Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

kxvo.exe PLEASE HELP [RESOLVED]

Started by amm007 , Mar 05 2008 08:19 AM

  • This topic is locked This topic is locked

#136
amm007
Posted 17 April 2008 - 10:20 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Scanning Report
Thursday, April 17, 2008 21:21:38 - 00:14:07

Computer name: CLARONE
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
Result: 15 malware found
BAT/AutoRun.AE (virus)

* C:\AUTORUN.INF (Submitted)
* C:\_OTMOVEIT\MOVEDFILES\04102008_200823\AUTORUN.INF (Submitted)
* D:\AUTORUN.INF (Submitted)

Tracking Cookie (spyware)

* System

Trojan-PSW.Win32.OnLineGames (virus)

* System

Trojan-PSW.Win32.OnLineGames.aaix (virus)

* C:\DOCUMENTS AND SETTINGS\RUBERC\LOCAL SETTINGS\TEMP\T89TYM.DLL

Trojan-PSW.Win32.OnLineGames.aake (virus)

* C:\DOCUMENTS AND SETTINGS\RUBERC\LOCAL SETTINGS\TEMP\KKD7.DLL

Trojan-PSW.Win32.OnLineGames.xnb (virus)

* D:\GVSQIKES.CMD (Renamed & Submitted)

Trojan-PSW.Win32.OnLineGames.zkb (virus)

* C:\DOCUMENTS AND SETTINGS\RUBERC\LOCAL SETTINGS\TEMP\8LM5NS.DLL

Trojan-PSW.Win32.OnLineGames.zxb (virus)

* C:\DOCUMENTS AND SETTINGS\RUBERC\LOCAL SETTINGS\TEMP\E.DLL

Trojan-PSW.Win32.OnLineGames.zzo (virus)

* C:\_OTMOVEIT\MOVEDFILES\04062008_223859\WINDOWS\SYSTEM32\FOOL0.DLL (Renamed & Submitted)

Trojan-PSW:W32/OnlineGames.SPK (virus)

* D:\LPUFWI6.COM (Renamed & Submitted)

Worm.Win32.AutoRun.did (virus)

* D:\N2.BAT (Renamed & Submitted)

Worm.Win32.AutoRun.dii (virus)

* C:\DOCUMENTS AND SETTINGS\RUBERC\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ABCB0VO7\LL[1].EXE (Renamed & Submitted)
* D:\W2NGO.COM (Renamed & Submitted)

Statistics
Scanned:

* Files: 59492
* System: 3831
* Not scanned: 9

Actions:

* Disinfected: 0
* Renamed: 6
* Deleted: 0
* None: 9
* Submitted: 9

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\SQLITE_8B1LY4TR9AOIYSG
* C:\WINDOWS\TEMP\SQLITE_NSSX7CKFRSOYIJQ
* C:\WINDOWS\TEMP\SQLITE_ZS239AGHFTSPR9C
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-04-17
* F-Secure AVP: 7.0.171, 2008-04-17
* F-Secure Pegasus: 1.20.0, 2008-02-28
* F-Secure Blacklight: 1.0.64

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • 0

Advertisements

#137
amm007
Posted 17 April 2008 - 10:21 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 18, 2008 12:12:31 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/04/2008
Kaspersky Anti-Virus database records: 712233
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 60639
Number of viruses found: 2
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 02:13:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masdata.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masevents.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\cert8.db Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\history.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\key3.db Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\parent.lock Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Ruberc\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Ruberc\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxb8jhig.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Temp\8lm5ns.dll Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Temp\e.dll Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Temp\kkd7.dll Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Temp\t89tym.dll Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Temporary Internet Files\Content.IE5\ABCB0VO7\ll[1].exe Object is locked skipped
C:\Documents and Settings\Ruberc\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ruberc\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ruberc\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000001.com Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000016.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000017.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000018.com Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000062.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000063.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000065.com Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000107.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000108.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000109.com Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000118.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000119.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000124.com Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000130.exe Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000131.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000140.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000141.bat Infected: Worm.Win32.AutoRun.did skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000142.inf Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000156.bat Infected: Worm.Win32.AutoRun.did skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000157.inf Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000163.exe Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0001861.cmd Infected: Trojan-PSW.Win32.OnLineGames.xnb skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0003502.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0003505.cmd Infected: Trojan-PSW.Win32.OnLineGames.xnb skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003630.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003631.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003632.cmd Infected: Trojan-PSW.Win32.OnLineGames.xnb skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003638.exe Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003639.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003647.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003648.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003649.com Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003661.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003662.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003663.com Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003675.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003676.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003677.com Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003684.exe Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003685.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003694.com Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003744.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003745.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003746.com Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003764.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003765.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003766.com Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003810.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003811.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003812.cmd Infected: Trojan-PSW.Win32.OnLineGames.xnb skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003813.dll Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003814.exe Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003815.com Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP6\A0004037.bat Infected: Worm.Win32.AutoRun.did skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP6\A0004038.com Object is locked skipped
C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\daas.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\sqlite_8b1ly4tr9aoIysG Object is locked skipped
C:\WINDOWS\Temp\sqlite_NSSx7cKFrSOYiJQ Object is locked skipped
C:\WINDOWS\Temp\sqlite_zS239aghFtspr9c Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\04062008_223859\WINDOWS\system32\fool0.dll Object is locked skipped
D:\gvsqikes.cmd Infected: Trojan-PSW.Win32.OnLineGames.xnb skipped
D:\lpufwi6.com Object is locked skipped
D:\n2.bat Infected: Worm.Win32.AutoRun.did skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000003.com Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000020.com Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000067.com Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000111.com Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000126.com Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000143.bat Infected: Worm.Win32.AutoRun.did skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000144.inf Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000158.bat Infected: Worm.Win32.AutoRun.did skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1\A0000159.inf Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0001863.cmd Infected: Trojan-PSW.Win32.OnLineGames.xnb skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2\A0003507.cmd Infected: Trojan-PSW.Win32.OnLineGames.xnb skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003634.cmd Infected: Trojan-PSW.Win32.OnLineGames.xnb skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003651.com Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003665.com Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3\A0003679.com Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003696.com Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003748.com Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4\A0003768.com Object is locked skipped
D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP6\change.log Object is locked skipped
D:\w2ngo.com Object is locked skipped
F:\w2ngo.com Object is locked skipped

Scan process completed.
  • 0

#138
amm007
Posted 17 April 2008 - 10:23 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
after fixing kxvo at HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:58 AM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunOnce: [ARC] "C:\Program Files\McAfee\McAfee QuickClean\Uni.exe" /ARC:Boxing Manager Professional Edition 1.8.3
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Chessmaster Challenge\Images\stg_drm.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Chessmaster Challenge\Images\armhelper.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 6507 bytes
  • 0

#139
kahdah
Posted 17 April 2008 - 10:30 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Surprise it's back.

  • Download SREng from here: http://www.kztechs.c...g/download.html
  • Extract all content to your Desktop
  • From the sreng2 folder on your Desktop, double-click SREng.exe to run itSelect: Smart Scan
  • Then, click the [Scan] button When finished, click on the [Save Reports] button Save the log to your
  • Desktop Please post the content of the SREnglLOG.log file in your next reply.

  • 0

#140
amm007
Posted 19 April 2008 - 04:03 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts 
2008-04-19,18:03:25



System Repair Engineer 2.5.16.900

Smallfrogs (http://www.KZTechs.com)



Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed



Follow item(s) have been choosed:

	All Boot Items (Including Registry, Startup Folders, Services and so on)

	Browser Add-ons

	Runing Processes (Including process model information)

	File Associations

	Winsock Provider

	Autorun.Inf

	HOSTS File

	Process Privileges Scan





Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

	<MSKAGENTEXE><C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe>  [McAfee Inc.]

	<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]

	<Yahoo! Pager><"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet>  [(Verified)Yahoo! Inc.]

	<kxva><C:\WINDOWS\system32\kxvo.exe>  []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

	<ARC><"C:\Program Files\McAfee\McAfee QuickClean\Uni.exe" /ARC:Boxing Manager Professional Edition 1.8.3>  [McAfee, Inc.]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

	<BMMGAG><RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor>  [IBM Corp.]

	<BLOG><rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog>  []

	<MCUpdateExe><c:\PROGRA~1\mcafee.com\agent\mcupdate.exe>  [McAfee, Inc]

	<MCAgentExe><c:\PROGRA~1\mcafee.com\agent\McAgent.exe>  [McAfee, Inc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]

	<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]

	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]

	<WinlogonNotify: QConGina><QConGina.dll>  [IBM Corp.]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]

	<WinlogonNotify: tphotkey><tphklock.dll>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]

	<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]

	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]

	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<Adobe Photo Downloader><; "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe">  [(Verified)Adobe Systems Incorporated]

	<Adobe Reader Speed Launcher><; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]

	<BMMLREF><; C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE>  []

	<BMMMONWND><; rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<DataLayer><; C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe>  [Nokia Mobile Phones Ltd.]

	<EZEJMNAP><; C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe>  [IBM Corp.]

	<HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Publisher]

	<IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)"Apple Computer, Inc."]

	<MCAgentExe><; c:\PROGRA~1\mcafee.com\agent\mcagent.exe>  [McAfee, Inc]

	<MCUpdateExe><; C:\PROGRA~1\mcafee.com\agent\mcupdate.exe>  [McAfee, Inc]

	<MPFExe><; C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe>  [McAfee Security]

	<MSKAGENTEXE><; C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe>  [McAfee Inc.]

	<MSKDetectorExe><; C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup>  [McAfee, Inc.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<msnmsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]

	<OASClnt><; C:\Program Files\McAfee.com\VSO\oasclnt.exe>  [McAfee, Inc.]

	<PCSuiteTrayApplication><; C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray>  [Nokia]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<PcSync><; C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog>  [Time Information Services Ltd.]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<QCTRAY><; C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE>  [IBM Corp.]

	<QCWLICON><; C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE>  [IBM Corp.]

	<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]

	<RemoteControl><; "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe">  [Cyberlink Corp.]

	<SoundMAX><; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]

	<SoundMAXPnP><; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]

	<TP4EX><; tp4ex.exe>  [IBM Corporation]

	<TPHOTKEY><; C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe>  []

	<TPKMAPHELPER><; C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper>  [IBM Corp.]

	<TrackPointSrv><; tp4serv.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<VirusScan Online><; C:\Program Files\McAfee.com\VSO\mcvsshld.exe>  [McAfee, Inc.]

	<VSOCheckTask><; "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask>  [McAfee, Inc.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<Yahoo! Pager><; "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet>  [(Verified)Yahoo! Inc.]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<_AntiSpyware><; c:\progra~1\mcafee\MCAFEE~1\masalert.exe>  [McAfee, Inc.]



==================================

Startup Folders

N/A



==================================

Services

[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]

  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>

[Dcfssvc / Dcfssvc][Running/Auto Start]

  <C:\WINDOWS\system32\DRIVERS\dcfssvc.exe><Eastman Kodak Company>

[Human Interface Device Access / HidServ][Stopped/Disabled]

  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>

[IBM PM Service / IBMPMSVC][Running/Auto Start]

  <C:\WINDOWS\system32\ibmpmsvc.exe><N/A>

[iPod Service / iPod Service][Stopped/Manual Start]

  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>

[McAfee AntiSpyware Service / McAfee AntiSpyware Service][Running/Auto Start]

  <"c:\progra~1\mcafee\mcafee antispyware\massrv.exe"><McAfee, Inc.>

[McAfee WSC Integration / McDetect.exe][Running/Auto Start]

  <c:\program files\mcafee.com\agent\mcdetect.exe><McAfee, Inc>

[McAfee.com McShield / McShield][Running/Auto Start]

  <c:\PROGRA~1\mcafee.com\vso\mcshield.exe><McAfee Inc.>

[McAfee Task Scheduler / McTskshd.exe][Running/Auto Start]

  <c:\PROGRA~1\mcafee.com\agent\mctskshd.exe><McAfee, Inc>

[McAfee SecurityCenter Update Manager / mcupdmgr.exe][Stopped/Manual Start]

  <C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe><McAfee, Inc>

[McAfee Personal Firewall Service / MpfService][Running/Auto Start]

  <C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe><McAfee Corporation>

[McAfee SpamKiller Server / MskService][Running/Auto Start]

  <C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe><McAfee Inc.>

[QCONSVC / QCONSVC][Running/Auto Start]

  <System32\QCONSVC.EXE><N/A>

[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]

  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

[IBM KCU Service / TpKmpSVC][Running/Auto Start]

  <C:\WINDOWS\system32\TpKmpSVC.exe><N/A>

[Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge][Stopped/Manual Start]

  <C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe><Microsoft Corporation>



==================================

Drivers

[aeaudio / aeaudio][Running/Manual Start]

  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>

[ANC / ANC][Running/System Start]

  <System32\drivers\ANC.SYS><IBM Corp.>

[Kodak Camera Proxy / DcCam][Running/System Start]

  <system32\DRIVERS\DcCam.sys><Eastman Kodak Company>

[DcFpoint / DcFpoint][Stopped/Manual Start]

  <system32\DRIVERS\DcFpoint.sys><Eastman Kodak Company>

[DCFS2k / DCFS2k][Running/Auto Start]

  <system32\DRIVERS\DCFS2k.sys><Eastman Kodak Company>

[Legacy Polling Service / DcLps][Running/Manual Start]

  <system32\DRIVERS\DcLps.sys><Eastman Kodak Company>

[%DcPTP.SvcDesc% / DcPTP][Stopped/Manual Start]

  <system32\DRIVERS\DcPTP.sys><Eastman Kodak Company>

[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]

  <system32\DRIVERS\e100b325.sys><Intel Corporation>

[Exportit / Exportit][Stopped/System Start]

  <system32\DRIVERS\exportit.sys><Eastman Kodak Company>

[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]

  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>

[HSFHWICH / HSFHWICH][Running/Manual Start]

  <system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>

[HSF_DP / HSF_DP][Running/Manual Start]

  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>

[ialm / ialm][Running/Manual Start]

  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>

[IBMPMDRV / IBMPMDRV][Running/Manual Start]

  <system32\DRIVERS\ibmpmdrv.sys><IBM Corp.>

[IBMTPCHK / IBMTPCHK][Running/System Start]

  <System32\drivers\IBMBLDID.SYS><N/A>

[mdmxsdk / mdmxsdk][Running/Auto Start]

  <system32\DRIVERS\mdmxsdk.sys><Conexant>

[MPFIREWL / MPFIREWL][Running/System Start]

  <System32\Drivers\MpFirewall.sys><McAfee Security>

[NaiAvFilter1 / NaiAvFilter1][Running/Manual Start]

  <system32\drivers\naiavf5x.sys><McAfee Inc.>

[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]

  <system32\drivers\nmwcdc.sys><Nokia>

[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]

  <system32\drivers\nmwcdcm.sys><Nokia>

[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]

  <system32\drivers\nmwcd.sys><Nokia>

[Direct Parallel Link Driver / Ptilink][Running/Manual Start]

  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>

[PxHelp20 / PxHelp20][Running/Boot Start]

  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>

[QCNDISIF / QCNDISIF][Stopped/Manual Start]

  <System32\drivers\qcndisif.SYS><IBM Corporation.>

[Secdrv / Secdrv][Stopped/Manual Start]

  <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>

[smwdm / smwdm][Running/Manual Start]

  <system32\drivers\smwdm.sys><Analog Devices, Inc.>

[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]

  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>

[IBM PS/2 TrackPoint Driver / Tp4Track][Running/Manual Start]

  <system32\DRIVERS\tp4track.sys><IBM Corporation>

[TPPWR / TPPWR][Running/System Start]

  <System32\drivers\Tppwr.sys><IBM Corp.>

[TSMAPIP / TSMAPIP][Running/System Start]

  <System32\drivers\TSMAPIP.SYS><N/A>

[IBM PS/2 TrackPoint Filter Driver / TwoTrack][Stopped/Manual Start]

  <System32\DRIVERS\TwoTrack.sys><IBM Corporation>

[Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP / w29n51][Running/Manual Start]

  <system32\DRIVERS\w29n51.sys><Intel® Corporation>

[winachsf / winachsf][Running/Manual Start]

  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>



==================================

Browser Add-ons

[Adobe PDF Reader Link Helper]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>

[IEHlprObj Class]

  {CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\ieso0.dll, N/A>

[]

  {85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>

[]

  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>

[McAfee VirusScan]

  {BA52B914-B692-46c4-B683-905236F6F655} <c:\progra~1\mcafee.com\vso\mcvsshl.dll, McAfee, Inc.>

[CKAVWebScan Object]

  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>

[SpinTop DRM Control]

  {149E45D8-163E-4189-86FC-45022AB2B6C9} <C:\WINDOWS\DOWNLO~1\CONFLICT.2\stg_drm.ocx, SpinTop Media Inc.>

[BDSCANONLINE Control]

  {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan82.ocx, BitDefender>

[F-Secure Online Scanner 3.3]

  {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} <C:\WINDOWS\Downloaded Program Files\fscax.dll, F-Secure Corporation>

[ArmHelper Control]

  {CC450D71-CC90-424C-8638-1F2DBAC87A54} <./Images/armhelper.ocx, N/A>

[Adobe PDF Reader Link Helper]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>

[Web Browser Applet Control]

  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>

[CKAVWebScan Object]

  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>

[BDSCANONLINE Control]

  {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan82.ocx, BitDefender>

[CKAVReportCtrl Object]

  {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>

[McAfee VirusScan]

  {BA52B914-B692-46C4-B683-905236F6F655} <c:\progra~1\mcafee.com\vso\mcvsshl.dll, McAfee, Inc.>

[F-Secure Online Scanner 3.3]

  {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} <C:\WINDOWS\Downloaded Program Files\fscax.dll, F-Secure Corporation>

[IEHlprObj Class]

  {CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\ieso0.dll, N/A>

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>

[E&xport to Microsoft Excel]

  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>



==================================

Running Processes

[PID: 736 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 808 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 832 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\system32\tphklock.dll]  [N/A, ]

	[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3943]

	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]

[PID: 876 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 888 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 1032 / SYSTEM][C:\WINDOWS\system32\ibmpmsvc.exe]  [N/A, ]

[PID: 1056 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 1136 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 1172 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]

[PID: 1220 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 1392 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]

[PID: 1624 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]

	[C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]

	[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]

[PID: 2012 / SYSTEM][C:\WINDOWS\system32\DRIVERS\dcfssvc.exe]  [Eastman Kodak Company, 1.1.1600.0]

[PID: 128 / SYSTEM][c:\progra~1\mcafee\mcafee antispyware\massrv.exe]  [McAfee, Inc., 1.5.0.110]

	[c:\progra~1\mcafee\mcafee antispyware\mytilus2.dll]  [McAfee, Inc., 12.0.0.266]

	[c:\progra~1\mcafee\mcafee antispyware\mytilus.dll]  [McAfee, Inc., 12.0.0.266]

	[c:\progra~1\mcafee\mcafee antispyware\McShield.dll]  [McAfee, Inc., 12.0.0.266]

	[c:\progra~1\mcafee\mcafee antispyware\mcscan32.dll]  [McAfee, Inc., 5.1.00]

	[c:\progra~1\mcafee\mcafee antispyware\wmimon.dll]  [McAfee, Inc., 1.5.0.110]

	[c:\progra~1\mcafee\mcafee antispyware\PSAPI.DLL]  [Microsoft Corporation, 4.00]

[PID: 192 / SYSTEM][c:\program files\mcafee.com\agent\mcdetect.exe]  [McAfee, Inc, 6, 0, 0, 19]

[PID: 216 / SYSTEM][c:\PROGRA~1\mcafee.com\vso\mcshield.exe]  [McAfee Inc., 11.0.0.151]

	[c:\PROGRA~1\mcafee.com\vso\RES00\McShield.DLL]  [McAfee Inc., 11.0.0.141]

	[c:\PROGRA~1\mcafee.com\vso\FTL.Dll]  [McAfee Inc., 11.0.0.151]

	[c:\PROGRA~1\mcafee.com\vso\naiann.dll]  [McAfee, Inc., 10, 0, 0, 21]

	[c:\PROGRA~1\mcafee.com\vso\mytilus.dll]  [McAfee Inc., 11.0.0.151]

	[C:\Program Files\McAfee.com\VSO\MCSCAN32.DLL]  [McAfee, Inc., 5.2.00]

[PID: 260 / SYSTEM][c:\PROGRA~1\mcafee.com\agent\mctskshd.exe]  [McAfee, Inc, 6, 0, 0, 13]

[PID: 448 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]

	[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll]  [Microsoft Corporation, 7.00.9466]

[PID: 460 / SYSTEM][C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe]  [McAfee Corporation, 6.1.0.44]

	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]

	[C:\WINDOWS\system32\MPFAPI.dll]  [McAfee Security, 5, 0, 1, 6]

[PID: 488 / SYSTEM][C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe]  [McAfee Inc., 6.1.0.7]

	[C:\PROGRA~1\McAfee\SPAMKI~1\borlndmm.dll]  [Borland Software Corporation, 6.0.6.163]

	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]

	[C:\PROGRA~1\McAfee\SPAMKI~1\MskRescs.dll]  [McAfee, Inc., 6.1.0.6]

	[C:\WINDOWS\system32\mapi32.dll]  [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]

	[C:\PROGRA~1\McAfee\SPAMKI~1\McAbImp.dll]  [McAfee, Inc., 6.1.0.6]

	[c:\program files\mcafee.com\agent\submgr\6,0,0,16\mcsubmgr.dll]  [McAfee, Inc, 6, 0, 0, 16]

	[C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\MSMAPI32.DLL]  [Microsoft Corporation, 11.0.5601]

	[C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\MAPIR.DLL]  [Microsoft Corporation, 11.0.5510]

[PID: 724 / Ruberc][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]

	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]

	[C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]

	[C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll]  [IBM Corp., 1, 0, 0, 0]

	[C:\PROGRA~1\McAfee\SPAMKI~1\mskoeplg.dll]  [McAfee Inc., 6.1.0.6]

	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]

	[c:\progra~1\mcafee.com\vso\mcvsshl.dll]  [McAfee, Inc., 10, 0, 0, 19]

	[c:\progra~1\mcafee.com\vso\ShlRes.dll]  [McAfee, Inc., 10, 0, 0, 19]

	[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]

	[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]

	[C:\WINDOWS\system32\msdmo.dll]  [, ]

	[C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll]  [Nokia, 6, 50, 78, 2]

	[C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 50, 36, 2]

	[C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3943]

	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]

	[C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3943]

	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3943]

	[C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3943]

	[C:\WINDOWS\system32\fool1.dll]  [N/A, ]

	[C:\Program Files\Common Files\KODAK\IFSCore\cdtrc.dll]  [, 0.0.0100]

	[C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3943]

	[C:\Program Files\Common Files\KODAK\IFSCore\shellext.dll]  [Eastman Kodak, 2.0.0400]

	[C:\Program Files\Common Files\KODAK\IFSCore\shextrc.dll]  [Eastman Kodak, 2.0.0200]

	[C:\Program Files\Common Files\KODAK\IFSCore\cdt.dll]  [, 2.0.0300]

	[C:\Program Files\Common Files\KODAK\IFSCore\Ring3\ring3.dll]  [Eastman Kodak Company, 1.0.1800.0]

	[C:\Program Files\Common Files\KODAK\IFSCore\Ring3\sp.dll]  [N/A, ]

	[C:\Program Files\Common Files\KODAK\IFSCore\Ring3\ekexifio140.dll]  [Eastman Kodak Company, V1.4.21]

	[C:\Program Files\Common Files\KODAK\IFSCore\Ring3\ekfpixjpeg140.dll]  [Eastman Kodak Company, V1.4.20]

[PID: 1084 / SYSTEM][C:\WINDOWS\System32\QCONSVC.EXE]  [IBM Corp., 3, 7, 1, 0]

[PID: 1424 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]

[PID: 1528 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 1404 / SYSTEM][C:\WINDOWS\system32\TpKmpSVC.exe]  [N/A, ]

[PID: 1732 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

[PID: 1760 / Ruberc][C:\WINDOWS\system32\RunDll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll]  [IBM Corp., 1, 0, 0, 0]

	[C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll]  [IBM Corp., 1, 0, 0, 0]

	[C:\PROGRA~1\McAfee\SPAMKI~1\mskoeplg.dll]  [McAfee Inc., 6.1.0.6]

	[C:\WINDOWS\system32\fool1.dll]  [N/A, ]

	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]

[PID: 1820 / Ruberc][C:\PROGRA~1\mcafee.com\agent\McAgent.exe]  [McAfee, Inc, 6, 0, 0, 16]

	[C:\PROGRA~1\mcafee.com\agent\SCRes.dll]  [McAfee, Inc, 6, 0, 0, 7]

	[C:\PROGRA~1\McAfee\SPAMKI~1\mskoeplg.dll]  [McAfee Inc., 6.1.0.6]

	[c:\PROGRA~1\mcafee.com\agent\mcagntps.dll]  [McAfee, Inc, 5, 0, 0, 0]

	[c:\program files\mcafee.com\shared\mcuicfg\6,0,0,4\mcuicfg.dll]  [McAfee, Inc, 6, 0, 0, 4]

	[C:\WINDOWS\system32\fool1.dll]  [N/A, ]

	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]

[PID: 1852 / Ruberc][C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe]  [McAfee Inc., 6.1.0.6]

	[C:\PROGRA~1\McAfee\SPAMKI~1\mskoeplg.dll]  [McAfee Inc., 6.1.0.6]

	[c:\PROGRA~1\mcafee.com\agent\mcagntps.dll]  [McAfee, Inc, 5, 0, 0, 0]

[PID: 1880 / Ruberc][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\PROGRA~1\McAfee\SPAMKI~1\mskoeplg.dll]  [McAfee Inc., 6.1.0.6]

	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]

	[C:\WINDOWS\system32\fool1.dll]  [N/A, ]

[PID: 1332 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 2540 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 3776 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 2064 / Ruberc][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.8.1.14: 2008040413]

	[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]

	[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Netscape Communications Corporation, 4.6.8]

	[C:\Program Files\Mozilla Firefox\xpcom_core.dll]  [Mozilla Foundation, 1.8.1.14: 2008040413]

	[C:\Program Files\Mozilla Firefox\plc4.dll]  [Netscape Communications Corporation, 4.6.8]

	[C:\Program Files\Mozilla Firefox\plds4.dll]  [Netscape Communications Corporation, 4.6.8]

	[C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]

	[C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]

	[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]

	[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]

	[C:\Program Files\Mozilla Firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.8.1.14: 2008040413]

	[C:\PROGRA~1\McAfee\SPAMKI~1\mskoeplg.dll]  [McAfee Inc., 6.1.0.6]

	[C:\Program Files\Mozilla Firefox\components\myspell.dll]  [Mozilla Foundation, 1.8.1.14: 2008040413]

	[C:\Program Files\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.8.1.14: 2008040413]

	[C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\qfaservices.dll]  [Mozilla Foundation, 1.8.1.11: 2007112718]

	[C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL]  [Full Circle Software, Inc., 2.2.unofficial]

	[C:\Program Files\Mozilla Firefox\components\spellchk.dll]  [Mozilla Foundation, 1.8.1.14: 2008040413]

	[C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]

	[C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.65]

	[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]

	[C:\WINDOWS\system32\msdmo.dll]  [, ]

	[C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]

	[C:\WINDOWS\system32\quartz.dll]  [, ]

	[C:\WINDOWS\system32\ac3DX.ax]  [, 1.01a]

	[C:\WINDOWS\system32\fool1.dll]  [N/A, ]

[PID: 3688 / Ruberc][C:\Documents and Settings\Ruberc\Desktop\kztechssuite\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]

	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]

	[C:\PROGRA~1\McAfee\SPAMKI~1\mskoeplg.dll]  [McAfee Inc., 6.1.0.6]

	[C:\Documents and Settings\Ruberc\Desktop\kztechssuite\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

	[C:\WINDOWS\system32\fool1.dll]  [N/A, ]

[PID: 1564 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

	[C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

[PID: 2180 / Ruberc][C:\WINDOWS\system32\mshta.exe]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]

	[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]

	[C:\PROGRA~1\McAfee\SPAMKI~1\mskoeplg.dll]  [McAfee Inc., 6.1.0.6]

	[C:\WINDOWS\system32\fool1.dll]  [N/A, ]

	[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

	[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\pdm.dll]  [Microsoft Corporation, 7.00.9466]

	[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll]  [Microsoft Corporation, 7.00.9466]

	[C:\WINDOWS\system32\IEFRAME.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]

	[C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL]  [Microsoft Corporation, 1.0.1038.0]



==================================

File Associations

.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE  OK. ["%1" %*]

.COM  OK. ["%1" %*]

.PIF  OK. ["%1" %*]

.REG  OK. [regedit.exe "%1"]

.BAT  OK. ["%1" %*]

.SCR  OK. ["%1" /S]

.CHM  OK. ["C:\WINDOWS\hh.exe" %1]

.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK  OK. [{00021401-0000-0000-C000-000000000046}]



==================================

Winsock Provider

N/A



==================================

Autorun.Inf

[C:\]

;so1fKkddDlJSo1rK2jdArJADi0mpJ9ksq1o4855s0rdipo2o2ki13dw3q7eaLifHaoZ87arw22is38w

53SadLsS353kOeKrk5k4lLljCk4asks

[AutoRun]

;4J

open=xaul0q8u.bat

;sK4naK3aDws02e5Lkk8iki233q2lwliwpsKJwoaKDlAe2D2sk732pd3rLkrsaDifkirsZ7a

shell\open\Command=xaul0q8u.bat

;

shell\open\Default=1

;reKd30o1aw2dkelml1Le9radq3a4kiJqej5qik5dwfr0aa7JSKKsAJrldD4533iki5oKkJSsk26oprr

L2A200fa3KkC

shell\explore\Command=xaul0q8u.bat

;sdskalaDA3s203i9dLk4iao1D3qm8743k5aZakJejiAoLd

[D:\]

;so1fKkddDlJSo1rK2jdArJADi0mpJ9ksq1o4855s0rdipo2o2ki13dw3q7eaLifHaoZ87arw22is38w

53SadLsS353kOeKrk5k4lLljCk4asks

[AutoRun]

;4J

open=xaul0q8u.bat

;sK4naK3aDws02e5Lkk8iki233q2lwliwpsKJwoaKDlAe2D2sk732pd3rLkrsaDifkirsZ7a

shell\open\Command=xaul0q8u.bat

;

shell\open\Default=1

;reKd30o1aw2dkelml1Le9radq3a4kiJqej5qik5dwfr0aa7JSKKsAJrldD4533iki5oKkJSsk26oprr

L2A200fa3KkC

shell\explore\Command=xaul0q8u.bat

;sdskalaDA3s203i9dLk4iao1D3qm8743k5aZakJejiAoLd



==================================

HOSTS File

127.0.0.1	   localhost



==================================

Process Privileges Scan

Special Privilege Enabled: SeLoadDriverPrivilege [PID = 260, C:\PROGRA~1\MCAFEE.COM\AGENT\MCTSKSHD.EXE]

Special Privilege Enabled: SeLoadDriverPrivilege [PID = 488, C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKSRVR.EXE]

Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1820, C:\PROGRA~1\MCAFEE.COM\AGENT\MCAGENT.EXE]

Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1852, C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKAGENT.EXE]



==================================

API HOOK

N/A



==================================

Hidden Process

N/A



==================================

  • 0

#141
kahdah
Posted 19 April 2008 - 01:56 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\ieso0.dll
C:\WINDOWS\system32\fool1.dll
C:\Autorun.Inf
C:\xaul0q8u.bat
D:\gvsqikes.cmd
D:\lpufwi6.com 
D:\n2.bat 
D:\w2ngo.com 
F:\w2ngo.com 
D:\AUTORUN.INF 
EmptyTemp
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=================
PLease then Update Malware Bytes ANtimalware then run a full scan.
====================
After that post the latest OT Move it log and a new dss scan log.

Edited by kahdah, 19 April 2008 - 01:58 PM.
Taken out a space in the code

  • 0

#142
amm007
Posted 21 April 2008 - 05:05 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
LoadLibrary failed for C:\WINDOWS\system32\ieso0.dll
C:\WINDOWS\system32\ieso0.dll NOT unregistered.
C:\WINDOWS\system32\ieso0.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fool1.dll
C:\WINDOWS\system32\fool1.dll NOT unregistered.
C:\WINDOWS\system32\fool1.dll moved successfully.
C:\Autorun.Inf moved successfully.
C:\xaul0q8u.bat moved successfully.
File/Folder D:\gvsqikes.cmd not found.
File/Folder D:\lpufwi6.com not found.
File/Folder D:\n2.bat not found.
D:\w2ngo.com moved successfully.
File/Folder F:\w2ngo.com not found.
D:\AUTORUN.INF moved successfully.
File/Folder EmptyTemp not found.

OTMoveIt2 v1.0.21 log created on 04212008_190524
  • 0

#143
amm007
Posted 21 April 2008 - 06:17 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Malwarebytes' Anti-Malware 1.11
Database version: 663

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 92518
Time elapsed: 58 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Worm.OnlineG) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Worm.OnlineG) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Worm.OnlineG) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\IEHlprObj.IEHlprObj (Worm.OnlineG) -> No action taken.
HKEY_CLASSES_ROOT\stfngdvw.1 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kxva (Worm.OnlineG) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kxvo.exe (Worm.OnlineG) -> No action taken.
C:\WINDOWS\system32\fool0.dll (Worm.OnlineG) -> No action taken.
  • 0

#144
amm007
Posted 21 April 2008 - 06:19 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Deckard's System Scanner v20071014.68
Run by Ruberc on 2008-04-21 20:18:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Ruberc.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:40 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ruberc\Desktop\New Folder\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ruberc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\ieso0.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] ; c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] ; "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BMMLREF] ; C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] ; rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [DataLayer] ; C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [EZEJMNAP] ; C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [HotKeysCmds] ; C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] ; C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [iTunesHelper] ; "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MPFExe] ; C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] ; C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] ; C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OASClnt] ; C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] ; C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [QCTRAY] ; C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] ; C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] ; "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMAX] ; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] ; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TP4EX] ; tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] ; C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] ; C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TrackPointSrv] ; tp4serv.exe
O4 - HKLM\..\Run: [VirusScan Online] ; C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [VSOCheckTask] ; "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [_AntiSpyware] ; c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] ; "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] ; C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\RunOnce: [ARC] "C:\Program Files\McAfee\McAfee QuickClean\Uni.exe" /ARC:Boxing Manager Professional Edition 1.8.3
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Chessmaster Challenge\Images\stg_drm.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Chessmaster Challenge\Images\armhelper.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 8985 bytes

-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 19:12:53 0 d-------- C:\Documents and Settings\Ruberc\Application Data\Malwarebytes
2008-04-21 19:12:47 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 18:50:34 158813 -r-hs---- C:\oalvm.com
2008-04-19 17:43:45 157141 -r-hs---- C:\w2ngo.com
2008-04-19 17:43:16 158813 -r-hs---- C:\WINDOWS\system32\kxvo.exe
2008-04-19 17:43:16 91648 -----n--- C:\WINDOWS\system32\fool0.dll
2008-04-09 10:09:12 0 d-------- C:\fsaua.data
2008-04-06 20:24:51 0 d-------- C:\WINDOWS\BDOSCAN8
2008-03-31 11:04:22 0 d-------- C:\Downloads
2008-03-31 11:04:22 0 d-------- C:\Bases
2008-03-31 11:02:48 0 d-------- C:\Kaspersky
2008-03-29 23:47:58 0 d-------- C:\WINDOWS\network diagnostic
2008-03-27 11:24:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-27 11:24:36 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-24 13:56:23 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-03-24 13:56:11 0 d-------- C:\Program Files\Saxton NCLEX-RN® 18e


-- Find3M Report ---------------------------------------------------------------

2008-03-27 19:51:19 0 d-------- C:\Program Files\Yahoo!
2008-03-27 09:43:49 0 d-------- C:\Documents and Settings\Ruberc\Application Data\Yahoo!
2008-03-24 21:36:06 0 d-------- C:\Program Files\QuickTime
2008-03-24 21:35:00 0 d-------- C:\Program Files\MSN Messenger
2008-03-24 21:29:14 0 d-------- C:\Program Files\Messenger
2008-03-24 21:28:37 0 d-------- C:\Program Files\iTunes
2008-03-11 06:16:00 0 d-------- C:\Program Files\EPSON
2008-03-10 00:14:04 0 d-------- C:\Program Files\Trend Micro
2008-03-08 17:45:21 0 d-------- C:\Program Files\Common Files
2008-03-04 18:43:12 2082 --a------ C:\WINDOWS\mozver.dat
2008-03-01 00:00:17 0 d-------- C:\Documents and Settings\Ruberc\Application Data\McAfee.com Personal Firewall
2008-02-28 21:51:11 0 d-------- C:\Documents and Settings\Ruberc\Application Data\Adobe
2008-02-26 18:43:39 8554 --a------ C:\logfile
2008-02-26 18:43:22 0 d-------- C:\Program Files\KODAK
2008-02-26 18:43:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-25 20:31:50 0 d-------- C:\Program Files\ArcSoft
2008-02-25 19:52:34 0 d-------- C:\Program Files\Common Files\KODAK
2008-02-24 10:10:48 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [04/20/2005 01:38 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [04/20/2005 01:38 AM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [04/20/2005 01:38 AM]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [04/20/2005 01:38 AM]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [03/31/2005 09:30 AM]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [11/24/2004 02:10 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 08:59 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 09:03 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/27/2007 11:25 AM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [04/05/2005 02:41 PM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [03/23/2005 04:33 PM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [03/23/2005 03:47 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 10:02 PM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/22/2005 09:39 AM]
"QCTRAY"="C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [03/18/2005 03:07 AM]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [03/18/2005 03:07 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [08/06/2004 08:27 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [04/01/2004 10:52 AM]
"TP4EX"="tp4ex.exe" [11/12/2004 01:07 AM C:\WINDOWS\system32\TP4EX.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [03/03/2005 05:10 PM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [02/04/2004 06:39 PM]
"TrackPointSrv"="tp4serv.exe" [10/28/2004 03:50 AM C:\WINDOWS\system32\tp4serv.exe]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 12:49 PM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 06:18 PM]
"_AntiSpyware"="c:\progra~1\mcafee\MCAFEE~1\masalert.exe" [01/06/2006 03:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [03/23/2005 04:33 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:56 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"kxva"="C:\WINDOWS\system32\kxvo.exe" [04/21/2008 06:50 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [04/20/2005 09:57 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ARC"="C:\Program Files\McAfee\McAfee QuickClean\Uni.exe" /ARC:Boxing Manager Professional Edition 1.8.3

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 03/18/2005 03:07 AM 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 08/12/2004 08:11 PM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ruberc^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Ruberc\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3cab30-7408-11dc-a7c2-000ae435643f}]
AutoRun\command- F:\w2ngo.com
explore\Command- F:\w2ngo.com
open\Command- F:\w2ngo.com




-- End of Deckard's System Scanner: finished at 2008-04-21 20:19:55 ------------
  • 0

#145
kahdah
Posted 21 April 2008 - 08:23 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [Kill explorer]
HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1
HKEY_CLASSES_ROOT\CLSID\{ce7c3cf0-4b15-11d1-abed-709549c10000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce7c3cf0-4b15-11d1-abed-709549c10000}
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} 
HKEY_CLASSES_ROOT\IEHlprObj.IEHlprObj
HKEY_CLASSES_ROOT\stfngdvw.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\kxva  
C:\WINDOWS\system32\kxvo.exe 
C:\WINDOWS\system32\fool0.dll
C:\oalvm.com
C:\w2ngo.com
F:\w2ngo.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3cab30-7408-11dc-a7c2-000ae435643f}
Emptytemp
[Start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==================================
If you still have this program the please delete it and download the following updated one.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post that log in your next reply.

(Note if you cannot open the log it produces then right click on it and choose rename.
Rename it to .txt and you will be able to open it)
====================================
Also post a new dss log along with the rest of the logs.
  • 0

Advertisements

#146
amm007
Posted 23 April 2008 - 06:06 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
File/Folder [Kill explorer] not found.
File/Folder HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 not found.
File/Folder HKEY_CLASSES_ROOT\CLSID\{ce7c3cf0-4b15-11d1-abed-709549c10000} not found.
File/Folder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce7c3cf0-4b15-11d1-abed-709549c10000} not found.
File/Folder HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} not found.
File/Folder HKEY_CLASSES_ROOT\IEHlprObj.IEHlprObj not found.
File/Folder HKEY_CLASSES_ROOT\stfngdvw.1 not found.
File/Folder HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\kxva not found.
C:\WINDOWS\system32\kxvo.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fool0.dll
C:\WINDOWS\system32\fool0.dll NOT unregistered.
C:\WINDOWS\system32\fool0.dll moved successfully.
C:\oalvm.com moved successfully.
C:\w2ngo.com moved successfully.
File/Folder F:\w2ngo.com not found.
File/Folder HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3cab30-7408-11dc-a7c2-000ae435643f} not found.
File/Folder Emptytemp not found.
File/Folder [Start explorer] not found.

OTMoveIt2 v1.0.21 log created on 04232008_200348
  • 0

#147
amm007
Posted 23 April 2008 - 09:36 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
ieso0.dll;c:\windows\system32;Trojan.Nsanti.Packed;Deleted.;
5yswe.dll;C:\Documents and Settings\Ruberc\Local Settings\Temp;Trojan.PWS.Gamania.9254;Deleted.;
c7peg.dll;C:\Documents and Settings\Ruberc\Local Settings\Temp;Trojan.Nsanti.Packed;Deleted.;
t89tym.dll;C:\Documents and Settings\Ruberc\Local Settings\Temp;Trojan.PWS.Gamania.9407;Deleted.;
udtas9b.dll;C:\Documents and Settings\Ruberc\Local Settings\Temp;Trojan.PWS.Gamania.9129;Deleted.;
vyqs5.dll;C:\Documents and Settings\Ruberc\Local Settings\Temp;Trojan.PWS.Gamania.9640;Deleted.;
xtw5t.dll;C:\Documents and Settings\Ruberc\Local Settings\Temp;Trojan.Nsanti.Packed;Deleted.;
LL[1].0XE;C:\Documents and Settings\Ruberc\Local Settings\Temporary Internet Files\Content.IE5\ABCB0VO7;Trojan.PWS.Gamania.9247;Deleted.;
A0000001.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000016.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.7926;Deleted.;
A0000017.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Wsgame.4194;Deleted.;
A0000018.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000062.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.7926;Deleted.;
A0000063.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Wsgame.4194;Deleted.;
A0000065.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000107.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.7926;Deleted.;
A0000108.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Wsgame.4194;Deleted.;
A0000109.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000118.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.7926;Deleted.;
A0000119.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Wsgame.4194;Deleted.;
A0000124.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000130.exe;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000131.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Wsgame.4194;Deleted.;
A0000139.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.7926;Deleted.;
A0000140.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Wsgame.4194;Deleted.;
A0000141.bat;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000154.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.7926;Deleted.;
A0000155.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Wsgame.4028;Deleted.;
A0000156.bat;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000163.exe;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000164.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Wsgame.4028;Deleted.;
A0006094.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP10;Trojan.PWS.Gamania.9247;Deleted.;
A0006110.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP10;Trojan.PWS.Wsgame.4751;Deleted.;
A0006111.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP10;Trojan.PWS.Wsgame.4687;Deleted.;
A0006113.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP10;Trojan.PWS.Gamania.9247;Deleted.;
A0006117.exe;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP10;Trojan.PWS.Gamania.9247;Deleted.;
A0006141.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP10;Trojan.Nsanti.Packed;Deleted.;
A0006142.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP10;Trojan.PWS.Wsgame.4687;Deleted.;
A0006143.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP10;Trojan.Nsanti.Packed;Deleted.;
A0001861.cmd;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2;Trojan.PWS.Gamania.9247;Deleted.;
A0003502.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2;Trojan.PWS.Gamania.7926;Deleted.;
A0003503.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2;Trojan.PWS.Wsgame.4028;Deleted.;
A0003505.cmd;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2;Trojan.PWS.Gamania.9247;Deleted.;
A0003630.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3;Trojan.PWS.Gamania.7926;Deleted.;
A0003631.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3;Trojan.PWS.Wsgame.4028;Deleted.;
A0003632.cmd;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3;Trojan.PWS.Gamania.9247;Deleted.;
A0003638.exe;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3;Trojan.PWS.Gamania.9247;Deleted.;
A0003639.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3;Trojan.PWS.Wsgame.4028;Deleted.;
A0003648.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3;Trojan.PWS.Wsgame.4028;Deleted.;
A0003694.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Gamania.9247;Deleted.;
A0003744.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Wsgame;Deleted.;
A0003746.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Gamania.9247;Deleted.;
A0003764.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Wsgame;Deleted.;
A0003765.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Wsgame.4028;Deleted.;
A0003766.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Gamania.9247;Deleted.;
A0003810.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Wsgame.4028;Deleted.;
A0003811.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Wsgame.4028;Deleted.;
A0003812.cmd;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Gamania.9247;Deleted.;
A0003813.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Wsgame;Deleted.;
A0003814.exe;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Gamania.9247;Deleted.;
A0003815.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Gamania.9247;Deleted.;
A0004037.bat;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP6;Trojan.PWS.Gamania.9247;Deleted.;
A0004038.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP6;Trojan.PWS.Gamania.9247;Deleted.;
A0005780.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP6;Trojan.PWS.Wsgame.4194;Deleted.;
A0005863.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Trojan.Nsanti.Packed;Deleted.;
A0005864.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Trojan.PWS.Wsgame.4028;Deleted.;
A0005865.bat;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Trojan.Nsanti.Packed;Deleted.;
A0005892.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Trojan.Nsanti.Packed;Deleted.;
A0005893.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Trojan.Nsanti.Packed;Deleted.;
A0005894.bat;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Trojan.Nsanti.Packed;Deleted.;
A0005898.exe;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Trojan.Nsanti.Packed;Deleted.;
A0005899.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Trojan.Nsanti.Packed;Deleted.;
A0005903.bat;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Probably BATCH.Virus;;
A0005912.bat;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Probably SCRIPT.Virus;;
A0005943.EXE;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Program.PsExec.170;;
A0005947.bat;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Probably BATCH.Virus;;
A0005956.bat;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Probably SCRIPT.Virus;;
A0005986.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Trojan.Nsanti.Packed;Deleted.;
A0005987.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Trojan.PWS.Gamania.9247;Deleted.;
A0005992.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Gamania.9247;Deleted.;
A0006025.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Wsgame.4751;Deleted.;
A0006026.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Wsgame.4687;Deleted.;
A0006028.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Gamania.9247;Deleted.;
A0006045.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Wsgame.4751;Deleted.;
A0006046.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Wsgame.4687;Deleted.;
A0006047.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Gamania.9247;Deleted.;
A0006058.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Wsgame.4751;Deleted.;
A0006060.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Wsgame.4687;Deleted.;
A0006061.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Gamania.9247;Deleted.;
A0006076.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Wsgame.4751;Deleted.;
A0006077.dll;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Wsgame.4687;Deleted.;
A0006079.com;C:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Gamania.9247;Deleted.;
fool1.dll;C:\WINDOWS\system32;Trojan.Nsanti.Packed;Deleted.;
FOOL0.0LL;C:\_OTMoveIt\MovedFiles\04062008_223859\WINDOWS\system32;Trojan.PWS.Wsgame.4194;Deleted.;
w2ngo.com;C:\_OTMoveIt\MovedFiles\04212008_190524;Trojan.PWS.Gamania.9247;Deleted.;
xaul0q8u.bat;C:\_OTMoveIt\MovedFiles\04212008_190524;Trojan.Nsanti.Packed;Deleted.;
fool1.dll;C:\_OTMoveIt\MovedFiles\04212008_190524\WINDOWS\system32;Trojan.PWS.Wsgame.4687;Deleted.;
ieso0.dll;C:\_OTMoveIt\MovedFiles\04212008_190524\WINDOWS\system32;Trojan.PWS.Wsgame.4751;Deleted.;
oalvm.com;C:\_OTMoveIt\MovedFiles\04232008_200348;Trojan.PWS.Gamania.9247;Deleted.;
w2ngo.com;C:\_OTMoveIt\MovedFiles\04232008_200348;Trojan.PWS.Gamania.9247;Deleted.;
fool0.dll;C:\_OTMoveIt\MovedFiles\04232008_200348\WINDOWS\system32;Trojan.Nsanti.Packed;Deleted.;
kxvo.exe;C:\_OTMoveIt\MovedFiles\04232008_200348\WINDOWS\system32;Trojan.Nsanti.Packed;Deleted.;
GVSQIKES.0MD;D:\;Trojan.PWS.Gamania.9247;Deleted.;
LPUFWI6.0OM;D:\;Trojan.PWS.Gamania.9247;Deleted.;
N2.0AT;D:\;Trojan.PWS.Gamania.9247;Deleted.;
oalvm.com;D:\;Trojan.PWS.Gamania.9247;Deleted.;
W2NGO.0OM;D:\;Trojan.PWS.Gamania.9247;Deleted.;
xaul0q8u.bat;D:\;Trojan.Nsanti.Packed;Deleted.;
A0000003.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000020.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000067.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000111.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000126.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000143.bat;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0000158.bat;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP1;Trojan.PWS.Gamania.9247;Deleted.;
A0006096.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP10;Trojan.PWS.Gamania.9247;Deleted.;
A0006115.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP10;Trojan.PWS.Gamania.9247;Deleted.;
A0006145.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP10;Trojan.Nsanti.Packed;Deleted.;
A0006177.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP10;Trojan.PWS.Gamania.9247;Deleted.;
A0006178.bat;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP10;Trojan.Nsanti.Packed;Deleted.;
A0001863.cmd;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2;Trojan.PWS.Gamania.9247;Deleted.;
A0003507.cmd;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP2;Trojan.PWS.Gamania.9247;Deleted.;
A0003634.cmd;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP3;Trojan.PWS.Gamania.9247;Deleted.;
A0003696.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Gamania.9247;Deleted.;
A0003748.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Gamania.9247;Deleted.;
A0003768.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP4;Trojan.PWS.Gamania.9247;Deleted.;
A0005781.cmd;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP6;Trojan.PWS.Gamania.9247;Deleted.;
A0005782.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP6;Trojan.PWS.Gamania.9247;Deleted.;
A0005783.bat;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP6;Trojan.PWS.Gamania.9247;Deleted.;
A0005784.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP6;Trojan.PWS.Gamania.9247;Deleted.;
A0005867.bat;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Trojan.Nsanti.Packed;Deleted.;
A0005896.bat;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Trojan.Nsanti.Packed;Deleted.;
A0005978.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Trojan.PWS.Gamania.9247;Deleted.;
A0005989.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP8;Trojan.PWS.Gamania.9247;Deleted.;
A0005994.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Gamania.9247;Deleted.;
A0006030.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Gamania.9247;Deleted.;
A0006049.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Gamania.9247;Deleted.;
A0006063.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Gamania.9247;Deleted.;
A0006081.com;D:\System Volume Information\_restore{A0515764-FCD7-49DF-B1A0-2AC466CD1313}\RP9;Trojan.PWS.Gamania.9247;Deleted.;
  • 0

#148
amm007
Posted 23 April 2008 - 09:36 AM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Deckard's System Scanner v20071014.68
Run by Ruberc on 2008-04-23 23:34:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Ruberc.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:02 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Ruberc\Desktop\setup.exe
C:\DOCUME~1\Ruberc\LOCALS~1\Temp\RarSFX1\_start.exe
C:\DOCUME~1\Ruberc\LOCALS~1\Temp\RarSFX1\setup.exe
C:\Documents and Settings\Ruberc\Desktop\New Folder\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ruberc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] ; c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] ; "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BMMLREF] ; C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] ; rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [DataLayer] ; C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [EZEJMNAP] ; C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [HotKeysCmds] ; C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] ; C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [iTunesHelper] ; "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MPFExe] ; C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] ; C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] ; C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OASClnt] ; C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] ; C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [QCTRAY] ; C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] ; C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] ; "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMAX] ; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] ; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TP4EX] ; tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] ; C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] ; C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TrackPointSrv] ; tp4serv.exe
O4 - HKLM\..\Run: [VirusScan Online] ; C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [VSOCheckTask] ; "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [_AntiSpyware] ; c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] ; "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] ; C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\RunOnce: [ARC] "C:\Program Files\McAfee\McAfee QuickClean\Uni.exe" /ARC:Boxing Manager Professional Edition 1.8.3
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Chessmaster Challenge\Images\stg_drm.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Chessmaster Challenge\Images\armhelper.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9084 bytes

-- Files created between 2008-03-23 and 2008-04-23 -----------------------------

2008-04-23 21:24:26 0 d-------- C:\Documents and Settings\Ruberc\DoctorWeb
2008-04-21 19:12:53 0 d-------- C:\Documents and Settings\Ruberc\Application Data\Malwarebytes
2008-04-21 19:12:47 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-09 10:09:12 0 d-------- C:\fsaua.data
2008-04-06 20:24:51 0 d-------- C:\WINDOWS\BDOSCAN8
2008-03-31 11:04:22 0 d-------- C:\Downloads
2008-03-31 11:04:22 0 d-------- C:\Bases
2008-03-31 11:02:48 0 d-------- C:\Kaspersky
2008-03-29 23:47:58 0 d-------- C:\WINDOWS\network diagnostic
2008-03-27 11:24:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-27 11:24:36 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-24 13:56:23 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-03-24 13:56:11 0 d-------- C:\Program Files\Saxton NCLEX-RN® 18e


-- Find3M Report ---------------------------------------------------------------

2008-03-27 19:51:19 0 d-------- C:\Program Files\Yahoo!
2008-03-27 09:43:49 0 d-------- C:\Documents and Settings\Ruberc\Application Data\Yahoo!
2008-03-24 21:36:06 0 d-------- C:\Program Files\QuickTime
2008-03-24 21:35:00 0 d-------- C:\Program Files\MSN Messenger
2008-03-24 21:29:14 0 d-------- C:\Program Files\Messenger
2008-03-24 21:28:37 0 d-------- C:\Program Files\iTunes
2008-03-11 06:16:00 0 d-------- C:\Program Files\EPSON
2008-03-10 00:14:04 0 d-------- C:\Program Files\Trend Micro
2008-03-08 17:45:21 0 d-------- C:\Program Files\Common Files
2008-03-04 18:43:12 2082 --a------ C:\WINDOWS\mozver.dat
2008-03-01 00:00:17 0 d-------- C:\Documents and Settings\Ruberc\Application Data\McAfee.com Personal Firewall
2008-02-28 21:51:11 0 d-------- C:\Documents and Settings\Ruberc\Application Data\Adobe
2008-02-26 18:43:39 8554 --a------ C:\logfile
2008-02-26 18:43:22 0 d-------- C:\Program Files\KODAK
2008-02-26 18:43:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-25 20:31:50 0 d-------- C:\Program Files\ArcSoft
2008-02-25 19:52:34 0 d-------- C:\Program Files\Common Files\KODAK
2008-02-24 10:10:48 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [04/20/2005 01:38 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [04/20/2005 01:38 AM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [04/20/2005 01:38 AM]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [04/20/2005 01:38 AM]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [03/31/2005 09:30 AM]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [11/24/2004 02:10 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 08:59 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 09:03 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/27/2007 11:25 AM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [04/05/2005 02:41 PM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [03/23/2005 04:33 PM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [03/23/2005 03:47 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 10:02 PM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/22/2005 09:39 AM]
"QCTRAY"="C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [03/18/2005 03:07 AM]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [03/18/2005 03:07 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [08/06/2004 08:27 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [04/01/2004 10:52 AM]
"TP4EX"="tp4ex.exe" [11/12/2004 01:07 AM C:\WINDOWS\system32\TP4EX.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [03/03/2005 05:10 PM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [02/04/2004 06:39 PM]
"TrackPointSrv"="tp4serv.exe" [10/28/2004 03:50 AM C:\WINDOWS\system32\tp4serv.exe]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 12:49 PM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 06:18 PM]
"_AntiSpyware"="c:\progra~1\mcafee\MCAFEE~1\masalert.exe" [01/06/2006 03:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [03/23/2005 04:33 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:56 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"kxva"="C:\WINDOWS\system32\kxvo.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [04/20/2005 09:57 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ARC"="C:\Program Files\McAfee\McAfee QuickClean\Uni.exe" /ARC:Boxing Manager Professional Edition 1.8.3

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 03/18/2005 03:07 AM 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 08/12/2004 08:11 PM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ruberc^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Ruberc\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3cab30-7408-11dc-a7c2-000ae435643f}]
AutoRun\command- F:\w2ngo.com
explore\Command- F:\w2ngo.com
open\Command- F:\w2ngo.com




-- End of Deckard's System Scanner: finished at 2008-04-23 23:36:46 ------------
  • 0

#149
kahdah
Posted 23 April 2008 - 10:45 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
PLease delete your version of OTMove it then do the following:
=========================================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [Kill explorer]
HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1
HKEY_CLASSES_ROOT\CLSID\{ce7c3cf0-4b15-11d1-abed-709549c10000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce7c3cf0-4b15-11d1-abed-709549c10000}
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} 
HKEY_CLASSES_ROOT\IEHlprObj.IEHlprObj
HKEY_CLASSES_ROOT\stfngdvw.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\kxva  
C:\WINDOWS\system32\kxvo.exe 
C:\WINDOWS\system32\fool0.dll
C:\oalvm.com
C:\w2ngo.com
F:\w2ngo.com
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3cab30-7408-11dc-a7c2-000ae435643f}
Emptytemp
[Start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==============
Then please post that log and a new dss log.
  • 0

#150
amm007
Posted 26 April 2008 - 12:28 PM

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Explorer killed successfully
< HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 >
Registry key HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1\\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{ce7c3cf0-4b15-11d1-abed-709549c10000} >
Registry key HKEY_CLASSES_ROOT\CLSID\{ce7c3cf0-4b15-11d1-abed-709549c10000}\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce7c3cf0-4b15-11d1-abed-709549c10000} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce7c3cf0-4b15-11d1-abed-709549c10000}\\ not found.
< HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} >
Registry key HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92}\\ deleted successfully.
< HKEY_CLASSES_ROOT\IEHlprObj.IEHlprObj >
Registry key HKEY_CLASSES_ROOT\IEHlprObj.IEHlprObj\\ deleted successfully.
< HKEY_CLASSES_ROOT\stfngdvw.1 >
Registry key HKEY_CLASSES_ROOT\stfngdvw.1\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\kxva >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\kxva not found.
File/Folder C:\WINDOWS\system32\kxvo.exe not found.
File/Folder C:\WINDOWS\system32\fool0.dll not found.
File/Folder C:\oalvm.com not found.
File/Folder C:\w2ngo.com not found.
File/Folder F:\w2ngo.com not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3cab30-7408-11dc-a7c2-000ae435643f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3cab30-7408-11dc-a7c2-000ae435643f}\\ deleted successfully.
< Emptytemp >
File delete failed. C:\WINDOWS\temp\sqlite_CAUslf03QFWargL scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_MIQ15pADLTBn4hi scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_XdKdBxKihyCGoT9 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04272008_022352

Files moved on Reboot...
C:\WINDOWS\temp\sqlite_CAUslf03QFWargL moved successfully.
C:\WINDOWS\temp\sqlite_MIQ15pADLTBn4hi moved successfully.
C:\WINDOWS\temp\sqlite_XdKdBxKihyCGoT9 moved successfully.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP