Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antispywareupdates.net, desktop background taken over

Started by mkiser , Feb 11 2008 04:58 PM

  • Please log in to reply

#1
mkiser
Posted 11 February 2008 - 04:58 PM

mkiser

    Member

  • Member
  • PipPip
  • 11 posts
My desktop has been changed to text that tells me, "Warning: Spyware threat has been detected on your PC." It also provides a link that, when clicked, opens an IE window telling me to buy Anti-Spyware software. The associated address is www.antispywareupdates.net. Also, in my system tray on my tool bar, a yellow triangle with an exclamation point pops up warnings tell me that my computer has detected spyware and that I should click on the pop-up to scan it.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:34 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AirPort\APAgent.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - condt32.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {daf74a98-1dd1-11b2-9377-ae297876042c} - C:\WINDOWS\opajungf.dll
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [kxibmrev] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kxibmrev.dll"
O4 - HKLM\..\Run: [drmsrv32] C:\DOCUME~1\MICHAE~1.KIS\LOCALS~1\Temp\452c4a4hpc4a4a.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1170888669265
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: M-Audio USB Installer (MAudioUSBService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe

--
End of file - 9694 bytes


Thank you in advance.
  • 0

Advertisements

#2
kahdah
Posted 11 February 2008 - 07:40 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello mkiser

Welcome to G2Go. :)
==================
It appears that maybe you have some leftovers from Norton.
Please uninstall anything in the Control Panel that says Norton.
--------------------------------------------------------------------------
Next
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
mkiser
Posted 11 February 2008 - 08:19 PM

mkiser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
This is my ComboFix log:

ComboFix 08-02.05.3 - Michael W. Kiser 2008-02-11 20:55:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.118 [GMT -5:00]
Running from: C:\Documents and Settings\Michael W. Kiser\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\kxibmrev.dll
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\opajungf.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\9lDt4QQ8U4wp.exe
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\file.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-11 20:59 . 2008-02-11 21:05 <DIR> d-------- C:\WINDOWS\system32\acespy
2008-02-11 20:59 . 2008-02-11 21:05 <DIR> d-------- C:\Program Files\p2pnetworks
2008-02-11 20:59 . 2008-02-11 21:05 <DIR> d-------- C:\Program Files\e-zshopper
2008-02-11 20:59 . 2008-02-11 21:05 <DIR> d-------- C:\Program Files\amsys
2008-02-11 20:59 . 2008-02-11 21:05 <DIR> d-------- C:\Program Files\akl
2008-02-11 20:59 . 2008-02-11 21:05 <DIR> d-------- C:\Program Files\Accoona
2008-02-11 20:59 . 2008-02-11 21:05 <DIR> d-------- C:\Program Files\3721
2008-02-11 18:07 . 2008-02-11 18:34 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-11 18:07 . 2008-02-11 18:27 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-11 18:07 . 2008-02-11 18:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-11 18:07 . 2008-02-11 18:27 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-11 17:48 . 2008-02-11 17:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 20:19 . 2008-02-10 20:19 4,960 --a------ C:\WINDOWS\system32\Nonoc5.syz
2008-02-10 20:05 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-10 20:05 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-10 20:05 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-10 20:05 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-10 20:05 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-10 20:05 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-10 20:04 . 2008-02-10 20:04 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-10 20:04 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-10 20:04 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-10 19:49 . 2008-02-10 19:49 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-02-10 15:45 . 2008-02-10 17:52 3,314 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-10 15:39 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-10 15:39 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-10 15:39 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-10 15:39 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-10 15:39 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-10 15:39 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-10 14:59 . 2008-02-10 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-10 14:58 . 2008-02-10 20:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-10 14:58 . 2008-02-10 20:37 <DIR> d-------- C:\Documents and Settings\Michael W. Kiser\Application Data\SUPERAntiSpyware.com
2008-02-10 03:15 . 2008-02-10 03:15 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 03:07 . 2008-02-10 03:24 <DIR> d-------- C:\SDFix
2008-02-10 02:59 . 2008-02-10 18:51 <DIR> d-------- C:\VundoFix Backups
2008-02-09 18:15 . 2008-02-09 18:15 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-09 18:15 . 2008-02-10 20:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-09 18:15 . 2008-02-09 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-09 17:46 . 2008-02-09 17:46 10,752 --a------ C:\WINDOWS\system32\worsock.dll
2008-02-09 17:46 . 2008-02-09 17:46 1 --a------ C:\WINDOWS\system32\rc.dat
2008-02-09 17:46 . 2008-02-09 17:46 1 --a------ C:\WINDOWS\system32\ps1.dat
2008-02-09 17:46 . 2008-02-09 17:46 1 --a------ C:\WINDOWS\system32\cs.dat
2008-02-09 17:45 . 2008-02-09 17:45 <DIR> d-------- C:\WINDOWS\lfjnrbcw
2008-02-09 17:45 . 2008-02-09 17:45 3,795,158 --a------ C:\WINDOWS\9lDt4QQ8U4.exe
2008-02-09 17:45 . 2008-02-09 17:45 184,320 --a------ C:\WINDOWS\jkrazgjm.dll
2008-02-09 17:45 . 2008-02-09 17:45 91,667 --a------ C:\WINDOWS\tunstqhu.exe
2008-02-09 17:45 . 2008-02-09 17:45 91,667 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-02-09 17:45 . 2008-02-09 17:45 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-09 17:45 . 2008-02-09 17:45 52,736 --a------ C:\WINDOWS\zwribsla.exe
2008-02-09 17:45 . 2008-02-10 17:46 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-04 20:35 . 2008-02-04 20:35 <DIR> d-------- C:\Program Files\Stickies
2008-02-04 20:35 . 2008-02-11 21:04 <DIR> d-------- C:\Documents and Settings\Michael W. Kiser\Application Data\stickies
2008-02-04 14:48 . 2008-02-04 20:15 <DIR> d-------- C:\Program Files\Software by Design
2008-02-04 14:48 . 2006-07-26 00:00 90,112 --------- C:\WINDOWS\SDUnInst.exe
2008-01-31 21:32 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-31 21:32 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-31 21:32 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-31 21:31 . 2008-01-31 21:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-31 21:28 . 2008-01-31 21:29 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-30 14:29 . 2008-01-30 14:29 <DIR> d-------- C:\Documents and Settings\Michael W. Kiser\Application Data\Ableton
2008-01-30 14:29 . 2008-01-30 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-01-30 14:29 . 2008-02-11 21:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-30 14:29 . 2008-01-30 14:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-30 14:27 . 2008-01-30 14:27 <DIR> d-------- C:\Program Files\Ableton
2008-01-28 19:40 . 2008-01-28 19:40 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-28 18:50 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-28 17:13 . 2008-01-28 17:13 <DIR> d-------- C:\Program Files\Bonjour
2008-01-28 17:13 . 2008-01-28 17:14 <DIR> d-------- C:\Program Files\AirPort
2008-01-28 15:55 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-28 15:54 . 2004-08-04 00:56 239,616 --------- C:\WINDOWS\system32\wstrenderer.ax
2008-01-28 15:54 . 2004-08-04 00:56 164,352 --------- C:\WINDOWS\system32\wstpager.ax
2008-01-28 15:54 . 2004-08-04 00:56 53,248 --------- C:\WINDOWS\system32\vbicodec.ax
2008-01-28 15:54 . 2004-08-03 22:59 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-01-28 15:43 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002833_.tmp
2008-01-24 23:46 . 2008-01-24 23:46 <DIR> d-------- C:\Program Files\Red Kawa
2008-01-23 15:30 . 2008-01-23 15:30 <DIR> d-------- C:\Program Files\Penn Netapps 2007
2008-01-23 15:20 . 2008-01-23 15:20 <DIR> d-------- C:\Program Files\SecureW2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 02:03 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 01:59 9,728 ----a-w C:\WINDOWS\cbinst$.exe
2008-02-12 01:59 32,000 ----a-w C:\WINDOWS\wbeCheck.exe
2008-02-12 01:59 31,488 ----a-w C:\WINDOWS\pbar.dll
2008-02-12 01:59 31,232 ----a-w C:\WINDOWS\wml.exe
2008-02-12 01:59 30,976 ----a-w C:\WINDOWS\liqad.exe
2008-02-12 01:59 30,720 ----a-w C:\WINDOWS\vxddsk.exe
2008-02-12 01:59 30,720 ----a-w C:\WINDOWS\liqui.exe
2008-02-12 01:59 30,208 ----a-w C:\WINDOWS\liqui-Uninstaller.exe
2008-02-12 01:59 29,440 ----a-w C:\WINDOWS\xxxvideo.exe
2008-02-12 01:59 28,160 ----a-w C:\WINDOWS\aconti.exe
2008-02-12 01:59 27,648 ----a-w C:\WINDOWS\settn.dll
2008-02-12 01:59 26,880 ----a-w C:\WINDOWS\xadbrk_.exe
2008-02-12 01:59 25,600 ----a-w C:\WINDOWS\hcwprn.exe
2008-02-12 01:59 24,064 ----a-w C:\WINDOWS\eventlowg.dll
2008-02-12 01:59 23,808 ----a-w C:\WINDOWS\liqad$.exe
2008-02-12 01:59 23,808 ----a-w C:\WINDOWS\764.exe
2008-02-12 01:59 22,784 ----a-w C:\WINDOWS\xadbrk.exe
2008-02-12 01:59 22,784 ----a-w C:\WINDOWS\kkcomp.dll
2008-02-12 01:59 21,760 ----a-w C:\WINDOWS\jd2002.dll
2008-02-12 01:59 20,992 ----a-w C:\WINDOWS\iexplorr23.dll
2008-02-12 01:59 20,992 ----a-w C:\WINDOWS\fhfmm-Uninstaller.exe
2008-02-12 01:59 20,224 ----a-w C:\WINDOWS\kkcomp$.exe
2008-02-12 01:59 19,968 ----a-w C:\WINDOWS\xadbrk.dll
2008-02-12 01:59 19,712 ----a-w C:\WINDOWS\spredirect.dll
2008-02-12 01:59 19,200 ----a-w C:\WINDOWS\wbeInst$.exe
2008-02-12 01:59 19,200 ----a-w C:\WINDOWS\kkcomp.exe
2008-02-12 01:59 18,944 ----a-w C:\WINDOWS\flt.dll
2008-02-12 01:59 18,432 ----a-w C:\WINDOWS\liqad.dll
2008-02-12 01:59 17,664 ----a-w C:\WINDOWS\liqui.dll
2008-02-12 01:59 17,408 ----a-w C:\WINDOWS\kvnab.dll
2008-02-12 01:59 17,152 ----a-w C:\WINDOWS\7search.dll
2008-02-12 01:59 16,896 ----a-w C:\WINDOWS\ngd.dll
2008-02-12 01:59 15,872 ----a-w C:\WINDOWS\dp0.dll
2008-02-12 01:59 14,080 ----a-w C:\WINDOWS\fhfmm.exe
2008-02-12 01:59 13,824 ----a-w C:\WINDOWS\kvnab$.exe
2008-02-12 01:59 13,312 ----a-w C:\WINDOWS\hotporn.exe
2008-02-12 01:59 13,056 ----a-w C:\WINDOWS\kvnab.exe
2008-02-12 01:59 12,800 ----a-w C:\WINDOWS\pbsysie.dll
2008-02-12 01:59 12,288 ----a-w C:\WINDOWS\system32\ace16win.dll
2008-02-12 01:59 12,288 ----a-w C:\WINDOWS\adbar.dll
2008-02-12 01:59 11,520 ----a-w C:\WINDOWS\daxtime.dll
2008-02-12 01:59 11,264 ----a-w C:\WINDOWS\ie_32.exe
2008-02-11 01:37 --------- d-----w C:\Program Files\Viewpoint
2008-02-11 01:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-11 01:35 --------- d-----w C:\Program Files\Focus MP3 Recorder Pro
2008-02-06 00:46 --------- d-----w C:\Documents and Settings\Michael W. Kiser\Application Data\uTorrent
2008-02-01 17:37 --------- d-----w C:\Program Files\VstPlugins
2007-12-28 06:53 --------- d-----w C:\Documents and Settings\Michael W. Kiser\Application Data\Apple Computer
2007-12-28 06:51 --------- d-----w C:\Program Files\QuickTime
2007-12-25 20:39 --------- d-----w C:\Program Files\LG Drivers
2007-12-25 20:01 --------- d-----w C:\Program Files\Verizon Wireless
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-06-10 20:18 5,893,280 ----a-w C:\Program Files\SP28818.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6607E676-1BDE-4cb3-9913-4DC5EBCAE35E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37 2321600]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40 124656]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-07 14:40 159744]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-07 06:22 4730880]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2005-10-25 23:21 61440]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"AirPort Base Station Agent"="C:\Program Files\AirPort\APAgent.exe" [2007-08-08 11:35 643072]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]

C:\Documents and Settings\Michael W. Kiser\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-12-25 15:01:14 947544]
Stickies.lnk - C:\Program Files\Stickies\stickies.exe [2008-01-16 22:39:45 757760]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk
backup=C:\WINDOWS\pss\Launchy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerGrid.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerGrid.lnk
backup=C:\WINDOWS\pss\PowerGrid.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael W. Kiser^Start Menu^Programs^Startup^FBQuick.lnk]
path=C:\Documents and Settings\Michael W. Kiser\Start Menu\Programs\Startup\FBQuick.lnk
backup=C:\WINDOWS\pss\FBQuick.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 02:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 17:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 13:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2004-04-07 06:22 323584 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe

R2 UnoInstallerService;Uno Installer;C:\Program Files\M-Audio Uno\UnoInst.exe [2004-12-04 01:06]
S2 MAudioUSBService;M-Audio USB Installer;C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe []
S3 EVOLUSB;%EVOL_USB_SvcDesc%;C:\WINDOWS\system32\drivers\evolusb.sys [2004-10-20 16:50]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);C:\WINDOWS\system32\DRIVERS\mausb.sys [2005-12-13 09:39]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\WINDOWS\system32\Drivers\tascusb2.sys [2006-10-24 21:54]
S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;C:\WINDOWS\system32\drivers\tscusb2m.sys [2006-10-24 21:54]
S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;C:\WINDOWS\system32\drivers\tscusb2a.sys [2006-10-24 21:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 21:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 21:05:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????8?2?0?5??????? ???B???????????????B? ??????

scanning hidden files ...

C:\WINDOWS\system32\vxddsk.exe 24576 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\worsock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-11 21:08:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 02:08:04
.
2008-02-02 05:54:12 --- E O F ---




This is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:01 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AirPort\APAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - condt32.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1170888669265
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: M-Audio USB Installer (MAudioUSBService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe

--
End of file - 9632 bytes
  • 0

#4
kahdah
Posted 11 February 2008 - 08:34 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please submit the following file to one of these online file scanners.
(All you have to do is copy and paste it in)

C:\WINDOWS\system32\worsock.dll

Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.
  • 0

#5
mkiser
Posted 11 February 2008 - 08:54 PM

mkiser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Service
Service load:
0% 100%
File: worsock.dll
Status:
INFECTED/MALWARE
MD5: 6c7726cd91afc08bb44f98ab7dd41ff9
Packers detected:
UPX
Bit9 reports: File not found
Scanner results
Scan taken on 12 Feb 2008 02:44:14 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found Agent.NUU
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan-PSW.Win32.Agent.yt
Fortinet
Found nothing
Ikarus
Found Trojan-Spy.Finanz.J
Kaspersky Anti-Virus
Found Trojan-PSW.Win32.Agent.yt
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
  • 0

#6
kahdah
Posted 11 February 2008 - 08:58 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.
  • Please download LSPFix from here.
  • Run the LSPFix.exe that you have just finished downloading.
  • Check the I know what I'm doing box.
  • In the Keep box you should see one or more instances of worsock.dll.
  • Select every instance of worsock.dll and move each one to the Remove box by clicking the >> button.
  • When you are done click Finish>>.
======================================
After that please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - condt32.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)


Now click on Fix Checked and then close Hijackthis.
============================================================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\worsock.dll
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\Nonoc5.syz
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\cs.dat
C:\WINDOWS\9lDt4QQ8U4.exe
C:\WINDOWS\jkrazgjm.dll
C:\WINDOWS\tunstqhu.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\4fdw.dll
C:\WINDOWS\zwribsla.exe
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\pbar.dll
C:\WINDOWS\wml.exe
C:\WINDOWS\liqad.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\liqui.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\xxxvideo.exe
C:\WINDOWS\aconti.exe
C:\WINDOWS\settn.dll
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\liqad$.exe
C:\WINDOWS\764.exe
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqui.dll
C:\WINDOWS\kvnab.dll
C:\WINDOWS\7search.dll
C:\WINDOWS\ngd.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\kvnab.exe
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\adbar.dll
C:\WINDOWS\daxtime.dll
C:\WINDOWS\system32\vxddsk.exe 
Folder::
C:\WINDOWS\system32\acespy
C:\Program Files\p2pnetworks
C:\Program Files\e-zshopper
C:\Program Files\amsys
C:\Program Files\akl
C:\Program Files\Accoona
C:\Program Files\3721
C:\SDFix
C:\VundoFix Backups
C:\WINDOWS\lfjnrbcw
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
mkiser
Posted 11 February 2008 - 09:33 PM

mkiser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is my ComboFix log:


ComboFix 08-02.05.3 - Michael W. Kiser 2008-02-11 22:16:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.108 [GMT -5:00]
Running from: C:\Documents and Settings\Michael W. Kiser\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael W. Kiser\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\9lDt4QQ8U4.exe
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\jkrazgjm.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\4fdw.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\cs.dat
C:\WINDOWS\system32\Nonoc5.syz
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\worsock.dll
C:\WINDOWS\tunstqhu.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
C:\WINDOWS\zwribsla.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\4fdw.dll
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C_.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixSubSystems.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\RegDACL.exe
C:\SDFix\apps\regedit.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\attrib.exe
C:\SDFix\backupreg\AppInit_DLLs.reg
C:\SDFix\backupreg\bat_shell_open.reg
C:\SDFix\backupreg\BHO.reg
C:\SDFix\backupreg\com_shell_open.reg
C:\SDFix\backupreg\ControlPanel_Load.reg
C:\SDFix\backupreg\exe_shell_open.reg
C:\SDFix\backupreg\HKCU_SOFTWARE_Policy.reg
C:\SDFix\backupreg\HKCU_WINDOWS_Policy.reg
C:\SDFix\backupreg\HKCURun.reg
C:\SDFix\backupreg\HKCURunServices.reg
C:\SDFix\backupreg\HKLM_SOFTWARE_Policy.reg
C:\SDFix\backupreg\HKLM_WINDOWS_Policy.reg
C:\SDFix\backupreg\HKLMRun.reg
C:\SDFix\backupreg\HKLMRunServices.reg
C:\SDFix\backupreg\hta_shell_open.reg
C:\SDFix\backupreg\IEDesktop.reg
C:\SDFix\backupreg\IEMain.reg
C:\SDFix\backupreg\Installed_Components.reg
C:\SDFix\backupreg\pif_shell_open.reg
C:\SDFix\backupreg\reg_shell_open.reg
C:\SDFix\backupreg\SecurityProviders.reg
C:\SDFix\backupreg\SharedTaskScheduler.reg
C:\SDFix\backupreg\ShellServiceObjectDelayLoad.reg
C:\SDFix\backupreg\SubSystems.reg
C:\SDFix\backupreg\txt_shell_open.reg
C:\SDFix\backupreg\Winlogon.reg
C:\SDFix\backupreg\WinlogonNotify.reg
C:\SDFix\catchme.exe
C:\SDFix\Checkcom.txt
C:\SDFix\CheckRuns.txt
C:\SDFix\CheckRuns2.txt
C:\SDFix\dummy.exe
C:\SDFix\dummy.sys
C:\SDFix\find.exe
C:\SDFix\Find.txt
C:\SDFix\Findbhos1.txt
C:\SDFix\Findrun.txt
C:\SDFix\Findrun2.txt
C:\SDFix\Findrun3.txt
C:\SDFix\Findrun30.txt
C:\SDFix\Findrun31.txt
C:\SDFix\findstr.exe
C:\SDFix\regedit.exe
C:\SDFix\RunThis.bat
C:\SDFix\SDFix\apps\assosfix.reg
C:\SDFix\SDFix\apps\cliptext.exe
C:\SDFix\SDFix\apps\download.exe
C:\SDFix\SDFix\apps\dummy.exe
C:\SDFix\SDFix\apps\dummy.sys
C:\SDFix\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\SDFix\apps\ERDNT.E_E
C:\SDFix\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\SDFix\apps\ERUNT.EXE
C:\SDFix\SDFix\apps\ERUNT.LOC
C:\SDFix\SDFix\apps\fix.reg
C:\SDFix\SDFix\apps\FixBH.reg
C:\SDFix\SDFix\apps\FIXCU.reg
C:\SDFix\SDFix\apps\FIXLM.reg
C:\SDFix\SDFix\apps\FixPath.exe
C:\SDFix\SDFix\apps\FixRedir.reg
C:\SDFix\SDFix\apps\FixSchedule.reg
C:\SDFix\SDFix\apps\FixSubSystems.reg
C:\SDFix\SDFix\apps\FixWebCheck.reg
C:\SDFix\SDFix\apps\fixXP.reg
C:\SDFix\SDFix\apps\FixXPsp2.reg
C:\SDFix\SDFix\apps\grep.exe
C:\SDFix\SDFix\apps\HPFix.reg
C:\SDFix\SDFix\apps\HPFix2.reg
C:\SDFix\SDFix\apps\HPFix3.reg
C:\SDFix\SDFix\apps\HPFix4.reg
C:\SDFix\SDFix\apps\HPFix5.reg
C:\SDFix\SDFix\apps\isadmin.exe
C:\SDFix\SDFix\apps\leg2.txt
C:\SDFix\SDFix\apps\legacy.txt
C:\SDFix\SDFix\apps\legacybk.txt
C:\SDFix\SDFix\apps\locate.com
C:\SDFix\SDFix\apps\LS.exe
C:\SDFix\SDFix\apps\MD5File.exe
C:\SDFix\SDFix\apps\MyGcpvFix.reg
C:\SDFix\SDFix\apps\MyGkFix2.reg
C:\SDFix\SDFix\apps\Process.exe
C:\SDFix\SDFix\apps\procs.exe
C:\SDFix\SDFix\apps\psservice.exe
C:\SDFix\SDFix\apps\RegDACL.exe
C:\SDFix\SDFix\apps\regedit.exe
C:\SDFix\SDFix\apps\Rem.txt
C:\SDFix\SDFix\apps\Rem2.txt
C:\SDFix\SDFix\apps\Replace\W2K.exe
C:\SDFix\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\SDFix\apps\Replace\XP.exe
C:\SDFix\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\SDFix\apps\Replace\xp\null.sys
C:\SDFix\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\SDFix\apps\RestartIt!.exe
C:\SDFix\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\SDFix\apps\sc.exe
C:\SDFix\SDFix\apps\sed.exe
C:\SDFix\SDFix\apps\SF.exe
C:\SDFix\SDFix\apps\shutdown.exe
C:\SDFix\SDFix\apps\srv2.txt
C:\SDFix\SDFix\apps\srv2bk.txt
C:\SDFix\SDFix\apps\svc.txt
C:\SDFix\SDFix\apps\svcbk.txt
C:\SDFix\SDFix\apps\swreg.exe
C:\SDFix\SDFix\apps\swsc.exe
C:\SDFix\SDFix\apps\unzip.exe
C:\SDFix\SDFix\apps\vfind.exe
C:\SDFix\SDFix\apps\WINMSG.EXE
C:\SDFix\SDFix\apps\winsec.reg
C:\SDFix\SDFix\apps\zip.exe
C:\SDFix\SDFix\catchme.exe
C:\SDFix\SDFix\dummy.exe
C:\SDFix\SDFix\dummy.sys
C:\SDFix\SDFix\RunThis.bat
C:\SDFix\SDFix\SDFIX_ReadMe_Online.url
C:\SDFix\SDFIX_ReadMe_Online.url
C:\SDFix\TEST710.TXT
C:\SDFix\TEST711.TXT
C:\SDFix\TEST800.TXT
C:\SDFix\TEST801.TXT
C:\SDFix\TEST802.TXT
C:\SDFix\TEST803.TXT
C:\SDFix\TEST804.TXT
C:\SDFix\TEST805.TXT
C:\SDFix\TEST806.TXT
C:\SDFix\TESTbank2.TXT
C:\SDFix\TESTbdat1.TXT
C:\SDFix\TESTbdat2.TXT
C:\SDFix\TESTbdat3.TXT
C:\SDFix\TESTbdat4.TXT
C:\SDFix\TESTbdat5.TXT
C:\SDFix\TESTbho.txt
C:\SDFix\TESTbo.TXT
C:\SDFix\TESTbo1.TXT
C:\SDFix\TESTcpvtoolbar1.txt
C:\SDFix\TESTNeb0.TXT
C:\SDFix\TESTNeb1.TXT
C:\SDFix\TESTNOTIF.TXT
C:\SDFix\TESTNOTIF1.TXT
C:\SDFix\TESTNOTIF3.TXT
C:\SDFix\TESTSecPro1.txt
C:\SDFix\TESTService1.txt
C:\SDFix\TESTService2.txt
C:\SDFix\TESTServices.txt
C:\SDFix\TESTUC1.TXT
C:\VundoFix Backups
C:\VundoFix Backups\uninstall.exe.bad
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\9lDt4QQ8U4.exe
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\jkrazgjm.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\lfjnrbcw
C:\WINDOWS\lfjnrbcw\1.png
C:\WINDOWS\lfjnrbcw\2.png
C:\WINDOWS\lfjnrbcw\3.png
C:\WINDOWS\lfjnrbcw\4.png
C:\WINDOWS\lfjnrbcw\5.png
C:\WINDOWS\lfjnrbcw\6.png
C:\WINDOWS\lfjnrbcw\7.png
C:\WINDOWS\lfjnrbcw\8.png
C:\WINDOWS\lfjnrbcw\9.png
C:\WINDOWS\lfjnrbcw\bottom-rc.gif
C:\WINDOWS\lfjnrbcw\config.png
C:\WINDOWS\lfjnrbcw\content.png
C:\WINDOWS\lfjnrbcw\download.gif
C:\WINDOWS\lfjnrbcw\frame-bg.gif
C:\WINDOWS\lfjnrbcw\frame-bottom-left.gif
C:\WINDOWS\lfjnrbcw\frame-h1bg.gif
C:\WINDOWS\lfjnrbcw\head.png
C:\WINDOWS\lfjnrbcw\icon.png
C:\WINDOWS\lfjnrbcw\indexwp.html
C:\WINDOWS\lfjnrbcw\main.css
C:\WINDOWS\lfjnrbcw\memory-prots.png
C:\WINDOWS\lfjnrbcw\net.png
C:\WINDOWS\lfjnrbcw\pc-mag.gif
C:\WINDOWS\lfjnrbcw\pc.gif
C:\WINDOWS\lfjnrbcw\poloska1.png
C:\WINDOWS\lfjnrbcw\poloska2.png
C:\WINDOWS\lfjnrbcw\poloska3.png
C:\WINDOWS\lfjnrbcw\promowp1.html
C:\WINDOWS\lfjnrbcw\promowp2.html
C:\WINDOWS\lfjnrbcw\promowp3.html
C:\WINDOWS\lfjnrbcw\promowp4.html
C:\WINDOWS\lfjnrbcw\promowp5.html
C:\WINDOWS\lfjnrbcw\reg.png
C:\WINDOWS\lfjnrbcw\repair.png
C:\WINDOWS\lfjnrbcw\scr-1.png
C:\WINDOWS\lfjnrbcw\scr-2.png
C:\WINDOWS\lfjnrbcw\start.png
C:\WINDOWS\lfjnrbcw\styles.css
C:\WINDOWS\lfjnrbcw\Thumbs.db
C:\WINDOWS\lfjnrbcw\top-rc.gif
C:\WINDOWS\lfjnrbcw\vline.gif
C:\WINDOWS\lfjnrbcw\wp.png
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\4fdw.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\cs.dat
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\Nonoc5.syz
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\worsock.dll
C:\WINDOWS\tunstqhu.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
C:\WINDOWS\zwribsla.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-11 20:53 . 2004-08-04 00:56 388,608 --a------ C:\kmd.exe
2008-02-11 18:07 . 2008-02-11 18:34 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-11 18:07 . 2008-02-11 18:27 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-11 18:07 . 2008-02-11 18:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-11 18:07 . 2008-02-11 18:27 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-11 17:48 . 2008-02-11 17:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 20:05 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-10 20:05 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-10 20:05 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-10 20:05 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-10 20:05 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-10 20:05 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-10 20:04 . 2008-02-10 20:04 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-10 20:04 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-10 20:04 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-10 19:49 . 2008-02-10 19:49 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-02-10 15:45 . 2008-02-10 17:52 3,314 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-10 15:39 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-10 15:39 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-10 15:39 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-10 15:39 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-10 15:39 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-10 15:39 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-10 14:59 . 2008-02-10 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-10 14:58 . 2008-02-10 20:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-10 14:58 . 2008-02-10 20:37 <DIR> d-------- C:\Documents and Settings\Michael W. Kiser\Application Data\SUPERAntiSpyware.com
2008-02-10 03:15 . 2008-02-10 03:15 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-09 18:15 . 2008-02-09 18:15 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-09 18:15 . 2008-02-10 20:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-09 18:15 . 2008-02-09 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-04 20:35 . 2008-02-04 20:35 <DIR> d-------- C:\Program Files\Stickies
2008-02-04 20:35 . 2008-02-11 22:22 <DIR> d-------- C:\Documents and Settings\Michael W. Kiser\Application Data\stickies
2008-02-04 14:48 . 2008-02-04 20:15 <DIR> d-------- C:\Program Files\Software by Design
2008-02-04 14:48 . 2006-07-26 00:00 90,112 --------- C:\WINDOWS\SDUnInst.exe
2008-01-31 21:32 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-31 21:32 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-31 21:32 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-31 21:31 . 2008-01-31 21:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-31 21:28 . 2008-01-31 21:29 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-30 14:29 . 2008-01-30 14:29 <DIR> d-------- C:\Documents and Settings\Michael W. Kiser\Application Data\Ableton
2008-01-30 14:29 . 2008-01-30 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-01-30 14:29 . 2008-02-11 22:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-30 14:29 . 2008-01-30 14:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-30 14:27 . 2008-01-30 14:27 <DIR> d-------- C:\Program Files\Ableton
2008-01-28 19:40 . 2008-01-28 19:40 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-28 18:50 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-28 17:13 . 2008-01-28 17:13 <DIR> d-------- C:\Program Files\Bonjour
2008-01-28 17:13 . 2008-01-28 17:14 <DIR> d-------- C:\Program Files\AirPort
2008-01-28 15:55 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-28 15:54 . 2004-08-04 00:56 239,616 --------- C:\WINDOWS\system32\wstrenderer.ax
2008-01-28 15:54 . 2004-08-04 00:56 164,352 --------- C:\WINDOWS\system32\wstpager.ax
2008-01-28 15:54 . 2004-08-04 00:56 53,248 --------- C:\WINDOWS\system32\vbicodec.ax
2008-01-28 15:54 . 2004-08-03 22:59 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-01-28 15:43 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002833_.tmp
2008-01-24 23:46 . 2008-01-24 23:46 <DIR> d-------- C:\Program Files\Red Kawa
2008-01-23 15:30 . 2008-01-23 15:30 <DIR> d-------- C:\Program Files\Penn Netapps 2007
2008-01-23 15:20 . 2008-01-23 15:20 <DIR> d-------- C:\Program Files\SecureW2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 03:19 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-11 01:35 --------- d-----w C:\Program Files\Focus MP3 Recorder Pro
2008-02-06 00:46 --------- d-----w C:\Documents and Settings\Michael W. Kiser\Application Data\uTorrent
2008-02-01 17:37 --------- d-----w C:\Program Files\VstPlugins
2007-12-28 06:53 --------- d-----w C:\Documents and Settings\Michael W. Kiser\Application Data\Apple Computer
2007-12-28 06:51 --------- d-----w C:\Program Files\QuickTime
2007-12-25 20:39 --------- d-----w C:\Program Files\LG Drivers
2007-12-25 20:01 --------- d-----w C:\Program Files\Verizon Wireless
2007-06-10 20:18 5,893,280 ----a-w C:\Program Files\SP28818.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37 2321600]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40 124656]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-07 14:40 159744]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-07 06:22 4730880]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2005-10-25 23:21 61440]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"AirPort Base Station Agent"="C:\Program Files\AirPort\APAgent.exe" [2007-08-08 11:35 643072]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]

C:\Documents and Settings\Michael W. Kiser\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-12-25 15:01:14 947544]
Stickies.lnk - C:\Program Files\Stickies\stickies.exe [2008-01-16 22:39:45 757760]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk
backup=C:\WINDOWS\pss\Launchy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerGrid.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerGrid.lnk
backup=C:\WINDOWS\pss\PowerGrid.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael W. Kiser^Start Menu^Programs^Startup^FBQuick.lnk]
path=C:\Documents and Settings\Michael W. Kiser\Start Menu\Programs\Startup\FBQuick.lnk
backup=C:\WINDOWS\pss\FBQuick.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 02:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 17:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 13:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2004-04-07 06:22 323584 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe

S1 4fdw;4fdw;C:\WINDOWS\system32\4fdw.dll []
S3 EVOLUSB;%EVOL_USB_SvcDesc%;C:\WINDOWS\system32\drivers\evolusb.sys [2004-10-20 16:50]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);C:\WINDOWS\system32\DRIVERS\mausb.sys [2005-12-13 09:39]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\WINDOWS\system32\Drivers\tascusb2.sys [2006-10-24 21:54]
S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;C:\WINDOWS\system32\drivers\tscusb2m.sys [2006-10-24 21:54]
S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;C:\WINDOWS\system32\drivers\tscusb2a.sys [2006-10-24 21:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 21:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 22:22:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????8?2?0?5??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-02-11 22:29:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 03:29:31
ComboFix2.txt 2008-02-12 02:08:10
.
2008-02-02 05:54:12 --- E O F ---



Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:02 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\AirPort\APAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1170888669265
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: M-Audio USB Installer (MAudioUSBService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe

--
End of file - 7443 bytes


P.S.: The desktop background has disappeared, along with the annoying pop-up producer in the system tray! Looks like a good sign!
  • 0

#8
kahdah
Posted 11 February 2008 - 10:06 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You still have 2 antivirus programs running.
If you are wanting to keep Norton then please uninstall AVast.
As long as you only have one.
=====================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\4fdw.dll 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4fdw

  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=========================
After that
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
=================================================================
Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report and a new Hijackthis log.

  • 0

#9
mkiser
Posted 11 February 2008 - 11:13 PM

mkiser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTMoveIt Log:

[Custom Input]
< C:\WINDOWS\system32\4fdw.dll >
File/Folder C:\WINDOWS\system32\4fdw.dll not found.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4fdw >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4fdw\\ deleted successfully.

OTMoveIt2 v1.0.19 log created on 02112008_231651







Panda Log:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-02-12 00:11:44
PROTECTIONS: 2
MALWARE: 31
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
avast! antivirus 4.7.1098 [VPS 080211-0] 4.7.1098 No Yes
Symantec AntiVirus Corporate Edition 10.1.4.4000 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.atdmt.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.mediaplex.com/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.clickbank.net/]
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.www.myaffiliateprogram.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.yadro.ru/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.toplist.cz/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.burstnet.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[www.burstbeacon.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[server.iad.liveperson.net/hc/90594700]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.ads.pointroll.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.fortunecity.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.fortunecity.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.adrevolver.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.adultfriendfinder.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.go.com/]
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.i.screensavers.com/]
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.i.screensavers.com/]
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.i.screensavers.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Michael W. Kiser\Application Data\Mozilla\Firefox\Profiles\8wzkhe1x.default\cookies.txt[.ehg-dig.hitbox.com/]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================





HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:46 AM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AirPort\APAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Stickies\stickies.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1170888669265
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: M-Audio USB Installer (MAudioUSBService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe

--
End of file - 7237 bytes
  • 0

#10
kahdah
Posted 12 February 2008 - 03:07 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Clean your Cache and Cookies in Firefox :
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
  • Alternatively, you can clear all information stored while browsing by clicking Clear All.
  • A confirmation dialog box will be shown before clearing the information.
=======================================================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

    The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that is left over.
====================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP