Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Having some difficulties with restarts. hijack log [RESOLVED]

Started by Count Chocula , Jun 23 2008 10:48 PM

  • This topic is locked This topic is locked

#1
Count Chocula
Posted 23 June 2008 - 10:48 PM

Count Chocula

    New Member

  • Member
  • Pip
  • 6 posts
Hey there guys,

I have been having a lot of problems with my internet browsers (both firefox and IE, as well as netscape). It never seems to be the exact same problem but the majority of sites I usually visit will not open, I cannot check my emails, etc. Google will open but when I attempt to make a search with it or any other search engine, no page will load. Also, when I start my computer I am given the message for Data Execution Prevention and it closes Windows Explorer. I sent an error report and as soon as I hit OK, the same message popped up again. It's a continuous cycle, but it does allow me to use my computer normally if I don't close the DEP message (aside from my browser issues). It hasn't been a massive problem but an extreme inconvencience. I know that I first got the virus/malware on my computer from a small EXE file that I opened when attempting to install a downloaded version of Photoshop.
I was attempting to go through the list of things that I can do before posting a hijack log and once I got to the end of my SuperAntiSpyware scan I tried to restart my computer. However, no matter what I tried to do, my computer would not restart and would continuously tell me that Windows could not start normally. So I had to go back to the last known configuration that worked. Here is my hijack log along with the log from m_bam (these are the only two logs I was able to make before running in to problems).

Thanks for your time.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:08 PM, on 23/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1192073265\ee\aolsoftware.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7BC160D2-6CCE-41D4-B70B-F7EBDC924343} - C:\WINDOWS\system32\efcBtspn.dll (file missing)
O2 - BHO: {4e4d78a5-6428-579a-5054-1895a3c7ecb7} - {7bce7c3a-5981-4505-a975-82465a87d4e4} - C:\WINDOWS\system32\fenjjemv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192073265\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-CA ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O20 - AppInit_DLLs: fenjjemv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13004 bytes




Malwarebytes' Anti-Malware 1.17
Database version: 846

8:57:08 PM 23/06/2008
mbam-log-6-23-2008 (20-57-07).txt

Scan type: Quick Scan
Objects scanned: 44960
Time elapsed: 15 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 71
Registry Values Infected: 10
Registry Data Items Infected: 2
Folders Infected: 19
Files Infected: 335

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\opnnmLDw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\upgpibod.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ytbsjrfq.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wvUkIYpo.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ljjrxngw.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f75c645-61a8-4485-92d2-3434087d9cdf} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6f75c645-61a8-4485-92d2-3434087d9cdf} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45c2fdbe-1d46-b98e-f9a9-9d44b93a9d52} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1b2b165-fbf2-4eb3-98ff-9cf5506062b5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1b2b165-fbf2-4eb3-98ff-9cf5506062b5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvukiypo (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{02910a3c-5d77-4a3e-8a13-fdf81ac7fecd} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0485b9a3-61d4-40a9-82ee-5b8b6bd51a58} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{29143580-a3e7-4afb-a8ef-b88f3b56c5a3} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3eb2d5e5-ab7c-46db-950e-878cf812aa1c} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5caeb087-af31-494d-842d-39cf1c7adade} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5df8c005-6e2e-4bd6-a765-304a8e550ece} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{60659361-1c5f-4fa7-aeb0-f39df2547122} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6a97a178-3e84-45af-8f28-982c22e9a49d} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7d9351b3-4ebe-4f8f-981e-9af90ba99f54} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7e22e1d0-5af8-4fb8-a635-bd31b3308c71} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{821a05ed-bb06-4444-a1e0-f0ab21ff626d} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{886bacae-e094-4bde-912e-99c3a3ddd122} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8f290589-db12-447f-8f38-d24653ce9f13} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bad16ee0-5134-4dc2-bd33-46a557c93d36} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec6671fe-7062-4f26-8383-4b887c4cb50b} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc8db863-22bc-4382-ac7a-96fabfd95bb8} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e9d2f33-4585-4404-aa57-15b2b03707f4} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmo.desktopflash (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmo.desktopflash.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.clientdetector (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.clientdetector.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.userprofiles (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmoax.userprofiles.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bd5258af-20ae-4bd3-b748-b2851aca7335} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{995e885e-3ff5-4f66-a107-8bfb3a0f8f12} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{fbb40fdf-b715-4342-ab82-244ecc66e979} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\seekmosa (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmosa (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c826553f-24b0-4e8e-b0d1-77b69e67532a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a5d78740-4829-4803-b948-3ee8e7dc8cfc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5d78740-4829-4803-b948-3ee8e7dc8cfc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\684b47a7 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f1b2b165-fbf2-4eb3-98ff-9cf5506062b5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM6b78743b (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\user32.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnmldw -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnmldw -> Delete on reboot.

Folders Infected:
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\IESkins (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\HostOI (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\HostOL (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\HostOI\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\HostOI\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\HostOL\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\HostOL\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\static (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\1 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\cbXRhEWm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mWEhRXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mWEhRXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnnmLDw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wDLmnnpo.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wDLmnnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\upgpibod.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dobipgpu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ytbsjrfq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qfrjsbty.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkIYpo.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1063425.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\126826.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1383582.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1387171.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1388315.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1391512.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1392378.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1405661.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1407307.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1450356.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\1653364.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\2904115.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\2904135.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\3340762.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\3423420.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\3717160.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\3720811.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\3720910.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\3893319.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\3893642.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\445815.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\466370.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\616862.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\803741.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\920368.sdf (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000029475 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000029613 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1058 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\10915 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\11213 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\116977 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\133683 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\13546 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\14171 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1419 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1424 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\14271 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\144676 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\14747 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1491 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\153363 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15541 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15622 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\158839 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\159328 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16173 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16176 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17025 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17040 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17656 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\180320 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18906 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\194120 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\19650 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\197670 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\202699 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20517 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20544 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20570 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\211683 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\213558 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21669 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22254 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22657 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\228229 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23479 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23889 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\23905 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\241457 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25509 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26340 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26656 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26905 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27414 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27503 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\28026 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\28056 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\286256 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\30999 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31164 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31387 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\31979 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3338 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3355 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\33697 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34107 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34149 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3416 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34174 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\343113 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34381 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34831 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35047 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35389 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\36247 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\37071 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\372500 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\38736 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39197 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39245 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3986 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\411481 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41243 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41341 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41421 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4157 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41854 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\42881 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\42886 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43120 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43142 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\43747 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44228 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\475788 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\496386 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\49700 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4974 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\50548 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\50887 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51495 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\519208 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52335 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\53310 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\534945 (AdWare.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\53605 (AdWare.Agent) -> Quarantined and deleted su
  • 0

Advertisements

#2
greyknight17
Posted 30 June 2008 - 08:01 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Sorry for the delay in replying...

Let's get this started now :)

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {7BC160D2-6CCE-41D4-B70B-F7EBDC924343} - C:\WINDOWS\system32\efcBtspn.dll (file missing)
O2 - BHO: {4e4d78a5-6428-579a-5054-1895a3c7ecb7} - {7bce7c3a-5981-4505-a975-82465a87d4e4} - C:\WINDOWS\system32\fenjjemv.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O20 - AppInit_DLLs: fenjjemv.dll

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\fenjjemv.dll

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
Count Chocula
Posted 03 July 2008 - 09:41 PM

Count Chocula

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is my combofix log. However, when I tried to delete fenjjemv.dll it gave me the following error message:

Cannot delete fenjjemv: Access is denied.

Make sure the disk is not full or write-protected and that the file is not currently in use.



ComboFix 08-07-03.1 - Compaq_Administrator 2008-07-03 21:18:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.426 [GMT -6:00]
Running from: C:\Documents and Settings\Compaq_Administrator\My Documents\My Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM6b78743b.txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bjvdahnn.ini
C:\WINDOWS\system32\dgvyxrxf.dll
C:\WINDOWS\system32\dobipgpu.tmp
C:\WINDOWS\system32\dxcxerai.ini
C:\WINDOWS\system32\edmuasnc.dll
C:\WINDOWS\system32\efifqenn.ini
C:\WINDOWS\system32\estaypxf.ini
C:\WINDOWS\system32\fenjjemv.dll
C:\WINDOWS\system32\fgibgctb.ini
C:\WINDOWS\system32\ftdqvxoc.dll
C:\WINDOWS\system32\fvhxqbhb.ini
C:\WINDOWS\system32\gaaahiql.dll
C:\WINDOWS\system32\gndxybpp.ini
C:\WINDOWS\system32\ifooqmmf.ini
C:\WINDOWS\system32\itngiutj.ini
C:\WINDOWS\system32\jayhrmmh.ini
C:\WINDOWS\system32\jejysalw.ini
C:\WINDOWS\system32\jfuiugic.dll
C:\WINDOWS\system32\ljjrxngw.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\muvofani.ini
C:\WINDOWS\system32\npstBcfe.ini
C:\WINDOWS\system32\npstBcfe.ini2
C:\WINDOWS\system32\oisrmjva.ini
C:\WINDOWS\system32\opnnmLDw.dll
C:\WINDOWS\system32\qeuoeipo.ini
C:\WINDOWS\system32\qgeqlnix.dll
C:\WINDOWS\system32\qlnjhlki.dll
C:\WINDOWS\system32\qnljweim.ini
C:\WINDOWS\system32\qpdheemj.dll
C:\WINDOWS\system32\qpevhenw.ini
C:\WINDOWS\system32\rkyhqikd.ini
C:\WINDOWS\system32\ttgsjalp.ini
C:\WINDOWS\system32\ugsxgmmc.ini
C:\WINDOWS\system32\upgpibod.dll
C:\WINDOWS\system32\usirdsiw.dll
C:\WINDOWS\system32\vubbseja.dll
C:\WINDOWS\system32\wayemqqo.dll
C:\WINDOWS\system32\wDLmnnpo.ini
C:\WINDOWS\system32\wDLmnnpo.ini2
C:\WINDOWS\system32\wllasjfp.ini
C:\WINDOWS\system32\wrhclfrg.dll
C:\WINDOWS\system32\xfmyqxbi.dll
C:\WINDOWS\system32\xipbqdjx.dll
C:\WINDOWS\system32\yegguejr.ini
C:\WINDOWS\system32\yejubsmd.ini
C:\WINDOWS\system32\ytbsjrfq.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.

2008-06-23 22:47 . 2008-06-23 22:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-23 21:00 . 2008-06-30 07:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-23 21:00 . 2008-06-23 21:00 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2008-06-23 21:00 . 2008-06-23 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-23 20:38 . 2008-06-23 20:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 20:38 . 2008-06-23 20:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-23 20:38 . 2008-06-23 20:38 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2008-06-23 20:38 . 2008-06-23 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 20:38 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 20:38 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-16 23:26 . 2008-06-17 15:01 414 --ahs---- C:\WINDOWS\system32\yqsijaof.ini
2008-06-04 20:02 . 2008-06-04 20:02 1,543,363 --ahs---- C:\WINDOWS\system32\estaypxf.tmp
2008-06-04 10:15 . 2008-06-23 20:23 117,405 --a------ C:\WINDOWS\BM6b78743b.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 03:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-03 07:58 --------- d-----w C:\Program Files\Steam
2008-06-30 13:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-29 22:11 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\ZoomBrowser EX
2008-06-29 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-06-24 02:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 19:45 --------- d-----w C:\Program Files\Java
2008-06-05 06:32 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent
2008-06-05 05:58 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-04 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
2008-06-04 02:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-04 02:09 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-06-04 01:59 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-06-04 01:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-01 20:47 --------- d-----w C:\Program Files\mIRC
2008-05-21 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-21 17:12 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-21 16:59 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-21 16:59 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-21 16:59 10,563 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-21 16:59 --------- d-----w C:\Program Files\Symantec
2008-05-21 16:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-08 01:25 0 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-21 11:00 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstantTray"="C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-05-06 16:14 772096]
"IW_Drop_Icon"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2004-04-20 17:17 1122816]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-04-20 11:10 50792]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-30 07:31 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 22:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 16:50 7311360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 03:23 663552]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 13:03 94208]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 16:34 106496]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30 249856]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 18:06 1398272]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-07 17:24 180269]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-29 17:55 707376]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 17:54 269104]
"HostManager"="C:\Program Files\Common Files\AOL\1192073265\ee\AOLSoftware.exe" [2006-04-20 11:10 50792]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 10:59 124520]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2007-10-30 20:57 1095256]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-17 15:26 385024]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 19:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 00:49 718704]
"ftutil2"="ftutil2.dll" [2004-06-07 15:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 21:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 00:19 77312 C:\WINDOWS\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2006-05-09 16:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 13:03 94208 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-08-07 17:41:11 36903]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-16 02:09:41 671744]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-28 11:20:00 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-30 07:31 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-06-30 07:31 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\My Downloads\\utorrent.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1192073265\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1192073265\\ee\\aim6.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 15:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 18:06]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 13:32]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-29 17:54]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-06-01 13:41]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-24 02:00:25 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Administrator.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 21:26:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-03 21:38:04 - machine was rebooted [Compaq_Administrator]
ComboFix-quarantined-files.txt 2008-07-04 03:37:53

Pre-Run: 155,860,021,248 bytes free
Post-Run: 158,770,798,592 bytes free

243 --- E O F --- 2008-05-18 18:24:18
  • 0

#4
greyknight17
Posted 04 July 2008 - 01:29 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please move Combofix to your desktop...

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::
C:\WINDOWS\system32\yqsijaof.ini
C:\WINDOWS\system32\estaypxf.tmp
C:\WINDOWS\BM6b78743b.xml

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#5
Count Chocula
Posted 04 July 2008 - 07:35 PM

Count Chocula

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here we go! This is the log you requested.


ComboFix 08-07-03.1 - Compaq_Administrator 2008-07-04 19:27:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.416 [GMT -6:00]
Running from: C:\Documents and Settings\Compaq_Administrator\My Documents\My Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Administrator\My Documents\My Downloads\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\BM6b78743b.xml
C:\WINDOWS\system32\estaypxf.tmp
C:\WINDOWS\system32\yqsijaof.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM6b78743b.xml
C:\WINDOWS\system32\estaypxf.tmp
C:\WINDOWS\system32\yqsijaof.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-07-03 21:37 . 2008-06-13 07:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-03 21:37 . 2008-06-13 07:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-23 22:47 . 2008-06-23 22:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-23 21:00 . 2008-06-30 07:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-23 21:00 . 2008-06-23 21:00 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2008-06-23 21:00 . 2008-06-23 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-23 20:38 . 2008-06-23 20:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 20:38 . 2008-06-23 20:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-23 20:38 . 2008-06-23 20:38 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2008-06-23 20:38 . 2008-06-23 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 20:38 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 20:38 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 14:30 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-04 14:29 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\ZoomBrowser EX
2008-07-04 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-07-04 05:16 --------- d-----w C:\Program Files\Steam
2008-07-04 03:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-30 13:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-24 02:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 19:45 --------- d-----w C:\Program Files\Java
2008-06-05 06:32 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent
2008-06-05 05:58 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-04 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
2008-06-04 02:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-04 02:09 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-06-04 01:59 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-06-04 01:59 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-06-04 01:59 116,472 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-06-04 01:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-01 20:47 --------- d-----w C:\Program Files\mIRC
2008-05-21 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-21 17:12 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-21 16:59 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-21 16:59 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-21 16:59 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-21 16:59 10,563 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-21 16:59 --------- d-----w C:\Program Files\Symantec
2008-05-21 16:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 01:25 0 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-17 10:46 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-03_21.37.39.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-04 03:25:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-04 11:35:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:32:09 666,112 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 06:56:59 666,624 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-09-25 23:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-02-16 09:32:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-21 06:56:59 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
- 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-21 11:00 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstantTray"="C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-05-06 16:14 772096]
"IW_Drop_Icon"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2004-04-20 17:17 1122816]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-04-20 11:10 50792]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-30 07:31 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 22:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 16:50 7311360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 03:23 663552]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 13:03 94208]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 16:34 106496]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30 249856]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 18:06 1398272]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-07 17:24 180269]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-29 17:55 707376]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 17:54 269104]
"HostManager"="C:\Program Files\Common Files\AOL\1192073265\ee\AOLSoftware.exe" [2006-04-20 11:10 50792]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 10:59 124520]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2007-10-30 20:57 1095256]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-17 15:26 385024]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 19:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 00:49 718704]
"ftutil2"="ftutil2.dll" [2004-06-07 15:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 21:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 00:19 77312 C:\WINDOWS\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2006-05-09 16:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 13:03 94208 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-08-07 17:41:11 36903]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-16 02:09:41 671744]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-28 11:20:00 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-30 07:31 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-06-30 07:31 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\My Downloads\\utorrent.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1192073265\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1192073265\\ee\\aim6.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 15:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 18:06]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 13:32]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-29 17:54]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-06-01 13:41]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-24 02:00:25 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Administrator.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 19:30:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-04 19:32:27
ComboFix-quarantined-files.txt 2008-07-05 01:31:35
ComboFix2.txt 2008-07-04 03:38:05

Pre-Run: 158,475,976,704 bytes free
Post-Run: 158,460,395,520 bytes free

276 --- E O F --- 2008-07-04 03:45:31
  • 0

#6
greyknight17
Posted 05 July 2008 - 05:14 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#7
Count Chocula
Posted 05 July 2008 - 06:28 PM

Count Chocula

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks so much knight! Everything is good.
  • 0

#8
greyknight17
Posted 06 July 2008 - 12:16 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP