Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack This Log [RESOLVED]

Started by WheelsOH76 , Mar 07 2008 08:16 AM

  • This topic is locked This topic is locked

#1
WheelsOH76
Posted 07 March 2008 - 08:16 AM

WheelsOH76

    Member

  • Member
  • PipPip
  • 12 posts
I know for a fact there is malware, trojans, and tracking cookies that show up and load in IE for some reason on my system. I'm running Windows XP. I can't use any tools to upload or download now. Is that a limitation of firefox or something more malicious?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:07 AM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\nvcoi\nvcoi.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\iDlo18\iDlo182328.exe
C:\WINDOWS\17PHolmes1188.exe
C:\Program Files\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cleveland.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\auserinit.exe
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\thunderbird.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [28071a86] rundll32.exe "C:\WINDOWS\system32\ixbmnfxf.dll",b
O4 - HKLM\..\Run: [BM2b34291a] Rundll32.exe "C:\WINDOWS\system32\oavehofe.dll",s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe (User '?')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1112747012313
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124306605843
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {958FCAB0-616B-11D3-A63F-00001B322780} (TimetickerLittleHelpers.usfServer) - http://www.timeticke...t/TcpServer.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.co...ty4LotTeleX.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 11319 bytes
  • 0

Advertisements

#2
kahdah
Posted 07 March 2008 - 11:09 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello WheelsOH76

Welcome to G2Go. :)
=====================
Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

  • 0

#3
WheelsOH76
Posted 07 March 2008 - 08:49 PM

WheelsOH76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Okay, did the SDFix Routine, cleaning Svchosts i'm guessing? There was one thing that was a bit strange about it. Instead of loading "safe mode" I had to load "safe mode with networking" in order to get safe mode to load at all. I'm not sure if this will make a difference, but the script ran fine and appeared (at least so far) to have fixed things. I'll post the report and a new HijackThis log below.

SDFix Report Follows HERE:


SDFix: Version 1.153

Run by Ben on Fri 03/07/2008 at 09:19 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Ben\Desktop\SDFix

Checking Services :

Name:
SMWDMM

Path:
System32\drivers\smwdmm.sys

SMWDMM - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\SMWDMM.sys - Deleted
C:\X.DAT - Deleted
C:\PROGRA~1\MESSEN~1\MOWUZ8~1.DLL - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Program Files\JavaCore\JavaCore.exe - Deleted
C:\Program Files\JavaCore\UnInstall.exe - Deleted
C:\Program Files\NoDNS\UnInstall.exe - Deleted
C:\Program Files\nvcoi\mst.stt - Deleted
C:\Program Files\nvcoi\nvcoi.exe - Deleted
C:\Program Files\Temporary\InsiDERInst.exe - Deleted
C:\n.bat - Deleted
C:\WINDOWS\b116.exe - Deleted
C:\WINDOWS\b152.exe - Deleted
C:\WINDOWS\b153.exe - Deleted
C:\WINDOWS\b154.exe - Deleted
C:\WINDOWS\mrofinu1000106.exe - Deleted
C:\WINDOWS\mrofinu1188.exe - Deleted
C:\WINDOWS\mrofinu1188.exe.tmp - Deleted
C:\Program Files\.autoreg - Deleted
C:\winlogon.exe - Deleted
C:\x.dat - Deleted
C:\z.dat - Deleted
C:\WINDOWS\Fonts\Crack.exe - Deleted
C:\WINDOWS\Fonts\svchost.exe - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\keygen.exe - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\Fonts\*.zip - 1 File(s) 637,938 bytes - Deleted
C:\WINDOWS\Fonts\'\*.zip - 1 File(s) 637,939 bytes - Deleted

x.dat and z.dat data copied to \SDFix\Data.txt


Folder C:\Program Files\JavaCore - Removed
Folder C:\Program Files\NoDNS - Removed
Folder C:\Program Files\nvcoi - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\tn3 - Removed
Folder C:\WINDOWS\Fonts\' - Removed
Folder C:\WINDOWS\system32\X3 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 21:26:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\DOCUME~1\Ben\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\PRIMOSDK.DLL"
Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\PX.DLL"
Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\PXCPYA64.EXE"
Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\PXCPYI64.EXE"
Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\PXDRV.DLL"
Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\PXHELP20.SYS"
Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\PXHELP64.SYS"
Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\PXHELPER.SYS"
Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\PXHLPA64.SYS"
Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\PXHPINST.EXE"
Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\PXINSA64.EXE"
Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\PXINSI64.EXE"
Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\PXMAS.DLL"
Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\PXSETUP.EXE"
Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\PXWAVE.DLL"
Thu 20 May 2004 28,672 A..H. --- "C:\DELL\VXBLOCK.DLL"
Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\MEDIAEXE\PRIMOSDK.DLL"
Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\MEDIAEXE\PX.DLL"
Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\MEDIAEXE\PXCPYA64.EXE"
Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\MEDIAEXE\PXCPYI64.EXE"
Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\MEDIAEXE\PXDRV.DLL"
Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\MEDIAEXE\PXHELP20.SYS"
Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\MEDIAEXE\PXHELP64.SYS"
Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\MEDIAEXE\PXHELPER.SYS"
Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\MEDIAEXE\PXHLPA64.SYS"
Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXHPINST.EXE"
Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\MEDIAEXE\PXINSA64.EXE"
Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\MEDIAEXE\PXINSI64.EXE"
Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\MEDIAEXE\PXMAS.DLL"
Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXSETUP.EXE"
Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\MEDIAEXE\PXWAVE.DLL"
Thu 20 May 2004 28,672 A..H. --- "C:\DELL\MEDIAEXE\VXBLOCK.DLL"
Sun 25 Nov 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 4 Oct 2004 417,792 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.0\Maint.exe"
Tue 11 May 2004 61,440 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.0\uinstrsc.dll"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Ben\Application Data\U3\temp\Launchpad Removal.exe"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Mary\Application Data\U3\temp\Launchpad Removal.exe"
Fri 7 Mar 2008 8 A..H. --- "C:\Documents and Settings\Ben\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Fri 7 Mar 2008 8 A..H. --- "C:\Documents and Settings\Ben\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Fri 7 Mar 2008 8 A..H. --- "C:\Documents and Settings\Ben\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Fri 7 Mar 2008 8 A..H. --- "C:\Documents and Settings\Ben\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Fri 7 Mar 2008 8 A..H. --- "C:\Documents and Settings\Ben\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"
Fri 7 Mar 2008 8 A..H. --- "C:\Documents and Settings\Ben\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u6\lock.tmp"

Finished!



THE FOLLOWING IS THE NEW HIJACKTHIS LOGFILE:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:51 PM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cox\Applications\app\Prism.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\thunderbird.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cleveland.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\auserinit.exe
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\thunderbird.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [28071a86] rundll32.exe "C:\WINDOWS\system32\imgdoeia.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (User '?')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1112747012313
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124306605843
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {958FCAB0-616B-11D3-A63F-00001B322780} (TimetickerLittleHelpers.usfServer) - http://www.timeticke...t/TcpServer.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.co...ty4LotTeleX.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 10542 bytes


I hope this was posted to the correct location and I wasn't supposed to create a new post.
  • 0

#4
kahdah
Posted 08 March 2008 - 12:20 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Nope that is perfect you did it correctly. :)

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
WheelsOH76
Posted 09 March 2008 - 11:09 PM

WheelsOH76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Okay, ran the combofix program. The logfile from Combofix will follow.

ComboFix 08-03-09.4 - Ben 2008-03-10 0:48:52.1 - NTFSx86

Running from: C:\Documents and Settings\Ben\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\BM2b34291a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\biihtdkb.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\c2
C:\WINDOWS\system32\c4
C:\WINDOWS\system32\c4\np89104.exe
C:\WINDOWS\SYSTEM32\cnukbrlh.ini
C:\WINDOWS\system32\ddcyxwt.dll
C:\WINDOWS\system32\eeliowiv.dll
C:\WINDOWS\SYSTEM32\fxfnmbxi.ini
C:\WINDOWS\system32\gknukoxj.dll
C:\WINDOWS\system32\gnxofper.dll
C:\WINDOWS\system32\hggefgh.dll
C:\WINDOWS\SYSTEM32\hhhkj.ini
C:\WINDOWS\SYSTEM32\hhhkj.ini2
C:\WINDOWS\system32\hlrbkunc.dll
C:\WINDOWS\system32\hxkyefhk.dll
C:\WINDOWS\system32\iifefcc.dll
C:\WINDOWS\system32\ioesitkc.dll
C:\WINDOWS\system32\ixbmnfxf.dll
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\k8
C:\WINDOWS\system32\k8\ravecom3.exe
C:\WINDOWS\system32\khfffcb.dll
C:\WINDOWS\SYSTEM32\khiiergl.ini
C:\WINDOWS\system32\lgreiihk.dll
C:\WINDOWS\system32\likyjwuy.dll
C:\WINDOWS\system32\lrvevalb.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oaqotstj.dll
C:\WINDOWS\system32\oavehofe.dll
C:\WINDOWS\system32\pjfltife.dll
C:\WINDOWS\system32\puxerpmr.dll
C:\WINDOWS\system32\rdccrhno.dll
C:\WINDOWS\system32\rqrqonn.dll
C:\WINDOWS\system32\s7
C:\WINDOWS\system32\s7\gbsu011.exe
C:\WINDOWS\system32\sdmjfapq.dll
C:\WINDOWS\system32\srjjujri.dll
C:\WINDOWS\system32\ssqopqn.dll
C:\WINDOWS\system32\tcbbshbf.dll
C:\WINDOWS\system32\uabmvnob.dll
C:\WINDOWS\system32\vtuvurq.dll
C:\WINDOWS\SYSTEM32\wavynkao.ini
C:\WINDOWS\system32\xxywtrp.dll
C:\WINDOWS\system32\yiyjsxai.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))
.

2008-03-09 16:17 . 2008-03-10 00:56 4,096 --ahs---- C:\VSNAP.IDX
2008-03-08 22:22 . 2008-03-09 19:07 1,308,101 ---hs---- C:\WINDOWS\SYSTEM32\yeisigok.ini
2008-03-08 15:52 . 2008-03-08 15:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-08 15:52 . 2008-03-08 15:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-08 01:52 . 2008-03-08 01:52 <DIR> d-------- C:\Program Files\SizeExplorer Pro 3.8.6
2008-03-08 01:09 . 2008-03-08 01:09 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Symantec
2008-03-08 01:04 . 2007-04-03 09:59 215,144 -ra------ C:\WINDOWS\patchw32.dll
2008-03-08 01:01 . 2007-04-03 09:59 215,144 -ra------ C:\WINDOWS\pw32a.dll
2008-03-08 00:51 . 2008-03-10 00:47 <DIR> d-------- C:\Program Files\Eraser
2008-03-07 23:23 . 2008-01-10 05:30 133,216 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symsnap.sys
2008-03-07 23:23 . 2007-03-28 21:49 128,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\WimFltr.sys
2008-03-07 23:23 . 2007-03-28 21:29 37,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\v2imount.sys
2008-03-07 23:23 . 2007-07-31 18:22 14,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\vproeventmonitor.sys
2008-03-07 23:21 . 2008-03-08 01:07 <DIR> d-------- C:\Program Files\Norton Ghost
2008-03-07 23:19 . 2008-03-07 23:19 <DIR> d-------- C:\Program Files\Symantec
2008-03-07 23:19 . 2008-03-07 23:22 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-07 23:19 . 2008-03-07 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-07 22:35 . 2008-03-08 01:49 1,307,861 ---hs---- C:\WINDOWS\SYSTEM32\aieodgmi.ini
2008-03-07 22:16 . 2008-03-07 22:16 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-05 20:49 . 2008-03-05 20:49 52,800 --a------ C:\WINDOWS\SYSTEM32\qftbgduo.dll
2008-03-05 20:45 . 2008-03-06 22:26 1,307,534 ---hs---- C:\WINDOWS\SYSTEM32\jhmlqmfp.ini
2008-03-05 20:44 . 2008-03-05 20:44 40,960 --a------ C:\Documents and Settings\Mary\f.exe
2008-03-04 18:15 . 2008-03-04 18:15 52,800 --a------ C:\WINDOWS\SYSTEM32\tijavtxh.dll
2008-03-03 16:36 . 2008-03-04 18:07 1,304,477 ---hs---- C:\WINDOWS\SYSTEM32\ydbibkfy.ini
2008-03-02 21:29 . 2008-03-02 21:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-02 18:17 . 2008-03-02 18:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-02 00:47 . 2008-03-02 00:47 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-02 00:47 . 2008-03-02 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-01 02:14 . 2008-03-01 02:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-01 02:14 . 2008-03-01 02:14 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2008-03-01 02:10 . 2008-03-01 02:10 <DIR> d-------- C:\WINDOWS\SYSTEM32\iDlo18
2008-03-01 02:08 . 2008-03-07 22:11 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-01 02:06 . 2008-03-01 02:06 <DIR> d-------- C:\Program Files\Yahoo! Games
2008-02-16 21:21 . 2008-02-16 21:22 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-16 21:18 . 2008-02-16 21:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2008-02-16 21:12 . 2008-02-16 21:12 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-11 20:48 . 2008-02-11 20:48 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-02-11 18:19 . 2008-02-11 18:19 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-11 18:19 . 2008-02-11 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 14:10 --------- d-----w C:\Program Files\Common Files\Command Software
2008-03-07 18:53 --------- d-----w C:\Program Files\Winamp
2008-03-03 01:58 --------- d-----w C:\Program Files\SecondLife
2008-03-03 01:29 --------- d-----w C:\Program Files\LimeWire
2008-03-03 01:29 --------- d-----w C:\Program Files\AIM
2008-03-03 01:29 --------- d-----w C:\Documents and Settings\Ben\Application Data\Aim
2008-02-26 15:19 --------- d-----w C:\Documents and Settings\Ben\Application Data\SecondLife
2008-02-17 04:27 --------- d-----w C:\Program Files\QuickTime
2008-02-17 04:27 --------- d-----w C:\Program Files\plugins
2008-02-17 01:16 --------- d-----w C:\Program Files\Windows Media Connect
2008-02-15 03:41 --------- d-----w C:\Program Files\SecondLifeWindLight
2008-02-11 22:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-11 22:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-06 20:18 --------- d-----w C:\Program Files\BuildALot_at
2008-01-31 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-31 01:38 --------- d-----w C:\Program Files\Dell Support Center
2008-01-31 01:37 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-31 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-07 15:10 7,291 -c--a-w C:\Program Files\install.log
2007-11-18 02:16 712 ----a-w C:\Program Files\updater.ini
2007-08-21 21:38 6,434 ----a-w C:\Program Files\LICENSE.txt
2007-08-21 21:38 5,533 ----a-w C:\Program Files\removed-files
2007-08-21 21:38 184 ----a-w C:\Program Files\README.txt
2006-09-13 02:54 3,071 -c--a-w C:\Program Files\install_wizard.log
2006-09-13 02:54 1,841 -c--a-w C:\Program Files\install_status.log
2006-08-29 01:55 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-01-06 03:30 54,972 -c--a-w C:\Program Files\tor-bundle-uninstall.exe
2005-12-20 22:31 26,657 -c--a-w C:\Program Files\BUNDLE_LICENSE
2002-09-24 13:24 61,440 -c--a-w C:\WINDOWS\INF\i386\onetUSD.dll
2002-07-09 13:23 36,864 -c--a-w C:\WINDOWS\INF\i386\Vizmicro.dll
2002-05-20 13:20 172,032 -c--a-w C:\WINDOWS\INF\i386\viceo.dll
2002-05-20 13:02 225,280 -c--a-w C:\WINDOWS\INF\i386\rtscan.dll
2001-08-03 23:29 13,824 -c--a-w C:\WINDOWS\INF\i386\Usbscan.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-03-05 20:49 52800 --a------ C:\WINDOWS\system32\qftbgduo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5733CE9-E217-49FE-95F1-70EAF59A9620}]
C:\Program Files\Messenger\mowuz89104.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 11:50 405583]
"Eraser"="C:\Program Files\Eraser\eraser.exe" [2003-07-25 12:15 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-05-13 09:11 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42 1404928]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2002-09-24 09:21 86016]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 14:16 135168]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 18:54 57344]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 21:05 344064]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"Thunderbird"="C:\Program Files\thunderbird.exe" [2008-02-28 01:09 8483952]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2008-01-10 05:43 2037088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-11 18:19:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-03-31 13:28:57 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 13:59:36 806912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"= 0 (0x0)
"disabletaskmgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a79cd2a8-cb88-11db-9a37-001111e36f13}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea009b2e-50af-11db-9803-001111e36f13}]
\Shell\AutoRun\command - G:\JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-28 12:45:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-05 11:48:59 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\SYSTEM32\CLEANMGR.EXE
"2008-03-04 10:59:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TEAMWHEELS-Ben).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-03-10 05:00:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 00:58:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-03-10 1:01:58 - machine was rebooted [Ben]
ComboFix-quarantined-files.txt 2008-03-10 05:01:55
.
2008-03-07 14:07:56 --- E O F ---


THE HIJACKTHIS LOG FOLLOWS HERE


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:11 AM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\thunderbird.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Eraser\eraser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cleveland.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\qftbgduo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: (no name) - {E5733CE9-E217-49FE-95F1-70EAF59A9620} - C:\Program Files\Messenger\mowuz89104.dll (file missing)
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\thunderbird.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide (User '?')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1112747012313
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124306605843
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {958FCAB0-616B-11D3-A63F-00001B322780} (TimetickerLittleHelpers.usfServer) - http://www.timeticke...t/TcpServer.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.co...ty4LotTeleX.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

--
End of file - 11683 bytes


Deleted quite a bit of things on the second go around and reset my default browser to IE (yuck).
  • 0

#6
kahdah
Posted 10 March 2008 - 07:11 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\SYSTEM32\yeisigok.ini
C:\WINDOWS\SYSTEM32\aieodgmi.ini
C:\WINDOWS\SYSTEM32\qftbgduo.dll
C:\WINDOWS\SYSTEM32\jhmlqmfp.ini
C:\Documents and Settings\Mary\f.exe
C:\WINDOWS\SYSTEM32\tijavtxh.dll
C:\WINDOWS\SYSTEM32\ydbibkfy.ini
C:\WINDOWS\SYSTEM32\vbzip10.dll
Folder::
C:\Documents and Settings\All Users\Application Data\Rabio
C:\WINDOWS\SYSTEM32\iDlo18
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt
==============================================================================
Then::
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#7
WheelsOH76
Posted 10 March 2008 - 10:18 PM

WheelsOH76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Okay, here's the latest combofix log am in the process of running the malware scanner.

ComboFix 08-03-09.4 - Ben 2008-03-11 0:07:37.2 - NTFSx86

Running from: C:\Documents and Settings\Ben\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ben\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Mary\f.exe
C:\WINDOWS\SYSTEM32\aieodgmi.ini
C:\WINDOWS\SYSTEM32\jhmlqmfp.ini
C:\WINDOWS\SYSTEM32\qftbgduo.dll
C:\WINDOWS\SYSTEM32\tijavtxh.dll
C:\WINDOWS\SYSTEM32\vbzip10.dll
C:\WINDOWS\SYSTEM32\ydbibkfy.ini
C:\WINDOWS\SYSTEM32\yeisigok.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\Mary\f.exe
C:\WINDOWS\SYSTEM32\aieodgmi.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\SYSTEM32\iDlo18
C:\WINDOWS\SYSTEM32\iDlo18\iDlo182328.exe
C:\WINDOWS\SYSTEM32\jhmlqmfp.ini
C:\WINDOWS\SYSTEM32\qftbgduo.dll
C:\WINDOWS\SYSTEM32\tijavtxh.dll
C:\WINDOWS\SYSTEM32\vbzip10.dll
C:\WINDOWS\SYSTEM32\ydbibkfy.ini
C:\WINDOWS\SYSTEM32\yeisigok.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
.

2008-03-10 17:15 . 2008-03-10 17:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-10 17:15 . 2008-03-10 17:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 16:17 . 2008-03-10 01:16 4,096 --ahs---- C:\VSNAP.IDX
2008-03-08 01:52 . 2008-03-08 01:52 <DIR> d-------- C:\Program Files\SizeExplorer Pro 3.8.6
2008-03-08 01:09 . 2008-03-08 01:09 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Symantec
2008-03-08 01:04 . 2007-04-03 09:59 215,144 -ra------ C:\WINDOWS\patchw32.dll
2008-03-08 01:01 . 2007-04-03 09:59 215,144 -ra------ C:\WINDOWS\pw32a.dll
2008-03-08 00:51 . 2008-03-10 10:09 <DIR> d-------- C:\Program Files\Eraser
2008-03-07 23:23 . 2008-01-10 05:30 133,216 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symsnap.sys
2008-03-07 23:23 . 2007-03-28 21:49 128,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\WimFltr.sys
2008-03-07 23:23 . 2007-03-28 21:29 37,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\v2imount.sys
2008-03-07 23:23 . 2007-07-31 18:22 14,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\vproeventmonitor.sys
2008-03-07 23:21 . 2008-03-08 01:07 <DIR> d-------- C:\Program Files\Norton Ghost
2008-03-07 23:19 . 2008-03-07 23:19 <DIR> d-------- C:\Program Files\Symantec
2008-03-07 23:19 . 2008-03-07 23:22 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-07 23:19 . 2008-03-07 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-07 22:16 . 2008-03-07 22:16 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-02 21:29 . 2008-03-02 21:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-02 18:17 . 2008-03-02 18:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-02 00:47 . 2008-03-02 00:47 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-02 00:47 . 2008-03-02 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-01 02:08 . 2008-03-07 22:11 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-01 02:06 . 2008-03-01 02:06 <DIR> d-------- C:\Program Files\Yahoo! Games
2008-02-16 21:21 . 2008-02-16 21:22 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-16 21:18 . 2008-02-16 21:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2008-02-16 21:12 . 2008-02-16 21:12 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-11 20:48 . 2008-02-11 20:48 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-02-11 18:19 . 2008-02-11 18:19 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-11 18:19 . 2008-02-11 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 14:10 --------- d-----w C:\Program Files\Common Files\Command Software
2008-03-07 18:53 --------- d-----w C:\Program Files\Winamp
2008-03-03 01:58 --------- d-----w C:\Program Files\SecondLife
2008-03-03 01:29 --------- d-----w C:\Program Files\LimeWire
2008-03-03 01:29 --------- d-----w C:\Program Files\AIM
2008-03-03 01:29 --------- d-----w C:\Documents and Settings\Ben\Application Data\Aim
2008-02-26 15:19 --------- d-----w C:\Documents and Settings\Ben\Application Data\SecondLife
2008-02-17 04:27 --------- d-----w C:\Program Files\QuickTime
2008-02-17 04:27 --------- d-----w C:\Program Files\plugins
2008-02-17 01:16 --------- d-----w C:\Program Files\Windows Media Connect
2008-02-15 03:41 --------- d-----w C:\Program Files\SecondLifeWindLight
2008-02-11 22:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-11 22:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-06 20:18 --------- d-----w C:\Program Files\BuildALot_at
2008-01-31 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-31 01:38 --------- d-----w C:\Program Files\Dell Support Center
2008-01-31 01:37 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-31 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2008-01-07 15:10 7,291 -c--a-w C:\Program Files\install.log
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2007-11-18 02:16 712 ----a-w C:\Program Files\updater.ini
2007-08-21 21:38 6,434 ----a-w C:\Program Files\LICENSE.txt
2007-08-21 21:38 5,533 ----a-w C:\Program Files\removed-files
2007-08-21 21:38 184 ----a-w C:\Program Files\README.txt
2006-09-13 02:54 3,071 -c--a-w C:\Program Files\install_wizard.log
2006-09-13 02:54 1,841 -c--a-w C:\Program Files\install_status.log
2006-08-29 01:55 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-01-06 03:30 54,972 -c--a-w C:\Program Files\tor-bundle-uninstall.exe
2005-12-20 22:31 26,657 -c--a-w C:\Program Files\BUNDLE_LICENSE
2002-09-24 13:24 61,440 -c--a-w C:\WINDOWS\INF\i386\onetUSD.dll
2002-07-09 13:23 36,864 -c--a-w C:\WINDOWS\INF\i386\Vizmicro.dll
2002-05-20 13:20 172,032 -c--a-w C:\WINDOWS\INF\i386\viceo.dll
2002-05-20 13:02 225,280 -c--a-w C:\WINDOWS\INF\i386\rtscan.dll
2001-08-03 23:29 13,824 -c--a-w C:\WINDOWS\INF\i386\Usbscan.sys
.

((((((((((((((((((((((((((((( snapshot@2008-03-10_ 1.01.43.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-03-31 17:38:54 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:54 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 49,152 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 49,152 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 49,152 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 49,152 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 49,152 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 49,152 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 49,152 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 49,152 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 49,152 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 49,152 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 49,152 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 49,152 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 49,152 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 49,152 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 40,960 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
+ 2008-03-10 05:18:22 40,960 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-03-31 17:38:55 65,536 -c--a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-03-10 05:18:22 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
+ 2002-09-20 14:45:00 123,017 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\acpdf207.dll
+ 2002-09-20 14:45:00 72,720 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\acpdfui207.dll
+ 2008-03-10 12:40:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7b4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5733CE9-E217-49FE-95F1-70EAF59A9620}]
C:\Program Files\Messenger\mowuz89104.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 11:50 405583]
"Eraser"="C:\Program Files\Eraser\eraser.exe" [2003-07-25 12:15 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-05-13 09:11 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42 1404928]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2002-09-24 09:21 86016]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 14:16 135168]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 18:54 57344]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 21:05 344064]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"Thunderbird"="C:\Program Files\thunderbird.exe" [2008-02-28 01:09 8483952]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2008-01-10 05:43 2037088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-11 18:19:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-03-31 13:28:57 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 13:59:36 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a79cd2a8-cb88-11db-9a37-001111e36f13}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea009b2e-50af-11db-9803-001111e36f13}]
\Shell\AutoRun\command - G:\JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-28 12:45:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-05 11:48:59 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\SYSTEM32\CLEANMGR.EXE
"2008-03-11 04:09:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TEAMWHEELS-Ben).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-03-10 12:43:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 00:11:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-11 0:12:11
ComboFix-quarantined-files.txt 2008-03-11 04:12:10
ComboFix2.txt 2008-03-10 05:01:59
.
2008-03-07 14:07:56 --- E O F ---
  • 0

#8
WheelsOH76
Posted 11 March 2008 - 12:22 AM

WheelsOH76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
and the MBAM logfile

Malwarebytes' Anti-Malware 1.08
Database version: 476

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 289487
Time elapsed: 1 hour(s), 0 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\Zmg3s7mTBOpj\VirusBin\Infected-E09549D53FA37A04 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\Zmg3s7mTBOpj\VirusBin\Infected-E09F2F71397514B1 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\Zmg3s7mTBOpj\VirusBin\Infected-E0A32F2E132A24D9 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\Mary\f.exe.vir (Spyware.FirePass) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\c4\np89104.exe.vir (Adware.TTC) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\k8\ravecom3.exe.vir (Adware.RABCO) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\s7\gbsu011.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

#9
kahdah
Posted 11 March 2008 - 02:33 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

  • 0

#10
WheelsOH76
Posted 11 March 2008 - 03:00 PM

WheelsOH76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here are the TOtal Scan results.

