Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HiJackThis log

Started by jhall1 , Jun 17 2008 04:46 PM

  • Please log in to reply

#1
jhall1
Posted 17 June 2008 - 04:46 PM

jhall1

    Member

  • Member
  • PipPip
  • 11 posts
Greets,

My computer seems to have several "infections". Some of which I've been able to cure or atleast mask. It was popping up every two seconds in the lower right hand corner saying "Your computer is infected! Windows has detected spyware infection." I was able to isolate that to an anti-spyware program called AWOLA (I think it was some kind of spyware itself) which I removed and that stopped. Also anytime I tried to open a file with quicktime it would give me "Exception processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c". It would give me the option to "Cancel, Continue, Retry". No matter what I would click it just kept popping up. I found a solution to this where you change all your removable drive letters. That didn't work for me. So I uninstalled quicktime and re-installed it and that seems to have fixed that problem or atleast covered it up. I also ran the most current version of ad-aware and it found about 190 infections on the first full scan. I ran another 2 full scans after that and found 30 some each time. I also ran a smart scan and only found about 11 infections. Another problem I'm having and I'm not sure if this one is a hardware problem or some kind of virus. The computer will just restart without warning at random times. Here is my logfile...Help please!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:01 PM, on 6/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\?ymbols\i?xplore.exe
C:\DOCUME~1\HP_Owner\MYDOCU~1\YSTEM~1\winword.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {73C2DBEC-9C77-4A76-8E52-DCA4761849A7} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8831903C-57DD-262C-F734-0CA2EDED1D93} - C:\WINDOWS\system32\gjs.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Srro] "C:\DOCUME~1\HP_Owner\MYDOCU~1\YSTEM~1\winword.exe" -vt ndrv
O4 - HKCU\..\Run: [Jefcobo] "C:\Documents and Settings\HP_Owner\Application Data\?icrosoft\w?wexec.exe"
O4 - HKCU\..\Run: [Msqife] "C:\Documents and Settings\HP_Owner\Application Data\?dobe\s?oolsv.exe"
O4 - HKCU\..\Run: [Xkp] C:\WINDOWS\system32\?ssembly\m?dtc.exe
O4 - HKCU\..\Run: [Gzy] "C:\Program Files\W?nSxS\??oolsv.exe"
O4 - HKCU\..\Run: [Rvxbovze] "C:\Documents and Settings\HP_Owner\Application Data\W?nSxS\w?aclt.exe"
O4 - HKCU\..\Run: [Pqkoeqh] C:\WINDOWS\?racle\m?hta.exe
O4 - HKCU\..\Run: [Fll] C:\WINDOWS\system32\?ymbols\i?xplore.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.char...in/ssctlsma.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165376022640
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O20 - Winlogon Notify: asegyvzb - asegyvzb.dll (file missing)
O20 - Winlogon Notify: efcawvs - efcawvs.dll (file missing)
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7632 bytes
  • 0

Advertisements

#2
emeraldnzl
Posted 17 June 2008 - 06:12 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello jhall1,

Welcome to Geeks to Go.

I am analysing your log and will get back to you in a bit.

Regards
emeraldnzl
  • 0

#3
emeraldnzl
Posted 17 June 2008 - 09:03 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again jhall1,

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#4
jhall1
Posted 18 June 2008 - 05:58 PM

jhall1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi is my combofix.txt and a new hijackthis log. Thanks a ton for your help!

ComboFix 08-06-16.5 - HP_Owner 2008-06-18 18:32:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.230 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\Application Data\ASKS~1
C:\Documents and Settings\HP_Owner\Application Data\DOBE~1
C:\Documents and Settings\HP_Owner\Application Data\FNTS~1
C:\Documents and Settings\HP_Owner\Application Data\ICROSO~1
C:\Documents and Settings\HP_Owner\Application Data\MANTEC~1
C:\Documents and Settings\HP_Owner\Application Data\MCROSO~1
C:\Documents and Settings\HP_Owner\Application Data\PPATCH~1
C:\Documents and Settings\HP_Owner\Application Data\RACLE~1
C:\Documents and Settings\HP_Owner\Application Data\SMANTE~1
C:\Documents and Settings\HP_Owner\Application Data\SSTEM3~1
C:\Documents and Settings\HP_Owner\Application Data\WNSXS~1
C:\Documents and Settings\HP_Owner\My Documents\APPATC~1
C:\Documents and Settings\HP_Owner\My Documents\ASKS~1
C:\Documents and Settings\HP_Owner\My Documents\CURITY~1
C:\Documents and Settings\HP_Owner\My Documents\DOBE~1
C:\Documents and Settings\HP_Owner\My Documents\SSTEM~1
C:\Documents and Settings\HP_Owner\My Documents\SSTEM3~1
C:\Documents and Settings\HP_Owner\My Documents\TSKS~1
C:\Documents and Settings\HP_Owner\My Documents\WNSXS~1
C:\Documents and Settings\HP_Owner\My Documents\YMBOLS~1
C:\Documents and Settings\HP_Owner\My Documents\YSTEM~1
C:\Documents and Settings\HP_Owner\My Documents\YSTEM~1\?icrosoft\
C:\Documents and Settings\HP_Owner\My Documents\YSTEM~1\winword.exe
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\asks~2
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\mcroso~1
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\sstem3~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\tsks~1
C:\Program Files\crosof~1
C:\Program Files\fnts~1
C:\Program Files\icroso~1
C:\Program Files\mbols~1
C:\Program Files\scurit~1
C:\Program Files\sembly~1
C:\Program Files\smbols~1
C:\Program Files\wnsxs~1
C:\Program Files\ystem~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\asembl~1
C:\WINDOWS\BM2e291e11.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1
C:\WINDOWS\crosof~1.net
C:\WINDOWS\dobe~1
C:\WINDOWS\IA
C:\WINDOWS\ppatch~1
C:\WINDOWS\pskt.ini
C:\WINDOWS\racle~1
C:\WINDOWS\rundll16.exe
C:\WINDOWS\scurit~1
C:\WINDOWS\sks~1
C:\WINDOWS\smante~1
C:\WINDOWS\sstem3~1
C:\WINDOWS\system32\affquyci.ini
C:\WINDOWS\system32\agvoxiji.ini
C:\WINDOWS\system32\aivkktbe.ini
C:\WINDOWS\system32\ajngmcfi.ini
C:\WINDOWS\system32\anyandlg.ini
C:\WINDOWS\system32\aowaydny.ini
C:\WINDOWS\system32\apnhcvwy.ini
C:\WINDOWS\system32\aqrqoqfh.dll
C:\WINDOWS\system32\asbvytgb.dll
C:\WINDOWS\system32\asembl~1
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\ayamoqmk.ini
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\bdeeg.tmp
C:\WINDOWS\system32\bdqxjglh.ini
C:\WINDOWS\system32\bfpyhlqh.ini
C:\WINDOWS\system32\biysitnk.ini
C:\WINDOWS\system32\boccyksp.ini
C:\WINDOWS\system32\botvhbby.dll
C:\WINDOWS\system32\bvjoupap.ini
C:\WINDOWS\system32\bycdwnrk.ini
C:\WINDOWS\system32\cafcjppf.ini
C:\WINDOWS\system32\carwcnxm.dll
C:\WINDOWS\system32\cdyncafs.ini
C:\WINDOWS\system32\ciwcrjrj.dll
C:\WINDOWS\system32\ckfbqror.ini
C:\WINDOWS\system32\clqkeejb.dll
C:\WINDOWS\system32\cpbrlrny.ini
C:\WINDOWS\system32\cpocwlpc.dll
C:\WINDOWS\system32\crreqveq.dll
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\cyjdnavx.ini
C:\WINDOWS\system32\cyngjkyf.dll
C:\WINDOWS\system32\dedhguht.ini
C:\WINDOWS\system32\dglxkupo.ini
C:\WINDOWS\system32\dgudwvbh.ini
C:\WINDOWS\system32\dgwebwgt.ini
C:\WINDOWS\system32\dhjtqjie.ini
C:\WINDOWS\system32\dlvhhube.ini
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~2
C:\WINDOWS\system32\dqueqepn.dll
C:\WINDOWS\system32\dscxxuna.ini
C:\WINDOWS\system32\dsfifoww.ini
C:\WINDOWS\system32\dvvnwkxl.ini
C:\WINDOWS\system32\eakaakuj.ini
C:\WINDOWS\system32\edtthulc.dll
C:\WINDOWS\system32\eiflmvkh.ini
C:\WINDOWS\system32\eimsnucq.ini
C:\WINDOWS\system32\eipeeunt.ini
C:\WINDOWS\system32\ekgccscr.ini
C:\WINDOWS\system32\emiqtdcd.dll
C:\WINDOWS\system32\epkatdly.ini
C:\WINDOWS\system32\eulajvvg.ini
C:\WINDOWS\system32\eupvlnqi.ini
C:\WINDOWS\system32\extoqrby.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\fadijxqi.ini
C:\WINDOWS\system32\fajvbora.ini
C:\WINDOWS\system32\fapulamu.ini
C:\WINDOWS\system32\fbjcesrb.ini
C:\WINDOWS\system32\fbyecyqm.dll
C:\WINDOWS\system32\fdvrbsdt.ini
C:\WINDOWS\system32\fiwiclqp.dll
C:\WINDOWS\system32\fmkgjkpr.dll
C:\WINDOWS\system32\fubsschy.dll
C:\WINDOWS\system32\fwwtosom.ini
C:\WINDOWS\system32\fyxyruwq.ini
C:\WINDOWS\system32\ghslunqd.ini
C:\WINDOWS\system32\gimwfwey.dll
C:\WINDOWS\system32\gjs.dll
C:\WINDOWS\system32\gkcmnjuk.dll
C:\WINDOWS\system32\gkicsrok.dll
C:\WINDOWS\system32\gldnayna.dll
C:\WINDOWS\system32\gmwxuyac.dll
C:\WINDOWS\system32\govckdvs.ini
C:\WINDOWS\system32\gpxwgpwc.ini
C:\WINDOWS\system32\gqvrmeey.ini
C:\WINDOWS\system32\guvnxohl.ini
C:\WINDOWS\system32\H7
C:\WINDOWS\system32\H7\wbcabdll2.exe
C:\WINDOWS\system32\hbvwdugd.dll
C:\WINDOWS\system32\hdtnqmtg.dll
C:\WINDOWS\system32\hefrqiyr.ini
C:\WINDOWS\system32\helruukn.ini
C:\WINDOWS\system32\hfqoqrqa.ini
C:\WINDOWS\system32\hllqtush.dll
C:\WINDOWS\system32\hpysamqa.ini
C:\WINDOWS\system32\hqlhypfb.dll
C:\WINDOWS\system32\humydnge.ini
C:\WINDOWS\system32\ifcmgnja.dll
C:\WINDOWS\system32\ifhqhixg.ini
C:\WINDOWS\system32\ijtyorii.ini
C:\WINDOWS\system32\imjsbeov.ini
C:\WINDOWS\system32\iqnlvpue.dll
C:\WINDOWS\system32\isjdkchx.ini
C:\WINDOWS\system32\iufxcaqe.ini
C:\WINDOWS\system32\iveblayr.ini
C:\WINDOWS\system32\ivoxglpk.ini
C:\WINDOWS\system32\ixnxduhn.ini
C:\WINDOWS\system32\iyicokva.dll
C:\WINDOWS\system32\jaaihcew.ini
C:\WINDOWS\system32\jcicyoct.ini
C:\WINDOWS\system32\jefjednx.ini
C:\WINDOWS\system32\jehadsva.ini
C:\WINDOWS\system32\jhugvjqo.dll
C:\WINDOWS\system32\jkigssel.ini
C:\WINDOWS\system32\jkpleynh.ini
C:\WINDOWS\system32\jlsofeym.dll
C:\WINDOWS\system32\jmsonugr.ini
C:\WINDOWS\system32\jranxath.dll
C:\WINDOWS\system32\jsiaaphh.ini
C:\WINDOWS\system32\jwdadveh.ini
C:\WINDOWS\system32\jwirfoli.ini
C:\WINDOWS\system32\kauyijqd.dll
C:\WINDOWS\system32\keikwifw.ini
C:\WINDOWS\system32\kkicbxps.ini
C:\WINDOWS\system32\kknomkan.ini
C:\WINDOWS\system32\klfdilic.ini
C:\WINDOWS\system32\klvgkyxc.dll
C:\WINDOWS\system32\korscikg.ini
C:\WINDOWS\system32\ksjcvmgr.ini
C:\WINDOWS\system32\kuexqdcr.ini
C:\WINDOWS\system32\leqodmop.dll
C:\WINDOWS\system32\lffqigcl.ini
C:\WINDOWS\system32\lijnwtck.ini
C:\WINDOWS\system32\lmeuwuqb.ini
C:\WINDOWS\system32\lsrnnpwa.dll
C:\WINDOWS\system32\lwbhshht.ini
C:\WINDOWS\system32\mconkktt.dll
C:\WINDOWS\system32\mcqncekw.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mnecenyo.dll
C:\WINDOWS\system32\mnjknlxd.ini
C:\WINDOWS\system32\mratdaxo.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mvgyuatf.dll
C:\WINDOWS\system32\nctwryqw.ini
C:\WINDOWS\system32\nilbcycu.dll
C:\WINDOWS\system32\nitrocjn.ini
C:\WINDOWS\system32\njcortin.dll
C:\WINDOWS\system32\njxgqwjn.dll
C:\WINDOWS\system32\npeqeuqd.ini
C:\WINDOWS\system32\ntoghwru.ini
C:\WINDOWS\system32\nvqwnrxe.ini
C:\WINDOWS\system32\nycigeku.dll
C:\WINDOWS\system32\oadbwuip.dll
C:\WINDOWS\system32\obnpglwd.ini
C:\WINDOWS\system32\odclttjw.ini
C:\WINDOWS\system32\oeggauev.ini
C:\WINDOWS\system32\ojkmdjen.ini
C:\WINDOWS\system32\ojnblnrk.ini
C:\WINDOWS\system32\okklftmi.ini
C:\WINDOWS\system32\ootofjwq.dll
C:\WINDOWS\system32\opmtfdcw.ini
C:\WINDOWS\system32\osiogyrf.dll
C:\WINDOWS\system32\oumlsvdu.dll
C:\WINDOWS\system32\oxadtarm.ini
C:\WINDOWS\system32\paetabmh.dll
C:\WINDOWS\system32\pbtoqhcn.ini
C:\WINDOWS\system32\pbxcbocx.dll
C:\WINDOWS\system32\phbknqfq.dll
C:\WINDOWS\system32\piptwjmb.ini
C:\WINDOWS\system32\pkejsxtp.ini
C:\WINDOWS\system32\pnifjvir.ini
C:\WINDOWS\system32\pokvfhjx.ini
C:\WINDOWS\system32\pqtwbtfd.ini
C:\WINDOWS\system32\prjouvkf.ini
C:\WINDOWS\system32\prwxgfdn.ini
C:\WINDOWS\system32\ptxsjekp.dll
C:\WINDOWS\system32\pvrpwgmu.ini
C:\WINDOWS\system32\pxjdqtwe.ini
C:\WINDOWS\system32\pxsiysci.ini
C:\WINDOWS\system32\pxtlautm.ini
C:\WINDOWS\system32\qegibuer.dll
C:\WINDOWS\system32\qeucxsvt.ini
C:\WINDOWS\system32\qhpdfjlb.ini
C:\WINDOWS\system32\qhpxflla.ini
C:\WINDOWS\system32\qmigcepq.ini
C:\WINDOWS\system32\qporienr.dll
C:\WINDOWS\system32\qufmgsjq.ini
C:\WINDOWS\system32\quvrrfqg.ini
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\racle~2
C:\WINDOWS\system32\rcowsfnp.ini
C:\WINDOWS\system32\rdclqrig.dll
C:\WINDOWS\system32\rieutynh.dll
C:\WINDOWS\system32\rnuenhjo.dll
C:\WINDOWS\system32\rpshiblh.ini
C:\WINDOWS\system32\rqthaylq.ini
C:\WINDOWS\system32\rsgvxnwd.ini
C:\WINDOWS\system32\rvwcrcwx.ini
C:\WINDOWS\system32\rvwxkxka.ini
C:\WINDOWS\system32\rwudtpmo.dll
C:\WINDOWS\system32\sbtwcagm.ini
C:\WINDOWS\system32\sddgsbms.ini
C:\WINDOWS\system32\sdmcmect.dll
C:\WINDOWS\system32\sdrpdbvg.dll
C:\WINDOWS\system32\sduuahqu.ini
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\soedjibs.ini
C:\WINDOWS\system32\ssembl~1
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\svdkcvog.dll
C:\WINDOWS\system32\syoiyoaa.dll
C:\WINDOWS\system32\tgojmkfg.ini
C:\WINDOWS\system32\towntbfe.ini
C:\WINDOWS\system32\tructvmf.ini
C:\WINDOWS\system32\tsks~1
C:\WINDOWS\system32\ttkknocm.ini
C:\WINDOWS\system32\txxdtghl.dll
C:\WINDOWS\system32\tynjsmmi.dll
C:\WINDOWS\system32\ucallmip.ini
C:\WINDOWS\system32\uiehwjeu.ini
C:\WINDOWS\system32\ujxekdmo.ini
C:\WINDOWS\system32\ukkljeld.ini
C:\WINDOWS\system32\ukoppaib.ini
C:\WINDOWS\system32\uqhauuds.dll
C:\WINDOWS\system32\uqscldfh.ini
C:\WINDOWS\system32\uqyetsch.ini
C:\WINDOWS\system32\urbrqsla.dll
C:\WINDOWS\system32\uruhvfbp.dll
C:\WINDOWS\system32\uvaqutuk.ini
C:\WINDOWS\system32\uyojbyft.ini
C:\WINDOWS\system32\vcpqjxbt.ini
C:\WINDOWS\system32\vebtndaj.dll
C:\WINDOWS\system32\vewqbhae.dll
C:\WINDOWS\system32\vhxihapu.ini
C:\WINDOWS\system32\vkcupmek.ini
C:\WINDOWS\system32\vlrarnuy.ini
C:\WINDOWS\system32\vpdsfdup.ini
C:\WINDOWS\system32\vwafjyqk.dll
C:\WINDOWS\system32\wdvgeicg.dll
C:\WINDOWS\system32\wfmckdqh.ini
C:\WINDOWS\system32\wgfgjwbg.dll
C:\WINDOWS\system32\wkmebrop.ini
C:\WINDOWS\system32\wkxjvnun.dll
C:\WINDOWS\system32\wrtnlfdy.dll
C:\WINDOWS\system32\wtvcoviu.ini
C:\WINDOWS\system32\wvkehiag.dll
C:\WINDOWS\system32\wvqrwmoa.dll
C:\WINDOWS\system32\wvvqytke.dll
C:\WINDOWS\system32\wwdapxms.dll
C:\WINDOWS\system32\wxwivjma.ini
C:\WINDOWS\system32\wydtgfas.dll
C:\WINDOWS\system32\xafcssbu.ini
C:\WINDOWS\system32\xakupfsq.ini
C:\WINDOWS\system32\xbjyvwwb.ini
C:\WINDOWS\system32\xcobcxbp.ini
C:\WINDOWS\system32\xfxmrgjb.dll
C:\WINDOWS\system32\xovhotkv.ini
C:\WINDOWS\system32\xtkukbdu.ini
C:\WINDOWS\system32\xtmwrjta.ini
C:\WINDOWS\system32\yajktqkt.ini
C:\WINDOWS\system32\ybuihttg.ini
C:\WINDOWS\system32\yewfwmig.ini
C:\WINDOWS\system32\ykpunmbs.ini
C:\WINDOWS\system32\ylvdfjgr.dll
C:\WINDOWS\system32\ymbols~1
C:\WINDOWS\system32\ymbols~1\i?xplore.exe
C:\WINDOWS\system32\yrvswhmk.ini
C:\WINDOWS\system32\yshsylyx.dll
C:\WINDOWS\system32\yyfvbxnb.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-16 19:05 . 2008-06-16 19:05 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-16 19:05 . 2008-06-16 19:05 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-16 19:05 . 2008-06-16 19:05 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-16 19:03 . 2008-06-16 19:03 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-16 18:58 . 2008-06-16 18:58 <DIR> d-------- C:\WINDOWS\EHome
2008-06-16 17:26 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-06-16 17:25 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-06-16 15:59 . 2008-06-16 15:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-16 12:05 . 2008-06-16 12:05 <DIR> d-------- C:\Program Files\QuickTime
2008-06-16 12:04 . 2008-06-16 12:04 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-16 12:04 . 2008-06-16 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-16 11:11 . 2008-06-16 21:46 0 --ahs---- C:\Documents and Settings\HP_Owner\Application Data\0000000000t.dat
2008-06-16 11:03 . 2008-06-16 11:03 485,888 --a------ C:\Documents and Settings\HP_Owner\installer.exe
2008-06-16 09:14 . 2008-04-14 08:30 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-16 09:14 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 16:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-16 16:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-16 16:06 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-06-16 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-25 04:06 --------- d-----w C:\Program Files\PokerStars
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 00:12 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73C2DBEC-9C77-4A76-8E52-DCA4761849A7}]
C:\WINDOWS\system32\geedb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"Srro"="C:\DOCUME~1\HP_Owner\MYDOCU~1\YSTEM~1\winword.exe" [ ]
"Jefcobo"="C:\Documents and Settings\HP_Owner\Application Data\?icrosoft\w?wexec.exe" [ ]
"Msqife"="C:\Documents and Settings\HP_Owner\Application Data\?dobe\s?oolsv.exe" [ ]
"Xkp"="C:\WINDOWS\system32\?ssembly\m?dtc.exe" [ ]
"Gzy"="C:\Program Files\W?nSxS\??oolsv.exe" [ ]
"Rvxbovze"="C:\Documents and Settings\HP_Owner\Application Data\W?nSxS\w?aclt.exe" [ ]
"Pqkoeqh"="C:\WINDOWS\?racle\m?hta.exe" [ ]
"Fll"="C:\WINDOWS\system32\?ymbols\i?xplore.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 03:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 18:51 118784]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 16:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 16:43 233472]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 23:41 196608]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 12:57 81920]
"SoundMan"="SOUNDMAN.EXE" [2004-07-28 20:40 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-28 21:34 2551808 C:\WINDOWS\ALCWZRD.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\asegyvzb]
asegyvzb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcawvs]
efcawvs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedb]
C:\WINDOWS\system32\geedb.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 13:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\frwf]
C:\PROGRA~1\COMMON~1\frwf\frwfm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 18:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a------ 2004-06-07 14:42 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 14:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 12:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-04-13 17:07 69632 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 17:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mcysofwo]
C:\Documents and Settings\HP_Owner\Application Data\?asks\d?xplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows\rayiou.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Srro]
C:\DOCUME~1\HP_Owner\MYDOCU~1\YSTEM~1\winword.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-01-03 19:11 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
C:\WINDOWS\system32\dqueqepn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tekebyr]
C:\Program Files\MSN Gaming Zone\tekebyr22011.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\HP_Owner\Application Data\WinTouch\WinTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\WINDOWS\system32\kctlvaba.exe"= C:\WINDOWS\system32\kct
"C:\WINDOWS\system32\abtfkyxj.exe"= C:\WINDOWS\system32\abt
"C:\WINDOWS\system32\bnraecyi.exe"= C:\WINDOWS\system32\bnr
"C:\WINDOWS\system32\uoyrgsxa.exe"= C:\WINDOWS\system32\uoy
"C:\WINDOWS\system32\qcereyiv.exe"= C:\WINDOWS\system32\qce
"C:\WINDOWS\system32\lxqulxam.exe"= C:\WINDOWS\system32\lxq
"C:\WINDOWS\system32\nanltfqo.exe"= C:\WINDOWS\system32\nan
"C:\WINDOWS\system32\adfapsau.exe"= C:\WINDOWS\system32\adf
"C:\WINDOWS\system32\lbjcduwn.exe"= C:\WINDOWS\system32\lbj
"C:\WINDOWS\system32\vpdfabcc.exe"= C:\WINDOWS\system32\vpd
"C:\WINDOWS\system32\ioctjbjj.exe"= C:\WINDOWS\system32\ioc
"C:\WINDOWS\system32\emyrgwke.exe"= C:\WINDOWS\system32\emy
"C:\WINDOWS\system32\yyfqovrt.exe"= C:\WINDOWS\system32\yyf
"C:\WINDOWS\system32\amqtgoyj.exe"= C:\WINDOWS\system32\amq
"C:\WINDOWS\system32\spbelvni.exe"= C:\WINDOWS\system32\spb
"C:\WINDOWS\system32\xrvulrgl.exe"= C:\WINDOWS\system32\xrv
"C:\WINDOWS\system32\bnedahlx.exe"= C:\WINDOWS\system32\bne
"C:\WINDOWS\system32\dmislwrr.exe"= C:\WINDOWS\system32\dmi
"C:\WINDOWS\system32\hjswcqeb.exe"= C:\WINDOWS\system32\hjs
"C:\WINDOWS\system32\rvurunax.exe"= C:\WINDOWS\system32\rvu
"C:\WINDOWS\system32\aymreuke.exe"= C:\WINDOWS\system32\aym
"C:\WINDOWS\system32\xcalvgcu.exe"= C:\WINDOWS\system32\xca
"C:\WINDOWS\system32\eybikwpb.exe"= C:\WINDOWS\system32\eyb
"C:\WINDOWS\system32\snffjmrn.exe"= C:\WINDOWS\system32\snf
"C:\WINDOWS\system32\jrncgqnh.exe"= C:\WINDOWS\system32\jrn
"C:\WINDOWS\system32\ypklcaru.exe"= C:\WINDOWS\system32\ypk
"C:\WINDOWS\system32\nnvnjyix.exe"= C:\WINDOWS\system32\nnv
"C:\WINDOWS\system32\dgbftkyj.exe"= C:\WINDOWS\system32\dgb
"C:\WINDOWS\system32\ncvfxocu.exe"= C:\WINDOWS\system32\ncv
"C:\WINDOWS\system32\uprgsldt.exe"= C:\WINDOWS\system32\upr
"C:\WINDOWS\system32\mgkbcxkb.exe"= C:\WINDOWS\system32\mgk
"C:\WINDOWS\system32\mjbjkihg.exe"= C:\WINDOWS\system32\mjb
"C:\WINDOWS\system32\lwldrcvp.exe"= C:\WINDOWS\system32\lwl
"C:\WINDOWS\system32\oetsrray.exe"= C:\WINDOWS\system32\oet
"C:\WINDOWS\system32\afdlsram.exe"= C:\WINDOWS\system32\afd
"C:\WINDOWS\system32\xfiepelb.exe"= C:\WINDOWS\system32\xfi
"C:\WINDOWS\system32\vofmynox.exe"= C:\WINDOWS\system32\vof
"C:\WINDOWS\system32\nfrgtrbd.exe"= C:\WINDOWS\system32\nfr
"C:\WINDOWS\system32\awstydjt.exe"= C:\WINDOWS\system32\aws
"C:\WINDOWS\system32\cfiyhhrl.exe"= C:\WINDOWS\system32\cfi
"C:\WINDOWS\system32\wysrmooo.exe"= C:\WINDOWS\system32\wys
"C:\WINDOWS\system32\hnimpcpe.exe"= C:\WINDOWS\system32\hni
"C:\WINDOWS\system32\yinfnysh.exe"= C:\WINDOWS\system32\yin
"C:\WINDOWS\system32\hiijkfad.exe"= C:\WINDOWS\system32\hii


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-16 16:04:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-18 22:43:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 18:41:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-06-18 18:48:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 22:47:38

Pre-Run: 131,977,220,096 bytes free
Post-Run: 132,020,531,200 bytes free

555 --- E O F --- 2008-06-17 02:55:08

and the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:21 PM, on 6/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {73C2DBEC-9C77-4A76-8E52-DCA4761849A7} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Srro] "C:\DOCUME~1\HP_Owner\MYDOCU~1\YSTEM~1\winword.exe" -vt ndrv
O4 - HKCU\..\Run: [Jefcobo] "C:\Documents and Settings\HP_Owner\Application Data\?icrosoft\w?wexec.exe"
O4 - HKCU\..\Run: [Msqife] "C:\Documents and Settings\HP_Owner\Application Data\?dobe\s?oolsv.exe"
O4 - HKCU\..\Run: [Xkp] C:\WINDOWS\system32\?ssembly\m?dtc.exe
O4 - HKCU\..\Run: [Gzy] "C:\Program Files\W?nSxS\??oolsv.exe"
O4 - HKCU\..\Run: [Rvxbovze] "C:\Documents and Settings\HP_Owner\Application Data\W?nSxS\w?aclt.exe"
O4 - HKCU\..\Run: [Pqkoeqh] C:\WINDOWS\?racle\m?hta.exe
O4 - HKCU\..\Run: [Fll] C:\WINDOWS\system32\?ymbols\i?xplore.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.char...in/ssctlsma.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165376022640
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O20 - Winlogon Notify: asegyvzb - asegyvzb.dll (file missing)
O20 - Winlogon Notify: efcawvs - efcawvs.dll (file missing)
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7032 bytes
  • 0

#5
emeraldnzl
Posted 19 June 2008 - 09:17 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again jhall1,

Thanks a ton for your help!


You are most welcome. :)

Still a way to go with your infection. :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\dqueqepn.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73C2DBEC-9C77-4A76-8E52-DCA4761849A7}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\asegyvzb]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcawvs]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\frwf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mcysofwo]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Srro]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jefcobo"=-
"Msqife"=-
"Xkp"=-
"Gzy"=-
"Rvxbovze"=-
"Pqkoeqh"=-
"Fll"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt

-----Step 2-----

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

-----Step 3-----

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

-----Step 4-----

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    * Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post.

So when you come back please post
  • ComboFix text
  • Malwarebytes report
  • Kaspersky Scan report
  • a new HijackThis log
  • and tell me how your machine is performing


You will most likely find that you will need more than one post to report the necessary information back. That's fine.
  • 0

#6
jhall1
Posted 21 June 2008 - 07:32 PM

jhall1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the Combofix log.

ComboFix 08-06-16.5 - HP_Owner 2008-06-21 21:05:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.258 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\dqueqepn.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\err.log
C:\WINDOWS\system32\asegyvzb.dllbox

.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-16 19:05 . 2008-06-16 19:05 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-16 19:05 . 2008-06-16 19:05 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-16 19:05 . 2008-06-16 19:05 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-16 19:03 . 2008-06-16 19:03 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-16 18:58 . 2008-06-16 18:58 <DIR> d-------- C:\WINDOWS\EHome
2008-06-16 17:26 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-06-16 17:25 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-06-16 15:59 . 2008-06-16 15:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-16 12:05 . 2008-06-16 12:05 <DIR> d-------- C:\Program Files\QuickTime
2008-06-16 12:04 . 2008-06-16 12:04 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-16 12:04 . 2008-06-16 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-16 11:11 . 2008-06-16 21:46 0 --ahs---- C:\Documents and Settings\HP_Owner\Application Data\0000000000t.dat
2008-06-16 11:03 . 2008-06-16 11:03 485,888 --a------ C:\Documents and Settings\HP_Owner\installer.exe
2008-06-16 09:14 . 2008-06-13 07:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-16 09:14 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 16:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-16 16:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-16 16:10 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-06-16 16:06 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-06-16 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-25 04:06 --------- d-----w C:\Program Files\PokerStars
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-18_18.47.17.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 22:40:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-22 01:00:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-14 12:30:49 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 11:05:51 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"Srro"="C:\DOCUME~1\HP_Owner\MYDOCU~1\YSTEM~1\winword.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 03:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 18:51 118784]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 16:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 16:43 233472]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 23:41 196608]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 12:57 81920]
"SoundMan"="SOUNDMAN.EXE" [2004-07-28 20:40 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-28 21:34 2551808 C:\WINDOWS\ALCWZRD.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 13:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 18:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a------ 2004-06-07 14:42 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 14:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 12:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-04-13 17:07 69632 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 17:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-01-03 19:11 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
C:\WINDOWS\system32\dqueqepn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tekebyr]
C:\Program Files\MSN Gaming Zone\tekebyr22011.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\WINDOWS\system32\kctlvaba.exe"= C:\WINDOWS\system32\kct
"C:\WINDOWS\system32\abtfkyxj.exe"= C:\WINDOWS\system32\abt
"C:\WINDOWS\system32\bnraecyi.exe"= C:\WINDOWS\system32\bnr
"C:\WINDOWS\system32\uoyrgsxa.exe"= C:\WINDOWS\system32\uoy
"C:\WINDOWS\system32\qcereyiv.exe"= C:\WINDOWS\system32\qce
"C:\WINDOWS\system32\lxqulxam.exe"= C:\WINDOWS\system32\lxq
"C:\WINDOWS\system32\nanltfqo.exe"= C:\WINDOWS\system32\nan
"C:\WINDOWS\system32\adfapsau.exe"= C:\WINDOWS\system32\adf
"C:\WINDOWS\system32\lbjcduwn.exe"= C:\WINDOWS\system32\lbj
"C:\WINDOWS\system32\vpdfabcc.exe"= C:\WINDOWS\system32\vpd
"C:\WINDOWS\system32\ioctjbjj.exe"= C:\WINDOWS\system32\ioc
"C:\WINDOWS\system32\emyrgwke.exe"= C:\WINDOWS\system32\emy
"C:\WINDOWS\system32\yyfqovrt.exe"= C:\WINDOWS\system32\yyf
"C:\WINDOWS\system32\amqtgoyj.exe"= C:\WINDOWS\system32\amq
"C:\WINDOWS\system32\spbelvni.exe"= C:\WINDOWS\system32\spb
"C:\WINDOWS\system32\xrvulrgl.exe"= C:\WINDOWS\system32\xrv
"C:\WINDOWS\system32\bnedahlx.exe"= C:\WINDOWS\system32\bne
"C:\WINDOWS\system32\dmislwrr.exe"= C:\WINDOWS\system32\dmi
"C:\WINDOWS\system32\hjswcqeb.exe"= C:\WINDOWS\system32\hjs
"C:\WINDOWS\system32\rvurunax.exe"= C:\WINDOWS\system32\rvu
"C:\WINDOWS\system32\aymreuke.exe"= C:\WINDOWS\system32\aym
"C:\WINDOWS\system32\xcalvgcu.exe"= C:\WINDOWS\system32\xca
"C:\WINDOWS\system32\eybikwpb.exe"= C:\WINDOWS\system32\eyb
"C:\WINDOWS\system32\snffjmrn.exe"= C:\WINDOWS\system32\snf
"C:\WINDOWS\system32\jrncgqnh.exe"= C:\WINDOWS\system32\jrn
"C:\WINDOWS\system32\ypklcaru.exe"= C:\WINDOWS\system32\ypk
"C:\WINDOWS\system32\nnvnjyix.exe"= C:\WINDOWS\system32\nnv
"C:\WINDOWS\system32\dgbftkyj.exe"= C:\WINDOWS\system32\dgb
"C:\WINDOWS\system32\ncvfxocu.exe"= C:\WINDOWS\system32\ncv
"C:\WINDOWS\system32\uprgsldt.exe"= C:\WINDOWS\system32\upr
"C:\WINDOWS\system32\mgkbcxkb.exe"= C:\WINDOWS\system32\mgk
"C:\WINDOWS\system32\mjbjkihg.exe"= C:\WINDOWS\system32\mjb
"C:\WINDOWS\system32\lwldrcvp.exe"= C:\WINDOWS\system32\lwl
"C:\WINDOWS\system32\oetsrray.exe"= C:\WINDOWS\system32\oet
"C:\WINDOWS\system32\afdlsram.exe"= C:\WINDOWS\system32\afd
"C:\WINDOWS\system32\xfiepelb.exe"= C:\WINDOWS\system32\xfi
"C:\WINDOWS\system32\vofmynox.exe"= C:\WINDOWS\system32\vof
"C:\WINDOWS\system32\nfrgtrbd.exe"= C:\WINDOWS\system32\nfr
"C:\WINDOWS\system32\awstydjt.exe"= C:\WINDOWS\system32\aws
"C:\WINDOWS\system32\cfiyhhrl.exe"= C:\WINDOWS\system32\cfi
"C:\WINDOWS\system32\wysrmooo.exe"= C:\WINDOWS\system32\wys
"C:\WINDOWS\system32\hnimpcpe.exe"= C:\WINDOWS\system32\hni
"C:\WINDOWS\system32\yinfnysh.exe"= C:\WINDOWS\system32\yin
"C:\WINDOWS\system32\hiijkfad.exe"= C:\WINDOWS\system32\hii


*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-16 16:04:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-22 01:08:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 21:11:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-21 21:13:54
ComboFix-quarantined-files.txt 2008-06-22 01:12:52
ComboFix2.txt 2008-06-18 22:48:42

Pre-Run: 133,138,100,224 bytes free
Post-Run: 133,135,237,120 bytes free

231 --- E O F --- 2008-06-21 02:25:04
  • 0

#7
jhall1
Posted 21 June 2008 - 07:47 PM

jhall1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
MBAM log.

Malwarebytes' Anti-Malware 1.18
Database version: 876

9:44:46 PM 6/21/2008
mbam-log-6-21-2008 (21-44-46).txt

Scan type: Quick Scan
Objects scanned: 36928
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\capcom (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfig322 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drvr2 (Malware.Trace) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\HP_Owner\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
  • 0

#8
emeraldnzl
Posted 22 June 2008 - 04:53 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Please post the Kaspersky report.
  • 0

#9
jhall1
Posted 22 June 2008 - 07:07 AM

jhall1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry the Kaspersky report took over an hour and I got tired and went to bed. Here it is.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, June 22, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 22, 2008 01:48:26
Records in database: 880074
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
T:\
U:\
V:\
W:\
X:\
Y:\
Z:\

Scan statistics:
Files scanned: 91799
Threat name: 41
Infected objects: 385
Suspicious objects: 0
Duration of the scan: 01:16:41


File name / Threat name / Threats count
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\29\320245dd-49099cc4 Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\HP_Owner\Desktop\Misc Games\WinZip_Tmp.exe Infected: Email-Worm.Win32.Nyxem.e 1
C:\Documents and Settings\HP_Owner\installer.exe Infected: not-a-virus:FraudTool.Win32.AwolaAntiSpyware.pe 1
C:\QooBox\Quarantine\C\WINDOWS\Rundll16.exe.vir Infected: Email-Worm.Win32.Nyxem.e 1
C:\QooBox\Quarantine\C\WINDOWS\system32\aqrqoqfh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ykw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\botvhbby.dll.vir Infected: Trojan.Win32.Monder.cc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\crreqveq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.quv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dqueqepn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.rgi 1
C:\QooBox\Quarantine\C\WINDOWS\system32\emiqtdcd.dll.vir Infected: Trojan.Win32.Monder.cp 1
C:\QooBox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir Infected: Trojan-Downloader.Win32.VB.bgd 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fmkgjkpr.dll.vir Infected: Trojan.Win32.Monder.cf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fubsschy.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gimwfwey.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gjs.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.if 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gkcmnjuk.dll.vir Infected: Trojan.Win32.Monder.ck 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gkicsrok.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.agh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gldnayna.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qxx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\H7\wbcabdll2.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.co 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hbvwdugd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.sxq 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hqlhypfb.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\iqnlvpue.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.xtq 1
C:\QooBox\Quarantine\C\WINDOWS\system32\iyicokva.dll.vir Infected: Trojan.Win32.Monder.ai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jhugvjqo.dll.vir Infected: Trojan.Win32.Monder.ai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\klvgkyxc.dll.vir Infected: Trojan.Win32.Monder.cq 1
C:\QooBox\Quarantine\C\WINDOWS\system32\leqodmop.dll.vir Infected: Trojan.Win32.Monder.ai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lsrnnpwa.dll.vir Infected: Trojan.Win32.Monder.af 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mconkktt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ydi 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mratdaxo.dll.vir Infected: Backdoor.Win32.Agent.dlj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mvgyuatf.dll.vir Infected: Trojan.Win32.Monder.cc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nilbcycu.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\njcortin.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\njxgqwjn.dll.vir Infected: Trojan.Win32.Monder.ai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nycigeku.dll.vir Infected: Trojan.Win32.Monder.cc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ootofjwq.dll.vir Infected: Trojan.Win32.Monder.cf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\osiogyrf.dll.vir Infected: Trojan.Win32.Monder.ca 1
C:\QooBox\Quarantine\C\WINDOWS\system32\oumlsvdu.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pbxcbocx.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ptxsjekp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wmz 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qporienr.dll.vir Infected: Trojan.Win32.Monder.ad 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rieutynh.dll.vir Infected: Trojan.Win32.Monder.ai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rnuenhjo.dll.vir Infected: Trojan.Win32.Monder.ai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rwudtpmo.dll.vir Infected: Trojan.Win32.Monder.ao 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sdmcmect.dll.vir Infected: Trojan.Win32.Monder.af 1
C:\QooBox\Quarantine\C\WINDOWS\system32\svdkcvog.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\syoiyoaa.dll.vir Infected: Trojan.Win32.Monder.ai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\txxdtghl.dll.vir Infected: Trojan.Win32.Monder.cl 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tynjsmmi.dll.vir Infected: Trojan.Win32.BHO.zb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\uqhauuds.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\QooBox\Quarantine\C\WINDOWS\system32\uruhvfbp.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vwafjyqk.dll.vir Infected: Trojan.Win32.Monder.cc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wgfgjwbg.dll.vir Infected: Trojan.Win32.Monder.cc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wvkehiag.dll.vir Infected: Trojan.Win32.BHO.hc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wvqrwmoa.dll.vir Infected: Trojan.Win32.BHO.hc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wwdapxms.dll.vir Infected: Trojan.Win32.Monder.ai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wydtgfas.dll.vir Infected: Trojan.Win32.Monder.ai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xfxmrgjb.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ylvdfjgr.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\YMBOLS~1\iеxplore.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.id 1
C:\WINDOWS\system32\abeqkwvs.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\abtfkyxj.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\acynfqrr.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\adclhcap.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\adellvrd.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\adfapsau.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\afdlsram.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\ahllpaqm.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ahssuscy.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\ajhlnvxa.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\aledrlif.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\amqtgoyj.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\appfimqa.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\atvesxda.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\awstydjt.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\aymreuke.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\baltxalw.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\bayxeepb.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\bdtlqvrs.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\bgpksfka.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\biqrqcdp.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\bkytgsgp.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\bnedahlx.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\bnraecyi.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\bpteaega.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\bshcdaxk.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\bvboefvn.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\bvtmmtfa.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\bwjiownc.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\bwooebvu.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\bygxrtfb.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ccqpiiks.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\cdvqhvwk.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ceawkkkr.exe Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\WINDOWS\system32\cfiyhhrl.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\cfqfvbsw.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\cfwjqsae.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.agh 1
C:\WINDOWS\system32\cgtvltme.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\cmrcjdmh.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\cngvowui.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\criyddhl.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\cserloxc.exe Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\WINDOWS\system32\cuitdlsb.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\cwlubmtd.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\cxjudmjr.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\cyktpvym.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\cytlsamo.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\cyxgecjo.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\dappnmno.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\dgbftkyj.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\djycsjib.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\dlbnwuup.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\dmislwrr.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\dmlkaqqn.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\dmmxghln.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\drfbsgdo.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\dsqmvkic.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\dtaiqvbq.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\dtyjrfba.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\dvfsgqon.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\dwaflrfw.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ebydyhty.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\eemweulq.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\eiixrtog.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\eikpdcsk.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ejsyfwyx.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ejylkmkk.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ektiocol.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.agh 1
C:\WINDOWS\system32\ekyimqhn.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\elcaemad.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\emhfohrm.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\emyrgwke.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\ercamwrt.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\evplqpxf.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\eybikwpb.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\fgraynhc.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\fincgkyx.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\fjmrjdjh.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\fmcdkvnu.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\fmwitxgb.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\fqpngpbg.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\fqsxewtr.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\fsgfdjwb.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\fvxkwglt.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\fwqvkljh.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\fwxlujvd.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\fxcclmqa.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\fyaqtqbr.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\gbiyyscs.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\gekxeiqx.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\geojefhm.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\gfbuycrq.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\gfhyoley.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ggejxnif.exe Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\WINDOWS\system32\gihgfvds.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\gjhewloj.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\gjnywapn.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\gkkyqwhl.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\gmdjhlpt.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\gmuphonp.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\gynqookp.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\hbhbxkdi.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\hdavwrdj.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\hdwtamyj.exe Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\WINDOWS\system32\hfqcngif.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\hiijkfad.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\himiiqkr.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\hitpyaiw.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\hjswcqeb.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\hnimpcpe.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\hoqrvtij.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\hsvuljhn.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\hueimarp.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\hwheggir.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\hxpouypr.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\iajyyabq.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\iapprygf.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ibvenguf.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ibviwyyg.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\iclssatq.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ieniryqb.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ifysafib.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ilctwurr.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\imaryqeq.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\ioctjbjj.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\iojnqnmm.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\iuktwvse.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\ivbnocvu.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ixgpewvi.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\jbhubafg.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\jboujdlv.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\jbxaygip.exe Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\WINDOWS\system32\jcjytblo.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\jcsrsoek.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\jcuneywk.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\jetauodp.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\jgucmwhl.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\jhkykbif.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\jjvcalfo.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\jmbhbogd.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\jqbfdqyd.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\jqytrfox.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\jrncgqnh.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\jtkdbvvt.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\jxvhbunt.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\kbtxmbwl.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\kctlvaba.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\kkeachoj.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\kmucmslg.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\knmokege.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\kqchtbsr.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\kriptyam.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\kyumgxej.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\lactscia.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\lauhaxig.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\WINDOWS\system32\lbjcduwn.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\leetiakc.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\lhxiqork.exe Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\WINDOWS\system32\ljxcgwft.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\llgaatsh.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\llmkaigq.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\lnufshpi.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\lodpnbxy.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\loxijqkd.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\loxobsxk.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\lthavkgl.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\luohmtsp.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\lwldrcvp.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\lxqulxam.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\mattsekp.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\mcojlwic.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\mfvmjuxl.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\mgkbcxkb.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\mguqkago.exe Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\WINDOWS\system32\mjbjkihg.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\mjsdewsu.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\mmubeaap.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\mrdoimnk.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\muempver.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\mufkfvbp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.agh 1
C:\WINDOWS\system32\mvfpucxk.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\mxwstkav.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\nagqbiyj.exe Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\WINDOWS\system32\nanltfqo.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\nayojjcd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnp 1
C:\WINDOWS\system32\nbopydff.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ncvfxocu.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\nfliihsr.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\nfrgtrbd.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\ngmsqdrp.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\ngytqfgs.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\nheftrin.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\nisaxbkc.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\njlkbkmg.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\nnvnjyix.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\nqqrnydv.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\nsanyvlh.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\nsijdvra.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\nwairtkt.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ocmblpkw.exe Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\WINDOWS\system32\octpliun.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\oetsrray.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\onubgkgl.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\otqwtxqo.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ovvjbqnu.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\owinetpd.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\owrwuteh.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\oxwiabpf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.agh 1
C:\WINDOWS\system32\pbxindlm.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\pfjxlmfx.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\pfocudfn.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\pmdkbeda.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\pmtiwopr.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\poqiexbv.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\pqeydmkf.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\ptkcghen.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\pxnkppdo.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\pyfvuivh.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\pyhdcxdu.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\qaplxspc.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\qbaljwjm.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\qcereyiv.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\qfhhhpha.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\qfoeyrwe.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\qjqrfxmh.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\qmixquhm.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\qngccpue.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\qpakxcvn.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\qpxpbxbr.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\qqltpdqq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.agh 1
C:\WINDOWS\system32\qwinlmdt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r 1
C:\WINDOWS\system32\qyjtxdxe.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\rdflycww.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\rfanvefi.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\rheuotqy.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\rilfburu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.agh 1
C:\WINDOWS\system32\riqnurxe.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\rkemncio.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\rntalcic.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\rogdobpw.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\romqcygm.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\rsbkbwrq.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\rvurunax.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\seiwgbcn.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\senqesbt.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\seshssly.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\shtrurff.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\smraqtcb.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\snffjmrn.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\snrorfay.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\spbelvni.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\srpnpyik.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\stxnamsx.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\tceeqbii.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\tekvrqee.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\tjqtbejb.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\tldmrpuf.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\tmfhrkah.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\tmvqvbiy.exe Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\WINDOWS\system32\txwuikkp.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\tybfnsir.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\tyjuuasb.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\udmajpqt.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\udysyahs.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\uettherl.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ueusnqjf.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\ufytnujt.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\ugdtcpsd.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\ukmieifn.exe Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\WINDOWS\system32\uoyrgsxa.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\uprgsldt.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\uqnorwtk.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\vaaeoytm.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\veoqkrhv.exe Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\WINDOWS\system32\vhgsqmxu.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\vimqrhnc.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\vjnhadsk.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\vofmynox.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\vpdfabcc.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\vpfjlwjd.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\vqyqfxrg.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\vrtldacm.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\vructwsn.exe Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\WINDOWS\system32\vukqxnuc.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\vukyrbhk.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\vvdqmquq.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\vwbhwvab.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\vyvrhfrw.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\wbkcrwdi.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\wenqewbq.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\wibpmsbf.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\wirqrqdr.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\wkncgjea.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.agh 1
C:\WINDOWS\system32\wlajihug.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\woqinyvn.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\wpbglobc.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\wstashtd.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\wxwgisxd.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\wysrmooo.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\xafckbpe.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\xbtjlqdj.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\xcalvgcu.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\xdnjevkd.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\xfguerqk.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\xfiepelb.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\xgttlikr.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\xqucsmmd.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\xrroyekv.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\xrvulrgl.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\xsdewvtd.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\xtdbtfsm.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\xvbisufw.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\xvdlapom.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\xvyuegjd.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\xxjohfag.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\yaoxkpvk.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\yawctqbe.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\WINDOWS\system32\ybbprhlq.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\ycyeirbd.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\yinfnysh.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\ymnjbdra.exe Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\WINDOWS\system32\ypklcaru.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\yqdfdvpm.exe Infected: Trojan.Win32.Agent.bck 1
C:\WINDOWS\system32\yrqhkpde.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\yvmwbfvk.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\yydrdjcu.exe Infected: Trojan.Win32.Agent.bia 1
C:\WINDOWS\system32\yyfqovrt.exe Infected: Trojan.Win32.Agent.bck 1

The selected area was scanned.
  • 0

#10
jhall1
Posted 22 June 2008 - 07:10 AM

jhall1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is a new HiJackThis log. I haven't really had a chance to use the computer yet so I'll post how it's running soon. thanks a bunch again!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:39 AM, on 6/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Srro] "C:\DOCUME~1\HP_Owner\MYDOCU~1\YSTEM~1\winword.exe" -vt ndrv
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.char...in/ssctlsma.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165376022640
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6029 bytes
  • 0

Advertisements

#11
jhall1
Posted 22 June 2008 - 07:58 AM

jhall1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I ran an ad-aware. Here is the log from it. The good news is it didn't find any critical infections this time. Only 5 privacy objects. Just thought this might help.

Scan Results
Ad-Aware 2007 Free Edition
Log File Created on:2008-06-2209:34:36
Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name:JESSICA
Name of user performing scan:SYSTEM
Name of user ordering scan:HP_Owner
Scan completed successfully

System Information
File Version Information
Ad-Aware 2007 Settings
Extended Ad-Aware 2007 Settings
Database Information
Scan Statistics
Scan Detailed Statistics
Infections Found
Listing of running processes
System Information
Number of processors:1
Processor type:Intel® Pentium® 4 CPU 3.06GHz
Memory Available:39%
Total Physical Memory:527745024 Bytes
Available Physical Memory:202256384 Bytes
Total Page File Size:1287262208 Bytes
Available On Page File:996438016 Bytes
Total Virtual Memory:2147352576 Bytes
Available Virtual Memory:1914638336 Bytes
OS:Microsoft Windows XP 5.1 (Build 2600)
[to top]
File Verion Information
File Version
CEAPI.dll 7,0,2,6
aawservice.exe 7,0,2,7
Ad-Aware2007.exe 7.0.2.7
[to top]
Ad-Aware 2007 Settings
Skipping files larger than:1048576 Bytes
Ignoring infections with lower TAI than:3
Safe Mode:False
[to top]
Extended Ad-Aware 2007 Settings
Unload malicious processes and modules
Unload Modules
Let Windows remove files at Start-Up
Deactivate Ad-Watch
Re-analyze Scan Result
Delete Restored Items
Write Protect System Files
Create Log file
Include basic settings
Include advanced settings
Include user and computer name
Environment information
Running processes
Running processes and modules
Include info about ignored objects in log file
[to top]
Database Info
Version number:93
Build Number:0
Build Date and Time:2008/06/1806:24:41
[to top]
Scan Statistics
Method:Full

Items Scanned:370148
Infections Detected:5
Infections Removed:0
Infections Quarantined:0
Infections Ignored:0
[to top]
Scan Detailed Statistics
Type Critical Total
Process Scan 0 0
Registry Scan 0 0
Registry PE Scan 0 0
Hosts Scan 0 0
File Scan 0 0
Folder Scan 0 0
LSP Scan 0 0
ADS Scan 0 0
Cookie Scan 3 3
File Hash Scan 0 0
[to top]
Infections Found
Family Id Name Category TAI
725 Tracking Cookie DataMiner 3
[600000663] Browser: Internet Explorer Cookie: C:\Documents and Settings\HP_Owner\Cookies\index.dat digitalpoint.com an /
[600000661] Browser: Internet Explorer Cookie: C:\Documents and Settings\HP_Owner\Cookies\index.dat kontera.com cluid /
[600000661] Browser: Internet Explorer Cookie: C:\Documents and Settings\HP_Owner\Cookies\index.dat kontera.com imprs /

9999 MRU Object MRU Object 0
[1] MRU Path: C:\Documents and Settings\HP_Owner\Recent Count: 5
[3] MRU Registry Key: S-1-5-21-4283196356-1422189722-2514624710-1009\Software\Microsoft\Internet Explorer\TypedURLs Count: 2


Quarantined Objects
Family Id Name Category TAI

Removed Objects
Family Id Name Category TAI
[to top]
Listing of Running Processes
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe
c:\windows\system32\ntdll.dll
C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\authz.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\nddeapi.dll
c:\windows\system32\profmap.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\regapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msgina.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\winscard.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\dimsntfy.dll
c:\windows\system32\wlnotify.dll
c:\windows\system32\mpr.dll
c:\windows\system32\winspool.drv
c:\windows\system32\rsaenh.dll
c:\windows\system32\samlib.dll
c:\windows\system32\sxs.dll
c:\windows\system32\cscui.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\comres.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\clbcatq.dll
C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\scesrv.dll
c:\windows\system32\authz.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\umpnpmgr.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acadproc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\eventlog.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wtsapi32.dll
C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\lsasrv.dll
c:\windows\system32\mpr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samsrv.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msprivs.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\netlogon.dll
c:\windows\system32\w32time.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wdigest.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\ipsecsvc.dll
c:\windows\system32\authz.dll
c:\windows\system32\oakley.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\pstorsvc.dll
c:\windows\system32\psbase.dll
c:\windows\system32\dssenh.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\icaapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\mstlsapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\atl.dll
c:\windows\system32\regapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wzcsvc.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\wmi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\eapolqec.dll
c:\windows\system32\atl.dll
c:\windows\system32\qutil.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\esent.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\rastls.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\winscard.dll
c:\windows\system32\psapi.dll
c:\windows\system32\raschap.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\msidle.dll
c:\windows\system32\audiosrv.dll
c:\windows\system32\wkssvc.dll
c:\windows\system32\cryptsvc.dll
c:\windows\system32\certcli.dll
c:\windows\system32\ersvc.dll
c:\windows\system32\es.dll
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
c:\windows\system32\hidserv.dll
c:\windows\system32\hid.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\dot3dlg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\wzcsapi.dll
c:\windows\system32\seclogon.dll
c:\windows\system32\sens.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\trkwks.dll
c:\windows\system32\w32time.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\wuauserv.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winhttp.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\mspatcha.dll
c:\windows\system32\browser.dll
c:\windows\system32\sxs.dll
c:\windows\system32\wscsvc.dll
c:\windows\system32\msi.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\colbact.dll
c:\windows\system32\mtxclu.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\resutils.dll
c:\windows\system32\ipnathlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\upnp.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\rasmans.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\rastapi.dll
c:\windows\system32\unimdm.tsp
c:\windows\system32\uniplat.dll
c:\windows\system32\unimdmat.dll
c:\windows\system32\modemui.dll
c:\windows\system32\kmddsp.tsp
c:\windows\system32\ndptsp.tsp
c:\windows\system32\ipconf.tsp
c:\windows\system32\h323.tsp
c:\windows\system32\hidphone.tsp
c:\windows\system32\rasppp.dll
c:\windows\system32\ntlsapi.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\rasqec.dll
c:\windows\system32\rasdlg.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advpack.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\dssenh.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\catsrv.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\mpr.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\qmgr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\dnsrslvr.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\lmhsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\webclnt.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ssdpsrv.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\lavasoft\ad-aware 2007\ceapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\program files\lavasoft\ad-aware 2007\pkarchive85u.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rsaenh.dll
c:\program files\lavasoft\ad-aware 2007\lavalicense.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\inetmib1.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\atl.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\samlib.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\spoolss.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\localspl.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winspool.drv
c:\windows\system32\netapi32.dll
c:\windows\system32\cnbjmon.dll
c:\windows\system32\hpzlnt10.dll
c:\windows\system32\hpzlnt12.dll
c:\windows\system32\mdimon.dll
c:\windows\system32\msi.dll
c:\windows\system32\fxsmon.dll
c:\windows\system32\fxsevent.dll
c:\windows\system32\pjlmon.dll
c:\windows\system32\tcpmon.dll
c:\windows\system32\usbmon.dll
c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\win32spl.dll
c:\windows\system32\netrap.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\inetpp.dll
c:\windows\system32\xpsp2res.dll
C:\WINDOWS\SYSTEM32\HKCMD.EXE
c:\windows\system32\hkcmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\hccutils.dll
c:\windows\system32\imm32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\version.dll
c:\windows\system32\igfxdev.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\igfxhk.dll
c:\windows\system32\igfxres.dll
C:\HP\KBD\KBD.EXE
c:\hp\kbd\kbd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\ole32.dll
c:\hp\kbd\led.dll
c:\hp\kbd\usb.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\hid.dll
c:\hp\kbd\ps2.dll
c:\hp\kbd\msg.dll
c:\hp\kbd\osd.dll
c:\windows\system32\winmm.dll
c:\hp\kbd\sct.dll
c:\windows\system32\oleaut32.dll
c:\hp\kbd\onl.dll
c:\hp\kbd\aol.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\hp\kbd\url.dll
c:\hp\kbd\cfg.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\version.dll
c:\hp\kbd\msikbdif.dll
c:\windows\system32\msvcirt.dll
c:\windows\system32\msctf.dll
c:\windows\system32\mslbui.dll
C:\WINDOWS\SOUNDMAN.EXE
c:\windows\soundman.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\hid.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\ole32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\msctf.dll
C:\WINDOWS\ALCWZRD.EXE
c:\windows\alcwzrd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\dsound.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\msctf.dll
C:\PROGRAM FILES\JAVA\JRE1.6.0_02\BIN\JUSCHED.EXE
c:\program files\java\jre1.6.0_02\bin\jusched.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\version.dll
c:\windows\system32\urlmon.dll
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
c:\program files\quicktime\qttask.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\ole32.dll
c:\windows\system32\msctf.dll
C:\WINDOWS\SYSTEM32\CTFMON.EXE
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msutb.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\msctfime.ime
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
c:\program files\symantec\liveupdate\aluschedulersvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\program files\symantec\liveupdate\msvcp71.dll
c:\program files\symantec\liveupdate\msvcr71.dll
c:\windows\system32\imm32.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\version.dll
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
c:\windows\system32\hpzipm12.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\ole32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\uxtheme.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\wiaservc.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\hpgwiamd.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\sti.dll
C:\WINDOWS\SYSTEM32\ALG.EXE
c:\windows\system32\alg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
C:\PROGRAM FILES\JAVA\JRE1.6.0_02\BIN\JUCHECK.EXE
c:\program files\java\jre1.6.0_02\bin\jucheck.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\version.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\sensapi.dll
C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\browseui.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\themeui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\msutb.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\atl.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\samlib.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\dot3dlg.dll
c:\windows\system32\onex.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\mlang.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\midimap.dll
c:\windows\system32\fxsst.dll
c:\windows\system32\winspool.drv
c:\windows\system32\fxsapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\netui0.dll
c:\windows\system32\netui1.dll
c:\windows\system32\netrap.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\sxs.dll
c:\windows\system32\browselc.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v1.1.4322\fusion.dll
c:\windows\microsoft.net\framework\v1.1.4322\msvcr71.dll
c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
c:\windows\system32\duser.dll
c:\windows\system32\msgina.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\progra~1\mi1933~1\office11\mcps.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE
c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\program files\lavasoft\ad-aware 2007\lavalicense.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\inetmib1.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\atl.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\samlib.dll
c:\windows\system32\setupap
  • 0

#12
emeraldnzl
Posted 23 June 2008 - 04:59 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi jhall1,

Thanks for the logs. Yep we have got a good lot of it; there is more though. :)

Download

FixIEDef by

ShadowPuterDude to the Desktop.

Double-click FixIEDef
Posted Image

Click 'OK'
Posted Image

Click 'Scan'
Posted Image

Click 'OK' (FixIEDef requires Adminstrator Privileges to run correctly. This box tells

you that FixIEDef successfully elevated it's privileges to that of Administrator)
Posted Image
Posted Image
Posted Image

WARNING: FixIEDef will kill all copies of <b>Internet Explorer</b> and

<b>Explorer</b> that are running, during removal of malicious files. The icons and Start Menu

on your Desktop will not be visible while FixIEDef is removing malicious files. This is

necessary to remove parts of the infection that would otherwise not be removed.

Everything will be restored to normal, once the malicious file is removed.

Click 'Exit' once FixIEDef displays the All Finished message.
Posted Image

Post the FixIEDef log file, located on the Desktop.
Posted Image

Next

Download

Sophos

Anti-Rootkit & save it to your desktop after filling out the questionaire and

reading the EULA.

Note: You will need to enter your name, e-mail address and location in order to access

the download page.
  • Double-click sarsfx.exe to extract the files.
  • Click the Accept button at the EULA, then Install to the default directory
  • At the next prompt, click Yes to start the program
  • Make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click the "Start Scan" button.
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click

    OK to this
  • In the main window, you will see each of the entries found by the scan (if any)
    • If the scanner generated any warning messages, please click on each warning and copy and

      paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to

      get back to you
  • If you have not had any warnings, any entries which can be cleaned up by the scanner will

    have a box with a green checkmark in it next to the entry
  • To clean up these entries click on the Clean up checked items button
  • If you accidentally check a file NOT recommended for clean up, you will get a warning message

    and if necessary can re-select the entries you want to clean up
  • Once you have cleaned the selected files, you will be prompted to re-boot your computer -

    please do so
  • When you have re-booted, please post a fresh HijackThis log into this thread and tell me how

    your computer is running now

So just a reminder, when you come back
  • Post the FixIEDef log file
  • a new HijackThis log
  • and tell me how your computer is running

  • 0

#13
jhall1
Posted 25 June 2008 - 05:04 PM

jhall1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here are the logs you wanted. I'm afraid I may have messed up the FixIEDef log because I accidently ran it twice before I posted the log (sorry!).

Here are the warnings from the Anti-rootkit

Warning: Error parsing raw registry hive SOFTWARE. Registry scan may not be supported on this version of Windows.

Warning: Unable to load raw registry hive SOFTWARE. Registry scan may not be supported on this version of Windows.

Warning: Error reading list of user profiles. You may not have access rights to the whole registry.

Access is denied.

I also posted a new HiJackThis log. Everything seems to be working ok but I updated Adaware and ran a full scan it still found 2 privacy objects, but again no critical ones.

********************************************************************************
* *
* FixIEDef Log *
* Version 1.4.19.5850 *
* *
********************************************************************************

Created at 18:25:18 on Wednesday, June 25, 2008

Time Zone : (GMT-05:00) Eastern Time (US & Canada)

Logged On User : HP_Owner

Operating System : Microsoft Windows XP Home Edition Service Pack 3
OS Version : 5.1.2600
System Langauge : English (United States)
Keyboard Layout : English (United States)
Processor : X86 Intel® Pentium® 4 CPU 3.06GHz

System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32

Total Physical Memory : 527745024 bytes
Free Physical Memory : 230528 bytes
Total Virtual Memory : 2097024 bytes
Free Virtual Memory : 2053964 bytes

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\*.*

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:00 PM, on 6/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Srro] "C:\DOCUME~1\HP_Owner\MYDOCU~1\YSTEM~1\winword.exe" -vt ndrv
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.char...in/ssctlsma.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165376022640
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6062 bytes
  • 0

#14
emeraldnzl
Posted 27 June 2008 - 06:39 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello jhall1,

OK, so you still have a Purityscan infection.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [Srro] "C:\DOCUME~1\HP_Owner\MYDOCU~1\YSTEM~1\winword.exe" -vt ndrv

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Next

Kaspersky only works if you are using Internet Explorer.

Please do another online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    * Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post.

* post the OTMoveIt2 log
* scan results from Kaspersky
* a fresh HijackThis log
  • 0

#15
jhall1
Posted 21 July 2008 - 11:09 AM

jhall1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry it took me so long to reply. I've been out of town and things have been kind of crazy. The computer has been restarting randomly again. Here are the logs you need. I'll also post another ad-aware log at the end.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:09 PM, on 7/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.char...in/ssctlsma.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165376022640
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6761 bytes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP