Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

We use Mozilla, IE keeps opening and redirecting.. Gooochi [CLOSED]


  • This topic is locked This topic is locked

#1
rudavenj

rudavenj

    New Member

  • Member
  • Pip
  • 1 posts
Comp working very slowly. One ad said gooochi and i read a lot of bad things about that. Had wallpaper problems apparently called winvi which i did remove. Had trouble with the Panda scan could not seem to generate a report. Here are my logs. Thanks in advance for your help. It would be great if you could tell me what I can take off of the computer from the program uninstall list. Thanks so much!


Hi jack this Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:51 PM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {DAAA1D78-B172-4340-BB43-348DF64C9CFC} - C:\WINDOWS\system32\dx3.dll
O2 - BHO: {24cc33c6-610b-f209-d7e4-f8188f3a65cd} - {dc56a3f8-818f-4e7d-902f-b0166c33cc42} - C:\WINDOWS\system32\uistohhl.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.exe" /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm059YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab40641.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/...no.cab41096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...31.5/ttinst.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byvtu - C:\WINDOWS\System32\byvtu.dll (file missing)
O20 - Winlogon Notify: ssqonmk - ssqonmk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11970 bytes








Uninstall List:

Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player
AppCore
Apple Mobile Device Support
Apple Software Update
AV
BCM V.92 56K Modem
BroadJump Client Foundation
CA Yahoo! Anti-Spy (remove only)
ccCommon
ccCommon
Connection Keep Alive
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Dell Support
Dell Wireless WLAN Utility
Disney's Lilo & Stitch Pinball
Disney's Toontown Online
DVDSentry
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel® Extreme Graphics 2 Driver
Internet Explorer Default Page
Internet Worm Protection
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 2
Java™ 6 Update 5
JumpStart Advanced Language Club
JumpStart Advanced Preschool
JumpStart Art for Fun
Learn2 Player (Uninstall Only)
Lexmark Supplies Monitor
Lexmark Z25-Z35
LiveUpdate 3.1 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Broadband Networking
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Modem Helper
Monopoly - SpongeBob SquarePants Edition
Mozilla Firefox (2.0.0.14)
MSN Music Assistant
MSRedist
MUSICMATCH® Jukebox
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Cleanup
Norton GoBack 4.1
Norton Protection Center
Norton Protection Center
Norton SystemWorks
Norton SystemWorks 2006
Norton SystemWorks 2006 (Symantec Corporation)
Norton Utilities
NSW_DRM_COLLECTION
Panda ActiveScan 2.0
Pop-Up Stopper Free Edition
PowerDVD
QuickSet
QuickTime
Reading 4 Kids
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SPBBC 32bit
Spybot - Search & Destroy 1.4
SpywareBlaster 4.0
SUPERAntiSpyware Free Edition
Symantec
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
Talking Math 4 Kids
Uniblue RegistryBooster 2
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Media Player
WeatherBug
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Yahoo! Toolbar
Yahoo! Toolbar

Anti Spyware Scan Log:

SUPERAntiSpyware Scan Log
Generated 05/19/2008 at 05:16 PM

Application Version : 3.6.1000

Core Rules Database Version : 3463
Trace Rules Database Version: 1454

Scan type : Complete Scan
Total Scan Time : 01:49:01

Memory items scanned : 489
Memory threats detected : 2
Registry items scanned : 6763
Registry threats detected : 20
File items scanned : 44854
File threats detected : 239

Trojan.Downloader-CREW
C:\WINDOWS\SYSTEM32\WURUNXML.DLL
C:\WINDOWS\SYSTEM32\WURUNXML.DLL
HKLM\Software\Classes\CLSID\{5EAB6ADE-32B5-45EB-83DB-CAADF832F06c}
HKCR\CLSID\{5EAB6ADE-32B5-45EB-83DB-CAADF832F06C}
HKCR\CLSID\{5EAB6ADE-32B5-45EB-83DB-CAADF832F06C}\InprocServer32
HKCR\CLSID\{5EAB6ADE-32B5-45EB-83DB-CAADF832F06C}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{7C2AFD67-AEF8-45AC-B5C1-D5D278806E6e}
HKCR\CLSID\{7C2AFD67-AEF8-45AC-B5C1-D5D278806E6E}
HKCR\CLSID\{7C2AFD67-AEF8-45AC-B5C1-D5D278806E6E}\InprocServer32
HKCR\CLSID\{7C2AFD67-AEF8-45AC-B5C1-D5D278806E6E}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5EAB6ADE-32B5-45EB-83DB-CAADF832F06c}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C2AFD67-AEF8-45AC-B5C1-D5D278806E6e}
C:\WINDOWS\SYSTEM32\KPOEGHHL.DLL
C:\WINDOWS\SYSTEM32\MOHNYKYW.DLL
C:\WINDOWS\SYSTEM32\NXRWRVGP.DLL
C:\WINDOWS\SYSTEM32\SEAPADAE.DLL
C:\WINDOWS\SYSTEM32\TWSPEXPB.DLL
C:\WINDOWS\SYSTEM32\UCBHEXQL.DLL

Worm.Rbot Variant
C:\WINDOWS\SYSTEM32\P2PNETWORKING.EXE
C:\WINDOWS\SYSTEM32\P2PNETWORKING.EXE
[p2p networking] C:\WINDOWS\SYSTEM32\P2PNETWORKING.EXE
C:\PROGRAM FILES\UY.EXE
C:\RECYCLER\NPROTECT\02068557.EXE
C:\RECYCLER\NPROTECT\02073089.EXE
C:\RECYCLER\NPROTECT\02073092.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP563\A1728439.EXE

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\ANGELO GAMBA\MY DOCUMENTS\LIMEWIRE\SAVED\THE KING OF KONG (2007)\VIDEO.EXE
C:\PROGRAM FILES\TRACK_03.EXE
C:\PROGRAM FILES\VIDEO.EXE
C:\RECYCLER\NPROTECT\02069132.EXE
C:\RECYCLER\NPROTECT\02069133.EXE
C:\RECYCLER\NPROTECT\02071917.EXE
C:\RECYCLER\NPROTECT\02071918.EXE
C:\RECYCLER\NPROTECT\02072507.EXE
C:\RECYCLER\NPROTECT\02072508.EXE
C:\RECYCLER\NPROTECT\02073091.EXE
C:\RECYCLER\NPROTECT\02073113.DLL
C:\RECYCLER\NPROTECT\02073114.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP554\A1714461.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP554\A1714462.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP554\A1714463.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP554\A1714464.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP554\A1714465.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP554\A1714466.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP554\A1714467.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP554\A1714468.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP554\A1714469.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP554\A1714470.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP555\A1715478.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP555\A1715479.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP556\A1716478.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP556\A1716479.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP557\A1717549.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP557\A1717550.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP557\A1718480.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP557\A1718481.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP557\A1718498.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP557\A1718499.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP557\A1719498.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP557\A1719499.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP558\A1719580.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP558\A1719581.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP558\A1720567.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP558\A1720568.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP558\A1721565.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP558\A1721566.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP559\A1722032.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP559\A1722033.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP559\A1723032.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP559\A1723033.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP559\A1723058.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP559\A1723059.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP559\A1723184.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP559\A1723185.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP561\A1724181.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP561\A1724182.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP561\A1724270.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP561\A1724271.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP561\A1725270.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP561\A1725271.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP561\A1725591.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP561\A1725592.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP561\A1726270.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP561\A1726271.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP561\A1727272.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP561\A1727273.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP563\A1728421.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP563\A1728422.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP564\A1729270.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP564\A1729271.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP564\A1730270.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP564\A1730271.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP564\A1730272.EXE
C:\WINDOWS\SYSTEM32\BETVMXVT.EXE
C:\WINDOWS\SYSTEM32\GRWEYDKQ.EXE
C:\WINDOWS\SYSTEM32\LWCCVECG.EXE
C:\WINDOWS\SYSTEM32\NPALCYAL.EXE
C:\WINDOWS\SYSTEM32\NRJXCUVV.EXE
C:\WINDOWS\SYSTEM32\VSJLENPC.EXE
C:\WINDOWS\SYSTEM32\YYQSVFYP.EXE

Browser Hijacker.AwesomeHomepage
C:\PROGRAM FILES\WINUPDATER\UPDATE.EXE

Adware.DeeWoo/ThinkAdz
C:\RECYCLER\NPROTECT\02073094.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP563\A1728441.EXE

Adware.Vundo Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP507\A1702617.DLL

Trojan.WinSoftware/WinFixer
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UWFX5RS_0001_0808NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWA5PNETINSTALLER.EXE

Trojan.Downloader-Gen/DDC
C:\WINDOWS\SYSTEM32\AAYBPCUV.EXE
C:\WINDOWS\SYSTEM32\BAYXOYXO.EXE
C:\WINDOWS\SYSTEM32\BDCPFRDG.EXE
C:\WINDOWS\SYSTEM32\BEGLPPVB.EXE
C:\WINDOWS\SYSTEM32\BLRBURBO.EXE
C:\WINDOWS\SYSTEM32\CANRBFGV.EXE
C:\WINDOWS\SYSTEM32\CDBTXLDV.EXE
C:\WINDOWS\SYSTEM32\CHEPSOAU.EXE
C:\WINDOWS\SYSTEM32\CKUBIRQE.EXE
C:\WINDOWS\SYSTEM32\CMOHTQOO.EXE
C:\WINDOWS\SYSTEM32\CRGDWUFC.EXE
C:\WINDOWS\SYSTEM32\CRLKUORC.EXE
C:\WINDOWS\SYSTEM32\CVFGLDFR.EXE
C:\WINDOWS\SYSTEM32\CXULRCWT.EXE
C:\WINDOWS\SYSTEM32\DEKOBNWV.EXE
C:\WINDOWS\SYSTEM32\DMUREOKG.EXE
C:\WINDOWS\SYSTEM32\DOGFGWSA.EXE
C:\WINDOWS\SYSTEM32\DPTGBFVF.EXE
C:\WINDOWS\SYSTEM32\EFVDCRUG.EXE
C:\WINDOWS\SYSTEM32\EINYPCYS.EXE
C:\WINDOWS\SYSTEM32\EKHIDHGL.EXE
C:\WINDOWS\SYSTEM32\EQUJOOFQ.EXE
C:\WINDOWS\SYSTEM32\EUDCOVRA.EXE
C:\WINDOWS\SYSTEM32\EYKBDXPN.EXE
C:\WINDOWS\SYSTEM32\EYOGSMOO.EXE
C:\WINDOWS\SYSTEM32\FBJRQKUC.EXE
C:\WINDOWS\SYSTEM32\FBXRMWEP.EXE
C:\WINDOWS\SYSTEM32\FFJNKGTF.EXE
C:\WINDOWS\SYSTEM32\FJQJNVFB.EXE
C:\WINDOWS\SYSTEM32\FMFVSBFQ.EXE
C:\WINDOWS\SYSTEM32\FSNVDCPY.EXE
C:\WINDOWS\SYSTEM32\FTLXHNWD.EXE
C:\WINDOWS\SYSTEM32\GDOEWFTR.EXE
C:\WINDOWS\SYSTEM32\GFMYNEKD.EXE
C:\WINDOWS\SYSTEM32\GNNUSUYL.EXE
C:\WINDOWS\SYSTEM32\GVCERGBU.EXE
C:\WINDOWS\SYSTEM32\HFEQMKUE.EXE
C:\WINDOWS\SYSTEM32\HHXMFOBO.EXE
C:\WINDOWS\SYSTEM32\HJPVWFGY.EXE
C:\WINDOWS\SYSTEM32\HYWAWCND.EXE
C:\WINDOWS\SYSTEM32\ICWTJKHS.EXE
C:\WINDOWS\SYSTEM32\IFANCLEJ.EXE
C:\WINDOWS\SYSTEM32\IGKBXPSO.EXE
C:\WINDOWS\SYSTEM32\IIQXMNKJ.EXE
C:\WINDOWS\SYSTEM32\INMYNRGB.EXE
C:\WINDOWS\SYSTEM32\IOKQVVFG.EXE
C:\WINDOWS\SYSTEM32\IQDAPRHA.EXE
C:\WINDOWS\SYSTEM32\IQGMEUNN.EXE
C:\WINDOWS\SYSTEM32\IRTGCFDW.EXE
C:\WINDOWS\SYSTEM32\ISHFMQDN.EXE
C:\WINDOWS\SYSTEM32\JDDMBAKY.EXE
C:\WINDOWS\SYSTEM32\JDMTWWUM.EXE
C:\WINDOWS\SYSTEM32\JEDOCAOS.EXE
C:\WINDOWS\SYSTEM32\JHGTATCA.EXE
C:\WINDOWS\SYSTEM32\JHYUTQCL.EXE
C:\WINDOWS\SYSTEM32\JNUYSGXR.EXE
C:\WINDOWS\SYSTEM32\JPXTYSWG.EXE
C:\WINDOWS\SYSTEM32\JYDBBHFB.EXE
C:\WINDOWS\SYSTEM32\KHJTUILB.EXE
C:\WINDOWS\SYSTEM32\KTVASKHO.EXE
C:\WINDOWS\SYSTEM32\KUMSEIBJ.EXE
C:\WINDOWS\SYSTEM32\LEQCYQVT.EXE
C:\WINDOWS\SYSTEM32\LJHHLWTQ.EXE
C:\WINDOWS\SYSTEM32\LKWJIWMP.EXE
C:\WINDOWS\SYSTEM32\LLDQKFHX.EXE
C:\WINDOWS\SYSTEM32\LNOWPKXV.EXE
C:\WINDOWS\SYSTEM32\MJTDJJIJ.EXE
C:\WINDOWS\SYSTEM32\MRMFXIBQ.EXE
C:\WINDOWS\SYSTEM32\NGJUKEXR.EXE
C:\WINDOWS\SYSTEM32\NHQRKJRY.EXE
C:\WINDOWS\SYSTEM32\NNQMWQNY.EXE
C:\WINDOWS\SYSTEM32\NTSAEKUM.EXE
C:\WINDOWS\SYSTEM32\NYPRCGKS.EXE
C:\WINDOWS\SYSTEM32\ODYLAUFS.EXE
C:\WINDOWS\SYSTEM32\OGQBVHGW.EXE
C:\WINDOWS\SYSTEM32\OOICDVWV.EXE
C:\WINDOWS\SYSTEM32\OPQNCKNS.EXE
C:\WINDOWS\SYSTEM32\PPLODGXN.EXE
C:\WINDOWS\SYSTEM32\PRUCJSNW.EXE
C:\WINDOWS\SYSTEM32\PRYGMFUV.EXE
C:\WINDOWS\SYSTEM32\PYEBOYKP.EXE
C:\WINDOWS\SYSTEM32\PYVVMPHE.EXE
C:\WINDOWS\SYSTEM32\QFWFRRHT.EXE
C:\WINDOWS\SYSTEM32\QGGEXRLO.EXE
C:\WINDOWS\SYSTEM32\QHFRAUOO.EXE
C:\WINDOWS\SYSTEM32\QPIDVDOK.EXE
C:\WINDOWS\SYSTEM32\QQSUHPYO.EXE
C:\WINDOWS\SYSTEM32\QRQCBBAW.EXE
C:\WINDOWS\SYSTEM32\QWNQXNKM.EXE
C:\WINDOWS\SYSTEM32\QYEOFJBA.EXE
C:\WINDOWS\SYSTEM32\RGGDCCQV.EXE
C:\WINDOWS\SYSTEM32\RJWUWQOB.EXE
C:\WINDOWS\SYSTEM32\RJYYSVYJ.EXE
C:\WINDOWS\SYSTEM32\RNPCNUWI.EXE
C:\WINDOWS\SYSTEM32\RQNAOXQY.EXE
C:\WINDOWS\SYSTEM32\RTMKRWQC.EXE
C:\WINDOWS\SYSTEM32\RUIASXPF.EXE
C:\WINDOWS\SYSTEM32\SDLJWKST.EXE
C:\WINDOWS\SYSTEM32\SNLQAKSE.EXE
C:\WINDOWS\SYSTEM32\SQHYCLPO.EXE
C:\WINDOWS\SYSTEM32\TCPNQRRT.EXE
C:\WINDOWS\SYSTEM32\TFSCOBQJ.EXE
C:\WINDOWS\SYSTEM32\TYUNIRKO.EXE
C:\WINDOWS\SYSTEM32\UEPEMIXV.EXE
C:\WINDOWS\SYSTEM32\UMGYLHTK.EXE
C:\WINDOWS\SYSTEM32\URFUKESM.EXE
C:\WINDOWS\SYSTEM32\USLRTPOQ.EXE
C:\WINDOWS\SYSTEM32\VADAALNP.EXE
C:\WINDOWS\SYSTEM32\VEWGJXPV.EXE
C:\WINDOWS\SYSTEM32\VNGQTEJX.EXE
C:\WINDOWS\SYSTEM32\WFUOWFGG.EXE
C:\WINDOWS\SYSTEM32\WULVFTBC.EXE
C:\WINDOWS\SYSTEM32\XERNOLDS.EXE
C:\WINDOWS\SYSTEM32\XGBEXHPG.EXE
C:\WINDOWS\SYSTEM32\XGOMHRSX.EXE
C:\WINDOWS\SYSTEM32\XTJUBLCG.EXE
C:\WINDOWS\SYSTEM32\XXOEUHWT.EXE
C:\WINDOWS\SYSTEM32\YGSQJVLV.EXE
C:\WINDOWS\SYSTEM32\YHDKKFTR.EXE
C:\WINDOWS\SYSTEM32\YHPLUUWS.EXE
C:\WINDOWS\SYSTEM32\YIRFQWEA.EXE
C:\WINDOWS\SYSTEM32\YWNIMHFD.EXE
C:\WINDOWS\SYSTEM32\YXIOKWYP.EXE

Trojan.Downloader-SpyTool
C:\WINDOWS\SYSTEM32\BFODLSIO.DLL
C:\WINDOWS\SYSTEM32\FPKKXOCO.DLL
C:\WINDOWS\SYSTEM32\NATMMXYV.DLL
C:\WINDOWS\SYSTEM32\OADOSVCS.DLL
C:\WINDOWS\SYSTEM32\PWABHUJS.DLL
C:\WINDOWS\SYSTEM32\TKTJWOYK.DLL
C:\WINDOWS\SYSTEM32\TQXGAXTF.DLL

Adware.Vundo/Traff-2
C:\WINDOWS\SYSTEM32\EMPJJOFD.EXE
C:\WINDOWS\SYSTEM32\FSPLWLHI.EXE
C:\WINDOWS\SYSTEM32\GNQWIQAA.EXE
C:\WINDOWS\SYSTEM32\GUIFDFSD.EXE
C:\WINDOWS\SYSTEM32\JMSELDQJ.EXE
C:\WINDOWS\SYSTEM32\LMFIAPMX.EXE
C:\WINDOWS\SYSTEM32\MHEQDJNO.EXE
C:\WINDOWS\SYSTEM32\PEJYVGUN.EXE
C:\WINDOWS\SYSTEM32\PRXSMACK.EXE
C:\WINDOWS\SYSTEM32\SGFSSCMQ.EXE
C:\WINDOWS\SYSTEM32\UEQYOUQJ.EXE
C:\WINDOWS\SYSTEM32\VLSCHOLD.EXE
C:\WINDOWS\SYSTEM32\YIEIXOEJ.EXE

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\UTVYB.INI
C:\WINDOWS\SYSTEM32\UTVYB.INI2
  • 0

Advertisements


#2
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.
You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.
Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.
These instructions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. :)
  • 0

#3
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#4
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP