[Kidstone]

Well.. I Had A Virus..I Saw That It Came So I Turned Off Computer (Was Pissed)

Soo I Turn Back On The Computer..A Red Screen Comes Up "Your Computer Is In Danger Blah Blah Blah" It Was Like A "You Just Got A Virus" Screen..So Then I Press Start And I See Nothing..But The List Of Files That They Give You.. And Set Program Access And Defaults And When i Open My Computer.. There Is No Local Disk Drive..Mega Malware..

Edited by Kidstone, 02 August 2008 - 12:52 AM.

[Advertisements]

Hello and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again.

The fixes may take several attempts and my replies may take some time but stick with it, and we will be sure to get you sorted.


Please go here > You Must Read This Before Posting A Hijackthis Log follow all the steps listed, and post your logs here when your done.

[BHowett]

Hello and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again.

The fixes may take several attempts and my replies may take some time but stick with it, and we will be sure to get you sorted.


Please go here > You Must Read This Before Posting A Hijackthis Log follow all the steps listed, and post your logs here when your done.

[Kidstone]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10: VIRUS ALERT!, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
c:\progra~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
F3 - REG:win.ini: run="C:\Documents and Settings\Owner\Application Data\Adobe\Manager.exe"
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [78772022] rundll32.exe "C:\WINDOWS\system32\ieydbqum.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192585368328
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - AppInit_DLLs: lwpcmk.dll ugpnrc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7760 bytes


Also When I Start Up It says Something Like "can't Find C://Documents" And Many Other Documents

Edited by Kidstone, 02 August 2008 - 02:11 PM.

[BHowett]

Hi Kidstone,

Move HijackThis

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. For this reason it cannot be run from a Zip file, Temporary folders, or desk top, because the backups will/could be deleted. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

• Please go to Start > My Computer > C:\
• right-click and select New > Folder then name the folder 'HJT'.
• Copy and paste HijackThis.exe to the new folder.

===============================================

ComboFix

Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.

[Kidstone]

Okay....But When I Press Start I Don't See "My Computer" Remember It's Deleted Or W/e..But I Have A Shortcut Of My Computer On My Desktop..And When I Open.. Local Drive C: Isn't There

[BHowett]

just run combofix for now, and we will get a better look at what we are dealing with

[Kidstone]

Okay I Ran Combo Fix..It Started Deleting Files..yada Yada..it wasn't moving for a LONG time..or my low attention span kicked in..Well I Restarted..And I Got Back The Right Hand Side Of My Start Button And My Local Disk Files..Here's The HJT Log File You Asked For


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4EC66E48-B863-4413-BC91-463D9CCA093B} - C:\WINDOWS\system32\nnnmkhFv.dll (file missing)
O2 - BHO: {4d86e6e1-b353-f53b-4674-f4143c6eea65} - {56aee6c3-414f-4764-b35f-353b1e6e68d4} - C:\WINDOWS\system32\ugpnrc.dll
O2 - BHO: QXK Olive - {59D7AC76-FEE5-4B08-A97C-79AAED487514} - C:\WINDOWS\nfavxwdbfvm.dll (file missing)
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\mpcodecplg.dll
O2 - BHO: (no name) - {F5C66746-1AF0-4F31-BF1D-A80835532106} - C:\WINDOWS\system32\mlJAqnOg.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [78772022] rundll32.exe "C:\WINDOWS\system32\ieydbqum.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192585368328
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - AppInit_DLLs: lwpcmk.dll ugpnrc.dll
O20 - Winlogon Notify: nnnmkhFv - nnnmkhFv.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9127 bytes

WhenEver I Try to Run ComboFix It Says i Already Have A Recovery Console..So It Won't Scan Again

Edited by Kidstone, 02 August 2008 - 07:01 PM.

[BHowett]

Hello again,

I really need to see a ComboFix log, please look for and Post the log from ComboFix (located in C:\combofix.txt) if you have it there. If not I need you to re-run combofix, simply double click on the icon on your desktop (red circle with the X) labled ComboFix, and this time do not let your low attention span interfere with the fix in most cases ComboFix takes about 20-30 min to run but on a heavily infected machine it can take a lot longer.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Let me know if that works, if not we will uninstall it, then reinstall it.

[Kidstone]

Combo Fix Log

ComboFix 08-08-01.05 - Owner 2008-08-06 4:07:59.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\BDJU597Y\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\BDJU597Y\interclick.com\ud.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe
C:\WINDOWS\system32\muqbdyei.ini
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Owner\Application Data\Adobe\Manager.exe
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\BDJU597Y\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\BDJU597Y\interclick.com\ud.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008.lnk
C:\Documents and Settings\Owner\Favorites\Error Cleaner.url
C:\Documents and Settings\Owner\Favorites\Privacy Protector.url
C:\Documents and Settings\Owner\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter2.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Antivirus 2008
C:\Documents and Settings\Owner\Start Menu\Programs\Antivirus 2008\Antivirus-2008.lnk
C:\Program Files\Antivirus 2008
C:\Program Files\Antivirus 2008\vscan.tsi
C:\Program Files\Antivirus 2008\zlib.dll
C:\WINDOWS\eqvwamkl.dll
C:\WINDOWS\eram.exe
C:\WINDOWS\fdkowvbp.dll
C:\WINDOWS\grswptdl.exe
C:\WINDOWS\nfavxwdbfvm.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\aerldavi.dll
C:\WINDOWS\system32\cjbomy.dll
C:\WINDOWS\system32\drivers\Wintb41.sys
C:\WINDOWS\system32\fgtxdwvp.ini
C:\WINDOWS\system32\gjnvirsd.ini
C:\WINDOWS\system32\gOnqAJlm.ini
C:\WINDOWS\system32\gOnqAJlm.ini2
C:\WINDOWS\system32\jchufuec.dll
C:\WINDOWS\system32\ljJYrSll.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJAqnOg.dll
C:\WINDOWS\system32\muqbdyei.ini
C:\WINDOWS\system32\nnnmkhFv.dll
C:\WINDOWS\system32\ssptvrle.ini
C:\WINDOWS\system32\swzaps.dll
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\wnslvxtf.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINTB41
-------\Service_Wintb41
-------\Legacy_WINTB41
-------\Service_Wintb41


((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))
.

2008-08-06 04:56 . 2008-08-06 04:56 1,382,137 ---hs---- C:\WINDOWS\system32\muqbdyei.ini
2008-08-06 03:47 . 2008-08-06 03:47 <DIR> d-------- C:\Rohan
2008-08-06 03:46 . 2008-08-06 03:46 <DIR> d-------- C:\Program Files\WinPcap
2008-08-06 03:38 . 2008-08-06 03:46 <DIR> d-------- C:\ComboFix(3)
2008-08-02 21:49 . 2008-08-06 03:47 <DIR> d-------- C:\Program Files\Hamachi
2008-08-02 18:45 . 2008-08-02 18:55 <DIR> d-------- C:\ComboFix(2)
2008-08-02 15:56 . 2008-08-02 15:56 98,688 --a------ C:\WINDOWS\system32\ieydbqum.dll
2008-08-02 15:55 . 2008-08-02 15:55 130,432 --a------ C:\WINDOWS\system32\ugpnrc.dll
2008-08-02 15:55 . 2008-08-02 15:55 130,432 --a------ C:\WINDOWS\system32\qswaapfq.dll
2008-08-02 03:04 . 2008-08-02 03:04 99,712 --a------ C:\WINDOWS\system32\pvwdxtgf.dll
2008-08-02 03:01 . 2008-08-02 03:01 129,920 --a------ C:\WINDOWS\system32\lwpcmk.dll
2008-08-02 03:01 . 2008-08-02 03:01 129,920 --a------ C:\WINDOWS\system32\bmsfwktc.dll
2008-08-01 23:45 . 2008-08-01 23:41 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-01 23:40 . 2008-08-01 23:46 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-08-01 23:37 . 2008-08-01 23:37 <DIR> d-------- C:\Program Files\Panda Security
2008-08-01 19:53 . 2008-08-02 20:47 <DIR> d-------- C:\Desktop
2008-08-01 18:54 . 2008-08-01 18:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-08-01 03:02 . 2008-08-01 03:02 99,712 --a------ C:\WINDOWS\system32\dsrivnjg.dll
2008-08-01 00:52 . 2008-08-06 04:26 6,481 --a------ C:\WINDOWS\system32\Config.MPF
2008-08-01 00:49 . 2008-08-01 00:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-08-01 00:48 . 2008-08-02 03:27 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-08-01 00:48 . 2008-08-01 21:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-08-01 00:45 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-08-01 00:33 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-08-01 00:32 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-08-01 00:32 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-08-01 00:32 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-08-01 00:32 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-08-01 00:31 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-08-01 00:26 . 2008-08-01 00:27 <DIR> d-------- C:\Program Files\McAfee.com
2008-08-01 00:23 . 2008-08-01 00:32 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-26 03:08 . 2008-07-30 22:18 <DIR> d-------- C:\Program Files\Kaiba Corp VDS
2008-07-13 20:16 . 2008-07-13 20:16 <DIR> d-------- C:\Program Files\MySpace Games
2008-07-13 20:16 . 2008-07-13 20:16 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2008-07-13 01:52 . 2008-07-13 01:52 <DIR> d-------- C:\Program Files\YouSendIt
2008-07-13 01:50 . 2007-03-04 07:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-07-13 01:50 . 2007-03-04 07:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-07-13 01:49 . 2008-07-13 01:49 <DIR> d-------- C:\Program Files\Replay Converter
2008-07-13 01:47 . 2008-07-13 10:59 <DIR> d-------- C:\Program Files\Replay AV 8
2008-07-09 18:37 . 2008-07-09 18:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\NPLUTO Corporation
2008-07-09 18:23 . 2008-07-09 18:48 <DIR> d-------- C:\Program Files\DriftCity
2008-07-08 01:30 . 2008-07-08 01:30 <DIR> d--hs---- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 07:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\Hamachi
2008-08-05 20:55 --------- d-----w C:\Program Files\Incomplete
2008-08-05 20:53 --------- d-----w C:\Program Files\LimeWire
2008-08-05 20:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-08-04 03:42 --------- d-----w C:\Program Files\Lx_cats
2008-08-02 02:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\alot
2008-08-01 05:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-08-01 04:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-01 04:47 --------- d-----w C:\Program Files\McAfee
2008-07-30 20:54 --------- d-----w C:\Program Files\Eudemons Online
2008-07-24 22:03 --------- d-----w C:\Program Files\uTorrent
2008-07-18 07:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-14 03:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-13 05:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 05:49 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-07-09 22:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-06-27 11:40 --------- d-----w C:\Program Files\Lexmark 8300 Series
2008-06-27 11:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\NewSoft
2008-06-22 22:13 --------- d-----w C:\Program Files\AIM6
2008-06-22 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-22 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 00:21 144 ----a-w C:\domains.dat
2008-06-16 04:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\Corel
2008-06-16 04:06 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 19:08 58,800 ----a-w C:\WINDOWS\system32\ijjiPlugin2.dll
2008-05-21 21:26 12,288 -c--a-w C:\WINDOWS\system32\aplib.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-31 00:06 4 -c--a-w C:\Documents and Settings\Owner\version.dat
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2008-04-06 05:17 88 -csha-r C:\WINDOWS\system32\B8C2083CA1.sys
2008-04-06 05:17 2,828 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56aee6c3-414f-4764-b35f-353b1e6e68d4}]
2008-08-02 15:55 130432 --a------ C:\WINDOWS\system32\ugpnrc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-12 16:47 50528]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-14 18:41 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 09:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 14:55 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 06:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"LXCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-11-21 13:27 106496]
"lxcjmon.exe"="C:\Program Files\Lexmark 8300 Series\lxcjmon.exe" [2007-01-30 10:32 205744]
"EzPrint"="C:\Program Files\Lexmark 8300 Series\ezprint.exe" [2007-01-30 10:35 103344]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 08:35 20480]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15 600896]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-21 08:08 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Gamevance"="C:\Program Files\Gamevance\gamevance32.exe" [2008-06-05 18:43 79360]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 18:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 17:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 14:51 118784]
"78772022"="C:\WINDOWS\system32\ieydbqum.dll" [2008-08-02 15:56 98688]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lwpcmk.dll ugpnrc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winio17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjp17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintb41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
C:\DOCUME~1\Owner\LOCALS~1\Temp\scksexde.exe/r [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\78772022]
--a------ 2008-08-01 03:02 99712 C:\WINDOWS\system32\dsrivnjg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\lxcjcoms.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Game Vindicator\\Game Vindicator\\GameVindicator.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\DriftCity\\DriftCity.exe"=
"C:\\Program Files\\Kaiba Corp VDS\\KCVDS.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"34:TCP"= 34:TCP:Null Dc

R2 Dynex DX-WGPDTC WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 19:08]
S0 Winio17;Winio17;C:\WINDOWS\system32\Drivers\Winio17.sys []
S0 Winjp17;Winjp17;C:\WINDOWS\system32\Drivers\Winjp17.sys []
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 01:46]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 13:31]

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-08-01 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{4EC66E48-B863-4413-BC91-463D9CCA093B} - C:\WINDOWS\system32\nnnmkhFv.dll
BHO-{59D7AC76-FEE5-4B08-A97C-79AAED487514} - C:\WINDOWS\nfavxwdbfvm.dll
BHO-{F5C66746-1AF0-4F31-BF1D-A80835532106} - C:\WINDOWS\system32\mlJAqnOg.dll
ShellExecuteHooks-{4EC66E48-B863-4413-BC91-463D9CCA093B} - C:\WINDOWS\system32\nnnmkhFv.dll
Notify-nnnmkhFv - nnnmkhFv.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\u4tzpotg.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 04:55:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\muqbdyei.ini 1382137 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
-> C:\WINDOWS\system32\ieydbqum.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-08-06 5:10:07 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-08-06 09:09:49

Pre-Run: 18,192,289,792 bytes free
Post-Run: 18,206,121,984 bytes free

306 --- E O F --- 2008-07-18 07:01:52



I Got My Desktop back

[BHowett]

Hi Kidstone,

Wow that cleaned out a lot Please do the following.


1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\muqbdyei.ini
C:\WINDOWS\system32\ieydbqum.dll
C:\WINDOWS\system32\ugpnrc.dll
C:\WINDOWS\system32\qswaapfq.dll
C:\WINDOWS\system32\pvwdxtgf.dll
C:\WINDOWS\system32\lwpcmk.dll
C:\WINDOWS\system32\bmsfwktc.dll
C:\WINDOWS\system32\dsrivnjg.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56aee6c3-414f-4764-b35f-353b1e6e68d4}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\78772022]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"78772022"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

Also let me know how your system is running now

[Kidstone]

ComboFix 08-08-01.05 - Owner 2008-08-06 14:07:04.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.24 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\muqbdyei.ini
.
---- Previous Run -------
.
C:\WINDOWS\system32\muqbdyei.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))
.

2008-08-06 03:47 . 2008-08-06 03:47 <DIR> d-------- C:\Rohan
2008-08-06 03:38 . 2008-08-06 03:46 <DIR> d-------- C:\ComboFix(3)
2008-08-02 21:49 . 2008-08-06 03:47 <DIR> d-------- C:\Program Files\Hamachi
2008-08-02 18:45 . 2008-08-02 18:55 <DIR> d-------- C:\ComboFix(2)
2008-08-02 15:56 . 2008-08-02 15:56 98,688 --a------ C:\WINDOWS\system32\ieydbqum.dll
2008-08-02 15:55 . 2008-08-02 15:55 130,432 --a------ C:\WINDOWS\system32\ugpnrc.dll
2008-08-02 15:55 . 2008-08-02 15:55 130,432 --a------ C:\WINDOWS\system32\qswaapfq.dll
2008-08-02 03:04 . 2008-08-02 03:04 99,712 --a------ C:\WINDOWS\system32\pvwdxtgf.dll
2008-08-02 03:01 . 2008-08-02 03:01 129,920 --a------ C:\WINDOWS\system32\lwpcmk.dll
2008-08-02 03:01 . 2008-08-02 03:01 129,920 --a------ C:\WINDOWS\system32\bmsfwktc.dll
2008-08-01 23:45 . 2008-08-01 23:41 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-01 23:40 . 2008-08-01 23:46 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-08-01 23:37 . 2008-08-01 23:37 <DIR> d-------- C:\Program Files\Panda Security
2008-08-01 19:53 . 2008-08-02 20:47 <DIR> d-------- C:\Desktop
2008-08-01 18:54 . 2008-08-01 18:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-08-01 03:02 . 2008-08-01 03:02 99,712 --a------ C:\WINDOWS\system32\dsrivnjg.dll
2008-08-01 00:52 . 2008-08-06 13:56 6,481 --a------ C:\WINDOWS\system32\Config.MPF
2008-08-01 00:49 . 2008-08-01 00:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-08-01 00:48 . 2008-08-02 03:27 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-08-01 00:48 . 2008-08-01 21:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-08-01 00:45 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-08-01 00:33 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-08-01 00:32 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-08-01 00:32 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-08-01 00:32 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-08-01 00:32 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-08-01 00:31 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-08-01 00:26 . 2008-08-01 00:27 <DIR> d-------- C:\Program Files\McAfee.com
2008-08-01 00:23 . 2008-08-01 00:32 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-26 03:08 . 2008-07-30 22:18 <DIR> d-------- C:\Program Files\Kaiba Corp VDS
2008-07-13 20:16 . 2008-07-13 20:16 <DIR> d-------- C:\Program Files\MySpace Games
2008-07-13 20:16 . 2008-07-13 20:16 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2008-07-13 01:52 . 2008-07-13 01:52 <DIR> d-------- C:\Program Files\YouSendIt
2008-07-13 01:50 . 2007-03-04 07:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-07-13 01:50 . 2007-03-04 07:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-07-13 01:49 . 2008-07-13 01:49 <DIR> d-------- C:\Program Files\Replay Converter
2008-07-13 01:47 . 2008-07-13 10:59 <DIR> d-------- C:\Program Files\Replay AV 8
2008-07-09 18:37 . 2008-07-09 18:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\NPLUTO Corporation
2008-07-09 18:23 . 2008-07-09 18:48 <DIR> d-------- C:\Program Files\DriftCity
2008-07-08 01:30 . 2008-07-08 01:30 <DIR> d--hs---- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 07:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\Hamachi
2008-08-05 20:55 --------- d-----w C:\Program Files\Incomplete
2008-08-05 20:53 --------- d-----w C:\Program Files\LimeWire
2008-08-05 20:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-08-04 03:42 --------- d-----w C:\Program Files\Lx_cats
2008-08-02 02:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\alot
2008-08-01 05:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-08-01 04:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-01 04:47 --------- d-----w C:\Program Files\McAfee
2008-07-30 20:54 --------- d-----w C:\Program Files\Eudemons Online
2008-07-24 22:03 --------- d-----w C:\Program Files\uTorrent
2008-07-18 07:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-14 03:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-13 05:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 05:49 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-07-09 22:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-06-27 11:40 --------- d-----w C:\Program Files\Lexmark 8300 Series
2008-06-27 11:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\NewSoft
2008-06-22 22:13 --------- d-----w C:\Program Files\AIM6
2008-06-22 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-22 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 00:21 144 ----a-w C:\domains.dat
2008-06-16 04:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\Corel
2008-06-16 04:06 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 19:08 58,800 ----a-w C:\WINDOWS\system32\ijjiPlugin2.dll
2008-05-21 21:26 12,288 -c--a-w C:\WINDOWS\system32\aplib.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-31 00:06 4 -c--a-w C:\Documents and Settings\Owner\version.dat
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2008-04-06 05:17 88 -csha-r C:\WINDOWS\system32\B8C2083CA1.sys
2008-04-06 05:17 2,828 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-06_ 5.08.36.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-06 07:57:53 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-06 17:46:43 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-06 07:57:53 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-06 17:46:43 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-06 17:59:54 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-08-06 17:59:54 16,384 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-08-06 17:59:54 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-12 16:47 50528]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-14 18:41 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 09:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 14:55 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 06:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"LXCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-11-21 13:27 106496]
"lxcjmon.exe"="C:\Program Files\Lexmark 8300 Series\lxcjmon.exe" [2007-01-30 10:32 205744]
"EzPrint"="C:\Program Files\Lexmark 8300 Series\ezprint.exe" [2007-01-30 10:35 103344]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 08:35 20480]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15 600896]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-21 08:08 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Gamevance"="C:\Program Files\Gamevance\gamevance32.exe" [2008-06-05 18:43 79360]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 18:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 17:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 14:51 118784]
"78772022"="C:\WINDOWS\system32\ieydbqum.dll" [2008-08-02 15:56 98688]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lwpcmk.dll ugpnrc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winio17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjp17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintb41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\lxcjcoms.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Game Vindicator\\Game Vindicator\\GameVindicator.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\DriftCity\\DriftCity.exe"=
"C:\\Program Files\\Kaiba Corp VDS\\KCVDS.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"34:TCP"= 34:TCP:Null Dc

R2 Dynex DX-WGPDTC WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 19:08]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S0 Winio17;Winio17;C:\WINDOWS\system32\Drivers\Winio17.sys []
S0 Winjp17;Winjp17;C:\WINDOWS\system32\Drivers\Winjp17.sys []
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 01:46]

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-08-01 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 14:20:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-06 14:31:38
ComboFix-quarantined-files.txt 2008-08-06 18:31:19
ComboFix2.txt 2008-08-06 09:10:13

Pre-Run: 19,100,946,432 bytes free
Post-Run: 19,088,564,224 bytes free

211 --- E O F --- 2008-07-18 07:01:52


-----------------------------------------------------------------------------------------------------------------

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [78772022] rundll32.exe "C:\WINDOWS\system32\ieydbqum.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192585368328
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - AppInit_DLLs: lwpcmk.dll ugpnrc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8032 bytes

[BHowett]

Hi Kidstone,

Move HijackThis

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. For this reason it cannot be run from a Zip file, Temporary folders, or desk top, because the backups will/could be deleted. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

• Please go to Start > My Computer > C:\
• right-click and select New > Folder then name the folder 'HJT'.
• Copy and paste HijackThis.exe to the new folder.

===============================================

OTMoveIt2 by OldTimer


Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  C:\WINDOWS\system32\ieydbqum.dll
  C:\WINDOWS\system32\ugpnrc.dll
  C:\WINDOWS\system32\qswaapfq.dll
  C:\WINDOWS\system32\pvwdxtgf.dll
  C:\WINDOWS\system32\lwpcmk.dll
  C:\WINDOWS\system32\bmsfwktc.dll
  C:\WINDOWS\system32\dsrivnjg.dll
  HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56aee6c3-414f-4764-b35f-353b1e6e68d4}
  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winio17.sys
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjp17.sys
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintb41.sys
  purity
  EmptyTemp
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===============================================

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

viewpoint


P2P Warning!
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current problem/infection. I would strongly suggest you remove LimeWire . Removing can be done through Add/Remove Programs.

===============================================

Fix with HijackThis

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [78772022] rundll32.exe "C:\WINDOWS\system32\ieydbqum.dll",b
O20 - AppInit_DLLs: lwpcmk.dll ugpnrc.dll
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis, and reboot your computer.

===============================================

Update Java


Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

===============================================

ATF Cleaner

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===============================================

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

===============================================

Kaspersky WebScanner
please go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

===============================================

Needed in your next reply:

OTMoveIt2 log
Malwarebytes log
Kaspersky Report
Fresh HijackThis log

Also let me know how everything is running at this time

*Note* you may need to post the requested logs in more then one reply, depending on how long they are.

[Kidstone]

Ot Move It Log

Explorer killed successfully
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ieydbqum.dll
C:\WINDOWS\system32\ieydbqum.dll NOT unregistered.
C:\WINDOWS\system32\ieydbqum.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ugpnrc.dll
C:\WINDOWS\system32\ugpnrc.dll NOT unregistered.
C:\WINDOWS\system32\ugpnrc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qswaapfq.dll
C:\WINDOWS\system32\qswaapfq.dll NOT unregistered.
C:\WINDOWS\system32\qswaapfq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pvwdxtgf.dll
C:\WINDOWS\system32\pvwdxtgf.dll NOT unregistered.
C:\WINDOWS\system32\pvwdxtgf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lwpcmk.dll
C:\WINDOWS\system32\lwpcmk.dll NOT unregistered.
C:\WINDOWS\system32\lwpcmk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bmsfwktc.dll
C:\WINDOWS\system32\bmsfwktc.dll NOT unregistered.
C:\WINDOWS\system32\bmsfwktc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dsrivnjg.dll
C:\WINDOWS\system32\dsrivnjg.dll NOT unregistered.
C:\WINDOWS\system32\dsrivnjg.dll moved successfully.
< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56aee6c3-414f-4764-b35f-353b1e6e68d4} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56aee6c3-414f-4764-b35f-353b1e6e68d4}\\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32\\ not found.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winio17.sys >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winio17.sys\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjp17.sys >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjp17.sys\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintb41.sys >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintb41.sys\\ deleted successfully.
< purity >
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\mcafee_lrp95aEl85Ws8wQ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_6eib5bTfLivG53J scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_DGGeVC8GdgxZdK6 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_ZxCcwPxSPYelyYW scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_8WFzJmSgs1BtftJ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_a1ErYuLcIsvbNVY scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_hBfVdxliMDy0unH scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08092008_200547

Im Going To Send The HJT Log Last After I Finish Everything Else (scans etc.)

[Kidstone]

Malwarebytes Log

Malwarebytes' Anti-Malware 1.24
Database version: 1036
Windows 5.1.2600 Service Pack 2

9:23:30 PM 8/9/2008
mbam-log-8-9-2008 (21-23-29).txt

Scan type: Quick Scan
Objects scanned: 42507
Time elapsed: 24 minute(s), 15 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 6
Registry Keys Infected: 20
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 43
Files Infected: 84

Memory Processes Infected:
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\Gamevance\gvcfglib.dll (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\Gamevance\gvhlp.dll (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\Gamevance\gvpop.dll (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\Gamevance\gvutil.dll (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\Gamevance\gvwslib.dll (Adware.Gamevance) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{b1e22eb8-2ae8-4e8e-96ae-74f2a1764533} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dlp.dlpobj (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dlp.dlpobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1d22e9e4-f771-4b8d-aa68-ba04e8980e07} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a851c98a-6136-4b02-9ec7-22aaf33e7b97} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da4b6a86-82e7-4a9e-abb9-3b225bc214a4} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\DLP.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\antispyware 2008 (Rogue.Antispyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\alot (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.bbks (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\alot (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\alot\bin (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot (Adware.BHO) -> Delete on reboot.
C:\Documents and Settings\Owner\Application Data\alot\Button_0 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_1 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_10 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_11 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_2 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_3 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_4 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_5 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_6 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_7 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_8 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_9 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\configurator (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\postInstallLayout (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\products (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_0 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_0\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_1 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_1\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_2 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_2\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_4 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_4\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_5 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_5\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_6 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_6\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_7 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_7\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_8 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_8\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\TimerManager (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\ToolbarSearch (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Updater (Adware.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\mpcodecplg.dll (Adware.WebDir) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\Gamevance\gvcfglib.dll (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\Gamevance\gvhlp.dll (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\Gamevance\gvpop.dll (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\Gamevance\gvtl.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvutil.dll (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\Gamevance\gvwslib.dll (Adware.Gamevance) -> Delete on reboot.
C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\alot\alotUninst.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\alot\bin\alot.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\toolbar.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_0\Button_0.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_0\Button_0.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_1\Button_1.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_1\Button_1.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_10\Button_10.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_10\Button_10.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_11\Button_11.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_11\Button_11.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_2\Button_2.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_2\Button_2.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_3\Button_3.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_3\Button_3.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_4\Button_4.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_4\Button_4.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_5\Button_5.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_5\Button_5.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_6\Button_6.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_6\Button_6.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_7\Button_7.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_7\Button_7.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_8\Button_8.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_8\Button_8.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_9\Button_9.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_9\Button_9.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\configurator\configurator.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\configurator\configurator.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\products\products.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\products\products.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_2\images\default_216_alot_recipe_recipesearch.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\alert-icon.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\clear.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\cloudy.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\default_281_alot_weather_widget.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\mcloud.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\nclear.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\nfoggy.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\npcloud.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\pcloud.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_4\images\default_338_alot_recipe_reciperssfeed.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_5\images\default_218_alot_recipe_cupboard.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_6\images\default_219_alot_recipe_recipevideos.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_7\images\default_205_alot_mrkt_carrot.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_7\images\default_205_alot_mrkt_harry_david.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_7\images\default_205_alot_recipe_mrkt_chefhat2.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_8\images\default_441_alot_mrkt_tv.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_8\images\default_441_alot_recipe_mrkt_home_marketplace.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\domains.dat (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\alot_brand.png (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\spinner.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_bottom.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_caption.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_close.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\TimerManager\TimerManager.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\TimerManager\TimerManager.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Updater\Updater.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Updater\Updater.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[Kidstone]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 10, 2008 09:09:43
Records in database: 1078192
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\

Scan statistics:
Files scanned: 86416
Threat name: 12
Infected objects: 19
Suspicious objects: 0
Duration of the scan: 03:24:59


File name / Threat name / Threats count
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\Adobe\Manager.exe.vir Infected: Trojan.Win32.Agent.xjc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\aerldavi.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bxz 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cjbomy.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bxz 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Wintb41.sys.vir Infected: Trojan-Downloader.Win32.Mutant.aim 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jchufuec.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bxz 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ljJYrSll.dll.vir Infected: Trojan.Win32.Monderb.dlh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJAqnOg.dll.vir Infected: Trojan.Win32.Monder.cmq 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnmkhFv.dll.vir Infected: Trojan.Win32.Monderb.dlh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\swzaps.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bxz 1
C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dll.vir Infected: Trojan-Downloader.Win32.Mutant.atp 1
C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dl_.vir Infected: Trojan-Downloader.Win32.Mutant.atp 1
C:\_OTMoveIt\MovedFiles\08092008_200547\WINDOWS\system32\bmsfwktc.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bzy 1
C:\_OTMoveIt\MovedFiles\08092008_200547\WINDOWS\system32\dsrivnjg.dll Infected: Trojan.Win32.Monder.box 1
C:\_OTMoveIt\MovedFiles\08092008_200547\WINDOWS\system32\ieydbqum.dll Infected: Trojan.Win32.Monder.cet 1
C:\_OTMoveIt\MovedFiles\08092008_200547\WINDOWS\system32\lwpcmk.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bzy 1
C:\_OTMoveIt\MovedFiles\08092008_200547\WINDOWS\system32\pvwdxtgf.dll Infected: Trojan.Win32.Monder.bxx 1
C:\_OTMoveIt\MovedFiles\08092008_200547\WINDOWS\system32\qswaapfq.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cas 1
C:\_OTMoveIt\MovedFiles\08092008_200547\WINDOWS\system32\ugpnrc.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cas 1

The selected area was scanned.