Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - sndement

Pages: [1]

Tech Clinic / HJT Log Help

« on: November 28, 2007, 06:13:39 PM »

37521.exe;c:\documents and settings\suzanne dement\application data;Trojan.DownLoader.36835;Deleted.;
aolconnfix.exe;C:\;Trojan.PWS.Gamania.origin;Incurable.Moved.;
49181.exe;C:\Documents and Settings\Suzanne Dement\Application Data;Trojan.DownLoader.36835;Deleted.;
pcpriv.exe;C:\Documents and Settings\Suzanne Dement\Application Data;Trojan.DownLoader.36408;Deleted.;
printer.exe;C:\Documents and Settings\Suzanne Dement\Application Data;Trojan.Fakealert.378;Deleted.;
GTDownDE_87.ocx;C:\i386;Adware.Gdown;Moved.;
autorun.exe.vir;C:\qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup;Trojan.Fakealert.378;Deleted.;
findfast.exe.vir;C:\qoobox\Quarantine\C\Documents and Settings\Suzanne Dement\Start Menu\Programs\Startup;Trojan.Fakealert.378;Deleted.;
3269.exe.vir;C:\qoobox\Quarantine\C\Program Files;Trojan.DownLoader.based;Deleted.;
func.exe.vir;C:\qoobox\Quarantine\C\Program Files;Trojan.Click.1237;Deleted.;
spoolsv.exe.vir;C:\qoobox\Quarantine\C\Program Files;Trojan.Click.origin;Incurable.Moved.;
xloader10181.exe.vir;C:\qoobox\Quarantine\C\Program Files;Trojan.Fakealert;Deleted.;
lawu.dll.vir;C:\qoobox\Quarantine\C\Program Files\Common Files;Trojan.StartPage.19992;Deleted.;
lawu832.dll.vir;C:\qoobox\Quarantine\C\Program Files\Common Files;Trojan.StartPage.19992;Deleted.;
lawu862.dll.vir;C:\qoobox\Quarantine\C\Program Files\Common Files;Trojan.StartPage.19992;Deleted.;
Yazzle1162OinAdmin.exe.vir;C:\qoobox\Quarantine\C\Program Files\Common Files;Adware.ClickSpring;Moved.;
Yazzle1549OinAdmin.exe.vir\data001;C:\qoobox\Quarantine\C\Program Files\Common Files\Yazzle1549OinAdmin.exe.vir;Adware.MediaTicket.origin;;
Yazzle1549OinAdmin.exe.vir\data002;C:\qoobox\Quarantine\C\Program Files\Common Files\Yazzle1549OinAdmin.exe.vir;Trojan.PurityAd.origin;;
Yazzle1549OinAdmin.exe.vir;C:\qoobox\Quarantine\C\Program Files\Common Files;Archive contains infected objects;Moved.;
chkdsk.exe.vir;C:\qoobox\Quarantine\C\Program Files\Common Files\MCROSO~1.NET;Trojan.DownLoader.22753;Deleted.;
holesudu4444.dll.vir;C:\qoobox\Quarantine\C\Program Files\Windows NT;Adware.Ttc;Moved.;
holesudu83122.dll.vir;C:\qoobox\Quarantine\C\Program Files\Windows NT;Adware.Ttc;Moved.;
jctzxafg.dll.bad.vir;C:\qoobox\Quarantine\C\VundoFix Backups;Trojan.Fakealert.372;Deleted.;
npkmscxj.dll.bad.vir;C:\qoobox\Quarantine\C\VundoFix Backups;Trojan.Fakealert.372;Deleted.;
avp.exe.vir;C:\qoobox\Quarantine\C\WINDOWS;Trojan.DownLoader.25873;Deleted.;
mgrs.exe.vir;C:\qoobox\Quarantine\C\WINDOWS;Trojan.DownLoader.25873;Deleted.;
mrofinu1000106.exe.vir;C:\qoobox\Quarantine\C\WINDOWS;Trojan.DownLoader.31817;Deleted.;
mrofinu77.exe.vir;C:\qoobox\Quarantine\C\WINDOWS;Trojan.DownLoader.31817;Deleted.;
shell.exe.vir;C:\qoobox\Quarantine\C\WINDOWS;Trojan.Fakealert.378;Deleted.;
agrhoxkj.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.232;Deleted.;
bjhtsokx.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.EzulaAd;Deleted.;
fcccawv.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.230;Deleted.;
ibncxiq.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Adware.ClickSpring.origin;Moved.;
ldcore.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoader.37335;Deleted.;
printer.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.378;Deleted.;
qyfufaql.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.25;Deleted.;
rlprtgtx.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.EzulaAd;Deleted.;
spoolvs.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.378;Deleted.;
vpbwnuce.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.EzulaAd;Deleted.;
winkvs32.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Mezzia;Deleted.;
ybdhdmdg.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.25;Deleted.;
dnslook11.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32\b1;Trojan.DownLoader.5013;Deleted.;
asappsrv.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\U3V6YW5uZSBEZW1lbnQ;Trojan.Proxy.493;Deleted.;
A0036553.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP393;Adware.Ttc;Moved.;
A0036554.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP393;Trojan.DownLoader.24715;Deleted.;
A0036555.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP393;Trojan.Proxy.493;Deleted.;
A0036556.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP393;Trojan.PurityAd.origin;Incurable.Moved.;
A0036561.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP393;Trojan.DownLoader.31817;Deleted.;
A0036566.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP393;Trojan.Fakealert;Deleted.;
MFEX-1.DAT;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP393\snapshot;Adware.Ttc;Moved.;
A0036806.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP398;Trojan.Click.4740;Deleted.;
A0036811.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP398;Adware.MyWay;Moved.;
A0037851.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP398;Trojan.DownLoader.based;Deleted.;
A0037853.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP398;Adware.Ttc;Moved.;
A0037857.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP398;Trojan.DnsChange;Deleted.;
A0037864.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP398;Trojan.DownLoader.22753;Deleted.;
A0038874.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP398;Trojan.DownLoader.25873;Deleted.;
A0038875.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP399;Trojan.Fakealert.378;Deleted.;
A0038876.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP399;Trojan.Fakealert.378;Deleted.;
A0038878.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP399;Trojan.Fakealert.378;Deleted.;
A0038879.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP399;Trojan.Fakealert.378;Deleted.;
A0038908.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP400;Trojan.Fakealert.378;Deleted.;
A0038909.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP400;Trojan.Fakealert.378;Deleted.;
A0038910.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP400;Trojan.Fakealert.378;Deleted.;
A0038911.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP400;Trojan.Fakealert.378;Deleted.;
A0039885.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.Fakealert.378;Deleted.;
A0039886.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.Fakealert.378;Deleted.;
A0039894.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Adware.ClickSpring;Moved.;
A0039896.exe\data001;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401\A0039896.exe;Adware.MediaTicket.origin;;
A0039896.exe\data002;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401\A0039896.exe;Trojan.PurityAd.origin;;
A0039896.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Archive contains infected objects;Moved.;
A0039901.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.DownLoader.31817;Deleted.;
A0039902.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.DownLoader.31817;Deleted.;
A0039903.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.EzulaAd;Deleted.;
A0039904.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.EzulaAd;Deleted.;
A0039905.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.EzulaAd;Deleted.;
A0039910.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Adware.ClickSpring.origin;Moved.;
A0039911.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.StartPage.19992;Deleted.;
A0039912.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.StartPage.19992;Deleted.;
A0039913.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.StartPage.19992;Deleted.;
A0039914.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.Mezzia;Deleted.;
A0039915.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.Virtumod.232;Deleted.;
A0039916.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.Juan.25;Deleted.;
A0039918.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.Juan.25;Deleted.;
A0039920.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.Proxy.493;Deleted.;
A0039921.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.DownLoader.22753;Deleted.;
A0039923.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.DownLoader.5013;Deleted.;
A0039931.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.DownLoader.37335;Deleted.;
A0039932.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.Fakealert.378;Deleted.;
A0039933.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.DownLoader.25873;Deleted.;
A0039937.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.DownLoader.25873;Deleted.;
A0039939.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.Fakealert.378;Deleted.;
A0039940.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.Fakealert.378;Deleted.;
A0039942.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.DownLoader.based;Deleted.;
A0039943.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401;Trojan.Fakealert;Deleted.;
A0040176.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP404;Trojan.Click.1237;Deleted.;
A0040177.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP404;Trojan.Click.origin;Incurable.Moved.;
A0040178.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP404;Adware.Ttc;Moved.;
A0040179.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP404;Adware.Ttc;Moved.;
A0040183.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP404;Trojan.Virtumod.230;Deleted.;
A0040342.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP406;Trojan.DownLoader.36835;Deleted.;
A0040344.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP406;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0040345.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP406;Trojan.DownLoader.36408;Deleted.;
A0040346.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP406;Trojan.Fakealert.378;Deleted.;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:22 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\ESDUSBMon.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Venturi2\Configurator\ventcfg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\EpStsSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Venturi2\Configurator\ventcfg.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ESDUSBMon.exe] C:\WINDOWS\system32\ESDUSBMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\append.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EPSON ESC/POS Status Service (EPSON ESCPOS Status Service) - SEIKO EPSON Corp. - C:\WINDOWS\SYSTEM32\EpStsSrv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Venturi2 Client (Venturi2) - Venturi Wireless - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: WLANKEEPER - IntelÂ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6207 bytes

ComboFix 07-11-28.2 - Suzanne Dement 2007-11-28 15:48:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.667 [GMT -6:00]
Running from: C:\Documents and Settings\Suzanne Dement\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Suzanne Dement\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Suzanne Dement\mit.bat
C:\Program Files\Del.js
C:\Program Files\func.exe
C:\Program Files\func.js
C:\Program Files\spoolsv.exe
C:\Program Files\Windows NT\holesudu4444.dll
C:\Program Files\Windows NT\holesudu83122.dll
C:\WINDOWS\system32\append.dll
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
C:\WINDOWS\system32\drvnib.dll
C:\WINDOWS\system32\fcccawv.dll
C:\WINDOWS\system32\mvisdfcb.ini
C:\WINDOWS\system32\pmnnnkl.dll
C:\WINDOWS\system32\sgecreva.ini
C:\WINDOWS\system32\vtsqomk.dll
C:\WINDOWS\system32\VundoFixSVC.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Suzanne Dement\mit.bat
C:\Program Files\Del.js
C:\Program Files\E404 Helper
C:\Program Files\E404 Helper\e404.v6.dll
C:\Program Files\func.exe
C:\Program Files\func.js
C:\Program Files\spoolsv.exe
C:\Program Files\Windows NT\holesudu4444.dll
C:\Program Files\Windows NT\holesudu83122.dll
C:\Temp\abW9
C:\Temp\abW9\tPho.log
C:\VundoFix Backups
C:\VundoFix Backups\drvnibr.dll.bad
C:\VundoFix Backups\ihhkj.ini.bad
C:\VundoFix Backups\ihhkj.ini2.bad
C:\VundoFix Backups\jctzxafg.dll.bad
C:\VundoFix Backups\jctzxafg.dllbox.bad
C:\VundoFix Backups\jkhhi.dll.bad
C:\VundoFix Backups\npkmscxj.dll.bad
C:\VundoFix Backups\vtsqomk.dll.bad
C:\WINDOWS\system32\append.dll
C:\WINDOWS\system32\cc1
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
C:\WINDOWS\system32\drvnib.dll
C:\WINDOWS\system32\fcccawv.dll
C:\WINDOWS\system32\mvisdfcb.ini
C:\WINDOWS\system32\pmnnnkl.dll
C:\WINDOWS\system32\sgecreva.ini
C:\WINDOWS\system32\vtsqomk.dll
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\U3V6YW5uZSBEZW1lbnQ
C:\WINDOWS\U3V6YW5uZSBEZW1lbnQ\oapdsqcRtm1HtqY5vBk.vbs

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.

2007-11-28 15:32 . 2007-11-28 15:32   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-27 21:30 . 2005-04-03 23:03   204,832   --a------   C:\Documents and Settings\Suzanne Dement\Application Data\pcpriv.exe
2007-11-27 21:18 . 2007-11-27 21:18   <DIR>   d--------   C:\Program Files\Trend Micro
2007-11-27 14:44 . 2007-11-28 15:51   18,432   --a------   C:\WINDOWS\system32\append.dll
2007-11-23 19:42 . 2007-11-23 19:42   <DIR>   d--------   C:\Documents and Settings\Suzanne Dement\Application Data\ultra
2007-11-21 18:07 . 2005-03-20 23:54   9,728   --a------   C:\Documents and Settings\Suzanne Dement\Application Data\printer.exe
2007-11-21 17:48 . 2005-05-10 12:10   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Sonic
2007-11-21 17:48 . 2005-05-10 12:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-11-21 17:48 . 2005-05-10 11:45   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Intel
2007-11-21 17:48 . 2007-02-06 12:01   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Application Data\Gtek
2007-11-20 20:44 . 2007-11-20 20:45   <DIR>   d--------   C:\Program Files\Windows Live Safety Center
2007-11-20 20:23 . 2007-11-20 20:23   1,147,424   --a------   C:\Install
2007-11-20 20:20 . 2007-11-28 15:49   <DIR>   d--------   C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 21:42   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-21 02:51   ---------   d-----w   C:\Documents and Settings\Suzanne Dement\Application Data\Lavasoft
2007-11-21 02:17   ---------   d-----w   C:\Documents and Settings\Suzanne Dement\Application Data\Apple Computer
2006-09-28 00:00   563,712   ----a-w   C:\Documents and Settings\Suzanne Dement\gotomypc_370.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Temp ----

2007-11-20 20:20   1858   --a------   C:\Temp\abW9\tPho.log

((((((((((((((((((((((((((((( snapshot@2007-11-28_11.08.51.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-28 21:32:39   632,320   ----a-r   C:\WINDOWS\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
+ 2007-11-28 21:32:39   29,184   ----a-r   C:\WINDOWS\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 15:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 13:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 20:00]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 15:54]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-05-10 12:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"Venturi Configurator"="C:\Program Files\Venturi2\Configurator\ventcfg.exe" [2004-03-08 13:48]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"ESDUSBMon.exe"="C:\WINDOWS\system32\ESDUSBMon.exe" [2005-05-26 20:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\append.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, append.dll

S3 nwusbmdm;Novatel Wireless Merlin CDMA EV-DO Modem Driver;C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
S3 nwusbser;Novatel Wireless Merlin CDMA EV-DO Status Port;C:\WINDOWS\system32\DRIVERS\nwusbser.sys
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 18:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 15:51:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 15:53:14 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-28 11:09
.
   --- E O F ---

Tech Clinic / HJT Log Help

« on: November 28, 2007, 01:46:53 PM »

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Broadcom Management Programs 2
Conexant D110 MDC V.9x Modem
Digital Line Detect
EPSON Advanced Printer Driver 3
HijackThis 2.0.2
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
Intel® PROSet/Wireless Software
InterActual Player
Internal Network Card Power Management
Internet Explorer Default Page
Java 2 Runtime Environment, SE v1.4.2_03
Macromedia Contribute 3
Macromedia Flash Player
mCore
mDrWiFi
Merlin V620 CDMA EV-DO PC Card Device Driver
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office Professional Edition 2003
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
mToolkit
mWlsSafe
mXML
mZConfig
Portfolio Browser
PowerDVD 5.3
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Ultra soft
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Venturi Client 2.3
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows Media Recorder
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086

Tech Clinic / HJT Log Help

« on: November 28, 2007, 12:18:17 PM »

Thank you so much for your help. I did exactly what you said and here are the logs that you asked for!

ComboFix 07-11-28.2 - Suzanne Dement 2007-11-28 11:03:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.656 [GMT -6:00]
Running from: C:\Documents and Settings\Suzanne Dement\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\lkpsdutc.dll
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\Chris Dement\Application Data\install.dat
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\Suzanne Dement\Application Data\ASKS~1
C:\Documents and Settings\Suzanne Dement\Application Data\ASKS~1\s?rvices.exe
C:\Documents and Settings\Suzanne Dement\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\Suzanne Dement\Desktop\Free Online Dating.lnk
C:\Documents and Settings\Suzanne Dement\Desktop\Go to Casino.lnk
C:\Documents and Settings\Suzanne Dement\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Suzanne Dement\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Suzanne Dement\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Suzanne Dement\Start Menu\Programs\Startup\findfast.exe
C:\Program Files\3269.exe
C:\Program Files\Common Files\lawu.dll
C:\Program Files\Common Files\lawu832.dll
C:\Program Files\Common Files\lawu862.dll
C:\Program Files\Common Files\mcroso~1.net
C:\Program Files\Common Files\mcroso~1.net\chkdsk.exe
C:\Program Files\Common Files\mcroso~1.net\M?crosoft.NET\
C:\Program Files\Common Files\progy.html
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\xloader10181.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\avp.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu77.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\agrhoxkj.dll
C:\WINDOWS\system32\append.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\b1\dnslook11.exe
C:\WINDOWS\system32\bjhtsokx.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\g2
C:\WINDOWS\system32\g2\bemwdll3.exe
C:\WINDOWS\system32\i2
C:\WINDOWS\system32\i2\mper83122.exe
C:\WINDOWS\system32\ibncxiq.dll
C:\WINDOWS\system32\jkxohrga.ini
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\n8
C:\WINDOWS\system32\n8\ensts2dll.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\qyfufaql.dll
C:\WINDOWS\system32\rlprtgtx.exe
C:\WINDOWS\system32\rMa01yy
C:\WINDOWS\system32\rMa02yy
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\tgsqljjt.dll
C:\WINDOWS\system32\tnrtmwuk
C:\WINDOWS\system32\tnrtmwuk\bg1.gif
C:\WINDOWS\system32\tnrtmwuk\bgtop.gif
C:\WINDOWS\system32\tnrtmwuk\bottom1.gif
C:\WINDOWS\system32\tnrtmwuk\essentials.gif
C:\WINDOWS\system32\tnrtmwuk\icon1.ico
C:\WINDOWS\system32\tnrtmwuk\install1.gif
C:\WINDOWS\system32\tnrtmwuk\left1.gif
C:\WINDOWS\system32\tnrtmwuk\li.gif
C:\WINDOWS\system32\tnrtmwuk\logo.gif
C:\WINDOWS\system32\tnrtmwuk\main.htm
C:\WINDOWS\system32\tnrtmwuk\mainframe.htm
C:\WINDOWS\system32\tnrtmwuk\reinstall1.gif
C:\WINDOWS\system32\tnrtmwuk\right1.gif
C:\WINDOWS\system32\tnrtmwuk\s1.htm
C:\WINDOWS\system32\tnrtmwuk\s2.htm
C:\WINDOWS\system32\tnrtmwuk\s3.htm
C:\WINDOWS\system32\tnrtmwuk\SMTop1.gif
C:\WINDOWS\system32\tnrtmwuk\SMTop2.gif
C:\WINDOWS\system32\tnrtmwuk\SMTop3.gif
C:\WINDOWS\system32\tnrtmwuk\SMTop4.gif
C:\WINDOWS\system32\tnrtmwuk\soft1_off.gif
C:\WINDOWS\system32\tnrtmwuk\soft1_off_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft1_on.gif
C:\WINDOWS\system32\tnrtmwuk\soft1_on_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft2_off.gif
C:\WINDOWS\system32\tnrtmwuk\soft2_off_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft2_on.gif
C:\WINDOWS\system32\tnrtmwuk\soft2_on_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft3_off.gif
C:\WINDOWS\system32\tnrtmwuk\soft3_off_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft3_on.gif
C:\WINDOWS\system32\tnrtmwuk\soft3_on_ext.gif
C:\WINDOWS\system32\tnrtmwuk\softbottom_off.gif
C:\WINDOWS\system32\tnrtmwuk\softbottom_on.gif
C:\WINDOWS\system32\tnrtmwuk\softleft_off.gif
C:\WINDOWS\system32\tnrtmwuk\softleft_on.gif
C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk1.exe
C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk2.exe
C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk3.exe
C:\WINDOWS\system32\tnrtmwuk\top1.gif
C:\WINDOWS\system32\tnrtmwuk\top2.gif
C:\WINDOWS\system32\tnrtmwuk\turnoff1.gif
C:\WINDOWS\system32\tnrtmwuk\turnon1.gif
C:\WINDOWS\system32\vpbwnuce.exe
C:\WINDOWS\system32\winkvs32.dll
C:\WINDOWS\system32\xlibgfl254.dll
C:\WINDOWS\system32\ybdhdmdg.dll
C:\WINDOWS\U3V6YW5uZSBEZW1lbnQ\asappsrv.dll
C:\WINDOWS\uninstall_nmon.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\cmdService
-------\core
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.

2007-11-28 10:43 . 2007-11-28 10:43   24,576   --a------   C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-28 10:33 . 2007-11-28 10:49   <DIR>   d--------   C:\VundoFix Backups
2007-11-27 21:30 . 2005-04-03 23:03   204,832   --a------   C:\Documents and Settings\Suzanne Dement\Application Data\pcpriv.exe
2007-11-27 21:18 . 2007-11-27 21:18   <DIR>   d--------   C:\Program Files\Trend Micro
2007-11-27 14:44 . 2007-11-28 11:08   18,432   --a------   C:\WINDOWS\system32\append.dll
2007-11-23 19:46 . 2007-11-27 20:52   784,311   ---hs----   C:\WINDOWS\system32\mvisdfcb.ini
2007-11-23 19:42 . 2007-11-23 19:42   <DIR>   d--------   C:\Documents and Settings\Suzanne Dement\Application Data\ultra
2007-11-23 19:41 . 2007-11-23 19:41   <DIR>   d--------   C:\Program Files\E404 Helper
2007-11-21 19:04 . 2007-11-23 19:40   775,892   ---hs----   C:\WINDOWS\system32\sgecreva.ini
2007-11-21 18:07 . 2005-03-20 23:54   9,728   --a------   C:\Documents and Settings\Suzanne Dement\Application Data\printer.exe
2007-11-21 18:05 . 2007-11-27 20:46   10,240   --a------   C:\Program Files\spoolsv.exe
2007-11-21 17:48 . 2005-05-10 12:10   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Sonic
2007-11-21 17:48 . 2005-05-10 12:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-11-21 17:48 . 2005-05-10 11:45   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Intel
2007-11-21 17:48 . 2007-02-06 12:01   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Application Data\Gtek
2007-11-20 20:44 . 2007-11-20 20:45   <DIR>   d--------   C:\Program Files\Windows Live Safety Center
2007-11-20 20:32 . 2007-11-20 20:32   2,238   --a------   C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
2007-11-20 20:23 . 2007-11-20 20:23   1,147,424   --a------   C:\Install
2007-11-20 20:23 . 2007-11-20 20:23   104,448   --a------   C:\WINDOWS\system32\drvnib.dll
2007-11-20 20:23 . 2007-11-20 20:23   37,376   --a------   C:\WINDOWS\system32\fcccawv.dll
2007-11-20 20:23 . 2007-11-20 20:23   36,864   --a------   C:\WINDOWS\system32\pmnnnkl.dll
2007-11-20 20:23 . 2007-11-20 20:23   123   --a------   C:\Documents and Settings\Suzanne Dement\mit.bat
2007-11-20 20:20 . 2007-11-28 11:05   <DIR>   d--hs----   C:\WINDOWS\U3V6YW5uZSBEZW1lbnQ
2007-11-20 20:20 . 2007-11-20 20:27   <DIR>   d--------   C:\WINDOWS\system32\cc1
2007-11-20 20:20 . 2007-11-20 20:20   <DIR>   d--------   C:\Temp\abW9
2007-11-20 20:20 . 2007-11-28 11:05   <DIR>   d--------   C:\Temp
2007-11-20 20:20 . 2007-11-20 20:20   36,352   ---------   C:\WINDOWS\system32\vtsqomk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 02:51   ---------   d-----w   C:\Documents and Settings\Suzanne Dement\Application Data\Lavasoft
2007-11-21 02:17   ---------   d-----w   C:\Documents and Settings\Suzanne Dement\Application Data\Apple Computer
2006-12-03 01:05   2,522   ----a-w   C:\Program Files\func.js
2006-11-25 07:57   482   ----a-w   C:\Program Files\Del.js
2006-09-28 00:00   563,712   ----a-w   C:\Documents and Settings\Suzanne Dement\gotomypc_370.exe
2006-06-08 07:02   2,048   ----a-w   C:\Program Files\func.exe
2005-07-29 22:24   472   --sha-r   C:\WINDOWS\U3V6YW5uZSBEZW1lbnQ\oapdsqcRtm1HtqY5vBk.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{158A95B4-1F79-3B06-78BF-0424CDB17C2E}]
         C:\Program Files\Ykxlmrvc\xcbnbvcl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89E15DBE-E182-4BA8-A217-A9F85ABBCEF8}]
         C:\WINDOWS\system32\jkhhi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DEA227B4-DE6E-440E-BB55-9D073BA9B31F}]
2007-08-02 07:43   282624   --a------   C:\Program Files\Windows NT\holesudu83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF7EF472-C393-4A2A-A9E1-C18488545F3C}]
2007-08-02 07:43   282624   --a------   C:\Program Files\Windows NT\holesudu4444.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PestTrap"="C:\Program Files\PestTrap\PestTrap.exe" []
"Nijpymvp"="C:\Documents and Settings\Suzanne Dement\Application Data\?asks\s?rvices.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Sen"="C:\PROGRA~1\COMMON~1\MCROSO~1.NET\chkdsk.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 15:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 13:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 20:00]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 15:54]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-05-10 12:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"Venturi Configurator"="C:\Program Files\Venturi2\Configurator\ventcfg.exe" [2004-03-08 13:48]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"ESDUSBMon.exe"="C:\WINDOWS\system32\ESDUSBMon.exe" [2005-05-26 20:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\append.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, append.dll, xlibgfl254.dll

S3 nwusbmdm;Novatel Wireless Merlin CDMA EV-DO Modem Driver;C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
S3 nwusbser;Novatel Wireless Merlin CDMA EV-DO Status Port;C:\WINDOWS\system32\DRIVERS\nwusbser.sys
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 18:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 11:08:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 11:09:20 - machine was rebooted
.
   --- E O F ---

undoFix V6.6.2

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 10:33:55 AM 11/28/2007

Listing files found while scanning....

C:\windows\system32\drvnibr.dll
C:\windows\system32\ihhkj.ini
C:\windows\system32\ihhkj.ini2
C:\WINDOWS\system32\jctzxafg.dll
C:\windows\system32\jctzxafg.dllbox
C:\windows\system32\jkhhi.dll
C:\windows\system32\npkmscxj.dll
C:\WINDOWS\system32\vtsqomk.dll

Beginning removal...

Attempting to delete C:\windows\system32\drvnibr.dll
C:\windows\system32\drvnibr.dll Has been deleted!

Attempting to delete C:\windows\system32\ihhkj.ini
C:\windows\system32\ihhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\ihhkj.ini2
C:\windows\system32\ihhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jctzxafg.dll
C:\WINDOWS\system32\jctzxafg.dll Has been deleted!

Attempting to delete C:\windows\system32\jctzxafg.dllbox
C:\windows\system32\jctzxafg.dllbox Has been deleted!

Attempting to delete C:\windows\system32\jkhhi.dll
C:\windows\system32\jkhhi.dll Has been deleted!

Attempting to delete C:\windows\system32\npkmscxj.dll
C:\windows\system32\npkmscxj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqomk.dll
C:\WINDOWS\system32\vtsqomk.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 10:51:43 AM 11/28/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:06 AM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\EpStsSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\WINDOWS\system32\ESDUSBMon.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Venturi2\Configurator\ventcfg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {158A95B4-1F79-3B06-78BF-0424CDB17C2E} - C:\Program Files\Ykxlmrvc\xcbnbvcl.dll (file missing)
O2 - BHO: (no name) - {89E15DBE-E182-4BA8-A217-A9F85ABBCEF8} - C:\WINDOWS\system32\jkhhi.dll (file missing)
O2 - BHO: (no name) - {DEA227B4-DE6E-440E-BB55-9D073BA9B31F} - C:\Program Files\Windows NT\holesudu83122.dll
O2 - BHO: (no name) - {EF7EF472-C393-4A2A-A9E1-C18488545F3C} - C:\Program Files\Windows NT\holesudu4444.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Venturi2\Configurator\ventcfg.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ESDUSBMon.exe] C:\WINDOWS\system32\ESDUSBMon.exe
O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe
O4 - HKCU\..\Run: [Nijpymvp] "C:\Documents and Settings\Suzanne Dement\Application Data\?asks\s?rvices.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sen] "C:\PROGRA~1\COMMON~1\MCROSO~1.NET\chkdsk.exe" -vt ndrv
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\append.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EPSON ESC/POS Status Service (EPSON ESCPOS Status Service) - SEIKO EPSON Corp. - C:\WINDOWS\SYSTEM32\EpStsSrv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Venturi2 Client (Venturi2) - Venturi Wireless - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: WLANKEEPER - IntelÂ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7280 bytes

Tech Clinic / HJT Log Help

« on: November 27, 2007, 10:52:39 PM »

Hi,

I have this horrid Outerinfo virus on my pc. It has completely taken over to the point where I can't even run IE on my pc anymore. When I remove all of the programs in the entire bundle in safe mode it still re-installs each time I reboot my machine. I have borrowed another pc tonight in order to install HJT from a USB disk to my pc. This is he log I have come up with....do I need to post the startup list as well?

ps I have no other details except that my pc's active desktop has turned itself off and it has become a complete nightmare.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:22 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Venturi2\Configurator\ventcfg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ESDUSBMon.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\Documents and Settings\Suzanne Dement\Application Data\?asks\s?rvices.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\MCROSO~1.NET\chkdsk.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rlprtgtx.exe
C:\WINDOWS\system32\EpStsSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\Suzanne Dement\Application Data\pcpriv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\jctzxafg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Venturi2\Configurator\ventcfg.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ESDUSBMon.exe] C:\WINDOWS\system32\ESDUSBMon.exe
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [mnwtszmj] rundll32.exe "C:\Program Files\hinktspq\datepmty.dll",Init
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvnib.dll,startup
O4 - HKLM\..\Run: [lkpsdutc] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lkpsdutc.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [f0ae5a35] rundll32.exe "C:\WINDOWS\system32\agrhoxkj.dll",b
O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe
O4 - HKCU\..\Run: [Nijpymvp] "C:\Documents and Settings\Suzanne Dement\Application Data\?asks\s?rvices.exe"
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sen] "C:\PROGRA~1\COMMON~1\MCROSO~1.NET\chkdsk.exe" -vt ndrv
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\append.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U3V6YW5uZSBEZW1lbnQ\command.exe (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\rlprtgtx.exe
O23 - Service: EPSON ESC/POS Status Service (EPSON ESCPOS Status Service) - SEIKO EPSON Corp. - C:\WINDOWS\SYSTEM32\EpStsSrv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Venturi2 Client (Venturi2) - Venturi Wireless - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: WLANKEEPER - IntelÂ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\progy.html

--
End of file - 8777 bytes

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - sndement

Tech Clinic / HJT Log Help

Tech Clinic / HJT Log Help

Tech Clinic / HJT Log Help

Tech Clinic / HJT Log Help