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-03-11 17:00:25
PROTECTIONS: 1
MALWARE: 56
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Windows Defender 1.1.3301.0 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00018331 adware/gator Adware No 0 Yes No c:\windows\gatoruninstaller_cme_u.log
00018331 adware/gator Adware No 0 Yes No c:\windows\gatoruninstaller_cme.log
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm
00118392 Adware/Trymedia Adware No 0 Yes No C:\Downloads\BPHPAC~1.EXE
00118392 Adware/Trymedia Adware No 0 Yes No C:\Downloads\BigKahunaReefSetup-dm[1].exe
00118392 Adware/Trymedia Adware No 0 Yes No C:\Downloads\moisdne-dm[1].exe
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ben\Application Data\SecondLife\browser_profile\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Ben\Desktop\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Ben\Desktop\SDFix.exe[SDFix\apps\Process.exe]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.bfast.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@fastclick[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No F:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\kc99aec0.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.mediaplex.com/]
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@mysearch[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@ccbill[2].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@ccbill[2].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@belnk[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@belnk[1].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\[email protected][2].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\[email protected][2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\kc99aec0.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@com[1].txt
00167733 Cookie/Adserver TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\[email protected][1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\kc99aec0.default\cookies.txt[.statcounter.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No F:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\kc99aec0.default\cookies.txt[.perf.overture.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.perf.overture.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\[email protected][1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Ben\Application Data\SecondLife\browser_profile\cookies.txt[.perf.overture.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.perf.overture.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No F:\Documents and Settings\Ben\Application Data\SecondLife\browser_profile\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\Ben\Application Data\SecondLife\browser_profile\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\kc99aec0.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\kc99aec0.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Ben\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Ben\Application Data\SecondLife\browser_profile\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Ben\Application Data\SecondLife\browser_profile\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\Ben\Application Data\SecondLife\browser_profile\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Ben\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\[email protected][3].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.burstnet.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\[email protected][1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\[email protected][1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@weborama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@weborama[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\[email protected][1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@adrevolver[2].txt
00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find
00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\[email protected][1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No F:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\plz7qzmd.default\cookies.txt[statse.webtrendslive.com/dcsgcxwngpifwznfzlmv83o6w_5w4m]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No F:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\plz7qzmd.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\[email protected][2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\[email protected][2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\[email protected][2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Ben\Application Data\SecondLife\browser_profile\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No F:\Documents and Settings\Sam\Cookies\sam@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No F:\Documents and Settings\Ben\Application Data\SecondLife\browser_profile\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@realmedia[2].txt
00171718 Cookie/Enhance TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\[email protected][1].txt
00171718 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\[email protected][1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@adrevolver[3].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.adrevolver.com/]
00186561 Cookie/Banner TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@banner[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\inb3ymir.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\inb3ymir.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Sam\Cookies\sam@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\inb3ymir.default\cookies.txt[.go.com/]
00206571 Application/Altnet HackTools No 0 Yes No F:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab
00206571 Application/Altnet HackTools No 0 Yes No C:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab
00207338 Cookie/Target TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@target[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@target[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.target.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\mary@did-it[1].txt
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Ben\Shared\Corel Paint Shop Pro Photo X2 v12.0 (Full Version with Keygen).zip[Setup.exe]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Application Data\Mozilla\Profiles\default\ox8mrgja.slt\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Profiles\default\ox8mrgja.slt\cookies.txt[.atwola.com/]
00296582 Cookie/DriveCleaner TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\[email protected][2].txt
00296582 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\[email protected][2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\mary@drivecleaner[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Cookies\[email protected][2].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Mary\Cookies\[email protected][1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No F:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\6dn80fdo.default\cookies.txt[citi.bridgetrack.com/]
00958505 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
00959011 Adware/AzeSearch Adware No 0 No No C:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab[mySetp.exe]
00959011 Adware/AzeSearch Adware No 0 No No F:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab[mySetp.exe]
01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
02219087 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Aphex.exe
02690922 Trj/Multidropper.RJS Virus/Trojan No 0 Yes No C:\Documents and Settings\Ben\Desktop\SDFix\backups\backups.zip[backups/svchost.exe]
02690922 Trj/Multidropper.RJS Virus/Trojan No 0 Yes No C:\Documents and Settings\Ben\Desktop\SDFix\backups\backups.zip[backups/Crack.exe]
02887738 Trj/Downloader.PLF Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iDlo18\iDlo182328.exe.vir
02898733 Trj/Downloader.SLD Virus/Trojan No 1 Yes No C:\Documents and Settings\Ben\Desktop\SDFix\backups\backups.zip[backups/b116.exe]
02903391 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\likyjwuy.dll.vir
02903391 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\yiyjsxai.dll.vir
02903391 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\eeliowiv.dll.vir
02903774 Trj/Downloader.SUZ Virus/Trojan No 0 Yes No C:\Documents and Settings\Ben\Desktop\SDFix\backups\backups.zip[backups/mrofinu1000106.exe]
02905018 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gknukoxj.dll.vir
02905019 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\puxerpmr.dll.vir
02905020 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sdmjfapq.dll.vir
02905021 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hlrbkunc.dll.vir
02905446 Trj/Dropper.ABG Virus/Trojan No 0 Yes No C:\Documents and Settings\Ben\Desktop\SDFix\backups\backups.zip[backups/b152.exe]
;===============================================================================
=================================================================================
===================
SUSPECTS
Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
  • 0

Advertisements

#11
kahdah
Posted 11 March 2008 - 06:13 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Make sure that you paste the following file paths under the yellow bar within the OTMoveit2 program or it will not work correctly.


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    c:\windows\gatoruninstaller_cme_u.log
c:\windows\gatoruninstaller_cme.log
hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm
C:\Downloads\BPHPAC~1.EXE
C:\Downloads\BigKahunaReefSetup-dm[1].exe
C:\Downloads\moisdne-dm[1].exe
C:\Documents and Settings\Ben\Desktop\SDFix
hkey_current_user\software\need2find
hkey_local_machine\software\need2find
F:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab
C:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
C:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab
F:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab
C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
C:\Program Files\GameSpy Arcade\Aphex.exe


  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=========================
Also please post a new Hijackthis log and let me know how things are running?
  • 0

#12
WheelsOH76
Posted 11 March 2008 - 08:38 PM

WheelsOH76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Things are going much better, very fast. They get faster with each fix. Here's the Old Timer's log...

[Custom Input]
< c:\windows\gatoruninstaller_cme_u.log >
c:\windows\GatorUninstaller_cme_u.log moved successfully.
< c:\windows\gatoruninstaller_cme.log >
c:\windows\GatorUninstaller_cme.log moved successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm\\ deleted successfully.
< C:\Downloads\BPHPAC~1.EXE >
C:\Downloads\BPHPAC~1.EXE moved successfully.
< C:\Downloads\BigKahunaReefSetup-dm[1].exe >
C:\Downloads\BigKahunaReefSetup-dm[1].exe moved successfully.
< C:\Downloads\moisdne-dm[1].exe >
C:\Downloads\moisdne-dm[1].exe moved successfully.
< C:\Documents and Settings\Ben\Desktop\SDFix >
File/Folder C:\Documents and Settings\Ben\Desktop\SDFix not found.
< hkey_current_user\software\need2find >
Registry key hkey_current_user\software\need2find\\ deleted successfully.
< hkey_local_machine\software\need2find >
Registry key hkey_local_machine\software\need2find\\ not found.
< F:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab >
F:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab moved successfully.
< C:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab >
C:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab moved successfully.
< C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll >
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll unregistered successfully.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll moved successfully.
< C:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab >
File/Folder C:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab not found.
< F:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab >
File/Folder F:\RECYCLER\S-1-5-21-842925246-796845957-839522115-1003\Dd2.cab not found.
< C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll >
DllUnregisterServer procedure not found in C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll NOT unregistered.
C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll moved successfully.
< C:\Program Files\GameSpy Arcade\Aphex.exe >
C:\Program Files\GameSpy Arcade\Aphex.exe moved successfully.

OTMoveIt2 v1.0.21 log created on 03112008_223645


and now a hijackthis log....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:06 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\thunderbird.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cleveland.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: (no name) - {E5733CE9-E217-49FE-95F1-70EAF59A9620} - C:\Program Files\Messenger\mowuz89104.dll (file missing)
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\thunderbird.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\RunOnce: [*SPRTRA] rundll32.exe "C:\PROGRA~1\COMMON~1\SYMANT~1\SUPPOR~1\tgctlcm.dll",JoinBackIssue
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide (User '?')
O4 - HKUS\S-1-5-21-568151950-2823069611-3313978389-1006\..\RunOnce: [*SPRTRA] rundll32.exe "C:\PROGRA~1\COMMON~1\SYMANT~1\SUPPOR~1\tgctlcm.dll",JoinBackIssue (User '?')
O4 - S-1-5-21-568151950-2823069611-3313978389-1006 Startup: JVA Second Life Bot.lnk = C:\Program Files\JVA Second Life Bot\MultiBot.exe (User '?')
O4 - Startup: JVA Second Life Bot.lnk = C:\Program Files\JVA Second Life Bot\MultiBot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1112747012313
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124306605843
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {958FCAB0-616B-11D3-A63F-00001B322780} (TimetickerLittleHelpers.usfServer) - http://www.timeticke...t/TcpServer.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.co...ty4LotTeleX.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 12272 bytes


A few times I had to restart the virus software after a fix.....the virus software picked up ComboFix as a potential virus, don't know if that means anything or if it's just a "Heuristic" thing :)
  • 0

#13
kahdah
Posted 11 March 2008 - 08:47 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes Combofix is sometimes detected as a threat but it is not.
It uses scripts while it is running so anti virus programs try to block it claiming it is malware.
============================================================
Please reopen Hijackthis and choose "Do a system scan only"
Then place a check mark next to this entry below:

O2 - BHO: (no name) - {E5733CE9-E217-49FE-95F1-70EAF59A9620} - C:\Program Files\Messenger\mowuz89104.dll (file missing)

Then click on Fix Checked and then close Hijackthis.
=====================================
Cleanup::
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

After reboot delete or uninstall anything that is left over that we used.
=================================================
After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
========================================
Then I will need you to reset your System Restore points
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
============================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#14
WheelsOH76
Posted 11 March 2008 - 11:59 PM

WheelsOH76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Super excellent and great. Thanks a bunch. One thing I think I forgot to mention, after a couple of fixes, I noticed that the computer "installed" Quickbooks upon restarting. Is that something to worry about?
  • 0

#15
kahdah
Posted 12 March 2008 - 01:53 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hmm that is strange.
Maybe just a fluke as I didn't see anything about quickbooks in any of your logs.
Not sure why that would happen.
It doesn't seem to be a problem.

You are welcome.



Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP