Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
   
3 Pages V   1 2 3 >  
 Closed TopicStart new topic
My Hijackthis PLZ help me! [RESOLVED]
dirtyendz
post Feb 17 2008, 11:39 AM
Post #1


Member
**
Posts: 17
From: Cali
OS: xp
Here is my hijack this list. I think i only have outerinfo and internet speed monitor. My cpu is running at 100% with no apps running. I get the popups and that is about it. AVG didnt give my a log and Hijack this wont give me a uninstall list. So here is my info and thank u in advance for your time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:44 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\WINDOWS\system32\?ecurity\t?skmgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\WINDOWS\PPATCH~1\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....&bm=ms_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\awvvs.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145415281\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM970cc1f8] Rundll32.exe "C:\WINDOWS\system32\jrbjqlcn.dll",s
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Knmvxw] C:\WINDOWS\system32\?ecurity\t?skmgr.exe
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\PPATCH~1\spoolsv.exe" -vt ndrv
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\SCRABBLE\Images\stg_drm.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 11577 bytes








Incident Status Location

Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\QdrDrive\QdrDrive10.dll
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Ssk.log
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.com.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.target.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cookies.txt[.go.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adserver.easyad[1].txt
Spyware:Cookie/Revenue Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adsrevenue[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@c5.zedo[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@enhance[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@findwhat[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
Adware:Adware/Popadd Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\MDL9D.tmp[QdrModule12.exe]
Adware:Adware/Popadd Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\TMPBC.tmp
Adware:Adware/Popadd Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AXK9E34D\ismtpa10[1].exe[QdrModule12.exe]
Adware:Adware/Matcash Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MNUJQVWB\2c1dbeb1361cce3acfbbca0488dfd6ee[1].zip[b151.exe]
Adware:Adware/VideoActiveXObject Not disinfected C:\Documents and Settings\Administrator\My Documents\My Downloads\myspace.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
Possible Virus. Not disinfected C:\Program Files\FaxTools\Install\Setup.exe
Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
Possible Virus. Not disinfected C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\Setup.exe
Adware:Adware/Zenosearch Not disinfected C:\Program Files\Outerinfo\FF\components\FF.dll
Possible Virus. Not disinfected C:\Program Files\Shadow Tool.exe
Virus:Generic Trojan Disinfected C:\WINDOWS\b104.exe
Virus:Trj/Downloader.SLD Disinfected C:\WINDOWS\b116.exe
Virus:Trj/Downloader.PLQ Disinfected C:\WINDOWS\b138.exe
Adware:Adware/Matcash Not disinfected C:\WINDOWS\b151.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\Nircmd.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\L3B9A.tmp
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\L6141.tmp
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\L633F.tmp[ism.exe]
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\L633F.tmp[QdrDrive10.dll]
Adware:Adware/Popadd Not disinfected C:\WINDOWS\system32\L633F.tmp[QdrModule12.exe]
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\L6BF1.tmp[ism.exe]
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\L6BF1.tmp[QdrDrive10.dll]
Adware:Adware/Popadd Not disinfected C:\WINDOWS\system32\L6BF1.tmp[QdrModule12.exe]
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\L92CE.tmp
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\LCB81.tmp[ism.exe]
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\LCB81.tmp[QdrDrive10.dll]
Adware:Adware/Popadd Not disinfected C:\WINDOWS\system32\LCB81.tmp[QdrModule12.exe]
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\LCEFF.tmp[ism.exe]
Adware:Adware/InternetSpeedMonitor Not disinfected C:\WINDOWS\system32\LCEFF.tmp[QdrDrive10.dll]
Adware:Adware/Popadd Not disinfected C:\WINDOWS\system32\LCEFF.tmp[QdrModule12.exe]
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\LE1CB.tmp


SUPERAntiSpyware Scan Log
Generated 02/16/2008 at 08:12 PM

Application Version : 3.6.1000

Core Rules Database Version : 3404
Trace Rules Database Version: 1396

Scan type : Complete Scan
Total Scan Time : 01:43:50

Memory items scanned : 516
Memory threats detected : 0
Registry items scanned : 7409
Registry threats detected : 37
File items scanned : 112549
File threats detected : 78

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\InprocServer32
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\InprocServer32#ThreadingModel
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\ProgID
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\Programmable
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\TypeLib
HKCR\CLSID\{4865F155-CE00-4E93-A414-147844D7C81A}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\TCBLROHK.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4865F155-CE00-4E93-A414-147844D7C81A}

Adware.Mirar/NetNucleus
HKU\S-1-5-21-861567501-117609710-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#SystemComponent
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#Installer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files#C:\WINDOWS\system32\WinATS.dll
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#CODEBASE
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#INF
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion#LastModified
C:\WINDOWS\Downloaded Program Files\WinATS.inf
C:\WINDOWS\MIRAR_DISTRO_876088.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.realtechnetwork[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[5].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.its.adjuggler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@reduxads.valuead[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@dl2.ads2media[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adecn[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findwhat[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@securetea.securemediabox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.adjuggler[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.outerinfoads[5].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cpvfeed[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-pcsecurityshield.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tremor.adbureau[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findology[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats.adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@heavycom.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.easyad[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediatraffic[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@directtrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.outerinfoads[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.outerinfoads[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.outerinfoads[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adecn[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.realtechnetwork[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findlinks.addresses[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findology[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tremor.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ylwbook.findlinks.addresses[1].txt

Trojan.Malware
C:\asdf.txt

Trojan.Media-Codec
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#eitheror [ {2016a466-91a2-43c6-97d8-2fd380f065ef} ]

Malware.SpyDawn
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\bTyayp
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\eocVJvFv
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\fwOqszla
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\InprocServer32
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\InprocServer32#ThreadingModel
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\ProgID
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\Programmable
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\pzYiyqtaijpi
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\TypeLib
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\VersionIndependentProgID
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\vllgntfpHdzd
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\Wedqu
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\zaxVxkhdeIz

Adware.ClickSpring-Variant
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DOCTORWEB\QUARANTINE\MSHTA.EXE

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\ONLINE SECURITY TEST.URL

Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\ZZIW\ZZIWD\CLASS-BARREL

Adware.WhenU
C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE

Adware.Vundo Variant
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DDABB.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MXKNQ.DLL.VIR

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINST2.HTM.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNIST1.HTM.VIR
C:\WINDOWS\TEMPF.TXT

Adware.BusMaster/SafeSurfing
C:\SYSTEM VOLUME INFORMATION\_RESTORE{242BB971-8C79-46B4-8933-9DD17654A863}\RP726\A0149549.DLL

Unclassified.Unknown Origin/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{242BB971-8C79-46B4-8933-9DD17654A863}\RP726\A0149550.EXE

Trojan.Downloader-Gen/MROFIN
C:\WINDOWS\MROFINU72.EXE.TMP




Thanks agine!
Go to the top of the page
 
+Quote Post
kahdah
post Feb 17 2008, 12:07 PM
Post #2


GeekU Teacher
Group Icon
Posts: 13,397
From: Florida
OS: Windows xp,Vista business



Hello dirtyendz

Welcome to G2Go. smile.gif
=================
It is important that you paste the following file paths in their entirety under the Yellow line please.
=============
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    CODE
    C:\WINDOWS\system32\awvvs.exe
    C:\WINDOWS\system32\jrbjqlcn.dll
    C:\WINDOWS\system32\Netverchk.exe
    C:\Program Files\QdrDrive
    C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
    C:\Program Files\Outerinfo
    C:\Program Files\Shadow Tool.exe
    C:\WINDOWS\b151.exe
    C:\WINDOWS\system32\L3B9A.tmp
    C:\WINDOWS\system32\L6141.tmp
    C:\WINDOWS\system32\L633F.tmp
    C:\WINDOWS\system32\L6BF1.tmp
    C:\WINDOWS\system32\L92CE.tmp
    C:\WINDOWS\system32\LCB81.tmp
    C:\WINDOWS\system32\LCEFF.tmp
    C:\WINDOWS\system32\LE1CB.tmp
    C:\WINDOWS\system32\LCEFF.tmp
    purity


  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=======================================
After that Download ComboFix from one of the locations below, and save it to your Desktop.
Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Go to the top of the page
 
+Quote Post
dirtyendz
post Feb 17 2008, 12:43 PM
Post #3


Member
**
Posts: 17
From: Cali
OS: xp
thank u for getting to me so fast. Here is what u asked for!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:13 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....&bm=ms_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145415281\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Knmvxw] C:\WINDOWS\system32\?ecurity\t?skmgr.exe
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\PPATCH~1\spoolsv.exe" -vt ndrv
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\SCRABBLE\Images\stg_drm.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 10989 bytes




[Custom Input]
< C:\WINDOWS\system32\awvvs.exe >
C:\WINDOWS\system32\awvvs.exe moved successfully.
< C:\WINDOWS\system32\jrbjqlcn.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jrbjqlcn.dll
C:\WINDOWS\system32\jrbjqlcn.dll NOT unregistered.
C:\WINDOWS\system32\jrbjqlcn.dll moved successfully.
< C:\WINDOWS\system32\Netverchk.exe >
File/Folder C:\WINDOWS\system32\Netverchk.exe not found.
< C:\Program Files\QdrDrive >
C:\Program Files\QdrDrive moved successfully.
< C:\Program Files\Common Files\Yazzle1552OinAdmin.exe >
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe moved successfully.
< C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe >
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe moved successfully.
< C:\Program Files\Outerinfo >
C:\Program Files\Outerinfo\FF\components moved successfully.
C:\Program Files\Outerinfo\FF moved successfully.
C:\Program Files\Outerinfo moved successfully.
< C:\Program Files\Shadow Tool.exe >
C:\Program Files\Shadow Tool.exe moved successfully.
< C:\WINDOWS\b151.exe >
C:\WINDOWS\b151.exe moved successfully.
< C:\WINDOWS\system32\L3B9A.tmp >
C:\WINDOWS\system32\L3B9A.tmp moved successfully.
< C:\WINDOWS\system32\L6141.tmp >
C:\WINDOWS\system32\L6141.tmp moved successfully.
< C:\WINDOWS\system32\L633F.tmp >
C:\WINDOWS\system32\L633F.tmp moved successfully.
< C:\WINDOWS\system32\L6BF1.tmp >
C:\WINDOWS\system32\L6BF1.tmp moved successfully.
< C:\WINDOWS\system32\L92CE.tmp >
C:\WINDOWS\system32\L92CE.tmp moved successfully.
< C:\WINDOWS\system32\LCB81.tmp >
C:\WINDOWS\system32\LCB81.tmp moved successfully.
< C:\WINDOWS\system32\LCEFF.tmp >
C:\WINDOWS\system32\LCEFF.tmp moved successfully.
< C:\WINDOWS\system32\LE1CB.tmp >
C:\WINDOWS\system32\LE1CB.tmp moved successfully.
< C:\WINDOWS\system32\LCEFF.tmp >
File/Folder C:\WINDOWS\system32\LCEFF.tmp not found.
< purity >
C:\WINDOWS\ΑрpPatch\ΑрpPatch moved successfully.
C:\WINDOWS\ΑрpPatch moved successfully.
C:\WINDOWS\system32\ѕecurity moved successfully.

OTMoveIt2 v1.0.20 log created on 02172008_102646




ComboFix 08-02-17.2 - Administrator 2008-02-17 10:30:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.452 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtqqrq.dll
C:\WINDOWS\system32\awvvs.dll
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
C:\Program Files\Common Files\AOL\1145415281\ee\AOLSoftware.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERIns.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\WINDOWS\b103.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\system32\awtqqrq.dll
C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\awvvs.exe
C:\WINDOWS\system32\nhcpyesw.ini
C:\WINDOWS\system32\nshze.dll
C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\svvwa.ini2
C:\WINDOWS\system32\wseypchn.dll
C:\WINDOWS\system32\xnshjujj.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-17 10:26 . 2008-02-17 10:26 <DIR> d-------- C:\_OTMoveIt
2008-02-17 09:16 . 2008-02-17 09:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-17 08:38 . 2008-02-17 09:25 13,298 --a------ C:\WINDOWS\BM970cc1f8.xml
2008-02-17 08:38 . 2008-02-17 09:23 22 --a------ C:\WINDOWS\pskt.ini
2008-02-16 20:33 . 2008-02-17 09:22 <DIR> d-------- C:\Program Files\xInsIDE
2008-02-16 20:29 . 2008-02-16 23:45 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-16 20:29 . 2008-02-16 21:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-16 20:29 . 2008-02-16 21:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-16 20:29 . 2008-02-16 21:16 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-16 18:25 . 2008-02-17 10:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-16 18:25 . 2008-02-16 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-16 18:25 . 2008-02-16 18:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-16 17:12 . 2008-02-16 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-16 17:12 . 2008-02-16 17:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-16 17:12 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-16 16:17 . 2008-02-16 16:17 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-02-16 15:31 . 2008-02-16 15:31 0 --a------ C:\eied_s7_c_99sp2.exe
2008-02-16 14:58 . 2008-02-16 14:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-16 14:58 . 2008-02-16 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 11:52 . 2008-02-16 16:29 90,112 --a------ C:\WINDOWS\UpdReg .EXE
2008-02-16 11:34 . 2008-02-16 11:34 40,738 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-02-14 15:20 . 2008-02-14 15:20 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-02-14 00:50 . 2008-02-14 00:50 <DIR> dr------- C:\Documents and Settings\Administrator\Application Data\Brother
2008-02-12 09:44 . 2008-02-13 15:17 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-12 09:44 . 2008-02-12 10:28 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-12 09:44 . 2008-02-13 15:17 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-11 16:43 . 2008-02-11 16:43 <DIR> d-------- C:\Program Files\Disney
2008-02-10 13:29 . 2008-02-10 13:29 681 --a------ C:\WINDOWS\mozver.dat
2008-02-09 15:31 . 2008-02-09 15:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 15:31 . 2008-02-09 15:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-06 18:19 . 2008-02-06 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-02-06 18:00 . 2008-02-06 18:00 <DIR> d-------- C:\Program Files\Build-a-lot
2008-02-05 13:09 . 2008-02-05 13:09 64,512 --a------ C:\WINDOWS\system32\atgban.dll
2008-02-04 18:40 . 2008-02-04 18:40 <DIR> d-------- C:\Program Files\Ventrilo
2008-02-04 18:40 . 2008-02-16 18:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 11:06 . 2008-02-04 11:06 <DIR> d-------- C:\Program Files\SmartSound Software
2008-02-04 11:06 . 2008-02-04 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-02-04 11:03 . 2008-02-17 10:33 <DIR> d-------- C:\Program Files\QuickTime
2008-02-03 04:23 . 2008-02-16 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-03 04:23 . 2008-02-03 04:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-03 04:22 . 2008-02-16 16:48 <DIR> d-------- C:\Program Files\AIM6
2008-02-02 10:05 . 2008-02-02 10:05 <DIR> d-------- C:\Program Files\MySpace
2008-02-02 10:05 . 2008-02-02 10:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MySpace
2008-01-21 14:23 . 2008-01-21 14:23 268 --ah----- C:\sqmdata03.sqm
2008-01-21 14:23 . 2008-01-21 14:23 244 --ah----- C:\sqmnoopt03.sqm
2008-01-21 00:19 . 2008-01-21 00:19 268 --ah----- C:\sqmdata02.sqm
2008-01-21 00:19 . 2008-01-21 00:19 244 --ah----- C:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 18:33 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-17 07:32 --------- d-s---w C:\Program Files\Xfire
2008-02-17 07:17 --------- d-----w C:\Program Files\MSN Messenger
2008-02-17 07:09 --------- d-----w C:\Program Files\Google
2008-02-17 07:09 --------- d-----w C:\Program Files\Folding@Home
2008-02-17 02:18 --------- d-----w C:\Program Files\DIGStream
2008-02-17 00:45 --------- d-----w C:\Program Files\Steam
2008-02-17 00:22 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-02-16 23:07 --------- d-----w C:\Program Files\Common Files\Real
2008-02-16 23:05 --------- d-----w C:\Program Files\FileTreePrinter
2008-02-16 22:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-02-16 22:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Xfire
2008-02-16 22:45 --------- d-----w C:\Program Files\Common Files\Motive
2008-02-15 02:53 12,780 ----a-w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-02-14 06:52 --------- d-----w C:\Program Files\ELECTRONIC ARTS
2008-02-04 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-04 19:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Cyberlink
2008-02-04 19:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 19:04 --------- d-----w C:\Program Files\CyberLink
2008-02-03 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-30 21:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-30 21:07 --------- d-----w C:\Program Files\RealArcade
2008-01-25 06:58 --------- d-----w C:\Program Files\BFG
2008-01-21 06:45 --------- d-----w C:\Program Files\Eagletron
2008-01-21 06:44 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-06-16 06:14 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-02-25 01:41 49 -c--a-w C:\Documents and Settings\Administrator\Application Data\internaldb41.dat
2007-02-25 01:41 382 -c--a-w C:\Documents and Settings\Administrator\Application Data\internaldb1942.dat
2007-02-18 03:14 20,480 -c--a-w C:\Documents and Settings\Administrator\Application Data\internaldb4827.dat
2007-01-08 16:13 9,216 -c--a-w C:\Documents and Settings\Administrator\Application Data\internaldb8467.dat
2007-01-08 16:13 0 -c--a-w C:\Documents and Settings\Administrator\Application Data\internaldb6334.dat
2007-01-08 16:13 0 -c--a-w C:\Documents and Settings\Administrator\Application Data\internaldb5436.dat
2006-08-11 04:08 69,264 -c--a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2006-01-29 14:32 2,288 -c--a-w C:\Program Files\agerage.nfo
2005-04-28 14:54 2,343 -c--a-w C:\Program Files\cheat-db.com.txt
2005-04-22 15:16 437 -c--a-w C:\Program Files\ict-shadow.ini
2005-04-22 15:07 3,506 -c--a-w C:\Program Files\readme.txt
2005-02-25 01:19 42,478 -c--a-w C:\Program Files\rage.ict
2004-06-10 14:23 160,256 -c--a-w C:\Program Files\fmod.dll
2003-02-17 00:08 75 -c--a-w C:\Program Files\Cheat-Db.com.url
.
CODE
<pre>
----a-w            57,344 2008-02-16 23:56:24  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w            50,528 2008-02-16 23:45:12  C:\Program Files\AIM6\aim6 .exe
----a-w            49,152 2008-02-16 23:56:11  C:\Program Files\Brother\Brmfl04a\BrStDvPt .exe
----a-w           851,968 2008-02-16 23:56:13  C:\Program Files\Brother\ControlCenter2\brctrcen .exe
----a-w           147,456 2008-02-17 00:29:27  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w           124,520 2008-02-16 23:56:20  C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w            81,920 2008-02-16 23:56:05  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           221,184 2008-02-16 23:56:10  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w           155,648 2008-02-16 23:56:10  C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
----a-w            45,056 2008-02-16 23:55:59  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet .EXE
----a-w            49,152 2008-02-16 23:55:59  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol .exe
----a-w           258,048 2008-02-16 23:44:23  C:\Program Files\Creative\Shared Files\CamTray .exe
----a-w           157,592 2008-02-17 17:23:27  C:\Program Files\DAEMON Tools\daemon .exe
----a-w           270,336 2008-02-16 23:55:57  C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
----a-w            32,881 2008-02-16 23:56:20  C:\Program Files\Java\j2re1.4.2_15\bin\jusched .exe
----a-w           303,104 2008-02-16 23:56:06  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w           135,168 2008-02-16 22:34:19  C:\Program Files\McAfee.com\Agent\mcregwiz .exe
----a-w           135,168 2008-02-16 20:49:27  C:\Program Files\McAfee.com\Agent\MCREGW~2 .EXE
----a-w           212,992 2008-02-16 23:56:06  C:\Program Files\McAfee.com\Agent\mcupdate .exe
----a-w           122,880 2008-02-16 23:56:53  C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
----a-w           163,840 2008-02-16 23:56:07  C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w         5,674,352 2008-02-16 23:56:44  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w         8,720,384 2008-02-16 23:45:34  C:\Program Files\MySpace\IM\MySpaceIM .exe
----a-w            40,960 2008-02-16 23:56:11  C:\Program Files\ScanSoft\PaperPort\IndexSearch .exe
----a-w            57,393 2008-02-16 23:56:09  C:\Program Files\ScanSoft\PaperPort\pptd40nt .exe
----a-w         1,266,936 2008-02-17 00:29:30  C:\Program Files\Steam\steam .exe
----a-w           728,176 2008-02-16 23:45:10  C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .exe
----a-w         4,662,776 2008-02-16 23:45:34  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w            90,112 2008-02-17 00:29:16  C:\WINDOWS\UpdReg .EXE
----a-w           122,940 2008-02-16 23:56:07  C:\WINDOWS\system32\dla\DLACTRLW .EXE
</pre>



-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chckup"="C:\WINDOWS\system32\Netverchk.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Steam"="c:\program files\steam\steam.exe" [ ]
"SB Audigy 2 Startup Menu"=" /L:ENG" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [ ]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [ ]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ]
"Knmvxw"="C:\WINDOWS\system32\?ecurity\t?skmgr.exe" [ ]
"Uaol"="C:\WINDOWS\PPATCH~1\spoolsv.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 09:56 64512]
"AsioReg"="REGSVR32.exe" [2004-08-10 03:00 11776 C:\WINDOWS\system32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [ ]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 09:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 17:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 17:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 17:43 86016]
"CTHelper"="CTHELPER.EXE" [2003-02-20 14:45 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1145415281\ee\AOLSoftware.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Folding@Home 5.03.lnk - C:\Program Files\Folding@Home\winFAH.exe [2007-07-18 14:09:51 323584]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2007-08-06 10:26:02 2713936]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 18:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 21:01:04 83360]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-17 14:36:43 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;C:\WINDOWS\system32\DRIVERS\atinewp2.sys [2004-07-27 18:43]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 17:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 01:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 00:28]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 08:11]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 10:37:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-17 10:39:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 18:39:49
ComboFix2.txt 2008-02-17 00:53:57
.
2008-02-13 11:02:14 --- E O F ---



thanks agine
Go to the top of the page
 
+Quote Post
kahdah
post Feb 17 2008, 01:21 PM
Post #4


GeekU Teacher
Group Icon
Posts: 13,397
From: Florida
OS: Windows xp,Vista business



1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODE
File::
C:\WINDOWS\system32\targetedbanner-uninst.exe
C:\WINDOWS\system32\atgban.dll
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\Documents and Settings\Administrator\Application Data\internaldb41.dat
C:\Documents and Settings\Administrator\Application Data\internaldb1942.dat
C:\Documents and Settings\Administrator\Application Data\internaldb4827.dat
C:\Documents and Settings\Administrator\Application Data\internaldb8467.dat
C:\Documents and Settings\Administrator\Application Data\internaldb6334.dat
C:\Documents and Settings\Administrator\Application Data\internaldb5436.dat
RenV::
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\Brother\Brmfl04a\BrStDvPt .exe
C:\Program Files\Brother\ControlCenter2\brctrcen .exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet .EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol .exe
C:\Program Files\Creative\Shared Files\CamTray .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
C:\Program Files\Java\j2re1.4.2_15\bin\jusched .exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\McAfee.com\Agent\mcregwiz .exe
C:\Program Files\McAfee.com\Agent\MCREGW~2 .EXE
C:\Program Files\McAfee.com\Agent\mcupdate .exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
C:\Program Files\McAfee.com\VSO\mcvsshld .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\MySpace\IM\MySpaceIM .exe
C:\Program Files\ScanSoft\PaperPort\IndexSearch .exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt .exe
C:\Program Files\Steam\steam .exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\WINDOWS\UpdReg .EXE
C:\WINDOWS\system32\dla\DLACTRLW .EXE
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chckup"=-
"Knmvxw"=-
"Uaol"=-



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
Go to the top of the page
 
+Quote Post
dirtyendz
post Feb 17 2008, 01:56 PM
Post #5


Member
**
Posts: 17
From: Cali
OS: xp
Here is the combo and the hijack.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:27 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....&bm=ms_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145415281\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\SCRABBLE\Images\stg_drm.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 10897 bytes


ComboFix 08-02-17.2 - Administrator 2008-02-17 11:32:52.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.553 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\cfscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-17 10:26 . 2008-02-17 10:26 <DIR> d-------- C:\_OTMoveIt
2008-02-17 09:16 . 2008-02-17 09:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-17 08:38 . 2008-02-17 09:25 13,298 --a------ C:\WINDOWS\BM970cc1f8.xml
2008-02-17 08:38 . 2008-02-17 09:23 22 --a------ C:\WINDOWS\pskt.ini
2008-02-16 20:33 . 2008-02-17 09:22 <DIR> d-------- C:\Program Files\xInsIDE
2008-02-16 20:29 . 2008-02-16 23:45 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-16 20:29 . 2008-02-16 21:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-16 20:29 . 2008-02-16 21:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-16 20:29 . 2008-02-16 21:16 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-16 18:25 . 2008-02-17 10:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-16 18:25 . 2008-02-16 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-16 18:25 . 2008-02-16 18:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-16 17:12 . 2008-02-16 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-16 17:12 . 2008-02-16 17:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-16 17:12 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-16 16:17 . 2008-02-16 16:17 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-02-16 15:31 . 2008-02-16 15:31 0 --a------ C:\eied_s7_c_99sp2.exe
2008-02-16 14:58 . 2008-02-16 14:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-16 14:58 . 2008-02-16 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 11:52 . 2008-02-16 16:29 90,112 --a------ C:\WINDOWS\UpdReg.EXE
2008-02-16 11:34 . 2008-02-16 11:34 40,738 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-02-14 15:20 . 2008-02-14 15:20 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-02-14 00:50 . 2008-02-14 00:50 <DIR> dr------- C:\Documents and Settings\Administrator\Application Data\Brother
2008-02-12 09:44 . 2008-02-13 15:17 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-12 09:44 . 2008-02-12 10:28 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-12 09:44 . 2008-02-13 15:17 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-11 16:43 . 2008-02-11 16:43 <DIR> d-------- C:\Program Files\Disney
2008-02-10 13:29 . 2008-02-10 13:29 681 --a------ C:\WINDOWS\mozver.dat
2008-02-09 15:31 . 2008-02-09 15:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 15:31 . 2008-02-09 15:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-06 18:19 . 2008-02-06 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-02-06 18:00 . 2008-02-06 18:00 <DIR> d-------- C:\Program Files\Build-a-lot
2008-02-05 13:09 . 2008-02-05 13:09 64,512 --a------ C:\WINDOWS\system32\atgban.dll
2008-02-04 18:40 . 2008-02-04 18:40 <DIR> d-------- C:\Program Files\Ventrilo
2008-02-04 18:40 . 2008-02-16 18:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 11:06 . 2008-02-04 11:06 <DIR> d-------- C:\Program Files\SmartSound Software
2008-02-04 11:06 . 2008-02-04 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-02-04 11:03 . 2008-02-17 10:33 <DIR> d-------- C:\Program Files\QuickTime
2008-02-03 04:23 . 2008-02-16 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-03 04:23 . 2008-02-03 04:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-03 04:22 . 2008-02-17 11:32 <DIR> d-------- C:\Program Files\AIM6
2008-02-02 10:05 . 2008-02-02 10:05 <DIR> d-------- C:\Program Files\MySpace
2008-02-02 10:05 . 2008-02-02 10:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MySpace
2008-01-21 14:23 . 2008-01-21 14:23 268 --ah----- C:\sqmdata03.sqm
2008-01-21 14:23 . 2008-01-21 14:23 244 --ah----- C:\sqmnoopt03.sqm
2008-01-21 00:19 . 2008-01-21 00:19 268 --ah----- C:\sqmdata02.sqm
2008-01-21 00:19 . 2008-01-21 00:19 244 --ah----- C:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 19:32 --------- d-----w C:\Program Files\Steam
2008-02-17 19:32 --------- d-----w C:\Program Files\MSN Messenger
2008-02-17 19:32 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-02-17 19:32 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-17 07:32 --------- d-s---w C:\Program Files\Xfire
2008-02-17 07:09 --------- d-----w C:\Program Files\Google
2008-02-17 07:09 --------- d-----w C:\Program Files\Folding@Home
2008-02-17 02:18 --------- d-----w C:\Program Files\DIGStream
2008-02-16 23:07 --------- d-----w C:\Program Files\Common Files\Real
2008-02-16 23:05 --------- d-----w C:\Program Files\FileTreePrinter
2008-02-16 22:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-02-16 22:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Xfire
2008-02-16 22:45 --------- d-----w C:\Program Files\Common Files\Motive
2008-02-15 02:53 12,780 ----a-w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-02-14 06:52 --------- d-----w C:\Program Files\ELECTRONIC ARTS
2008-02-12 17:41 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-04 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-04 19:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Cyberlink
2008-02-04 19:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 19:04 --------- d-----w C:\Program Files\CyberLink
2008-02-03 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-30 21:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-30 21:07 --------- d-----w C:\Program Files\RealArcade
2008-01-25 06:58 --------- d-----w C:\Program Files\BFG
2008-01-21 06:45 --------- d-----w C:\Program Files\Eagletron
2008-01-21 06:44 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 00:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-06-16 06:14 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-02-25 01:41 49 -c--a-w C:\Documents and Settings\Administrator\Application Data\internaldb41.dat
2007-02-25 01:41 382 -c--a-w C:\Documents and Settings\Administrator\Application Data\internaldb1942.dat
2007-02-18 03:14 20,480 -c--a-w C:\Documents and Settings\Administrator\Application Data\internaldb4827.dat
2007-01-08 16:13 9,216 -c--a-w C:\Documents and Settings\Administrator\Application Data\internaldb8467.dat
2007-01-08 16:13 0 -c--a-w C:\Documents and Settings\Administrator\Application Data\internaldb6334.dat
2007-01-08 16:13 0 -c--a-w C:\Documents and Settings\Administrator\Application Data\internaldb5436.dat
2006-08-11 04:08 69,264 -c--a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2006-01-29 14:32 2,288 -c--a-w C:\Program Files\agerage.nfo
2005-04-28 14:54 2,343 -c--a-w C:\Program Files\cheat-db.com.txt
2005-04-22 15:16 437 -c--a-w C:\Program Files\ict-shadow.ini
2005-04-22 15:07 3,506 -c--a-w C:\Program Files\readme.txt
2005-02-25 01:19 42,478 -c--a-w C:\Program Files\rage.ict
2004-06-10 14:23 160,256 -c--a-w C:\Program Files\fmod.dll
2003-02-17 00:08 75 -c--a-w C:\Program Files\Cheat-Db.com.url
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-02-16 16:29 147456]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-02-16 15:56 5674352]
"Steam"="c:\program files\steam\steam.exe" [2008-02-16 16:29 1266936]
"SB Audigy 2 Startup Menu"=" /L:ENG" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2008-02-16 15:45 4662776]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-16 15:45 8720384]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2008-02-16 15:45 728176]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2008-02-16 15:44 258048]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-02-16 15:45 50528]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 09:56 64512]
"AsioReg"="REGSVR32.exe" [2004-08-10 03:00 11776 C:\WINDOWS\system32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2008-02-16 16:29 90112]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 09:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 17:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 17:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 17:43 86016]
"CTHelper"="CTHELPER.EXE" [2003-02-20 14:45 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1145415281\ee\AOLSoftware.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-02-17 09:23 157592]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2008-02-16 15:56 212992]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Folding@Home 5.03.lnk - C:\Program Files\Folding@Home\winFAH.exe [2007-07-18 14:09:51 323584]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2007-08-06 10:26:02 2713936]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 18:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 21:01:04 83360]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-17 14:36:43 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;C:\WINDOWS\system32\DRIVERS\atinewp2.sys [2004-07-27 18:43]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 17:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 01:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 00:28]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 08:11]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 11:34:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 11:35:15
ComboFix-quarantined-files.txt 2008-02-17 19:35:06
ComboFix2.txt 2008-02-17 18:39:54
ComboFix3.txt 2008-02-17 00:53:57
.
2008-02-13 11:02:14 --- E O F ---


thanks agine!
Go to the top of the page
 
+Quote Post
kahdah
post Feb 17 2008, 02:31 PM
Post #6


GeekU Teacher
Group Icon
Posts: 13,397
From: Florida
OS: Windows xp,Vista business



  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    CODE
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\targetedbanner-uninst.exe
    C:\WINDOWS\system32\atgban.dll
    C:\sqmdata03.sqm
    C:\sqmnoopt03.sqm
    C:\sqmdata02.sqm
    C:\sqmnoopt02.sqm
    C:\Documents and Settings\Administrator\Application Data\internaldb41.dat
    C:\Documents and Settings\Administrator\Application Data\internaldb1942.dat
    C:\Documents and Settings\Administrator\Application Data\internaldb4827.dat
    C:\Documents and Settings\Administrator\Application Data\internaldb8467.dat
    C:\Documents and Settings\Administrator\Application Data\internaldb6334.dat
    C:\Documents and Settings\Administrator\Application Data\internaldb5436.dat

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Go to the top of the page
 
+Quote Post
dirtyendz
post Feb 17 2008, 03:03 PM
Post #7


Member
**
Posts: 17
From: Cali
OS: xp
C:\WINDOWS\pskt.ini moved successfully.
C:\WINDOWS\system32\targetedbanner-uninst.exe moved successfully.
C:\WINDOWS\system32\atgban.dll unregistered successfully.
C:\WINDOWS\system32\atgban.dll moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\Documents and Settings\Administrator\Application Data\internaldb41.dat moved successfully.
C:\Documents and Settings\Administrator\Application Data\internaldb1942.dat moved successfully.
C:\Documents and Settings\Administrator\Application Data\internaldb4827.dat moved successfully.
C:\Documents and Settings\Administrator\Application Data\internaldb8467.dat moved successfully.
C:\Documents and Settings\Administrator\Application Data\internaldb6334.dat moved successfully.
C:\Documents and Settings\Administrator\Application Data\internaldb5436.dat moved successfully.

OTMoveIt2 v1.0.20 log created on 02172008_130158

thanks!
Go to the top of the page
 
+Quote Post
kahdah
post Feb 17 2008, 03:13 PM
Post #8


GeekU Teacher
Group Icon
Posts: 13,397
From: Florida
OS: Windows xp,Vista business



You are welcome smile.gif

Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Go to the top of the page
 
+Quote Post
dirtyendz
post Feb 17 2008, 06:27 PM
Post #9


Member
**
Posts: 17
From: Cali
OS: xp
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 17, 2008 4:26:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/02/2008
Kaspersky Anti-Virus database records: 570227
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan Statistics:
Total number of scanned objects: 116121
Number of viruses found: 22
Number of infected objects: 62
Number of suspicious objects: 0
Duration of the scan process: 01:37:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\MySpace\IM\Logs\MySpaceIM-20080217-144204.log Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL OCP\AIM\Storage\data\mbearsays\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{768ED269-E869-4ED2-ADE6-13AFBF7AE78E}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{768ED269-E869-4ED2-ADE6-13AFBF7AE78E}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\endz3000@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\endz3000@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\endz3000@hotmail.com\SharingMetadata\Working\database_3694_4032_943F_F2CB\dfsr.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\endz3000@hotmail.com\SharingMetadata\Working\database_3694_4032_943F_F2CB\fsr.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\endz3000@hotmail.com\SharingMetadata\Working\database_3694_4032_943F_F2CB\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\endz3000@hotmail.com\SharingMetadata\Working\database_3694_4032_943F_F2CB\tmp.edb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\endz3000@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\endz3000@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9n275b7c.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008021720080218\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF1F0B.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2059.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF363E.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF70A6.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF75F0.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Downloads\myspace.exe Infected: Trojan-Downloader.Win32.Zlob.bon skipped
C:\Documents and Settings\Administrator\My Documents\My Downloads\Nero 7.7.5.1 Ultra\Nero 7.7.5.1 Ultra.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Administrator\My Documents\My Downloads\Nero 7.7.5.1 Ultra\Nero 7.7.5.1 Ultra.exe RAR: infected - 1 skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Shared\01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Administrator\Shared\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd001.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_2487218891_2752512_21338 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{C715B4A8-6EFD-4634-ACEB-278E5FFA1EA7}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Folding@Home\FAHlog.txt Object is locked skipped
C:\Program Files\Folding@Home\work\logfile_00.txt Object is locked skipped
C:\Program Files\Folding@Home\work\wudata_00.arc Object is locked skipped
C:\Program Files\Folding@Home\work\wudata_00.bed Object is locked skipped
C:\Program Files\Folding@Home\work\wudata_00.goe Object is locked skipped
C:\Program Files\Folding@Home\work\wudata_00.log Object is locked skipped
C:\Program Files\Folding@Home\work\wudata_00.sas Object is locked skipped
C:\Program Files\Folding@Home\work\wudata_00.xtc Object is locked skipped
C:\Program Files\Steam\logs\connection_log.txt Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\SteamApps\garrysmod content.gcf Object is locked skipped
C:\Program Files\Steam\SteamApps\source 2007 binaries.gcf Object is locked skipped
C:\Program Files\Steam\SteamApps\source 2007 shared materials.gcf Object is locked skipped
C:\Program Files\Steam\SteamApps\source 2007 shared models.gcf Object is locked skipped
C:\Program Files\Steam\SteamApps\source 2007 shared sounds.gcf Object is locked skipped
C:\Program Files\Steam\SteamApps\source materials.gcf Object is locked skipped
C:\Program Files\Steam\SteamApps\source models.gcf Object is locked skipped
C:\Program Files\Steam\SteamApps\source sounds.gcf Object is locked skipped
C:\Program Files\Steam\SteamApps\winui.gcf Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Ahead\Lib\NeroCheck.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\AOL\1145415281\ee\AOLSoftware.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\DAEMON Tools\daemon.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Temporary\InsiDERIns.exe.vir Infected: Trojan.Win32.Agent.fow skipped
C:\QooBox\Quarantine\C\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\b103.exe.vir Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awvvs.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nshze.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\QooBox\Quarantine\catchme2008-02-16_165141.50.zip/sstqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-16_165141.50.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-02-17_103730.00.zip/awvvs.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-17_103730.00.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP726\A0149545.hta Infected: Trojan-Downloader.HTA.Agent.e skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP726\A0149547.exe Infected: Trojan-Downloader.Win32.Mediket.ck skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP726\A0149548.exe Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP727\A0149564.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP727\A0149565.exe Infected: Trojan-Downloader.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP727\A0149566.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP727\A0149586.exe Infected: Trojan-Downloader.Win32.Agent.jal skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149598.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149600.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149602.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149613.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149614.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149615.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149616.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149617.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149620.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149621.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149622.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149623.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149624.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149645.exe Infected: Trojan.Win32.Agent.fow skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149646.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149648.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP728\A0149658.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{242BB971-8C79-46B4-8933-9DD17654A863}\RP729\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{0F9DC9F4-9B63-49DE-A54C-18D31E0D07AC}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-10031102}.CDF Object is locked skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\Program Files\Common Files\Yazzle1552OinAdmin.exe Infected: Trojan.Win32.Scapur.k skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\Program Files\Common Files\Yazzle1552OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\Program Files\Common Files\Yazzle1552OinUninstaller.exe NSIS: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\Program Files\Outerinfo\FF\components\FF.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\WINDOWS\b151.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\WINDOWS\system32\awvvs.exe Infected: Virus.Win32.Trats.d skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\WINDOWS\system32\jrbjqlcn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\WINDOWS\system32\L3B9A.tmp/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\WINDOWS\system32\L3B9A.tmp NSIS: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\WINDOWS\system32\L6141.tmp/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\WINDOWS\system32\L6141.tmp NSIS: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\WINDOWS\system32\L92CE.tmp/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\WINDOWS\system32\L92CE.tmp NSIS: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\WINDOWS\system32\LE1CB.tmp/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\WINDOWS\system32\LE1CB.tmp NSIS: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\WINDOWS\system32\ѕecurity\tаskmgr.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\_OTMoveIt\MovedFiles\02172008_102646\WINDOWS\ΑрpPatch\spoolsv.exe Infected: Trojan-Downloader.Win32.PurityScan.fk skipped
C:\_OTMoveIt\MovedFiles\02172008_130158\WINDOWS\system32\atgban.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.w skipped

Scan process completed.


sry it took so long computer turned off half way through sad.gif

This post has been edited by dirtyendz: Feb 17 2008, 06:28 PM
Go to the top of the page
 
+Quote Post
kahdah
post Feb 17 2008, 06:50 PM
Post #10


GeekU Teacher
Group Icon
Posts: 13,397
From: Florida
OS: Windows xp,Vista business



  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    CODE
    C:\Documents and Settings\Administrator\My Documents\My Downloads\myspace.exe
    C:\Documents and Settings\Administrator\My Documents\My Downloads\Nero 7.7.5.1 Ultra\Nero 7.7.5.1 Ultra.exe/Toolbar.exe
    C:\Documents and Settings\Administrator\Shared\01 Track 1.wma
    C:\Documents and Settings\Administrator\Shared\02 Track 2.wma

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=================
Also a new Hijackthis log.
Go to the top of the page
 
+Quote Post
dirtyendz
post Feb 17 2008, 06:54 PM
Post #11


Member
**
Posts: 17
From: Cali
OS: xp
C:\Documents and Settings\Administrator\My Documents\My Downloads\myspace.exe moved successfully.
File/Folder C:\Documents and Settings\Administrator\My Documents\My Downloads\Nero 7.7.5.1 Ultra\Nero 7.7.5.1 Ultra.exe/Toolbar.exe not found.
C:\Documents and Settings\Administrator\Shared\01 Track 1.wma moved successfully.
C:\Documents and Settings\Administrator\Shared\02 Track 2.wma moved successfully.

OTMoveIt2 v1.0.20 log created on 02172008_165340
Go to the top of the page
 
+Quote Post
kahdah
post Feb 17 2008, 06:59 PM
Post #12


GeekU Teacher
Group Icon
Posts: 13,397
From: Florida
OS: Windows xp,Vista business



Please reopen Hijackthis and choose "Do a system scan only"
Then place a check mark next to this entry below:

O22 - SharedTaskScheduler: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)

Then click on Fix checked and then close Hijackthis.
=========================================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK




    The above procedure will delete the following:

    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present

  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.


Also delete anything that we used that is left over.
====================================
After that Your log is clean. biggrin.gif

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
Go to the top of the page
 
+Quote Post
dirtyendz
post Feb 17 2008, 07:41 PM
Post #13


Member
**
Posts: 17
From: Cali
OS: xp
Naw u got to be joking. That was fast and easy. You are the man sir. Was this a bad infection? Well I really do thank u so much. I was pooping my self when i saw all that stuff. Well i was wonder what amount to donate for the help is 50 dollars ok or is that to little? Well anyways god bless and thanks a bunch you are a genus!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Thanks agine
smile.gif
Go to the top of the page
 
+Quote Post
kahdah
post Feb 17 2008, 07:50 PM
Post #14


GeekU Teacher
Group Icon
Posts: 13,397
From: Florida
OS: Windows xp,Vista business



Donate whatever you want and thank you for the donation. smile.gif

You had a few infections one of which is a patch infection that can be tricky but it went quietly this time > Vundo, you also had Purity scan as well.

You are quite welcome God bless you as well and safe surfing smile.gif

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
Go to the top of the page
 
+Quote Post
kahdah
post Feb 17 2008, 07:50 PM
Post #15


GeekU Teacher
Group Icon
Posts: 13,397
From: Florida
OS: Windows xp,Vista business



Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
Go to the top of the page
 
+Quote Post
 

3 Pages V   1 2 3 >
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 8th November 2009 - 01:15 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising
Powered By IP.Board © 2009  IPS, Inc.