Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Huge Virtumonde, Trojan and Malware Problem[RESOLVED]

Started by SeniorChief , Mar 01 2008 08:41 PM

  • This topic is locked This topic is locked

#1
SeniorChief
Posted 01 March 2008 - 08:41 PM

SeniorChief

    Member

  • Member
  • PipPip
  • 32 posts
For about 3 months know I have been fighting a Virtumonde, Trojan and malware battle. Its was hard the first five weeks, then as time went on it seemed as if Virtumonde was letting more spyware and viruses into my computer. My computer began to run much slower and the internet was infested with pop-ups. I managed to stop the pop-ups but the spyware is still active and on my computer. I used many spyware remover tools but none have seemed to work very well. That is why I have decided to try HijackThis, in hope that one of you could help end the war.

Thank you,
Senior Chief


Heres my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:08 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\Scanner\Scanner.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnnk.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {67B197CD-BCC7-4DF4-857E-E09B0FF30CFA} - C:\WINDOWS\system32\pmnnk.dll
O2 - BHO: {53847a4d-b036-35f8-5744-067b6eac867c} - {c768cae6-b760-4475-8f53-630bd4a74835} - C:\WINDOWS\system32\dtoktppw.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\winreanimator .exe" /hide
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BMf784c838] Rundll32.exe "C:\WINDOWS\system32\gjmkhdnv.dll",s
O4 - HKLM\..\Run: [f4b7fba4] rundll32.exe "C:\WINDOWS\system32\mrgplmih.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pop up Blocker Pro Rich-Media Ads Edition] "C:\Program Files\Pop up Blocker Pro RMA Edition\pdie.exe" Minimize
O4 - HKUS\S-1-5-21-3262582141-619540180-3980966549-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3262582141-619540180-3980966549-1005\..\Run: [Pop up Blocker Pro Rich-Media Ads Edition] "C:\Program Files\Pop up Blocker Pro RMA Edition\pdie.exe" Minimize (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pop up Blocker Pro Rich-Media Ads Edition - {0FDE313D-9F9A-4264-AAEF-E1B7037EF9A6} - C:\Program Files\Pop up Blocker Pro RMA Edition\pdie.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim .exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1143329679230
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143329664558
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam.atomic...activex/AMC.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37240.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {94418D7F-29BF-460F-8614-DEFB34871FA4} - https://secure3.true.../TrueConfig.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...orts/wtinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinn...ool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF468D2E-0575-4271-BEC8-A3787CFE7E85}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: gebcbcy - gebcbcy.dll (file missing)
O20 - Winlogon Notify: khfecca - khfecca.dll (file missing)
O20 - Winlogon Notify: qomkigg - qomkigg.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\winvnc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 11836 bytes

Edited by SeniorChief, 06 March 2008 - 07:20 PM.

  • 0

Advertisements

#2
RatHat
Posted 02 March 2008 - 06:34 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with.

Next, I would like to make sure that you can view hidden files and folders;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please post me an Uninstall List from HijackThis:
  • Re-Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download VundoFix from Here to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please read this Combofix tutorial before continuing, then follow the instructions below.

Download ComboFix from Here, Here or Here to your Desktop. (If you already have ComboFix, please delete it and download this new version).

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Save this log to your desktop as Combofix.txt and post it in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next post, please include the following:
  • The HijackThis uninstall list
  • The contents of vundofix.txt
  • The contents of Combofix.txt
  • A fresh HijackThis log, taken after completing all of the above.

Regards,
RatHat
  • 0

#3
SeniorChief
Posted 03 March 2008 - 07:20 PM

SeniorChief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thanks for taking your time to help me.

Heres everything you asked for:

HijackThis Uninstall List:

Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager 2.0 (Remove Only)
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.0.8
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.0
AdWare & SpyWare
AdwareAlert
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Arthur's Teacher Trouble
Ask Toolbar
Audio Editor Gold v9.2.19.1
avast! Antivirus
Avatar Sizer
AXIS Media Control
Classic PhoneTools
ClearStream Accelerator
CloneDVD2
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Contextual Tool
Cookies Xbox360 Game Burner 1.00
CuteFTP 8 Professional
DebugMode Wax 2.0
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
DellSupport
Digital Line Detect
DVD Shrink 3.2
DVDSentry
Easy CD Creator 5 Basic
Electronic Arts Game Updater
ESPN RunTime
Franklin The Turtle School
FrostWire 4.13.4
FS One
GdiplusUpgrade
Google Earth
Google SketchUp
Google SketchUp 6
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Video Player
Greetings Workshop
HijackThis 2.0.2
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
iPod for Windows 2005-11-17
iPod Updater 2004-11-15
iRiver Manager
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java™ 6 Update 2
JetFighter IV
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.75
Logitech Resource Center
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Encarta 97 Encyclopedia
Microsoft Flight Simulator for Windows 95
Microsoft Home Publishing 2000
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft WinUsb 1.0
Modem Helper
Mozilla (1.7.1)
Mozilla Firefox (2.0.0.12)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MUSICMATCH Jukebox
MyDVD
NVIDIA Display Driver
NVIDIA Drivers
overland
Paint Shop Pro 7
PC Booster
PCsync
PDF Settings
Pepakura Designer2
Picture Package
Plaxo Toolbar for Outlook and Outlook Express
Pop up Blocker Pro RMA Edition 5.0.1 (remove only)
QuickTime
Rhapsody Player Engine
SBC Self Support Tool
SBC Yahoo! Applications
SBC Yahoo! DSL Activation
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shockwave
Sony USB Driver
Spy Sweeper
Spybot - Search & Destroy
SpyHunter
Spyware Doctor 5.5
SpywareBlaster v3.5.1
TI Connect 1.5
TVUPlayer 2.2.0
UFPQLBMV
UltraVNC v1.0.2
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Videora iPod Converter 0.91
WebCyberCoach 3.2 Dell
WickedOrange BandwidthMonitor 0.1
Windows Defender
Windows Defender Signatures
Windows Easy Transfer
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinTasks Trial


Contents of VundoFix:

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 10:45:39 PM 3/2/2008

Listing files found while scanning....

C:\WINDOWS\FS One\uninstall.exe
C:\WINDOWS\SYSTEM32\afwxgwxj.dll
C:\WINDOWS\SYSTEM32\allebwbn.dll
C:\WINDOWS\SYSTEM32\biptjekf.dll
C:\WINDOWS\SYSTEM32\buaoptqi.ini
C:\WINDOWS\SYSTEM32\caxxfwjk.dll
C:\WINDOWS\SYSTEM32\ceymkrpy.dll
C:\WINDOWS\SYSTEM32\clfeemjo.dll
C:\WINDOWS\SYSTEM32\cquegcxk.dll
C:\WINDOWS\SYSTEM32\csmciowg.dll
C:\WINDOWS\SYSTEM32\daxsqogr.dll
C:\WINDOWS\SYSTEM32\dbbplogh.dll
C:\WINDOWS\SYSTEM32\doagjgnm.dll
C:\WINDOWS\SYSTEM32\DSentry.exe
C:\WINDOWS\SYSTEM32\dtoktppw.dll
C:\WINDOWS\SYSTEM32\ebkipuiv.dll
C:\WINDOWS\SYSTEM32\edjqdjwc.dll
C:\WINDOWS\SYSTEM32\edypepyj.dll
C:\WINDOWS\SYSTEM32\egbavste.dll
C:\WINDOWS\SYSTEM32\esxuvneq.dll
C:\WINDOWS\SYSTEM32\etsvabge.ini
C:\WINDOWS\SYSTEM32\ewvhjccy.dll
C:\WINDOWS\SYSTEM32\fhtblyqp.dll
C:\WINDOWS\SYSTEM32\fjpoewhy.dll
C:\WINDOWS\SYSTEM32\fkejtpib.ini
C:\WINDOWS\SYSTEM32\fwntytae.dll
C:\WINDOWS\SYSTEM32\fxjiycke.dll
C:\WINDOWS\SYSTEM32\gcffetcl.dll
C:\WINDOWS\SYSTEM32\gfhobdpy.dll
C:\WINDOWS\SYSTEM32\gjmkhdnv.dll
C:\WINDOWS\SYSTEM32\gmfmognf.dll
C:\WINDOWS\SYSTEM32\gwegyqyy.dll
C:\WINDOWS\SYSTEM32\gxukiqhu.dll
C:\WINDOWS\SYSTEM32\hxjbudjo.dll
C:\WINDOWS\SYSTEM32\iokxnykc.dll
C:\WINDOWS\SYSTEM32\iqtpoaub.dll
C:\WINDOWS\SYSTEM32\isjcxsfk.dll
C:\WINDOWS\SYSTEM32\istcklvu.dll
C:\WINDOWS\SYSTEM32\itdvobkv.dll
C:\WINDOWS\SYSTEM32\iyrdgyef.dll
C:\WINDOWS\SYSTEM32\jcweyofq.dll
C:\WINDOWS\SYSTEM32\jhhffqfl.dll
C:\WINDOWS\SYSTEM32\jhktnytg.dll
C:\WINDOWS\SYSTEM32\jkiuxrfd.dll
C:\WINDOWS\SYSTEM32\jpriixnm.dll
C:\WINDOWS\SYSTEM32\jskawcfp.dll
C:\WINDOWS\SYSTEM32\jsyhwknv.dll
C:\WINDOWS\SYSTEM32\kjwjxxqh.dll
C:\WINDOWS\SYSTEM32\kkjlvhju.dll
C:\WINDOWS\SYSTEM32\knkicnoq.dll
C:\WINDOWS\SYSTEM32\lacoqxbm.dll
C:\WINDOWS\SYSTEM32\lbafobeh.dll
C:\WINDOWS\SYSTEM32\lcteffcg.ini
C:\WINDOWS\SYSTEM32\lewmgdai.dll
C:\WINDOWS\SYSTEM32\lrmxbpfa.dll
C:\WINDOWS\SYSTEM32\mfgikkaj.dll
C:\WINDOWS\SYSTEM32\mfsrsjgc.dll
C:\WINDOWS\SYSTEM32\mftyyxer.dll
C:\WINDOWS\SYSTEM32\mipelevb.dll
C:\WINDOWS\SYSTEM32\mjcqyeee.dll
C:\WINDOWS\SYSTEM32\mljjj.exe
C:\WINDOWS\SYSTEM32\mrgplmih.dll
C:\WINDOWS\SYSTEM32\mswwjbrw.dll
C:\WINDOWS\SYSTEM32\mwignjes.dll
C:\WINDOWS\SYSTEM32\mymtapbi.dll
C:\WINDOWS\SYSTEM32\naespmpp.dll
C:\WINDOWS\SYSTEM32\nbwbella.ini
C:\WINDOWS\SYSTEM32\nfxioyca.dll
C:\WINDOWS\SYSTEM32\njnneakf.dll
C:\WINDOWS\SYSTEM32\nkspswmt.dll
C:\WINDOWS\SYSTEM32\nvbelvue.dll
C:\WINDOWS\SYSTEM32\nxidnqym.dll
C:\WINDOWS\SYSTEM32\oacoaotg.dll
C:\WINDOWS\SYSTEM32\ocinnnkv.dll
C:\WINDOWS\SYSTEM32\oeuxqwek.dll
C:\WINDOWS\SYSTEM32\opubpjpj.dll
C:\WINDOWS\SYSTEM32\oromnygp.dll
C:\WINDOWS\SYSTEM32\owdoprxv.dll
C:\WINDOWS\SYSTEM32\pelaydyd.dll
C:\WINDOWS\SYSTEM32\pesukqso.dll
C:\WINDOWS\SYSTEM32\pilehial.dll
C:\WINDOWS\SYSTEM32\pmnnk.dll
C:\WINDOWS\SYSTEM32\pmnnk.exe
C:\WINDOWS\SYSTEM32\psclkwus.dll
C:\WINDOWS\SYSTEM32\pucqbqkw.dll
C:\WINDOWS\SYSTEM32\qihjrumr.dll
C:\WINDOWS\SYSTEM32\qqmidhqi.dll
C:\WINDOWS\SYSTEM32\qrbjdiyi.dll
C:\WINDOWS\SYSTEM32\qyjxdqxx.dll
C:\WINDOWS\SYSTEM32\rcsoinog.dll
C:\WINDOWS\SYSTEM32\RedxZone .exe
C:\WINDOWS\SYSTEM32\rigrsqbi.dll
C:\WINDOWS\SYSTEM32\rrbncmew.dll
C:\WINDOWS\SYSTEM32\rwdoyylu.dll
C:\WINDOWS\SYSTEM32\rwrsjpfi.dll
C:\WINDOWS\SYSTEM32\sadotmhu.dll
C:\WINDOWS\SYSTEM32\sgougfrn.dll
C:\WINDOWS\SYSTEM32\skaakaki.dll
C:\WINDOWS\SYSTEM32\skpaplox.dll
C:\WINDOWS\SYSTEM32\syabfqve.dll
C:\WINDOWS\SYSTEM32\tdejohgj.dll
C:\WINDOWS\SYSTEM32\tlgpncmn.dll
C:\WINDOWS\SYSTEM32\tngnfthc.dll
C:\WINDOWS\SYSTEM32\tvffocwj.dll
C:\WINDOWS\SYSTEM32\tyoycjvh.dll
C:\WINDOWS\SYSTEM32\ubypsxop.dll
C:\WINDOWS\SYSTEM32\uhqikuxg.ini
C:\WINDOWS\SYSTEM32\ukplqbyh.dll
C:\WINDOWS\SYSTEM32\uxpideay.dll
C:\WINDOWS\SYSTEM32\vbeqdkei.dll
C:\WINDOWS\SYSTEM32\vqtjvexq.dll
C:\WINDOWS\SYSTEM32\wapecsjk.dll
C:\WINDOWS\SYSTEM32\wjjhjkgv.dll
C:\WINDOWS\SYSTEM32\wraohviv.dll
C:\WINDOWS\SYSTEM32\wtutlnpp.dll
C:\WINDOWS\SYSTEM32\wvuuvvs.dll
C:\WINDOWS\SYSTEM32\wxiohknv.dll
C:\WINDOWS\SYSTEM32\yhweopjf.ini

Beginning removal...

Attempting to delete C:\WINDOWS\FS One\uninstall.exe
C:\WINDOWS\FS One\uninstall.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\afwxgwxj.dll
C:\WINDOWS\SYSTEM32\afwxgwxj.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\allebwbn.dll
C:\WINDOWS\SYSTEM32\allebwbn.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\biptjekf.dll
C:\WINDOWS\SYSTEM32\biptjekf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\buaoptqi.ini
C:\WINDOWS\SYSTEM32\buaoptqi.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\caxxfwjk.dll
C:\WINDOWS\SYSTEM32\caxxfwjk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ceymkrpy.dll
C:\WINDOWS\SYSTEM32\ceymkrpy.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\clfeemjo.dll
C:\WINDOWS\SYSTEM32\clfeemjo.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cquegcxk.dll
C:\WINDOWS\SYSTEM32\cquegcxk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\csmciowg.dll
C:\WINDOWS\SYSTEM32\csmciowg.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\daxsqogr.dll
C:\WINDOWS\SYSTEM32\daxsqogr.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dbbplogh.dll
C:\WINDOWS\SYSTEM32\dbbplogh.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\doagjgnm.dll
C:\WINDOWS\SYSTEM32\doagjgnm.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\DSentry.exe
C:\WINDOWS\SYSTEM32\DSentry.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dtoktppw.dll
C:\WINDOWS\SYSTEM32\dtoktppw.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ebkipuiv.dll
C:\WINDOWS\SYSTEM32\ebkipuiv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\edjqdjwc.dll
C:\WINDOWS\SYSTEM32\edjqdjwc.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\edypepyj.dll
C:\WINDOWS\SYSTEM32\edypepyj.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\egbavste.dll
C:\WINDOWS\SYSTEM32\egbavste.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\esxuvneq.dll
C:\WINDOWS\SYSTEM32\esxuvneq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\etsvabge.ini
C:\WINDOWS\SYSTEM32\etsvabge.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ewvhjccy.dll
C:\WINDOWS\SYSTEM32\ewvhjccy.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fhtblyqp.dll
C:\WINDOWS\SYSTEM32\fhtblyqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fjpoewhy.dll
C:\WINDOWS\SYSTEM32\fjpoewhy.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fkejtpib.ini
C:\WINDOWS\SYSTEM32\fkejtpib.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fwntytae.dll
C:\WINDOWS\SYSTEM32\fwntytae.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fxjiycke.dll
C:\WINDOWS\SYSTEM32\fxjiycke.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gcffetcl.dll
C:\WINDOWS\SYSTEM32\gcffetcl.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gfhobdpy.dll
C:\WINDOWS\SYSTEM32\gfhobdpy.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gjmkhdnv.dll
C:\WINDOWS\SYSTEM32\gjmkhdnv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gmfmognf.dll
C:\WINDOWS\SYSTEM32\gmfmognf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gwegyqyy.dll
C:\WINDOWS\SYSTEM32\gwegyqyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gxukiqhu.dll
C:\WINDOWS\SYSTEM32\gxukiqhu.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hxjbudjo.dll
C:\WINDOWS\SYSTEM32\hxjbudjo.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iokxnykc.dll
C:\WINDOWS\SYSTEM32\iokxnykc.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iqtpoaub.dll
C:\WINDOWS\SYSTEM32\iqtpoaub.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\isjcxsfk.dll
C:\WINDOWS\SYSTEM32\isjcxsfk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\istcklvu.dll
C:\WINDOWS\SYSTEM32\istcklvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\itdvobkv.dll
C:\WINDOWS\SYSTEM32\itdvobkv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iyrdgyef.dll
C:\WINDOWS\SYSTEM32\iyrdgyef.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jcweyofq.dll
C:\WINDOWS\SYSTEM32\jcweyofq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jhhffqfl.dll
C:\WINDOWS\SYSTEM32\jhhffqfl.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jhktnytg.dll
C:\WINDOWS\SYSTEM32\jhktnytg.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jkiuxrfd.dll
C:\WINDOWS\SYSTEM32\jkiuxrfd.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jpriixnm.dll
C:\WINDOWS\SYSTEM32\jpriixnm.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\jskawcfp.dll
C:\WINDOWS\SYSTEM32\jskawcfp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jsyhwknv.dll
C:\WINDOWS\SYSTEM32\jsyhwknv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kjwjxxqh.dll
C:\WINDOWS\SYSTEM32\kjwjxxqh.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kkjlvhju.dll
C:\WINDOWS\SYSTEM32\kkjlvhju.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\knkicnoq.dll
C:\WINDOWS\SYSTEM32\knkicnoq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lacoqxbm.dll
C:\WINDOWS\SYSTEM32\lacoqxbm.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lbafobeh.dll
C:\WINDOWS\SYSTEM32\lbafobeh.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lcteffcg.ini
C:\WINDOWS\SYSTEM32\lcteffcg.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lewmgdai.dll
C:\WINDOWS\SYSTEM32\lewmgdai.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lrmxbpfa.dll
C:\WINDOWS\SYSTEM32\lrmxbpfa.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mfgikkaj.dll
C:\WINDOWS\SYSTEM32\mfgikkaj.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mfsrsjgc.dll
C:\WINDOWS\SYSTEM32\mfsrsjgc.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mftyyxer.dll
C:\WINDOWS\SYSTEM32\mftyyxer.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mipelevb.dll
C:\WINDOWS\SYSTEM32\mipelevb.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mjcqyeee.dll
C:\WINDOWS\SYSTEM32\mjcqyeee.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mljjj.exe
C:\WINDOWS\SYSTEM32\mljjj.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mrgplmih.dll
C:\WINDOWS\SYSTEM32\mrgplmih.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mswwjbrw.dll
C:\WINDOWS\SYSTEM32\mswwjbrw.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mwignjes.dll
C:\WINDOWS\SYSTEM32\mwignjes.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mymtapbi.dll
C:\WINDOWS\SYSTEM32\mymtapbi.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\naespmpp.dll
C:\WINDOWS\SYSTEM32\naespmpp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\nbwbella.ini
C:\WINDOWS\SYSTEM32\nbwbella.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\nfxioyca.dll
C:\WINDOWS\SYSTEM32\nfxioyca.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\njnneakf.dll
C:\WINDOWS\SYSTEM32\njnneakf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\nkspswmt.dll
C:\WINDOWS\SYSTEM32\nkspswmt.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\nvbelvue.dll
C:\WINDOWS\SYSTEM32\nvbelvue.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\nxidnqym.dll
C:\WINDOWS\SYSTEM32\nxidnqym.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\oacoaotg.dll
C:\WINDOWS\SYSTEM32\oacoaotg.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ocinnnkv.dll
C:\WINDOWS\SYSTEM32\ocinnnkv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\oeuxqwek.dll
C:\WINDOWS\SYSTEM32\oeuxqwek.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\opubpjpj.dll
C:\WINDOWS\SYSTEM32\opubpjpj.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\oromnygp.dll
C:\WINDOWS\SYSTEM32\oromnygp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\owdoprxv.dll
C:\WINDOWS\SYSTEM32\owdoprxv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pelaydyd.dll
C:\WINDOWS\SYSTEM32\pelaydyd.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pesukqso.dll
C:\WINDOWS\SYSTEM32\pesukqso.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pilehial.dll
C:\WINDOWS\SYSTEM32\pilehial.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pmnnk.dll
C:\WINDOWS\SYSTEM32\pmnnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pmnnk.exe
C:\WINDOWS\SYSTEM32\pmnnk.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\psclkwus.dll
C:\WINDOWS\SYSTEM32\psclkwus.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pucqbqkw.dll
C:\WINDOWS\SYSTEM32\pucqbqkw.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qihjrumr.dll
C:\WINDOWS\SYSTEM32\qihjrumr.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qqmidhqi.dll
C:\WINDOWS\SYSTEM32\qqmidhqi.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qrbjdiyi.dll
C:\WINDOWS\SYSTEM32\qrbjdiyi.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qyjxdqxx.dll
C:\WINDOWS\SYSTEM32\qyjxdqxx.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rcsoinog.dll
C:\WINDOWS\SYSTEM32\rcsoinog.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\RedxZone .exe
C:\WINDOWS\SYSTEM32\RedxZone .exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rigrsqbi.dll
C:\WINDOWS\SYSTEM32\rigrsqbi.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rrbncmew.dll
C:\WINDOWS\SYSTEM32\rrbncmew.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rwdoyylu.dll
C:\WINDOWS\SYSTEM32\rwdoyylu.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rwrsjpfi.dll
C:\WINDOWS\SYSTEM32\rwrsjpfi.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\sadotmhu.dll
C:\WINDOWS\SYSTEM32\sadotmhu.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\sgougfrn.dll
C:\WINDOWS\SYSTEM32\sgougfrn.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\skaakaki.dll
C:\WINDOWS\SYSTEM32\skaakaki.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\skpaplox.dll
C:\WINDOWS\SYSTEM32\skpaplox.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\syabfqve.dll
C:\WINDOWS\SYSTEM32\syabfqve.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tdejohgj.dll
C:\WINDOWS\SYSTEM32\tdejohgj.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tlgpncmn.dll
C:\WINDOWS\SYSTEM32\tlgpncmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tngnfthc.dll
C:\WINDOWS\SYSTEM32\tngnfthc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\tvffocwj.dll
C:\WINDOWS\SYSTEM32\tvffocwj.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tyoycjvh.dll
C:\WINDOWS\SYSTEM32\tyoycjvh.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ubypsxop.dll
C:\WINDOWS\SYSTEM32\ubypsxop.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\uhqikuxg.ini
C:\WINDOWS\SYSTEM32\uhqikuxg.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ukplqbyh.dll
C:\WINDOWS\SYSTEM32\ukplqbyh.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\uxpideay.dll
C:\WINDOWS\SYSTEM32\uxpideay.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vbeqdkei.dll
C:\WINDOWS\SYSTEM32\vbeqdkei.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vqtjvexq.dll
C:\WINDOWS\SYSTEM32\vqtjvexq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wapecsjk.dll
C:\WINDOWS\SYSTEM32\wapecsjk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wjjhjkgv.dll
C:\WINDOWS\SYSTEM32\wjjhjkgv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wraohviv.dll
C:\WINDOWS\SYSTEM32\wraohviv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wtutlnpp.dll
C:\WINDOWS\SYSTEM32\wtutlnpp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wvuuvvs.dll
C:\WINDOWS\SYSTEM32\wvuuvvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wxiohknv.dll
C:\WINDOWS\SYSTEM32\wxiohknv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yhweopjf.ini
C:\WINDOWS\SYSTEM32\yhweopjf.ini Has been deleted!

Performing Repairs to the registry.
Done!

Edited by SeniorChief, 03 March 2008 - 07:33 PM.

  • 0

#4
SeniorChief
Posted 03 March 2008 - 07:36 PM

SeniorChief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Contents of Comb-Fix:


ComboFix 08-03-03.16 - Edward 2008-03-03 19:33:37.1 - NTFSx86

Running from: C:\Documents and Settings\Edward\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
C:\Documents and Settings\Edward\Application Data\CROSOF~1.NET
C:\Documents and Settings\Edward\Application Data\ICROSO~1
C:\Documents and Settings\Edward\Application Data\macromedia\Flash Player\#SharedObjects\CKFEXPXN\www.broadcaster.com
C:\Documents and Settings\Edward\Application Data\macromedia\Flash Player\#SharedObjects\CKFEXPXN\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Edward\Application Data\macromedia\Flash Player\#SharedObjects\CKFEXPXN\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Edward\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Edward\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Edward\Application Data\MANTEC~1
C:\Documents and Settings\Edward\Application Data\PPATCH~1
C:\Documents and Settings\Edward\Application Data\SKS~1
C:\Documents and Settings\Edward\Application Data\SMBOLS~1
C:\Documents and Settings\Edward\Application Data\YMANTE~1
C:\Documents and Settings\Edward\Favorites\.url
C:\Documents and Settings\Edward\My Documents\ASKS~1
C:\Documents and Settings\Edward\My Documents\FNTS~1
C:\Documents and Settings\Edward\My Documents\ICROSO~1.NET
C:\Documents and Settings\Edward\My Documents\MBOLS~1
C:\Documents and Settings\Edward\My Documents\MCROSO~1
C:\Documents and Settings\Edward\My Documents\PPATCH~1
C:\Documents and Settings\Edward\My Documents\SCURIT~1
C:\Documents and Settings\Edward\My Documents\SKS~1
C:\Documents and Settings\Edward\My Documents\YMBOLS~1
C:\Documents and Settings\Edward\My Documents\YSTEM~1
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\sembly~1
C:\Program Files\Common Files\smbols~1
C:\Program Files\Common Files\uninstall information
C:\Program Files\Common Files\ymante~1
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Pop up Blocker Pro RMA Edition\pdie.exe
C:\Program Files\racle~1
C:\Program Files\smbols~1
C:\Program Files\sstem~1
C:\Program Files\WinReanimator
C:\Program Files\WinReanimator\data\daily.cvd
C:\Program Files\WinReanimator\htmlayout.dll
C:\Program Files\WinReanimator\install.exe
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcm80.dll
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\WinReanimator\pthreadVC2.dll
C:\Program Files\WinReanimator\un.ico
C:\Program Files\WinReanimator\unzip32.dll
C:\Program Files\WinReanimator\WinReanimator.dll
C:\Program Files\WinReanimator\WinReanimator.exe
C:\Program Files\ystem~1
C:\WINDOWS\asembl~1
C:\WINDOWS\b143.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\braviax.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\cru629.dat
C:\WINDOWS\curity~1
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\icroso~1
C:\WINDOWS\mantec~1
C:\WINDOWS\mantec~1\MANTEC~1\ctxad-468.0000
C:\WINDOWS\mcroso~1
C:\WINDOWS\pskt.ini
C:\WINDOWS\sstem~1
C:\WINDOWS\stem~1
C:\WINDOWS\system32\abfpduyf.dll
C:\WINDOWS\system32\aghtgvfb.dll
C:\WINDOWS\SYSTEM32\aibxbtyl.ini
C:\WINDOWS\system32\asks~1
C:\WINDOWS\SYSTEM32\bavskero.ini
C:\WINDOWS\SYSTEM32\bfvgthga.ini
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\SYSTEM32\btdropre.ini
C:\WINDOWS\SYSTEM32\bwgwwdwc.ini
C:\WINDOWS\SYSTEM32\ciiwpklk.ini
C:\WINDOWS\SYSTEM32\cqmdlupf.ini
C:\WINDOWS\system32\cru629.dat
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\SYSTEM32\ctlffqnq.ini
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\dtskpjwh.dll
C:\WINDOWS\system32\dvinaprb.dll
C:\WINDOWS\SYSTEM32\ehovbdsc.ini
C:\WINDOWS\SYSTEM32\emgesxhv.ini
C:\WINDOWS\SYSTEM32\esqdordw.ini
C:\WINDOWS\SYSTEM32\eurtbtfq.ini
C:\WINDOWS\SYSTEM32\feygdryi.ini
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fnts~2
C:\WINDOWS\SYSTEM32\fssflbwr.ini
C:\WINDOWS\SYSTEM32\ftcoxnce.ini
C:\WINDOWS\SYSTEM32\gtoaocao.ini
C:\WINDOWS\SYSTEM32\hobqrepl.ini
C:\WINDOWS\SYSTEM32\iknoyuqe.ini
C:\WINDOWS\SYSTEM32\itkwftpi.ini
C:\WINDOWS\SYSTEM32\iwrgnixt.ini
C:\WINDOWS\SYSTEM32\jakkigfm.ini
C:\WINDOWS\SYSTEM32\jghojedt.ini
C:\WINDOWS\SYSTEM32\jhhsdkdl.ini
C:\WINDOWS\system32\jpriixnm.dll
C:\WINDOWS\system32\klkpwiic.dll
C:\WINDOWS\SYSTEM32\knnmp.ini
C:\WINDOWS\SYSTEM32\knnmp.ini2
C:\WINDOWS\SYSTEM32\kviadsve.ini
C:\WINDOWS\SYSTEM32\lfqffhhj.ini
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mnxiirpj.ini
C:\WINDOWS\SYSTEM32\mqyodpln.ini
C:\WINDOWS\SYSTEM32\nyjxhonj.ini
C:\WINDOWS\system32\nyvljvei.dll
C:\WINDOWS\SYSTEM32\olfhktdc.ini
C:\WINDOWS\SYSTEM32\osqkusep.ini
C:\WINDOWS\SYSTEM32\oynurmmb.ini
C:\WINDOWS\SYSTEM32\pfcwaksj.ini
C:\WINDOWS\SYSTEM32\pggwtoyo.ini
C:\WINDOWS\SYSTEM32\plggkcws.ini
C:\WINDOWS\system32\pmnnk.dll
C:\WINDOWS\system32\pmnnk.exe
C:\WINDOWS\SYSTEM32\pmteasqx.ini
C:\WINDOWS\SYSTEM32\pxvtdgwm.ini
C:\WINDOWS\SYSTEM32\qfodtuju.ini
C:\WINDOWS\SYSTEM32\qjvnftib.ini
C:\WINDOWS\system32\RCX16.tmp
C:\WINDOWS\system32\RCX38.tmp
C:\WINDOWS\system32\RCXB1.tmp
C:\WINDOWS\system32\RCXBA.tmp
C:\WINDOWS\system32\RCXC1.tmp
C:\WINDOWS\system32\RCXC4.tmp
C:\WINDOWS\system32\RCXD9.tmp
C:\WINDOWS\system32\RCXDA.tmp
C:\WINDOWS\SYSTEM32\sfsyjoym.ini
C:\WINDOWS\system32\sks~1
C:\WINDOWS\SYSTEM32\slchlgyw.ini
C:\WINDOWS\SYSTEM32\ssfmqvby.ini
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\SYSTEM32\tkhiqrum.ini
C:\WINDOWS\SYSTEM32\tmaomosd.ini
C:\WINDOWS\system32\tngnfthc.dll
C:\WINDOWS\SYSTEM32\toxneevs.ini
C:\WINDOWS\SYSTEM32\ulvsaqjd.ini
C:\WINDOWS\SYSTEM32\unidodcj.ini
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\SYSTEM32\vumluyoj.ini
C:\WINDOWS\SYSTEM32\waloneoy.ini
C:\WINDOWS\system32\winivstr.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\SYSTEM32\wvvagdwa.ini
C:\WINDOWS\SYSTEM32\wxmieocd.ini
C:\WINDOWS\system32\xaeamboe.dll
C:\WINDOWS\system32\xddqwcma.dll
C:\WINDOWS\system32\xpbscted.dll
C:\WINDOWS\system32\ydqgeaef.dll
C:\WINDOWS\system32\yijtndoo.dll
C:\WINDOWS\SYSTEM32\yixfvlem.ini
C:\WINDOWS\system32\yjjaexbd.dll
C:\WINDOWS\system32\yrinfqoo.dll
C:\WINDOWS\SYSTEM32\yuemumtq.ini
C:\WINDOWS\ymbols~1

.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-03 15:19 . 2008-03-03 15:19 76 --a------ C:\WINDOWS\SYSTEM32\ikhcore.cfg
2008-03-02 22:45 . 2008-03-02 23:32 <DIR> d-------- C:\VundoFix Backups
2008-03-02 22:24 . 2008-03-02 22:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-02 22:24 . 2008-03-02 22:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-01 18:45 . 2008-03-02 18:46 354 ---hs---- C:\WINDOWS\SYSTEM32\himlpgrm.ini
2008-02-26 21:16 . 2008-02-26 21:16 <DIR> d-------- C:\Program Files\FrostWire
2008-02-26 21:16 . 2008-02-26 21:16 <DIR> d-------- C:\Program Files\AskSBar
2008-02-26 19:03 . 2008-02-26 19:03 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-02-26 19:02 . 2008-03-01 21:04 <DIR> d-------- C:\Documents and Settings\Edward\.housecall6.6
2008-02-26 16:46 . 2008-02-26 16:46 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-26 16:45 . 2008-02-26 18:51 13,312 --a------ C:\WINDOWS\SYSTEM32\bbbbb
2008-02-26 16:13 . 2008-02-26 16:13 <DIR> d-------- C:\Program Files\LIUtilities
2008-02-25 21:45 . 2008-03-03 19:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-25 21:44 . 2008-03-02 23:40 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-25 21:44 . 2008-02-25 21:44 <DIR> d-------- C:\Documents and Settings\Edward\Application Data\PC Tools
2008-02-25 21:44 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-02-25 21:44 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-02-25 21:44 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-02-25 21:44 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-02-25 21:19 . 2008-02-26 15:57 1,781,052 ---hs---- C:\WINDOWS\SYSTEM32\btemniuh.ini
2008-02-25 18:00 . 2008-02-25 18:00 <DIR> d-------- C:\Program Files\inKline Global
2008-02-24 21:17 . 2008-02-25 18:43 2,087,842 ---hs---- C:\WINDOWS\SYSTEM32\xuomfavx.ini
2008-02-24 02:50 . 2008-02-24 02:50 19,628 --a------ C:\WINDOWS\uqisar.inf
2008-02-24 02:50 . 2008-02-24 02:50 19,245 --a------ C:\WINDOWS\ymijukol._sy
2008-02-24 02:50 . 2008-02-24 02:50 17,858 --a------ C:\WINDOWS\imihojumiv.lib
2008-02-24 02:50 . 2008-02-24 02:50 16,678 --a------ C:\WINDOWS\eqodowomuq.dll
2008-02-24 02:50 . 2008-02-24 02:50 15,939 --a------ C:\WINDOWS\olag.dat
2008-02-24 02:50 . 2008-02-24 02:50 15,237 --a------ C:\Documents and Settings\All Users\Application Data\budof.reg
2008-02-24 02:50 . 2008-02-24 02:50 14,555 --a------ C:\Program Files\Common Files\koxuqypige.vbs
2008-02-24 02:50 . 2008-02-24 02:50 11,741 --a------ C:\WINDOWS\aseladaxa.vbs
2008-02-24 02:50 . 2008-02-24 02:50 11,213 --a------ C:\Program Files\Common Files\umufox.vbs
2008-02-23 23:57 . 2008-02-23 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-02-23 23:34 . 2008-03-03 19:44 <DIR> d-------- C:\Program Files\Pop up Blocker Pro RMA Edition
2008-02-23 23:14 . 2008-03-03 19:44 <DIR> d-------- C:\Program Files\AdwareAlert
2008-02-23 22:14 . 2008-02-23 22:14 18,467 --a------ C:\Documents and Settings\Edward\Application Data\mejoh.scr
2008-02-23 22:14 . 2008-02-23 22:14 16,091 --a------ C:\Documents and Settings\Edward\Application Data\fotymy.vbs
2008-02-23 22:14 . 2008-02-23 22:14 15,764 --a------ C:\Documents and Settings\Edward\Application Data\iralyd.pif
2008-02-23 22:14 . 2008-02-23 22:14 14,718 --a------ C:\WINDOWS\ucinoqaxaw.dat
2008-02-23 22:14 . 2008-02-23 22:14 13,030 --a------ C:\WINDOWS\SYSTEM32\yvolylu.pif
2008-02-23 22:14 . 2008-02-23 22:14 12,269 --a------ C:\Documents and Settings\All Users\Application Data\osupamuh.reg
2008-02-23 22:14 . 2008-02-23 22:14 11,681 --a------ C:\Documents and Settings\All Users\Application Data\ehykobupi.vbs
2008-02-23 21:23 . 2008-02-23 21:23 48 ---hs---- C:\WINDOWS\S7E46A0CD.tmp
2008-02-23 21:17 . 2008-02-23 23:42 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-02-23 20:24 . 2008-02-23 20:24 654 ---hs---- C:\WINDOWS\SYSTEM32\hogrbtns.ini
2008-02-22 20:21 . 2008-02-23 20:21 594 ---hs---- C:\WINDOWS\SYSTEM32\hxkkyaty.ini
2008-02-21 20:18 . 2008-02-22 20:18 534 ---hs---- C:\WINDOWS\SYSTEM32\vrofkcfy.ini
2008-02-21 19:21 . 2008-02-21 19:21 474 ---hs---- C:\WINDOWS\SYSTEM32\eykirrwv.ini
2008-02-21 00:37 . 2008-02-21 00:37 19,505 --a------ C:\WINDOWS\onazofyn.exe
2008-02-21 00:37 . 2008-02-21 00:37 19,421 --a------ C:\WINDOWS\ruwoja.reg
2008-02-21 00:37 . 2008-02-21 00:37 18,980 --a------ C:\WINDOWS\SYSTEM32\xodeh._sy
2008-02-21 00:37 . 2008-02-21 00:37 18,475 --a------ C:\WINDOWS\SYSTEM32\inisurak.lib
2008-02-21 00:37 . 2008-02-21 00:37 17,098 --a------ C:\WINDOWS\ykove.db
2008-02-21 00:37 . 2008-02-21 00:37 16,962 --a------ C:\WINDOWS\SYSTEM32\okuso.lib
2008-02-21 00:37 . 2008-02-21 00:37 15,413 --a------ C:\Program Files\Common Files\tuhasij.vbs
2008-02-21 00:37 . 2008-02-21 00:37 15,031 --a------ C:\Documents and Settings\Edward\Application Data\varinofu.bin
2008-02-21 00:37 . 2008-02-21 00:37 13,713 --a------ C:\WINDOWS\bixanuqok.dll
2008-02-21 00:37 . 2008-02-21 00:37 11,044 --a------ C:\Program Files\Common Files\ofipedofu.dat
2008-02-21 00:37 . 2008-02-21 00:37 10,447 --a------ C:\WINDOWS\SYSTEM32\ybahezaloz.dll
2008-02-20 19:18 . 2008-02-21 19:18 414 ---hs---- C:\WINDOWS\SYSTEM32\rannfdce.ini
2008-02-19 21:27 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr
2008-02-19 21:27 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2008-02-19 21:27 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2008-02-19 21:27 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2008-02-19 21:27 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2008-02-19 21:27 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2008-02-19 21:26 . 2008-02-19 21:26 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-19 21:26 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2008-02-19 21:26 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\SYSTEM32\actskin4.ocx
2008-02-19 20:55 . 2008-03-01 21:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-19 19:13 . 2008-02-20 19:14 354 ---hs---- C:\WINDOWS\SYSTEM32\tdybhojn.ini
2008-02-19 16:27 . 2008-02-19 21:39 <DIR> d-------- C:\Program Files\Spybot Search & Destroy
2008-02-17 23:31 . 2008-02-11 09:52 19,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\adwarealert.sys
2008-02-17 18:54 . 2008-03-02 20:24 <DIR> d-------- C:\Documents and Settings\Edward\Application Data\AdwareAlert
2008-02-17 17:57 . 2008-02-17 17:57 19,909 --a------ C:\Documents and Settings\Edward\Application Data\iwejevityd.dll
2008-02-17 17:57 . 2008-02-17 17:57 19,667 --a------ C:\WINDOWS\SYSTEM32\aqaluk.bin
2008-02-17 17:57 . 2008-02-17 17:57 18,156 --a------ C:\WINDOWS\SYSTEM32\detyva.exe
2008-02-17 17:57 . 2008-02-17 17:57 17,658 --a------ C:\WINDOWS\gijogojug.com
2008-02-17 17:57 . 2008-02-17 17:57 17,499 --a------ C:\Documents and Settings\Edward\Application Data\amyzane.dll
2008-02-17 17:57 . 2008-02-17 17:57 17,418 --a------ C:\Documents and Settings\Edward\Application Data\abig.dll
2008-02-17 17:57 . 2008-02-17 17:57 15,834 --a------ C:\Program Files\Common Files\acyhak.vbs
2008-02-17 17:57 . 2008-02-17 17:57 14,440 --a------ C:\WINDOWS\SYSTEM32\zuriludy.dl
2008-02-17 17:57 . 2008-02-17 17:57 14,413 --a------ C:\Program Files\Common Files\ugab.bat
2008-02-17 17:57 . 2008-02-17 17:57 13,662 --a------ C:\WINDOWS\syhafoko.scr
2008-02-17 17:57 . 2008-02-17 17:57 12,634 --a------ C:\WINDOWS\etewozyjef._dl
2008-02-17 17:57 . 2008-02-17 17:57 12,416 --a------ C:\Documents and Settings\Edward\Application Data\iwyqitutu.dat
2008-02-17 17:57 . 2008-02-17 17:57 10,418 --a------ C:\WINDOWS\giqicenib._sy
2008-02-17 17:50 . 2008-02-18 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-16 11:00 . 2008-02-16 11:00 19,136 --a------ C:\WINDOWS\okycapipid._sy
2008-02-16 11:00 . 2008-02-16 11:00 18,609 --a------ C:\WINDOWS\yketegiqyb.lib
2008-02-16 11:00 . 2008-02-16 11:00 18,215 --a------ C:\WINDOWS\SYSTEM32\qycoqico.scr
2008-02-16 11:00 . 2008-02-16 11:00 16,400 --a------ C:\WINDOWS\axebi.sys
2008-02-16 11:00 . 2008-02-16 11:00 15,032 --a------ C:\Program Files\Common Files\mujecys.dat
2008-02-16 11:00 . 2008-02-16 11:00 14,243 --a------ C:\Documents and Settings\Edward\Application Data\jepoxeme.reg
2008-02-16 11:00 . 2008-02-16 11:00 13,779 --a------ C:\WINDOWS\aqoticydum.sys
2008-02-16 11:00 . 2008-02-16 11:00 13,016 --a------ C:\WINDOWS\SYSTEM32\ijozehu.inf
2008-02-16 11:00 . 2008-02-16 11:00 12,615 --a------ C:\WINDOWS\zary.ban
2008-02-16 11:00 . 2008-02-16 11:00 11,994 --a------ C:\WINDOWS\SYSTEM32\agycuh.reg
2008-02-16 11:00 . 2008-02-16 11:00 11,466 --a------ C:\WINDOWS\SYSTEM32\upuvijeryc.pif
2008-02-16 01:30 . 2008-02-18 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-15 15:23 . 2008-02-15 15:23 27,648 --a------ C:\WINDOWS\expacc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 04:30 --------- d-----w C:\Documents and Settings\Edward\Application Data\uTorrent
2008-02-26 03:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-25 23:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 05:37 17,353 ----a-w C:\Program Files\Common Files\ytocu._dl
2008-02-20 02:40 --------- d-----w C:\Program Files\Windows Defender
2008-02-19 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-17 22:57 12,657 ----a-w C:\Program Files\Common Files\kixigyso.inf
2008-02-17 22:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-16 16:00 14,987 ----a-w C:\Program Files\Common Files\kaqixybig.inf
2008-02-16 16:00 14,755 ----a-w C:\Program Files\Common Files\fudypevic.db
2008-02-16 07:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 03:32 --------- d-----w C:\Program Files\QuickTime
2008-02-10 03:32 --------- d-----w C:\Program Files\iTunes
2008-02-10 03:32 --------- d-----w C:\Program Files\ESPNRunTime
2008-02-09 02:43 --------- d-----w C:\Program Files\AIM95
2008-02-05 21:12 --------- d--h--w C:\Documents and Settings\Edward\Application Data\Move Networks
2008-02-05 21:11 --------- d-----w C:\Program Files\Common Files\Real
2008-02-05 21:06 --------- d-----w C:\Program Files\Palm
2008-02-05 20:57 --------- d-----w C:\Program Files\My Stuff
2008-01-30 22:27 --------- d-----w C:\Program Files\Plaxo
2008-01-29 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-29 01:55 --------- d-----w C:\Program Files\Microsoft Works
2008-01-29 01:53 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-29 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-01-25 20:07 77 ----a-w C:\Documents and Settings\Edward\4311.bat
2008-01-25 20:07 --------- d-----w C:\Documents and Settings\Edward\Application Data\FrostWire
2008-01-25 20:01 32,768 ----a-w C:\Documents and Settings\Edward\services.exe
2008-01-25 19:57 371,200 ----a-w C:\WINDOWS\mrofinu1000106.exe.tmp
2008-01-24 18:56 14,336 ----a-w C:\dnEv.exe
2008-01-23 04:21 90,616 ----a-w C:\Documents and Settings\Edward\Application Data\GDIPFONTCACHEV1.DAT
2008-01-21 23:09 --------- d-----w C:\Program Files\Yahoo!
2008-01-21 23:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-21 23:05 --------- d-----w C:\Program Files\Living Books
2008-01-19 20:53 --------- d-----w C:\Documents and Settings\Edward\Application Data\MD5 Checksum Verifier
2008-01-16 22:39 --------- d-----w C:\Program Files\Audio Editor Gold
2008-01-14 22:16 --------- d-----w C:\Program Files\Microsoft Home Publishing 2000
2008-01-14 12:14 374,272 ----a-w C:\WINDOWS\mrofinu72.exe.tmp
2008-01-11 23:25 --------- d-----w C:\Program Files\RcvSystem
2008-01-07 20:17 10 ----a-w C:\Program Files\.autoreg
2008-01-04 20:49 --------- d-----w C:\Documents and Settings\Edward\Application Data\FreeCall
2007-02-24 01:34 691,057 ------w C:\Documents and Settings\Alex\UndilutedPlatinumSetup_1[1].0.exe
2006-12-18 05:41 5,632 --sh--w C:\Program Files\Thumbs.db
2006-03-16 23:02 560 ----a-w C:\Documents and Settings\Edward\Application Data\ViewerApp.dat
2006-02-12 22:59 11,486,720 ----a-w C:\Program Files\TiVo Desktop 2.2.exe
2005-08-30 23:13 313,283 ----a-w C:\Program Files\cwshredder.zip
2005-05-20 23:37 3,238 ---ha-w C:\Documents and Settings\Edward\Application Data\ptads.bin
2004-11-03 23:34 28,124 ----a-w C:\Program Files\PI's Adam.pdf
2004-07-06 00:54 0 ----a-w C:\Documents and Settings\Alex\ub.dat
2004-07-06 00:54 0 ----a-w C:\Documents and Settings\Alex\ad.dat
2004-06-01 13:27 137,216 ----a-w C:\Program Files\CWShredder.exe
2004-04-04 19:15 0 ----a-w C:\Documents and Settings\Maria\ub.dat
2004-04-04 19:15 0 ----a-w C:\Documents and Settings\Maria\ad.dat
2003-10-14 04:42 32,320 ----a-w C:\Documents and Settings\Edward\removeme.exe
2007-04-07 15:32 88 --sh--r C:\WINDOWS\SYSTEM32\EB5F4F0E7F.sys
2007-04-07 15:33 2,516 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.
<pre>
----a-w			57,344 2008-02-20 02:30:34  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w		 6,386,928 2008-03-03 20:19:47  C:\Program Files\AdwareAlert\AdwareAlert .exe
----a-w			67,160 2008-02-05 21:18:16  C:\Program Files\AIM95\aim .exe
----a-w			79,224 2008-02-20 02:31:14  C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w		 2,321,600 2008-01-29 01:31:08  C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater .exe
----a-w			50,792 2008-02-10 03:31:38  C:\Program Files\Common Files\AOL\1130193630\ee\AOLSoftware .exe
----a-w		   124,520 2008-02-10 03:32:13  C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w			50,792 2008-01-11 23:14:44  C:\Program Files\Common Files\AOL\Launch\AOLLaunch .exe
----a-w		   847,872 2008-03-03 20:19:33  C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
----a-w		   101,888 2008-02-10 03:31:41  C:\Program Files\ESPNRunTime\DIGServices .exe
----a-w			49,152 2008-02-10 03:31:37  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   241,664 2008-02-10 03:31:25  C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
----a-w		14,450,688 2008-03-03 20:19:47  C:\Program Files\inKline Global\PC Booster\pcbooster .exe
----a-w		   267,048 2008-02-10 03:32:24  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   132,496 2008-02-20 02:30:30  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w			67,128 2008-01-07 15:23:19  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
----a-w		   631,362 2008-02-13 16:15:33  C:\Program Files\Logitech\iTouch\iTouch .exe
----a-w		 1,694,208 2008-01-10 15:52:48  C:\Program Files\Messenger\msmsgs .exe
----a-w		   226,890 2008-01-11 23:14:49  C:\Program Files\Plaxo\2.13.1.2\PlaxoHelper .exe
----a-w		 1,311,232 2008-03-03 20:19:38  C:\Program Files\Pop up Blocker Pro RMA Edition\pdie .exe
----a-w		   647,168 2008-02-10 03:32:18  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   647,168 2008-02-10 02:58:28  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   647,168 2008-02-10 00:05:05  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   647,168 2008-02-09 23:50:19  C:\Program Files\QuickTime\qttask		.exe
----a-w		   647,168 2008-01-28 22:58:20  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   647,168 2008-01-25 19:57:15  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   647,168 2008-01-25 19:48:50  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   647,168 2008-01-25 17:43:17  C:\Program Files\QuickTime\qttask	.exe
----a-w		   647,168 2008-01-24 18:42:55  C:\Program Files\QuickTime\qttask   .exe
----a-w		   647,168 2008-01-22 04:35:52  C:\Program Files\QuickTime\qttask  .exe
----a-w		   647,168 2008-01-21 23:09:35  C:\Program Files\QuickTime\qttask .exe
----a-w			26,112 2008-01-29 01:28:17  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w		   684,032 2008-02-20 02:30:26  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
----a-w		   380,928 2008-02-10 03:31:30  C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
----a-w			98,304 2008-02-10 03:31:13  C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\IPMon32 .exe
----a-w		   160,568 2008-01-22 04:37:37  C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon .exe
----a-w		 2,097,488 2008-02-20 02:31:36  C:\Program Files\Spybot Search & Destroy\TeaTimer .exe
----a-w		 1,103,752 2008-03-03 20:19:33  C:\Program Files\Spyware Doctor\pctsTray .exe
----a-w		 5,367,664 2008-02-20 02:31:03  C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w		   777,424 2008-02-20 02:30:32  C:\Program Files\Windows Defender\MSASCui .exe
----a-w		 3,092,480 2008-01-11 23:24:42  C:\Program Files\Yahoo!\Messenger\ypager .exe
----a-w		   352,256 2008-02-20 02:30:27  C:\Program Files\Yahoo!\Parental Controls\YPC .EXE
----a-w		 5,541,888 2008-02-27 00:43:03  C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine .exe
----a-w		   397,312 2008-02-10 03:31:36  C:\Program Files\Yahoo!\YOP\yop .exe
----a-w			15,360 2008-03-01 23:06:00  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w			28,672 2008-02-10 03:31:10  C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w		 1,519,616 2008-02-20 02:30:41  C:\WINDOWS\SYSTEM32\nwiz .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{8E718888-423F-11D2-876E-00A0C9082467}
{0BF43445-2F28-4351-9252-17FE6E806AA0}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Pop up Blocker Pro Rich-Media Ads Edition"="C:\Program Files\Pop up Blocker Pro RMA Edition\pdie.exe" [ ]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 33280 C:\WINDOWS\SYSTEM32\rundll32.exe]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 04:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [ ]
"PC Booster"="C:\Program Files\inKline Global\PC Booster\pcbooster.exe" [ ]
"braviax"="braviax.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2002-11-24 03:40:29 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcbcy]
gebcbcy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfecca]
khfecca.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkigg]
qomkigg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1130193630\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1130193630\\ee\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine .exe"=
"C:\\Program Files\\AIM95\\aim .exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\UltraVNC\\repeater.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\UltraVNC\\winvnc.exe"=
"C:\\Program Files\\UltraVNC\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50292d6e-7815-11db-8d54-0007e9bbeae2}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50292d6f-7815-11db-8d54-0007e9bbeae2}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8bc06e0-c3bd-11db-8d74-0007e9bbeae2}]
\Shell\AutoRun\command - F:\LaunchU3.exe

*Newly Created Service* - ASWRDR
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\f5d94ac0-0718-4ed1-83fd-e34a38ac835b]
C:\WINDOWS\System32\obarnxq.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 20:19:54 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert .ex
- C:\Program Files\AdwareAlert.EdwardWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
"2008-02-29 21:16:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-02 06:49:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-04 00:45:15 C:\WINDOWS\Tasks\PCHealth Scheduler for Upload Library.job"
- C:\WINDOWS\PCHealth\UploadLB\Binaries\UploadM.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 19:52:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
.
**************************************************************************
.
Completion time: 2008-03-03 19:59:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-04 00:59:07
.
2008-02-13 08:13:07 --- E O F ---


Fresh HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:32 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\Scanner\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pop up Blocker Pro Rich-Media Ads Edition] "C:\Program Files\Pop up Blocker Pro RMA Edition\pdie.exe" Minimize
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-21-3262582141-619540180-3980966549-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3262582141-619540180-3980966549-1005\..\Run: [Pop up Blocker Pro Rich-Media Ads Edition] "C:\Program Files\Pop up Blocker Pro RMA Edition\pdie.exe" Minimize (User '?')
O4 - HKUS\S-1-5-21-3262582141-619540180-3980966549-1005\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pop up Blocker Pro Rich-Media Ads Edition - {0FDE313D-9F9A-4264-AAEF-E1B7037EF9A6} - C:\Program Files\Pop up Blocker Pro RMA Edition\pdie.exe (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim .exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1143329679230
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143329664558
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam.atomic...activex/AMC.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37240.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {94418D7F-29BF-460F-8614-DEFB34871FA4} - https://secure3.true.../TrueConfig.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...orts/wtinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinn...ool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF468D2E-0575-4271-BEC8-A3787CFE7E85}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: gebcbcy - gebcbcy.dll (file missing)
O20 - Winlogon Notify: khfecca - khfecca.dll (file missing)
O20 - Winlogon Notify: qomkigg - qomkigg.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\winvnc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 11342 bytes
  • 0

#5
RatHat
Posted 03 March 2008 - 07:39 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
It looks like some of the Combofix log is missing, could you post it again, and ensure you have all of it included.

If you have a problem posting it, try attaching the file:

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#6
RatHat
Posted 03 March 2008 - 07:41 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Ignore my last. Just seen you have got all of it now.

Give me some time to go through it, then I will advise the next step. Untill then, please keep your internet use to a minimum.

Regards,
RatHat
  • 0

#7
SeniorChief
Posted 03 March 2008 - 07:45 PM

SeniorChief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thank you Sir, I'll stay off and check back later on a different internet connection
  • 0

#8
RatHat
Posted 03 March 2008 - 09:15 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Well that took some going through! :)

Now this needs to be done carefully:


First, we need to get rid of one of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad. 

@echo off
sc stop GameConsoleService
sc delete GameConsoleService
exit

Save it to your desktop as File name: Service.cmd
Save as type: All Files

Once done, double click Service.cmd to run it. A command window will open briefly, then close. This is quite normal.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKUS\S-1-5-21-3262582141-619540180-3980966549-1005\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot (User '?')
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...orts/wtinst.cab
O20 - Winlogon Notify: gebcbcy - gebcbcy.dll (file missing)
O20 - Winlogon Notify: khfecca - khfecca.dll (file missing)
O20 - Winlogon Notify: qomkigg - qomkigg.dll (file missing)
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\counter.cab
C:\WINDOWS\SYSTEM32\ikhcore.cfg
C:\WINDOWS\SYSTEM32\himlpgrm.ini
C:\WINDOWS\SYSTEM32\btemniuh.ini
C:\WINDOWS\SYSTEM32\xuomfavx.ini
C:\WINDOWS\uqisar.inf
C:\WINDOWS\ymijukol._sy
C:\WINDOWS\imihojumiv.lib
C:\WINDOWS\eqodowomuq.dl
C:\WINDOWS\olag.dat
C:\Documents and Settings\All Users\Application Data\budof.reg
C:\Program Files\Common Files\koxuqypige.vbs
C:\WINDOWS\aseladaxa.vbs
C:\Program Files\Common Files\umufox.vbs
C:\Documents and Settings\Edward\Application Data\mejoh.scr
C:\Documents and Settings\Edward\Application Data\fotymy.vbs
C:\Documents and Settings\Edward\Application Data\iralyd.pif
C:\WINDOWS\ucinoqaxaw.dat
C:\WINDOWS\SYSTEM32\yvolylu.pif
C:\Documents and Settings\All Users\Application Data\osupamuh.reg
C:\Documents and Settings\All Users\Application Data\ehykobupi.vbs
C:\WINDOWS\S7E46A0CD.tmp
C:\WINDOWS\SYSTEM32\hogrbtns.ini
C:\WINDOWS\SYSTEM32\hxkkyaty.ini
C:\WINDOWS\SYSTEM32\vrofkcfy.ini
C:\WINDOWS\SYSTEM32\eykirrwv.ini
C:\WINDOWS\onazofyn.exe
C:\WINDOWS\ruwoja.reg
C:\WINDOWS\SYSTEM32\xodeh._sy
C:\WINDOWS\SYSTEM32\inisurak.lib
C:\WINDOWS\ykove.db
C:\WINDOWS\SYSTEM32\okuso.lib
C:\Program Files\Common Files\tuhasij.vbs
C:\Documents and Settings\Edward\Application Data\varinofu.bin
C:\WINDOWS\bixanuqok.dll
C:\Program Files\Common Files\ofipedofu.dat
C:\WINDOWS\SYSTEM32\ybahezaloz.dll
C:\WINDOWS\SYSTEM32\rannfdce.ini
C:\WINDOWS\SYSTEM32\tdybhojn.ini
C:\Documents and Settings\Edward\Application Data\iwejevityd.dll
C:\WINDOWS\SYSTEM32\aqaluk.bin
C:\WINDOWS\SYSTEM32\detyva.exe
C:\WINDOWS\gijogojug.com
C:\Documents and Settings\Edward\Application Data\amyzane.dll
C:\Documents and Settings\Edward\Application Data\abig.dll
C:\Program Files\Common Files\acyhak.vbs
C:\WINDOWS\SYSTEM32\zuriludy.dl
C:\Program Files\Common Files\ugab.bat
C:\WINDOWS\syhafoko.scr
C:\WINDOWS\etewozyjef._dl
C:\Documents and Settings\Edward\Application Data\iwyqitutu.dat
C:\WINDOWS\giqicenib._sy
C:\WINDOWS\okycapipid._sy
C:\WINDOWS\yketegiqyb.lib
C:\WINDOWS\SYSTEM32\qycoqico.scr
C:\WINDOWS\axebi.sys
C:\Program Files\Common Files\mujecys.dat
C:\Documents and Settings\Edward\Application Data\jepoxeme.reg
C:\WINDOWS\aqoticydum.sys
C:\WINDOWS\SYSTEM32\ijozehu.inf
C:\WINDOWS\zary.ban
C:\WINDOWS\SYSTEM32\agycuh.reg
C:\WINDOWS\SYSTEM32\upuvijeryc.pif
C:\WINDOWS\expacc.exe
C:\Program Files\Common Files\ytocu._dl
C:\Program Files\Common Files\kixigyso.inf
C:\Program Files\Common Files\kaqixybig.inf
C:\Program Files\Common Files\fudypevic.db
C:\Documents and Settings\Edward\4311.bat
C:\WINDOWS\mrofinu1000106.exe.tmp
C:\dnEv.exe
C:\WINDOWS\mrofinu72.exe.tmp
C:\Documents and Settings\Alex\UndilutedPlatinumSetup_1[1].0.exe
C:\Documents and Settings\Edward\Application Data\ptads.bin
C:\Documents and Settings\Alex\ub.dat
C:\Documents and Settings\Alex\ad.dat
C:\Documents and Settings\Maria\ub.dat
C:\Documents and Settings\Maria\ad.dat
C:\WINDOWS\SYSTEM32\EB5F4F0E7F.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdwareAlert"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"braviax"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcbcy]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfecca]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkigg]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-

RENV::
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
C:\Program Files\AdwareAlert\AdwareAlert .exe
C:\Program Files\AIM95\aim .exe
C:\Program Files\Alwil Software\Avast4\ashDisp .exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater .exe
C:\Program Files\Common Files\AOL\1130193630\ee\AOLSoftware .exe
C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
C:\Program Files\Common Files\AOL\Launch\AOLLaunch .exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
C:\Program Files\ESPNRunTime\DIGServices .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
C:\Program Files\inKline Global\PC Booster\pcbooster .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Logitech\iTouch\iTouch .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Plaxo\2.13.1.2\PlaxoHelper .exe
C:\Program Files\Pop up Blocker Pro RMA Edition\pdie .exe
C:\Program Files\QuickTime\qttask		   .exe
C:\Program Files\QuickTime\qttask		  .exe
C:\Program Files\QuickTime\qttask		 .exe
C:\Program Files\QuickTime\qttask		.exe
C:\Program Files\QuickTime\qttask	   .exe
C:\Program Files\QuickTime\qttask	  .exe
C:\Program Files\QuickTime\qttask	 .exe
C:\Program Files\QuickTime\qttask	.exe
C:\Program Files\QuickTime\qttask   .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\IPMon32 .exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon .exe
C:\Program Files\Spybot Search & Destroy\TeaTimer .exe
C:\Program Files\Spyware Doctor\pctsTray .exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\Yahoo!\Messenger\ypager .exe
C:\Program Files\Yahoo!\Parental Controls\YPC .EXE
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine .exe
C:\Program Files\Yahoo!\YOP\yop .exe
C:\WINDOWS\SYSTEM32\ctfmon .exe
C:\WINDOWS\SYSTEM32\DSentry .exe
C:\WINDOWS\SYSTEM32\nwiz .exe

DirLook::
C:\WINDOWS\SYSTEM32\bbbbb
C:\Program Files\.autoreg


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Regards,
RatHat
  • 0

#9
SeniorChief
Posted 03 March 2008 - 10:34 PM

SeniorChief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Seemed like all went well
heres both Logs:


Combo-Fix Log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


ComboFix 08-03-03.16 - Edward 2008-03-03 23:05:55.2 - NTFSx86

Running from: C:\Documents and Settings\Edward\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Edward\Desktop\CFScript.txt

FILE ::
C:\counter.cab
C:\dnEv.exe
C:\Documents and Settings\Alex\ad.dat
C:\Documents and Settings\Alex\ub.dat
C:\Documents and Settings\Alex\UndilutedPlatinumSetup_1[1].0.exe
C:\Documents and Settings\All Users\Application Data\budof.reg
C:\Documents and Settings\All Users\Application Data\ehykobupi.vbs
C:\Documents and Settings\All Users\Application Data\osupamuh.reg
C:\Documents and Settings\Edward\4311.bat
C:\Documents and Settings\Edward\Application Data\abig.dll
C:\Documents and Settings\Edward\Application Data\amyzane.dll
C:\Documents and Settings\Edward\Application Data\fotymy.vbs
C:\Documents and Settings\Edward\Application Data\iralyd.pif
C:\Documents and Settings\Edward\Application Data\iwejevityd.dll
C:\Documents and Settings\Edward\Application Data\iwyqitutu.dat
C:\Documents and Settings\Edward\Application Data\jepoxeme.reg
C:\Documents and Settings\Edward\Application Data\mejoh.scr
C:\Documents and Settings\Edward\Application Data\ptads.bin
C:\Documents and Settings\Edward\Application Data\varinofu.bin
C:\Documents and Settings\Maria\ad.dat
C:\Documents and Settings\Maria\ub.dat
C:\Program Files\Common Files\acyhak.vbs
C:\Program Files\Common Files\fudypevic.db
C:\Program Files\Common Files\kaqixybig.inf
C:\Program Files\Common Files\kixigyso.inf
C:\Program Files\Common Files\koxuqypige.vbs
C:\Program Files\Common Files\mujecys.dat
C:\Program Files\Common Files\ofipedofu.dat
C:\Program Files\Common Files\tuhasij.vbs
C:\Program Files\Common Files\ugab.bat
C:\Program Files\Common Files\umufox.vbs
C:\Program Files\Common Files\ytocu._dl
C:\WINDOWS\aqoticydum.sys
C:\WINDOWS\aseladaxa.vbs
C:\WINDOWS\axebi.sys
C:\WINDOWS\bixanuqok.dll
C:\WINDOWS\eqodowomuq.dl
C:\WINDOWS\etewozyjef._dl
C:\WINDOWS\expacc.exe
C:\WINDOWS\gijogojug.com
C:\WINDOWS\giqicenib._sy
C:\WINDOWS\imihojumiv.lib
C:\WINDOWS\mrofinu1000106.exe.tmp
C:\WINDOWS\mrofinu72.exe.tmp
C:\WINDOWS\okycapipid._sy
C:\WINDOWS\olag.dat
C:\WINDOWS\onazofyn.exe
C:\WINDOWS\ruwoja.reg
C:\WINDOWS\S7E46A0CD.tmp
C:\WINDOWS\syhafoko.scr
C:\WINDOWS\SYSTEM32\agycuh.reg
C:\WINDOWS\SYSTEM32\aqaluk.bin
C:\WINDOWS\SYSTEM32\btemniuh.ini
C:\WINDOWS\SYSTEM32\detyva.exe
C:\WINDOWS\SYSTEM32\EB5F4F0E7F.sys
C:\WINDOWS\SYSTEM32\eykirrwv.ini
C:\WINDOWS\SYSTEM32\himlpgrm.ini
C:\WINDOWS\SYSTEM32\hogrbtns.ini
C:\WINDOWS\SYSTEM32\hxkkyaty.ini
C:\WINDOWS\SYSTEM32\ijozehu.inf
C:\WINDOWS\SYSTEM32\ikhcore.cfg
C:\WINDOWS\SYSTEM32\inisurak.lib
C:\WINDOWS\SYSTEM32\okuso.lib
C:\WINDOWS\SYSTEM32\qycoqico.scr
C:\WINDOWS\SYSTEM32\rannfdce.ini
C:\WINDOWS\SYSTEM32\tdybhojn.ini
C:\WINDOWS\SYSTEM32\upuvijeryc.pif
C:\WINDOWS\SYSTEM32\vrofkcfy.ini
C:\WINDOWS\SYSTEM32\xodeh._sy
C:\WINDOWS\SYSTEM32\xuomfavx.ini
C:\WINDOWS\SYSTEM32\ybahezaloz.dll
C:\WINDOWS\SYSTEM32\yvolylu.pif
C:\WINDOWS\SYSTEM32\zuriludy.dl
C:\WINDOWS\ucinoqaxaw.dat
C:\WINDOWS\uqisar.inf
C:\WINDOWS\yketegiqyb.lib
C:\WINDOWS\ykove.db
C:\WINDOWS\ymijukol._sy
C:\WINDOWS\zary.ban
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\dnEv.exe
C:\Documents and Settings\Alex\ad.dat
C:\Documents and Settings\Alex\ub.dat
C:\Documents and Settings\Alex\UndilutedPlatinumSetup_1[1].0.exe
C:\Documents and Settings\All Users\Application Data\budof.reg
C:\Documents and Settings\All Users\Application Data\ehykobupi.vbs
C:\Documents and Settings\All Users\Application Data\osupamuh.reg
C:\Documents and Settings\Edward\4311.bat
C:\Documents and Settings\Edward\Application Data\abig.dll
C:\Documents and Settings\Edward\Application Data\amyzane.dll
C:\Documents and Settings\Edward\Application Data\fotymy.vbs
C:\Documents and Settings\Edward\Application Data\iralyd.pif
C:\Documents and Settings\Edward\Application Data\iwejevityd.dll
C:\Documents and Settings\Edward\Application Data\iwyqitutu.dat
C:\Documents and Settings\Edward\Application Data\jepoxeme.reg
C:\Documents and Settings\Edward\Application Data\mejoh.scr
C:\Documents and Settings\Edward\Application Data\ptads.bin
C:\Documents and Settings\Edward\Application Data\varinofu.bin
C:\Documents and Settings\Maria\ad.dat
C:\Documents and Settings\Maria\ub.dat
C:\Program Files\Common Files\acyhak.vbs
C:\Program Files\Common Files\fudypevic.db
C:\Program Files\Common Files\kaqixybig.inf
C:\Program Files\Common Files\kixigyso.inf
C:\Program Files\Common Files\koxuqypige.vbs
C:\Program Files\Common Files\mujecys.dat
C:\Program Files\Common Files\ofipedofu.dat
C:\Program Files\Common Files\tuhasij.vbs
C:\Program Files\Common Files\ugab.bat
C:\Program Files\Common Files\umufox.vbs
C:\Program Files\Common Files\ytocu._dl
C:\WINDOWS\aqoticydum.sys
C:\WINDOWS\aseladaxa.vbs
C:\WINDOWS\axebi.sys
C:\WINDOWS\bixanuqok.dll
C:\WINDOWS\etewozyjef._dl
C:\WINDOWS\expacc.exe
C:\WINDOWS\gijogojug.com
C:\WINDOWS\giqicenib._sy
C:\WINDOWS\imihojumiv.lib
C:\WINDOWS\mrofinu1000106.exe.tmp
C:\WINDOWS\mrofinu72.exe.tmp
C:\WINDOWS\okycapipid._sy
C:\WINDOWS\olag.dat
C:\WINDOWS\onazofyn.exe
C:\WINDOWS\ruwoja.reg
C:\WINDOWS\syhafoko.scr
C:\WINDOWS\SYSTEM32\agycuh.reg
C:\WINDOWS\SYSTEM32\aqaluk.bin
C:\WINDOWS\SYSTEM32\btemniuh.ini
C:\WINDOWS\SYSTEM32\detyva.exe
C:\WINDOWS\SYSTEM32\EB5F4F0E7F.sys
C:\WINDOWS\SYSTEM32\eykirrwv.ini
C:\WINDOWS\SYSTEM32\himlpgrm.ini
C:\WINDOWS\SYSTEM32\hogrbtns.ini
C:\WINDOWS\SYSTEM32\hxkkyaty.ini
C:\WINDOWS\SYSTEM32\ijozehu.inf
C:\WINDOWS\SYSTEM32\ikhcore.cfg
C:\WINDOWS\SYSTEM32\inisurak.lib
C:\WINDOWS\SYSTEM32\okuso.lib
C:\WINDOWS\SYSTEM32\qycoqico.scr
C:\WINDOWS\SYSTEM32\rannfdce.ini
C:\WINDOWS\SYSTEM32\tdybhojn.ini
C:\WINDOWS\SYSTEM32\upuvijeryc.pif
C:\WINDOWS\SYSTEM32\vrofkcfy.ini
C:\WINDOWS\SYSTEM32\xodeh._sy
C:\WINDOWS\SYSTEM32\xuomfavx.ini
C:\WINDOWS\SYSTEM32\ybahezaloz.dll
C:\WINDOWS\SYSTEM32\yvolylu.pif
C:\WINDOWS\SYSTEM32\zuriludy.dl
C:\WINDOWS\ucinoqaxaw.dat
C:\WINDOWS\uqisar.inf
C:\WINDOWS\yketegiqyb.lib
C:\WINDOWS\ykove.db
C:\WINDOWS\ymijukol._sy
C:\WINDOWS\zary.ban
C:\WINDOWS\S7E46A0CD.tmp . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-03 23:15 . 2008-03-03 23:15 0 --a------ C:\WINDOWS\S7E46A0CD.tmp
2008-03-03 23:02 . 2008-03-03 23:02 0 --a------ C:\Documents and Settings\Edward\.exe
2008-03-02 22:45 . 2008-03-02 23:32 <DIR> d-------- C:\VundoFix Backups
2008-03-02 22:24 . 2008-03-02 22:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-02 22:24 . 2008-03-02 22:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-26 21:16 . 2008-02-26 21:16 <DIR> d-------- C:\Program Files\FrostWire
2008-02-26 21:16 . 2008-02-26 21:16 <DIR> d-------- C:\Program Files\AskSBar
2008-02-26 19:03 . 2008-02-26 19:03 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-02-26 19:02 . 2008-03-01 21:04 <DIR> d-------- C:\Documents and Settings\Edward\.housecall6.6
2008-02-26 16:46 . 2008-02-26 16:46 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-26 16:45 . 2008-02-26 18:51 13,312 --a------ C:\WINDOWS\SYSTEM32\bbbbb
2008-02-26 16:13 . 2008-02-26 16:13 <DIR> d-------- C:\Program Files\LIUtilities
2008-02-25 21:45 . 2008-03-03 19:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-25 21:44 . 2008-03-03 23:05 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-25 21:44 . 2008-02-25 21:44 <DIR> d-------- C:\Documents and Settings\Edward\Application Data\PC Tools
2008-02-25 21:44 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-02-25 21:44 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-02-25 21:44 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-02-25 21:44 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-02-25 18:00 . 2008-02-25 18:00 <DIR> d-------- C:\Program Files\inKline Global
2008-02-24 02:50 . 2008-02-24 02:50 16,678 --a------ C:\WINDOWS\eqodowomuq.dll
2008-02-23 23:57 . 2008-02-23 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-02-23 23:34 . 2008-03-03 23:05 <DIR> d-------- C:\Program Files\Pop up Blocker Pro RMA Edition
2008-02-23 23:14 . 2008-03-03 23:05 <DIR> d-------- C:\Program Files\AdwareAlert
2008-02-23 21:17 . 2008-02-23 23:42 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-02-19 21:27 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr
2008-02-19 21:27 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2008-02-19 21:27 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2008-02-19 21:27 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2008-02-19 21:27 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2008-02-19 21:27 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2008-02-19 21:26 . 2008-02-19 21:26 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-19 21:26 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2008-02-19 21:26 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\SYSTEM32\actskin4.ocx
2008-02-19 20:55 . 2008-03-01 21:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-19 16:27 . 2008-03-03 23:05 <DIR> d-------- C:\Program Files\Spybot Search & Destroy
2008-02-17 23:31 . 2008-02-11 09:52 19,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\adwarealert.sys
2008-02-17 18:54 . 2008-03-02 20:24 <DIR> d-------- C:\Documents and Settings\Edward\Application Data\AdwareAlert
2008-02-17 17:50 . 2008-02-18 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-16 01:30 . 2008-02-18 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-15 00:11 . 2008-02-15 00:11 54,762 --a------ C:\WINDOWS\SYSTEM32\jkghje.dll
2008-02-14 23:59 . 2008-02-15 00:11 10,101 --a------ C:\qsdjpwpb.exe
2008-02-14 23:59 . 2008-02-15 00:12 3,072 --a------ C:\jupss.exe
2008-02-14 23:58 . 2008-02-15 00:11 58,368 --a------ C:\wpohl.exe
2008-02-14 23:58 . 2008-02-15 00:11 49,664 --a------ C:\arbfikac.exe
2008-02-14 23:18 . 2008-02-14 23:18 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-14 19:36 . 2008-02-14 19:36 <DIR> d-------- C:\Program Files\CookieBoy 2k8 Ltd
2008-02-14 17:29 . 2008-02-14 17:29 <DIR> d-------- C:\Program Files\uTorrent
2008-02-14 17:03 . 2008-03-03 19:19 99,394 --a------ C:\WINDOWS\BMf784c838.xml
2008-02-14 16:41 . 2008-02-14 16:41 10,344 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys
2008-02-14 16:21 . 2008-02-14 16:34 8,014 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-02-14 16:21 . 2008-02-14 16:34 806 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-02-13 17:09 . 2008-02-13 17:10 894 ---hs---- C:\WINDOWS\SYSTEM32\frgrraem.ini
2008-02-12 12:43 . 2008-02-13 17:00 834 ---hs---- C:\WINDOWS\SYSTEM32\ydcnlsfl.ini
2008-02-12 12:40 . 2008-02-12 12:40 594 ---hs---- C:\WINDOWS\SYSTEM32\ebwgxhsq.ini
2008-02-11 22:30 . 2008-02-11 23:30 <DIR> d-------- C:\Program Files\UltraVNC
2008-02-11 12:30 . 2008-02-12 12:31 534 ---hs---- C:\WINDOWS\SYSTEM32\yljmgbvp.ini
2008-02-11 12:29 . 2008-02-11 12:30 354 ---hs---- C:\WINDOWS\SYSTEM32\jhbykovs.ini
2008-02-10 12:38 . 2008-02-10 14:24 414 ---hs---- C:\WINDOWS\SYSTEM32\iuhejwry.ini
2008-02-10 12:35 . 2008-02-10 12:35 294 ---hs---- C:\WINDOWS\SYSTEM32\ldbjrkjv.ini
2008-02-09 22:02 . 2008-02-19 21:30 1,519,616 --a------ C:\WINDOWS\SYSTEM32\nwiz.exe
2008-02-09 19:02 . 2008-02-09 19:02 <DIR> d-------- C:\Program Files\Webroot
2008-02-09 19:02 . 2008-02-09 19:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-02-09 19:02 . 2008-02-09 19:02 <DIR> d-------- C:\Documents and Settings\Edward\Application Data\Webroot
2008-02-09 19:02 . 2008-02-09 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-09 19:02 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-02-09 19:02 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-02-09 19:02 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-02-09 19:02 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-02-09 19:02 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-02-09 18:24 . 2008-02-09 18:24 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-08 22:05 . 2007-12-06 21:21 6,066,176 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-02-08 22:05 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-02-08 22:05 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-02-08 22:05 . 2007-12-06 21:21 459,264 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-02-08 22:05 . 2007-12-06 21:21 383,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-02-08 22:05 . 2007-12-06 21:21 267,776 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-02-08 22:05 . 2007-12-06 21:21 63,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-02-08 22:05 . 2007-12-06 21:21 52,224 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-02-08 22:05 . 2007-12-06 06:00 13,824 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-08 22:04 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
2008-02-05 16:25 . 2008-02-05 16:26 <DIR> d-------- C:\NETGEAR MIMO G
2008-02-05 12:37 . 2008-02-05 12:37 90,688 --a------ C:\WINDOWS\SYSTEM32\yoenolaw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 04:05 --------- d-----w C:\Program Files\Windows Defender
2008-03-04 04:05 --------- d-----w C:\Program Files\QuickTime
2008-03-04 04:05 --------- d-----w C:\Program Files\iTunes
2008-03-04 04:05 --------- d-----w C:\Program Files\ESPNRunTime
2008-03-04 04:05 --------- d-----w C:\Program Files\AIM95
2008-03-04 04:02 0 ----a-w C:\Documents and Settings\Edward\.exe
2008-03-03 04:30 --------- d-----w C:\Documents and Settings\Edward\Application Data\uTorrent
2008-02-26 03:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-25 23:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-19 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-17 22:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-16 07:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-05 21:12 --------- d--h--w C:\Documents and Settings\Edward\Application Data\Move Networks
2008-02-05 21:11 --------- d-----w C:\Program Files\Common Files\Real
2008-02-05 21:06 --------- d-----w C:\Program Files\Palm
2008-02-05 20:57 --------- d-----w C:\Program Files\My Stuff
2008-01-30 22:27 --------- d-----w C:\Program Files\Plaxo
2008-01-29 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-29 01:55 --------- d-----w C:\Program Files\Microsoft Works
2008-01-29 01:53 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-29 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-01-25 20:07 --------- d-----w C:\Documents and Settings\Edward\Application Data\FrostWire
2008-01-25 20:01 32,768 ----a-w C:\Documents and Settings\Edward\services.exe
2008-01-23 04:21 90,616 ----a-w C:\Documents and Settings\Edward\Application Data\GDIPFONTCACHEV1.DAT
2008-01-21 23:09 --------- d-----w C:\Program Files\Yahoo!
2008-01-21 23:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-21 23:05 --------- d-----w C:\Program Files\Living Books
2008-01-20 22:46 278,538 ----a-w C:\WINDOWS\Fonts\Setup.exe
2008-01-19 20:53 --------- d-----w C:\Documents and Settings\Edward\Application Data\MD5 Checksum Verifier
2008-01-16 22:39 --------- d-----w C:\Program Files\Audio Editor Gold
2008-01-14 22:16 --------- d-----w C:\Program Files\Microsoft Home Publishing 2000
2008-01-11 23:25 --------- d-----w C:\Program Files\RcvSystem
2008-01-07 20:17 10 ----a-w C:\Program Files\.autoreg
2008-01-04 20:49 --------- d-----w C:\Documents and Settings\Edward\Application Data\FreeCall
2006-12-18 05:41 5,632 --sh--w C:\Program Files\Thumbs.db
2006-03-16 23:02 560 ----a-w C:\Documents and Settings\Edward\Application Data\ViewerApp.dat
2006-02-12 22:59 11,486,720 ----a-w C:\Program Files\TiVo Desktop 2.2.exe
2005-08-30 23:13 313,283 ----a-w C:\Program Files\cwshredder.zip
2004-11-03 23:34 28,124 ----a-w C:\Program Files\PI's Adam.pdf
2004-06-01 13:27 137,216 ----a-w C:\Program Files\CWShredder.exe
2003-10-14 04:42 32,320 ----a-w C:\Documents and Settings\Edward\removeme.exe
2007-04-07 15:33 2,516 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.
<pre>
----a-w		 5,367,664 2008-02-20 02:31:03  C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
</pre>


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\.autoreg ----

C:\Program Files\.autoreg\

---- Directory of C:\WINDOWS\SYSTEM32\bbbbb ----

C:\WINDOWS\SYSTEM32\bbbbb\


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{8E718888-423F-11D2-876E-00A0C9082467}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Pop up Blocker Pro Rich-Media Ads Edition"="C:\Program Files\Pop up Blocker Pro RMA Edition\pdie.exe" [2008-03-03 15:19 1311232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 33280 C:\WINDOWS\SYSTEM32\rundll32.exe]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 04:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-03-03 15:19 847872]
"PC Booster"="C:\Program Files\inKline Global\PC Booster\pcbooster.exe" [2008-03-03 15:19 14450688]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2002-11-24 03:40:29 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1130193630\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1130193630\\ee\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\UltraVNC\\repeater.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\UltraVNC\\winvnc.exe"=
"C:\\Program Files\\UltraVNC\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50292d6e-7815-11db-8d54-0007e9bbeae2}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50292d6f-7815-11db-8d54-0007e9bbeae2}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8bc06e0-c3bd-11db-8d74-0007e9bbeae2}]
\Shell\AutoRun\command - F:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\f5d94ac0-0718-4ed1-83fd-e34a38ac835b]
C:\WINDOWS\System32\obarnxq.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 20:19:54 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert .exe
- C:\Program Files\AdwareAlert
"2008-02-29 21:16:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-02 06:49:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-04 04:00:00 C:\WINDOWS\Tasks\PCHealth Scheduler for Upload Library.job"
- C:\WINDOWS\PCHealth\UploadLB\Binaries\UploadM.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 23:16:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
.
**************************************************************************
.
Completion time: 2008-03-03 23:24:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-04 04:24:31
ComboFix2.txt 2008-03-04 01:10:55
.
2008-02-13 08:13:07 --- E O F ---


Fresh HijackThis Log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:48 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Scanner\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pop up Blocker Pro Rich-Media Ads Edition] "C:\Program Files\Pop up Blocker Pro RMA Edition\pdie.exe" Minimize
O4 - HKUS\S-1-5-21-3262582141-619540180-3980966549-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3262582141-619540180-3980966549-1005\..\Run: [Pop up Blocker Pro Rich-Media Ads Edition] "C:\Program Files\Pop up Blocker Pro RMA Edition\pdie.exe" Minimize (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pop up Blocker Pro Rich-Media Ads Edition - {0FDE313D-9F9A-4264-AAEF-E1B7037EF9A6} - C:\Program Files\Pop up Blocker Pro RMA Edition\pdie.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim .exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1143329679230
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143329664558
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam.atomic...activex/AMC.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37240.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {94418D7F-29BF-460F-8614-DEFB34871FA4} - https://secure3.true.../TrueConfig.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinn...ool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF468D2E-0575-4271-BEC8-A3787CFE7E85}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\winvnc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 10400 bytes

Edited by SeniorChief, 03 March 2008 - 10:36 PM.

  • 0

#10
RatHat
Posted 04 March 2008 - 08:07 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Looking better!

Please uninstall the following programs:


FrostWire 4.13.4
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_04
UFPQLBMV
uTorrent

  • Go to Start then Settings, then Control Panel
  • Choose Add or Remove Programs
  • Remove all of the above if found
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim .exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\Edward\.exe
C:\WINDOWS\eqodowomuq.dll
C:\WINDOWS\SYSTEM32\jkghje.dll
C:\qsdjpwpb.exe
C:\jupss.exe
C:\wpohl.exe
C:\arbfikac.exe
C:\WINDOWS\BMf784c838.xml
C:\WINDOWS\SYSTEM32\frgrraem.ini
C:\WINDOWS\SYSTEM32\ydcnlsfl.ini
C:\WINDOWS\SYSTEM32\ebwgxhsq.ini
C:\WINDOWS\SYSTEM32\yljmgbvp.ini
C:\WINDOWS\SYSTEM32\jhbykovs.ini
C:\WINDOWS\SYSTEM32\iuhejwry.ini
C:\WINDOWS\SYSTEM32\ldbjrkjv.ini
C:\WINDOWS\SYSTEM32\yoenolaw.dll

Folder::
C:\Program Files\FrostWire
C:\WINDOWS\SYSTEM32\bbbbb
C:\Program Files\uTorrent
C:\Program Files\.autoreg
C:\Documents and Settings\Edward\Application Data\FrostWire
C:\Documents and Settings\Edward\Application Data\uTorrent

RENV::
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log, taken after completing the next two fixes.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop as Kaspersky.txt.
  • Copy and paste that information in your next post.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next post, please include:
  • Combofix.txt
  • The MBAM log
  • The Kaspersky log
  • A fresh HijackThis log. taken after completing all of the above

And let me know how your computer is running now.

Regards,
RatHat
  • 0

Advertisements

#11
SeniorChief
Posted 05 March 2008 - 07:17 PM

SeniorChief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
WOW, i see a huge improvement in the performance of my computer know. First off it starts up in about 2 minutes where as it us to take 20 minutes, and the internet is much faster too. But I still have the feeling that something is still here. (something very small though! :) )

Everything you told me to do had gone perfectly fine until I came to the Kasperky Webscanner directions. For some reason my internet explorer views pages in a weird way. So some of the things that I am suppose to select for the scan don't seem to be there because of the cluttered view.
(My default browser is Mozilla so I don't really use IE)

Heres a quick screen:
Posted Image

P.S: I'll have everything up immediately after my internet explorer viewing is fixed and the web scan is complete.
  • 0

#12
RatHat
Posted 05 March 2008 - 07:35 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Seeing as you prefer to use Firefox, try installing the IE Tab addon.

When installed, right click on the toolbar at the top of Firefox (next to the google search) and choose Customize...

Look for the IE Tab icon, and drag it onto the toolbar. Now when you visit the Kaspersky site, click the IE Tab icon to change the browser engine to IE. This will open the Kaspersky site within Firefox, and hopefully clear the size problem.

After that run the scan from within the Firefox IE Tab window. All should run properly.

Regards,
RatHat
  • 0

#13
SeniorChief
Posted 05 March 2008 - 08:05 PM

SeniorChief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
no it still didn't work, the view is the same. :)

BUT, for a long time know there has been a little massage that pops up before and after i close mozilla. It started poping-up about 2 weeks ago.

here it is:
Posted Image

Edited by SeniorChief, 05 March 2008 - 08:07 PM.

  • 0

#14
RatHat
Posted 05 March 2008 - 08:14 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Try uninstalling Firefox, then installing the latest version. After you have installed it, try installing the IE Tab addon and see if that works properly.

Also uninstall Ask Toolbar via Add/Remove programs. Do that first OK.
  • 0

#15
SeniorChief
Posted 05 March 2008 - 11:52 PM

SeniorChief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
There we go! Finally got the Internet Explorer to work and finished all the tasks!

Sorry but both Kaspersky and Malwarebytes' Anti-Malware were way to big to fit into a post and attachment, so I added a download link. (I hope thats not to much trouble.)

Thanks again and hope to here the results soon!

Good luck!

http://www.megaupload.com/?d=Q19Q4RNF (Kaspersky LOG)
http://www.megaupload.com/?d=KLO2ILQU ( Malwarebytes' Anti-Malware LOG)

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP