuxefbv.exe.bad
C:\VundoFix Backups\ykiwcned.exe.bad
C:\VundoFix Backups\ykuantjj.exe.bad
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon
C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon\domains.txt
C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon\log.txt
C:\WINDOWS\system32\louggdya(4).dll
C:\WINDOWS\system32\sclfrbhw.exe
C:\WINDOWS\system32\sehkywog.exe
C:\WINDOWS\system32\tf5
C:\WINDOWS\system32\xk1
.
((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.
2008-03-17 16:28 . 2008-03-17 16:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-17 16:28 . 2008-03-17 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 19:01 . 2008-03-17 19:01 1,359,325 ---hs---- C:\WINDOWS\system32\trojmbnm.ini
2008-03-12 12:22 . 2008-03-13 23:50 <DIR> d-------- C:\Program Files\Microsoft Games
2008-03-08 13:50 . 2008-03-08 13:50 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-06 22:38 . 2008-03-06 22:39 <DIR> d-------- C:\Program Files\Rogers
2008-03-05 23:26 . 2008-03-05 23:51 <DIR> d-------- C:\Program Files\iPod(6)
2008-03-05 15:21 . 2008-03-05 23:51 <DIR> d-------- C:\Program Files\ACW
2008-02-29 19:22 . 2008-03-05 23:51 <DIR> d-------- C:\Program Files\iPod
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 00:07 --------- d-----w C:\Program Files\FlashGet
2008-03-14 03:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 20:35 --------- d-----w C:\Program Files\DivX
2008-03-12 02:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-06 03:51 --------- d-----w C:\Program Files\QuickTime
2008-03-06 03:51 --------- d-----w C:\Program Files\iTunes
2008-02-07 22:46 --------- d-----w C:\Program Files\Cakewalk
2008-02-07 16:23 --------- d-----w C:\Program Files\Kontakt Player 2
2008-02-07 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-02-03 20:15 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Cakewalk
2008-02-03 20:10 118,784 ----a-w C:\WINDOWS\dsdxirmv.exe
2008-02-01 20:22 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Windows Desktop Search
2008-02-01 20:21 --------- d-----w C:\Program Files\Windows Desktop Search
2008-02-01 20:12 --------- d-----w C:\Program Files\UltraISO
2008-02-01 20:08 --------- d-----w C:\Program Files\Yahoo!
2008-02-01 19:58 --------- d-----w C:\Program Files\Microsoft Expression
2008-02-01 19:41 --------- d-----w C:\Program Files\MSN Messenger
2008-02-01 19:41 --------- d-----w C:\Program Files\DellSupport
2008-02-01 19:41 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-01 19:35 --------- d-----w C:\Program Files\Microsoft Works
2008-02-01 19:14 --------- d-----w C:\Program Files\MSBuild
2008-02-01 19:08 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-31 20:33 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-01-31 20:33 --------- d-----w C:\Program Files\MSECACHE
2008-01-31 03:43 --------- d-----w C:\Program Files\PowerISO
2008-01-30 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-30 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-01-30 14:53 --------- d-----w C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-24 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 01:59 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-24 01:59 --------- d-----w C:\Program Files\Windows Live
2008-01-24 01:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-23 21:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-23 21:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-23 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 20:58 --------- d-----w C:\Program Files\Lavasoft
2008-01-23 20:57 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Lavasoft
2008-01-23 20:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 20:34 --------- d-----w C:\Program Files\CCleaner
2008-01-23 20:20 --------- d-----w C:\Program Files\Trend Micro
2008-01-23 20:10 --------- d-----w C:\Program Files\STOPzilla!
2008-01-23 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-23 20:05 1,024 ----a-w C:\WINDOWS\system32\drivers\DAA59A82-9E4E-40FD-B02D-276A22231BCF.cxv
2008-01-22 18:01 2,048 ----a-w C:\WINDOWS\system32\drivers\5049CA52-0F31-41EA-B004-D73A5858207A.cxv
2008-01-22 18:00 --------- d-----w C:\Program Files\PrevxCSI
2008-01-22 17:39 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Grisoft
2008-01-22 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 16:26 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-22 16:26 --------- d-----w C:\Documents and Settings\Mathew\Application Data\SUPERAntiSpyware.com
2008-01-22 16:25 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-01-22 16:23 5,120 ----a-w C:\WINDOWS\system32\drivers\D6E4E5D4-36A3-4B90-8C4C-1C5228221F20.cxv
2008-01-22 15:39 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-22 15:39 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-22 15:38 98,304 ----a-w C:\WINDOWS\system32\igfxtray.exe
2008-01-22 15:38 94,208 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-01-22 15:38 155,648 ----a-w C:\WINDOWS\system32\NeroCheck.exe
2008-01-22 15:38 114,688 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-01-22 15:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-22 03:53 --------- d-----w C:\Documents and Settings\Mathew\Application Data\PrevxCSI
2008-01-22 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-22 02:34 25,773 ----a-w C:\WINDOWS\system32\drivers\regguard.sys
2008-01-22 02:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-22 02:08 --------- d-----w C:\Program Files\Greatis
2008-01-22 01:00 --------- d-----w C:\Documents and Settings\Mathew\Application Data\DAEMON Tools
2008-01-22 00:55 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 19:47 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Yahoo!
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-04-28 13:06 173,376 -c--a-w C:\Program Files\AO
2006-08-09 17:58 251 ----a-w C:\Program Files\wt3d.ini
2006-08-09 02:00 149 ----a-w C:\Program Files\INSTALL.LOG
2006-08-08 23:00 88 --sh--r C:\WINDOWS\system32\110E035EBA.sys
2006-08-24 19:45 56 --sh--r C:\WINDOWS\system32\BA5E030E11.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2006-08-24 19:48 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2006-12-06 21:05 351 --sha-w C:\WINDOWS\system32\SoftwareDistribution\vbmc.ini2
.
((((((((((((((((((((((((((((( snapshot@2008-03-17_23.02.47.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-18 00:09:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-19 02:31:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-18 00:09:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-19 02:31:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-19 02:31:37 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 12:51 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-22 11:39 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 16:51 478968]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2007-10-12 16:30 5166392]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2007-10-12 16:30 136504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-30 11:19 6731312]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 03:05 217088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2008-01-22 11:38 212992]
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [2008-01-22 11:38 999424]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [2008-01-22 11:39 303104]
C:\Documents and Settings\Mathew\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-08 18:21:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 22:25:49 24576]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-08-08 14:53:59 118784]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-05-03 03:12 98304 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:iPhone
"5061:UDP"= 5061:UDP:iPhone
"5062:UDP"= 5062:UDP:iPhone
"5004:UDP"= 5004:UDP:iPhone
"5005:UDP"= 5005:UDP:iPhone
"5006:UDP"= 5006:UDP:iPhone
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 14:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2001-07-03 13:00]
S3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2001-07-03 13:00]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-21 22:34]
S3 SupportAnyPC;SupportAnyPC Service;"C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe" -service []
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 22:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-19 02:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-12 19:40:07 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-03-18 23:29:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
Completion time: 2008-03-18 23:30:15
ComboFix-quarantined-files.txt 2008-03-19 03:30:07
ComboFix2.txt 2008-03-18 03:03:13
ComboFix3.txt 2008-02-03 21:39:40
ComboFix4.txt 2008-02-01 19:52:17
ComboFix5.txt 2008-01-30 15:32:34
.
2008-03-12 02:01:04 --- E O F ---
Hijack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:00 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Unknown owner - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe (file missing)
--
End of file - 10891 bytes
Post by: guestolo on March 19, 2008, 06:27:00 PM
Did you recently install SupportAnyPC?
Post by: some1ok on March 23, 2008, 09:36:34 PM
i think i downloaded a virus and INSTALLED IT
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />here is the youtube link from where i first saw this so called "high speed torrent" thing
http://youtube.com/watch?v=AMpDQz8_sos&feature=bz301 (http://\"http://youtube.com/watch?v=AMpDQz8_sos&feature=bz301\")
please help asap
Post by: guestolo on March 23, 2008, 09:47:20 PM
Post by: some1ok on March 24, 2008, 12:18:46 PM
HiJack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:22 PM, on 3/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.turbo-search101.com (http://\"http://www.turbo-search101.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: Highspeeddownloader.lnk = C:\WINDOWS\system32\SetupClickHere.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Unknown owner - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe (file missing)
--
End of file - 11309 bytes
Post by: guestolo on March 24, 2008, 12:45:17 PM
I noticed my firewall prompted if I wanted to change my start page
Regardless it changed both IE and firefox to the startpage your now getting
Can you do the following while i check it out
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
Post back just the Whole contents of Main.txt and Extra.txt
Post by: some1ok on March 24, 2008, 01:58:40 PM
Deckard's System Scanner v20071014.68
Run by Mathew on 2008-03-24 15:09:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
284: 2008-03-24 19:09:11 UTC - RP739 - Deckard's System Scanner Restore Point
283: 2008-03-24 02:32:57 UTC - RP738 - Restore Operation
282: 2008-03-22 19:39:19 UTC - RP737 - System Checkpoint
281: 2008-03-21 00:47:56 UTC - RP736 - System Checkpoint
280: 2008-03-19 03:26:12 UTC - RP735 - ComboFix created restore point
-- First Restore Point --
1: 2008-03-16 22:55:02 UTC - RP456 - Software Distribution Service 3.0
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Mathew.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:43 PM, on 3/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Documents and Settings\Mathew\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mathew.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/ (http://\"http://www.msn.ca/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: Highspeeddownloader.lnk = C:\WINDOWS\system32\SetupClickHere.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Unknown owner - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe (file missing)
--
End of file - 11333 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080130-095644-297 O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvgoc.dll,startup
backup-20080202-102727-147 O2 - BHO: (no name) - {8EE430F9-85E7-44B2-B7D2-1BE83735913A} - (value not set) (file missing)
backup-20080205-174845-417 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
-- File Associations -----------------------------------------------------------
[color=\"red\"].js - JSFile - DefaultIcon - unable to read value[/color]
[color=\"red\"].js - JSFile - shell\open\command - unable to read value[/color]
[color=\"red\"].reg - regfile - shell\open\command - "%1" %*[/color]
[color=\"red\"].scr - scrfile - shell\open\command - "%1" %*[/color]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 dsunidrv (DellSupport UniDriver) - c:\windows\system32\drivers\dsunidrv.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
S0 Partizan - c:\windows\system32\drivers\partizan.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 ENETHUSB (Speedstream Ethernet USB Adapter) - c:\windows\system32\drivers\enethusb.sys <Not Verified; Efficient Networks, Inc.; Speedstream Ethernet USB Adapter>
S3 kvpndev (Kerio VPN adapter) - c:\windows\system32\drivers\kvpndrv.sys <Not Verified; Kerio Technologies Inc.; Kerio VPN driver (x86)>
S3 kwflower (Kerio WinRoute Firewall Driver - Lower Layer) - c:\windows\system32\drivers\kwflower.sys (file missing)
S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing)
S3 RegGuard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 SupportAnyPC (SupportAnyPC Service) - "c:\docume~1\mathew\locals~1\temp\winvnc.exe" -service (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-03-24 14:45:00 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-03-21 18:16:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-19 15:40:20 374 --a------ C:\WINDOWS\Tasks\RegCure.job
-- Files created between 2008-02-24 and 2008-03-24 -----------------------------
2008-03-23 22:57:14 0 d-------- C:\Program Files\Alwil Software
2008-03-23 22:23:16 36864 --a------ C:\WINDOWS\system32\SetupClickHere.EXE <Not Verified; ; workingvista>
2008-03-20 22:31:21 0 d-------- C:\Program Files\Andrew Wommack Bible Commentary
2008-03-18 23:32:55 0 d-------- C:\Documents and Settings\Mathew\Application Data\Malwarebytes
2008-03-18 23:32:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-18 23:32:44 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-17 16:28:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-17 16:28:37 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-12 12:22:23 0 d-------- C:\Program Files\Microsoft Games
2008-03-08 13:50:05 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-06 22:38:35 0 d-------- C:\Program Files\Rogers
2008-03-05 23:26:37 0 d-------- C:\Program Files\iPod(6)
2008-03-05 15:21:23 0 d-------- C:\Program Files\ACW
2008-02-29 19:22:48 0 d-------- C:\Program Files\iPod
-- Find3M Report ---------------------------------------------------------------
2008-03-24 13:28:59 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-03-23 22:30:16 0 d-------- C:\Program Files\FlashGet
2008-03-22 16:22:24 0 d-------- C:\Documents and Settings\Mathew\Application Data\Macromedia
2008-03-16 23:21:34 0 d-------- C:\Program Files\Common Files
2008-03-16 23:21:25 0 d-------- C:\Program Files\Movie Maker
2008-03-13 23:55:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-12 16:35:04 0 d-------- C:\Program Files\DivX
2008-03-05 23:51:40 0 d-------- C:\Program Files\iTunes
2008-03-05 23:51:28 0 d-------- C:\Program Files\QuickTime
2008-02-24 23:40:37 0 d-------- C:\Documents and Settings\Mathew\Application Data\Adobe
2008-02-07 18:46:42 0 d-------- C:\Program Files\Cakewalk
2008-02-07 12:23:06 0 d-------- C:\Program Files\Kontakt Player 2
2008-02-03 16:15:46 0 d-------- C:\Documents and Settings\Mathew\Application Data\Cakewalk
2008-02-03 16:10:09 118784 --a------ C:\WINDOWS\dsdxirmv.exe
2008-02-01 16:22:26 0 d-------- C:\Documents and Settings\Mathew\Application Data\Windows Desktop Search
2008-02-01 16:21:36 0 d-------- C:\Program Files\Windows Desktop Search
2008-02-01 16:12:40 0 d-------- C:\Program Files\UltraISO
2008-02-01 16:08:38 0 d-------- C:\Program Files\Yahoo!
2008-02-01 15:58:41 0 d-------- C:\Program Files\Microsoft Expression
2008-02-01 15:41:28 0 d-------- C:\Program Files\MSN Messenger
2008-02-01 15:41:24 0 d-------- C:\Program Files\DellSupport
2008-02-01 15:41:24 0 d-------- C:\Program Files\Common Files\LightScribe
2008-02-01 15:35:35 0 d-------- C:\Program Files\Microsoft Works
2008-02-01 15:14:45 0 d-------- C:\Program Files\MSBuild
2008-02-01 15:08:42 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-31 16:33:55 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-01-31 16:33:34 0 d-------- C:\Program Files\MSECACHE
2008-01-30 23:43:20 0 d-------- C:\Program Files\PowerISO
2008-01-30 10:53:26 0 d-------- C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-22 11:38:57 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-12-24 18:21:17 196 --a------ C:\Documents and Settings\Mathew\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [01/30/2008 11:19 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [01/20/2008 03:05 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/22/2008 11:38 AM]
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [01/22/2008 11:38 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [01/22/2008 11:39 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/21/2008 11:28 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/17/2008 12:51 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [01/22/2008 11:39 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [01/30/2008 02:11 PM]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [04/23/2007 04:51 PM]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [10/12/2007 04:30 PM]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [10/12/2007 04:30 PM]
C:\Documents and Settings\Mathew\Start Menu\Programs\Startup\
Highspeeddownloader.lnk - C:\WINDOWS\system32\SetupClickHere.EXE [3/23/2008 10:23:16 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 9:24:54 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [8/8/2006 6:21:21 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/1/2006 10:25:49 PM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [8/8/2006 2:53:59 PM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 4:40:46 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 04:39 PM 294400]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-- End of Deckard's System Scanner: finished at 2008-03-24 15:12:19 ------------
extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® D CPU 2.80GHz
CPU 1: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1014.07 MiB / 508.47 MiB
Pagefile Memory (total/avail): 2441.26 MiB / 2036.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.82 MiB
C: is Fixed (NTFS) - 144.33 GiB total, 76.96 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST3160812AS - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 144.33 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: McAfee Personal Firewall Plus v (McAfee)
AV: avast! antivirus 4.7.1098 [VPS 080324-0] v4.7.1098 (ALWIL Software)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:FlashGet"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mathew\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mathew
include=C:\Program Files\Microsoft Visual Studio\VC98\atl\include;C:\Program Files\Microsoft Visual Studio\VC98\mfc\include;C:\Program Files\Microsoft Visual Studio\VC98\include
lib=C:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;C:\Program Files\Microsoft Visual Studio\VC98\lib
LOGONSERVER=\\COMPUTER
MSDevDir=C:\Program Files\Microsoft Visual Studio\Common\MSDev98
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;C:\Program Files\Microsoft Visual Studio\Common\Tools;C:\Program Files\Microsoft Visual Studio\VC98\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Mathew\LOCALS~1\Temp
TMP=C:\DOCUME~1\Mathew\LOCALS~1\Temp
USERDOMAIN=COMPUTER
USERNAME=Mathew
USERPROFILE=C:\Documents and Settings\Mathew
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Mathew (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\WEBDELC.EXE -[PC-CAM Center
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Andrew Wommack Bible Commentary --> C:\Program Files\Andrew Wommack Bible Commentary\uninstall.exe
AOL (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_ca.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus 3.0 --> C:\Program Files\Azureus\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Creative PC-CAM 300 Driver --> C:\WINDOWS\CtDrvIns.exe -uninstall USB\VID_041E&PID_400A&mi_00 -plugin Pd016pin.dll -pluginres Pd016pin.crl
Creative PC-CAM Center --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\PC-CAM Center\DeIsL1.isu"
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
Ease Audio Converter 4.40 --> "C:\Program Files\easetech\EaseAudioConverter\unins000.exe"
Efficient Networks SpeedStream DSL --> C:\Program Files\Efficient Networks\SpeedStream DSL\setup.exe -uninstall
Error Fixer 3.0.1 --> "C:\Program Files\Error Fixer\unins000.exe"
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Flash Video Exporter 1.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D61229A-9C20-465E-9EEA-76D98FAFE5F6}\Setup.exe" -l0x9 UNINSTALL
FlashGet 1.8.2.1001 --> C:\Program Files\FlashGet\uninst.exe
Free Window Registry Repair --> C:\PROGRA~1\FREEWI~1\UNWISE.EXE C:\PROGRA~1\FREEWI~1\INSTALL.LOG
Games X Copy --> MsiExec.exe /X{22CDDA47-7205-4C64-B594-C94C5EE2CE70}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LANDE PMF PLAYER --> MsiExec.exe /I{84159FAA-47D7-4F5C-9E29-F38E23CBDB7F}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Macromedia HomeSite+ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}\Setup.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expression Web --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web --> MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Expression Web MUI (English) --> MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project MUI (English) 2007 --> MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007 --> MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual Studio 6.0 Enterprise Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Microsoft Windows Theme Ontario --> MsiExec.exe /X{9757283E-3FCA-4F3D-9257-928859318E55}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia Lifeblog --> MsiExec.exe /I{1240CF7E-11B6-4C95-B4E7-F524CF3F785A}
Nokia Multimedia Factory --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BD72E64C-F0DB-40CB-846B-611C57D8AB0C} /l2057
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
Pop-Up Stopper Free Edition --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PSP Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
PSP Video Express(remove only) --> "C:\Program Files\PQDVD\PSPVideoExpress\bt-uninst.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.0.0.43 --> C:\Program Files\RegCure\uninst.exe
Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Rogers Self Healing Software (remove only) --> "C:\Program Files\Rogers\SelfHealing\uninst.exe"
Roxio Backup MyPC --> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
TopStyle Lite (Version 3.0) --> C:\WINDOWS\unlite3.exe "C:\Program Files\Bradbury\TopStyle3"
Torrent Episode Downloader --> MsiExec.exe /I{C672363C-69EC-4549-B955-AA9997BCACDA}
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
Update Manager (remove only) --> "C:\Program Files\Rogers\Update Manager\uninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XBC 5.1 --> C:\PROGRA~1\XBC\UNWISE.EXE C:\PROGRA~1\XBC\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type29338 / Error
Event Submitted/Written: 03/24/2008 03:12:02 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Event Record #/Type29337 / Error
Event Submitted/Written: 03/24/2008 03:12:02 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Event Record #/Type29336 / Error
Event Submitted/Written: 03/24/2008 03:12:02 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Event Record #/Type29335 / Error
Event Submitted/Written: 03/24/2008 03:12:02 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Event Record #/Type29334 / Error
Event Submitted/Written: 03/24/2008 03:12:02 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type71361 / Warning
Event Submitted/Written: 03/24/2008 02:34:40 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type71360 / Error
Event Submitted/Written: 03/24/2008 01:32:33 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.2.2 for the Network Card with network address 9800980098F0 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
Event Record #/Type71358 / Warning
Event Submitted/Written: 03/24/2008 01:32:32 PM
Event ID/Source: 8 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Did not receive auto-negotiation advertisement from link partner. A duplex mismatch may occur.
Event Record #/Type71355 / Error
Event Submitted/Written: 03/24/2008 09:07:39 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.2.2 for the Network Card with network address 9800980098F0 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
Event Record #/Type71353 / Warning
Event Submitted/Written: 03/24/2008 09:07:34 AM
Event ID/Source: 8 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Did not receive auto-negotiation advertisement from link partner. A duplex mismatch may occur.
-- End of Deckard's System Scanner: finished at 2008-03-24 15:12:19 ------------
Post by: guestolo on March 24, 2008, 03:14:39 PM
- Please double-click OTMoveIt2.exe to run it.
- Copy the entries below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
C:\Documents and Settings\Mathew\Start Menu\Programs\Startup\Highspeeddownloader.lnk
C:\WINDOWS\system32\SetupClickHere.EXE
====================================================== - Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt when it has completed.
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Post that log with a fresh hijackthis log
Also, you appear to be using McAfee Firewall
Open the Firewall setting
Remove any entries from the Program list it allows that you don't recognize
eg.. Workingvista
If you open Firefox, are you allowed to change your homepage?
It locked mine down
There's an easy way to unlock it however
NOTE: I asked you this earlier
If you installed SupportAnyPC, did you remove it?
Post by: some1ok on March 24, 2008, 05:43:06 PM
C:\Documents and Settings\Mathew\Start Menu\Programs\Startup\Highspeeddownloader.lnk moved successfully.
C:\WINDOWS\system32\SetupClickHere.EXE moved successfully.
File/Folder not found.
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03242008_185403
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:21 PM, on 3/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/ (http://\"http://www.msn.ca/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Unknown owner - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe (file missing)
--
End of file - 11519 bytes
i dont know which program is not supposed to be there in the allow list :S...am i supposed to see working vista? or something around it?...:S...i dont see
also.....sorry about not answering...how do i delete it if i have SupportAnyPC
Post by: guestolo on March 24, 2008, 05:57:56 PM
Did you at ANY time install SupportAnyPC
IF you did, did you Uninstall it??
Also, answer the following
Open Firefox, what is it's homepage at?
Can you change it???
Post by: some1ok on March 24, 2008, 06:46:00 PM
can u please in brief explain what this virus is doing to my computer?.. i want to know the symptoms and effects. thanks alot.
Post by: guestolo on March 24, 2008, 07:45:26 PM
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- SupportAnyPC Service
Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Apply and ok it
This malware you installed seems to so far just install a couple files
Changes IE startpage, which is easy to change
But also changes Firefox startpage and locks it down
Can you go to START>>Run>>copy and paste the next line in bold to the open field
C:\Program Files\Mozilla Firefox\greprefs
Then click OK
The greprefs folder should open
RIGHT CLICK on all.js
Then choose EDIT from the menu
A text file should open
Don't copy>paste everything back to me
But can you copy>paste back here the LAST 10 lines of that text file
Just close it out afterwards
Post by: some1ok on March 24, 2008, 07:49:17 PM
//@line 1570 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"
//@line 1759 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"
//@line 1848 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"
//@line 2263 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"
//@line 2331 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"
//@line 2357 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"
//@line 2377 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"
//@line 2385 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"
pref("general.config.filename", "info1.cfg");
Post by: guestolo on March 24, 2008, 09:28:36 PM
Can you check for one file for me
info1.cfg
Look in either one of these 2 folders
C:\Program Files\Mozilla Firefox\greprefs
or
C:\Program Files\Mozilla Firefox
Let me know if you can see it
Post by: some1ok on March 25, 2008, 01:50:44 PM
Post by: guestolo on March 25, 2008, 10:24:20 PM
Ensure that Mozilla Firefox is closed and not running
Navigate to this folder
C:\Program Files\Mozilla Firefox\greprefs
Open it and RIGHT CLICK on all.js
Then choose EDIT from the menu
REMOVE this line at the bottom of the text file that opens
pref("general.config.filename", "info1.cfg");
Close all.js and SAVE the change at the prompt
Then delete info1.cfg
Open firefox and you should now be able to change your home page to what you want
Let me know how it goes please
Post by: some1ok on March 26, 2008, 01:56:51 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />now...uhm...was only my browser that was affected?....or is there more to this stupid virus i downloaded =(......nehow... thanks again man...really appreciate it
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: guestolo on March 27, 2008, 02:59:23 PM
Can you still do the following
I just want an update on add/remove
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Quote
was only my browser that was affected?I forgot to take a registry and folder shot before and after and have since
imaged by drive back
Can't find the installer anymore either, it's link has been removed
But that's all it seems to have done
Post by: some1ok on March 27, 2008, 03:41:53 PM
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Andrew Wommack Bible Commentary
AOL (Choose which version to remove)
AOL Connectivity Services
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
avast! Antivirus
AVG Anti-Spyware 7.5
AviSynth 2.5
Azureus 3.0
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Creative PC-CAM 300 Driver
Creative PC-CAM Center
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
DellSupport
DFX for Windows Media Player
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DreamStation DXi2
Ease Audio Converter 4.40
Efficient Networks SpeedStream DSL
Error Fixer 3.0.1
ESPNMotion
Flash Video Exporter 1.2
FlashGet 1.8.2.1001
Free Window Registry Repair
Games X Copy
GemMaster Mystic
Google Gmail Notifier
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
LANDE PMF PLAYER
Learn2 Player (Uninstall Only)
Macromedia Extension Manager
Macromedia Flash MX 2004
Macromedia FreeHand MXa
Macromedia HomeSite+
Malwarebytes' Anti-Malware
MCU
Messenger Plus! Live
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition
Microsoft Plus! Digital Media Edition Installer
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Windows Theme Ontario
Modem Helper
Mozilla Firefox (2.0.0.13)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Nero - Burning Rom
Nero BurnRights
NetWaiting
Nikon Message Center
Nokia Connectivity Cable Driver
Nokia Lifeblog
Nokia Multimedia Factory
Nokia PC Connectivity Solution
Nokia PC Suite
PictureProject
Pop-Up Stopper Free Edition
PowerISO
PSP Video 9 2.25
PSP Video Express(remove only)
QuickTime
RealPlayer
RegCure 1.0.0.43
Riva FLV Encoder 2.0
Rogers Self Healing Software (remove only)
Roxio Backup MyPC
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SUPER © Version 2007.bld.23 (July 4, 2007)
Tabbed Browsing (Windows Live Toolbar)
TopStyle Lite (Version 3.0)
Torrent Episode Downloader
Update for Outlook 2007 Junk Email Filter (kb947945)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update Manager (remove only)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
VeohTV BETA
VideoLAN VLC media player 0.8.5
WebCyberCoach 3.2 Dell
Windows Desktop Search 3.01
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
XBC 5.1
Post by: guestolo on March 27, 2008, 04:10:24 PM
[color=\"blue\"]Updating Java:[/color]
- Download the latest version of Java Runtime Environment (JRE) 6 Update 5 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- From that link scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5".
- Click the "Download" button to the right.
- Click the Accept button>>the page will refresh
- Click on the link to download Windows Offline Installation, Multi-language (15.18 MB) and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Examples of older versions in Add or Remove Programs:
* Java 2 Runtime Environment, SE v1.4.2
* J2SE Runtime Environment 5.0
* J2SE Runtime Environment 5.0 Update 2
[/list]
In your case, remove
Java 2 Runtime Environment, SE v1.4.2_03
Reboot your computer
Back in Windows
From your desktop double-click on jre-6u5-windows-i586-p.exe that you downloaded to install the newest version of Sun Java
Did you purposely install the next programs?
Error Fixer 3.0.1
RegCure 1.0.0.43
I suggest that you uninstall them
Post a fresh hijackthis log, keep me informed How things are running
Post by: some1ok on March 27, 2008, 05:49:17 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:40 PM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/ (http://\"http://www.msn.ca/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - <a href="http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab" target="_blank" rel="nofollow">http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab</a>
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 11637 bytes
ALSO.....i got rid of regcure....but i cant get rid of error fixer....because the file is not there?...so what do i do?.....my comp is doing alright...but uhm .....it just lags at the randomest of times...not quite often...but once in a while...any info on that?
Post by: guestolo on March 28, 2008, 07:11:43 AM
But nothing in your uninstall list
Did you recently uninstall McAfee's Internet Security?
It looks like it wasn't removed completely
Post by: some1ok on March 28, 2008, 01:51:18 PM
Post by: guestolo on March 29, 2008, 11:05:56 AM
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- McAfee WSC Integration
Double click on it---
In the drop down menu, change the startup type to Disabled
Apply and Ok it
do the same for the next ones
McAfee Task Scheduler
McAfee SecurityCenter Update Manager
McAfee Personal Firewall Service
McAfee SpamKiller Server
Reboot the computer
Back in windows
Download and run the McAfee Consumer Products Removal tool (MCPR.exe).
From Here
http://download.mcafee.com/products/licens...atches/MCPR.exe (http://\"http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe\")
- Click Save and save the file to any folder on the computer.
- Navigate to the folder where the file is saved.
- Double-click MCPR.exe.
- Click Run. A Command Line window will be displayed, and then close automatically. Wait for a second Command Line window to be displayed.
[color=\"blue\"]Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.[/color]
After the second window appears, the program will begin the cleanup. - Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window:
- Press Y on the keyboard.
- Wait for the computer to restart.
Let me know how things are running afterwards
Post a fresh hijackthis log
Post by: some1ok on March 29, 2008, 02:03:41 PM
Scan saved at 3:20:45 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/ (http://\"http://www.msn.ca/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 10343 bytes
things are running ok.....my system lags. at randomest times =S....any ideas why?...
Post by: guestolo on March 29, 2008, 02:27:02 PM
Post by: some1ok on March 29, 2008, 03:54:15 PM
Post by: guestolo on March 29, 2008, 04:09:47 PM
I'm not sure why it's flagging spyware, unless to endorse the product
Can we do the following
Open Hijackthis>>Open Misc tools section>>Open Uninstall Manager
Left click to Highlight
Error Fixer 3.0.1
Select 'Delete this entry'
YES to the prompt then you can exit Hijackthis
Use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color] (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html\")
Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.
- Once the files are downloaded click on Next
- Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
- Scan using the following Anti-Virus database:
- Scan Options:
[/list]
[/list]
- Click OK and, under select a target to scan, select My Computer
There is no option to clean/disinfect, however, we need to analyze the information on the report.
(http://i184.photobucket.com/albums/x99/guestolo/Kas-SaveReport-1.gif)
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.
Post by: some1ok on April 01, 2008, 05:38:24 PM
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 01, 2008 6:55:34 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/04/2008
Kaspersky Anti-Virus database records: 676350
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 145229
Number of viruses found: 3
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 02:20:15
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.10.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.10.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy30.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_ba8.dat Object is locked skipped
C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\cert8.db Object is locked skipped
C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\history.dat Object is locked skipped
C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\key3.db Object is locked skipped
C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\parent.lock Object is locked skipped
C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Mathew\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\dfsr.db Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsr.log Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\tmp.edb Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows Live Contacts\joelm4jcEmail Removed\real\members.stg Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows Live Contacts\joelm4jcEmail Removed\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\History\History.IE5\MSHist012008040120080402\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF650.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF7C7.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF8C4.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF916F.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF9180.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DFB3F2.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DFB43B.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\Mathew\ntuser.dat Object is locked skipped
C:\Documents and Settings\Mathew\ntuser.dat.LOG Object is locked skipped
C:\Downloads\Troy KLAXXON\Troy KLAXXON.avi.fb! Object is locked skipped
C:\Joel\Logs\April 2008\calvin_liu25Email Removed.txt Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byddnslj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\comyctgx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lioriqcd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\prdroerp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wilvcmeb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-17_225736.03.zip/jkkll.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-17_225736.03.zip/vtuvuvt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-17_225736.03.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157105.dll Infected: not-a-virus:AdTool.Win32.WhenU.r skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157106.exe Infected: not-a-virus:AdTool.Win32.WhenU.t skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178971.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180037.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180038.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180039.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180040.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180041.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP744\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{F1A9DCD6-6499-430C-B2F7-698D748F953C}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{AC27E661-966A-42D2-B506-1C5F33DB1DD6}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_618.dat Object is locked skipped
C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Post by: guestolo on April 01, 2008, 08:18:09 PM
Anything bad is in backup folders from tools we used, or in system restore folders
We can deal with that later
Go to START>>RUN>>copy and paste the next command to the open field
ComboFix /u
then hit OK
This will uninstall Combofix
Afterwards
Find and delete the following folder
C:\QooBox <-this folder
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
========================================
NOTE: Bootup will be a bit slower after running this cleaner
It will clear your Prefetch folder, bootup will speed up after this folder is rebuilt
Double click to run OTMoveIt2.exe
- Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list - Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall - Select Yes to reboot Now
After you have done the above
Come back, post a fresh hijackthis log, let me know how things are now running
Remember, you may have to boot a couple times for bootup time increases
Post by: some1ok on April 04, 2008, 02:55:25 PM
Scan saved at 4:14:27 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/ (http://\"http://www.msn.ca/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (http://\"http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB\")
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 10616 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:27 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/ (http://\"http://www.msn.ca/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (http://\"http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB\")
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab (http://\"http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155396204578\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 10616 bytes
things are running good.... how do we get rid of the those files quarantined or whatever?
Post by: guestolo on April 04, 2008, 09:11:02 PM
Quote
Go to START>>RUN>>copy and paste the next command to the open field
ComboFix /u
then hit OK
This will uninstall Combofix
Afterwards
Find and delete the following folder
C:\QooBox <-this folder
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
========================================
NOTE: Bootup will be a bit slower after running this cleaner
It will clear your Prefetch folder, bootup will speed up after this folder is rebuilt
Double click to run OTMoveIt2.exe
* Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
* Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall
* Select Yes to reboot Now
NOTE: This procedure will also delete OTMoveit.exe from desktop
After you have done the above
Come back, post a fresh hijackthis log, let me know how things are now running
Remember, you may have to boot a couple times for bootup time increases
If so, we removed many of the bad files
Go and manually delete C:\Qoobox folder if found
If you did all the above, let me know and we'll do some final steps
Post by: some1ok on April 04, 2008, 09:43:58 PM
Post by: guestolo on April 04, 2008, 10:48:50 PM
Select>>Create a New restore point
Give it a name, any name,
and click Create
Windows will prompt when it was created successfully
When that's done
Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating
Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made
Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning
I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
In addition, it would be a good idea to download and install
Spybot 1.5.2.20 (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")
During installation, Spybot's TeaTimer will enable by default, this is spyware Realtime protection
Optionally, you can UNCHECK that option, or use it as a great preventative against spyware
After installation, Search for and Download all updates
After updating, utilize the Immunization feature
Click Immunize>>Immunize again the top green cross
Do that after every update
Probably a good idea to Check for Problems and fix anything in Red
Take a look at miekiemoes site with other ideas on How to prevent Malware: (http://\"http://users.telenet.be/bluepatchy/miekiemoes/prevention.html\")
I hope that helps
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on April 26, 2008, 05:15:03 PM