Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Someone is Inside my Computer [RESOLVED]

Started by mendillo , Sep 24 2008 04:16 PM

This topic is locked

#16
mendillo

Posted 26 September 2008 - 04:27 PM

Member

Topic Starter
Member
37 posts

That message box you said would come up after the combofix scan completed never came up. but i dragged and dropped the script onto the combofix icon and it did it's shpeal producing THIS txt

ComboFix 08-09-25.07 - NICHOLAS MENDILLO 2008-09-26 12:37:36.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.155 [GMT -4:00]
Running from: C:\Documents and Settings\NICHOLAS MENDILLO\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\NICHOLAS MENDILLO\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\byXPHxYQ.dll
C:\WINDOWS\system32\frkosybh.dll
C:\WINDOWS\system32\leyxxn.dll
C:\WINDOWS\system32\lwughfvg.dll
C:\WINDOWS\system32\nnnmlMeE.dll
C:\WINDOWS\system32\QYxHPXyb.ini
C:\WINDOWS\system32\QYxHPXyb.ini2
C:\WINDOWS\system32\xgyinccj.dll
C:\WINDOWS\system32\YUR11.exe
C:\WINDOWS\system32\YUR12.exe
C:\WINDOWS\system32\YUR13.exe
C:\WINDOWS\system32\YUR76.exe
C:\WINDOWS\system32\YUR77.exe
C:\WINDOWS\system32\YUR78.exe
C:\WINDOWS\system32\YUR7A.exe
C:\WINDOWS\system32\YURD.exe
C:\x
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-26 12:22 . 2008-09-24 02:13 25,088 --a------ C:\WINDOWS\system32\YUR8.exe
2008-09-26 01:07 . 2008-09-26 01:07 <DIR> d----c--- C:\_OTMoveIt
2008-09-25 21:16 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-25 21:16 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-09-25 21:16 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-25 21:16 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-25 16:32 . 2008-09-26 01:22 <DIR> d----c--- C:\rsit
2008-09-24 19:38 . 2008-09-24 19:38 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-24 19:23 . 2008-09-26 11:45 <DIR> d----c--- C:\SDFix
2008-09-24 15:52 . 2008-09-24 15:52 <DIR> d-------- C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\Lexmark Productivity Studio
2008-09-24 13:11 . 2008-09-24 13:11 <DIR> dr-hsc--- C:\resycled
2008-09-23 23:59 . 2008-09-23 23:59 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2008-09-23 23:57 . 2008-09-24 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Lx_cats
2008-09-23 23:48 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-23 23:48 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-23 23:46 . 2008-09-23 23:46 <DIR> d----c--- C:\logs
2008-09-23 23:45 . 2006-08-01 01:53 40,960 --a------ C:\WINDOWS\system32\lxdivs.dll
2008-09-23 23:44 . 2007-03-30 10:13 344,064 --a------ C:\WINDOWS\system32\lxdicoin.dll
2008-09-23 23:43 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-23 23:43 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-23 23:42 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-09-23 23:42 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-09-23 23:41 . 2007-03-23 15:44 692,224 --a------ C:\WINDOWS\system32\lxdidrs.dll
2008-09-23 23:41 . 2007-02-09 14:07 69,632 --a------ C:\WINDOWS\system32\lxdicnv4.dll
2008-09-23 23:41 . 2007-01-23 19:40 65,536 --a------ C:\WINDOWS\system32\lxdicaps.dll
2008-09-23 23:20 . 2008-09-23 23:42 <DIR> d-------- C:\Program Files\Lexmark 3500-4500 Series
2008-09-22 23:13 . 2008-09-23 01:34 <DIR> d-------- C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\ImgBurn
2008-09-22 02:35 . 2008-09-22 02:35 <DIR> d-------- C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\dvdcss
2008-09-17 00:46 . 2008-09-24 12:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-15 13:59 . 2008-09-24 16:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-15 13:59 . 2008-09-15 13:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-06 15:54 . 2008-09-06 15:55 117,527 --a--c--- C:\Route 2 on Independence Day.mp3
2008-09-06 15:52 . 2008-09-06 15:52 894,504 --a------ C:\Program Files\WGAPluginInstall.exe
2008-08-30 00:15 . 2008-08-30 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-08-30 00:13 . 2008-08-30 00:14 <DIR> d-------- C:\Program Files\Dell Support Center
2008-08-30 00:13 . 2008-08-30 00:13 <DIR> d-------- C:\Program Files\Common Files\supportsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 20:00 --------- d-----w C:\Program Files\Config
2008-09-26 19:59 --------- d-----w C:\Program Files\Logs
2008-09-26 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-24 05:11 --------- d-----w C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\uTorrent
2008-09-23 02:41 --------- d-----w C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\Vso
2008-09-10 03:21 267,056 ----a-w C:\Program Files\uTorrent.exe
2008-09-03 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-09-01 06:24 --------- d-----w C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\Registry Booster
2008-08-31 20:07 --------- d-----w C:\Program Files\TabIt
2008-08-30 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-08-25 04:31 --------- d-----w C:\Program Files\Reports
2008-08-25 04:26 --------- d-----w C:\Program Files\wxp
2008-08-25 04:26 --------- d-----w C:\Program Files\w2k
2008-08-25 04:26 --------- d-----w C:\Program Files\Trans
2008-08-25 04:26 --------- d-----w C:\Program Files\License
2008-08-25 04:26 --------- d-----w C:\Program Files\DbgHelp
2008-08-25 04:24 5,991,904 ----a-w C:\Program Files\Sunbelt-Personal-Firewall.exe
2008-08-24 22:18 86,733,638 -c--a-w C:\registrybackup.reg
2008-08-24 17:34 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 17:34 --------- d-----w C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\Malwarebytes
2008-08-24 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-24 17:33 2,085,280 ----a-w C:\Program Files\mbam-setup.exe
2008-08-22 16:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 17:31 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 19:01 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-17 19:01 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-07 05:53 --------- d-----w C:\Program Files\Google
2008-07-31 00:59 32,768 ----a-w C:\Program Files\bcd_installed.exe
2008-07-30 14:36 95,528 ----a-w C:\Program Files\SbPFLnch.exe
2008-07-30 14:36 95,528 ----a-w C:\Program Files\SbFw.dll
2008-07-30 14:36 91,432 ----a-w C:\Program Files\SbFwIm.dll
2008-07-30 14:36 79,144 ----a-w C:\Program Files\SbPFWsc.dll
2008-07-30 14:36 62,760 ----a-w C:\Program Files\SDK_Inst.exe
2008-07-30 14:36 275,752 ----a-w C:\Program Files\SbFwe.dll
2008-07-30 14:36 111,912 ----a-w C:\Program Files\SbErrRpt.exe
2008-07-30 14:36 1,705,256 ----a-w C:\Program Files\SbPFCl.exe
2008-07-30 14:36 1,361,192 ----a-w C:\Program Files\SbPFSvc.exe
2008-07-30 13:58 3,293 ----a-w C:\Program Files\Readme.txt
2008-06-12 23:24 1,495,112 ----a-w C:\Program Files\install_flash_player.exe
2008-03-21 15:40 122,879 -c--a-w C:\Program Files\4482-utorrent.8020.dmp
2008-03-19 08:37 144,665 -c--a-w C:\Program Files\4482-utorrent.d009.dmp
2008-03-14 21:38 1,454,656 ----a-w C:\Program Files\Silverlight.exe
2008-02-17 03:12 132,608 ----a-w C:\Program Files\VundoFix.exe
2008-02-15 22:29 50,688 ----a-w C:\Program Files\ATF-Cleaner.exe
2008-02-04 19:04 555,572 ----a-w C:\Program Files\spf4-en.chm
2008-01-29 21:47 125,164 -c--a-w C:\Program Files\4482-utorrent.5094.dmp
2008-01-26 18:36 158,275 -c--a-w C:\Program Files\4482-utorrent.b16a.dmp
2007-12-09 08:36 2,400,784 ----a-w C:\Program Files\WLinstaller.exe
2007-10-02 12:34 148,511 -c--a-w C:\Program Files\4482-utorrent.54f2.dmp
2007-08-10 03:11 1,436,096 ----a-w C:\Program Files\Silverlight.1.0.RC.exe
2007-08-09 11:32 270,336 ----a-w C:\Program Files\cfgconv.exe
2007-06-28 15:41 47,360 -c--a-w C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\pcouffin.sys
2007-05-18 00:40 1,066 -c--a-w C:\Program Files\SuperDAT.log
2007-05-18 00:36 736,180 ----a-w C:\Program Files\CSA.exe
2007-04-09 21:47 5,632 -csha-w C:\Program Files\Thumbs.db
2007-01-22 15:22 859,648 ----a-w C:\Program Files\PocoFoundation.dll
2007-01-22 15:22 470,016 ----a-w C:\Program Files\PocoXML.dll
2007-01-22 15:22 467,456 ----a-w C:\Program Files\PocoNet.dll
2007-01-22 15:22 211,456 ----a-w C:\Program Files\PocoUtil.dll
2007-01-22 15:22 18,432 ----a-w C:\Program Files\PocoExt.dll
2007-01-08 18:15 29,424 ----a-w C:\Program Files\1942.zip
2006-12-24 01:40 680,575 ----a-w C:\Program Files\TabIt-2.03-full.exe
2006-09-25 16:11 263,680 ----a-w C:\Program Files\FairUse4WM.exe
2006-07-19 20:52 466,944 ----a-w C:\Program Files\boost_regex-vc71-mt-1_33_1.dll
2006-03-09 15:59 36,465,208 ----a-w C:\Program Files\iTunesSetup.exe
2006-02-28 19:46 290,816 ----a-w C:\Program Files\curllib.dll
2006-02-14 19:36 97,280 ----a-w C:\Program Files\zlibwapi.dll
2006-02-14 19:36 155,648 ----a-w C:\Program Files\ssleay32.dll
2006-02-14 19:35 888,832 ----a-w C:\Program Files\kticonv.dll
2006-02-14 19:35 827,392 ----a-w C:\Program Files\libeay32.dll
2006-01-21 21:10 11,817,800 ----a-w C:\Program Files\GoogleEarth.exe
2006-01-17 23:28 8,715,352 ----a-w C:\Program Files\Install_AIM.exe
2005-12-05 23:00 74,448 -c----w C:\Program Files\DSETUP.dll
2005-12-05 23:00 484,560 ------w C:\Program Files\DXSETUP.exe
2005-12-05 23:00 2,247,888 -c----w C:\Program Files\dsetup32.dll
2004-11-09 14:21 29,619,712 ----a-w C:\Program Files\finaldraft7.exe
2003-08-20 11:05 41 -c--a-w C:\Program Files\Setup.Ini
2003-03-19 01:20 1,060,864 ----a-w C:\Program Files\mfc71.dll
2003-03-19 01:12 1,047,552 ----a-w C:\Program Files\mfc71u.dll
2003-03-19 00:14 499,712 ----a-w C:\Program Files\msvcp71.dll
2003-02-21 08:42 348,160 ----a-w C:\Program Files\msvcr71.dll
2001-09-25 20:05 1,707,856 ----a-w C:\Program Files\InstMsiA.Exe
2001-09-11 23:04 1,821,008 ----a-w C:\Program Files\InstMsiW.Exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-26_11.33.18.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-24 06:13:13 25,088 ----a-w C:\WINDOWS\system32\YURE.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-06-02 67160]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"\YUR8.exe"="C:\Windows\system32\YUR8.exe" [2008-09-24 25088]
"\YURE.exe"="C:\Windows\system32\YURE.exe" [2008-09-24 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 73728]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 77824]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2008-01-24 136512]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"\YUR8.exe"="C:\Windows\system32\YUR8.exe" [2008-09-24 25088]
"\YURE.exe"="C:\Windows\system32\YURE.exe" [2008-09-24 25088]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\NICHOLAS MENDILLO\Start Menu\Programs\Startup\
MEMonitor.lnk - E:\Programs\V CAST Music Manager\MEMonitor.exe [2008-05-23 951640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-06 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
SafeConnect.lnk - C:\Program Files\SafeConnect\scClient.exe [2007-04-09 206368]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-10-19 21:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\uTorrent.exe"=
"E:\\Programs\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\program files\\bcd_installed.exe"=
"C:\\WINDOWS\\system32\\lxdicoms.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"C:\\WINDOWS\\system32\\lxdicfg.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"C:\\WINDOWS\\system32\\lxdiih.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-06-11 517040]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\SbPFLnch.exe [2008-07-30 95528]
R2 SCManager;SafeConnect Manager;C:\Program Files\SafeConnect\scManager.sys servicestart [ ]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\SbPFSvc.exe [2008-07-30 1361192]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{D260345B-44B5-4EFD-A172-602B3F5D8296} - C:\WINDOWS\system32\byXPHxYQ.dll
HKCU-Run-\YUR11.exe - C:\Windows\system32\YUR11.exe
HKCU-Run-\YURD.exe - C:\Windows\system32\YURD.exe
HKLM-Run-\YUR11.exe - C:\Windows\system32\YUR11.exe
HKLM-Run-\YURD.exe - C:\Windows\system32\YURD.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 16:00:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\YURE.exe 25088 bytes executable

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\SbPFCl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\Network Associates\Common Framework\Mctray.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-09-26 16:17:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-26 20:15:49
ComboFix2.txt 2008-09-26 15:38:19
ComboFix3.txt 2008-08-24 07:43:13
ComboFix4.txt 2008-02-19 00:43:58

Pre-Run: 22,472,081,408 bytes free
Post-Run: 22,464,983,040 bytes free

273 --- E O F --- 2008-09-10 07:06:54

The HJT scan log is THIS

(Quick question... why do i all of a sudden have a 2nd hijack this icon logo in my programs folder but it is titled NICHOLAS MENDILLO.exe (that's my name...))

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:07, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\SbPFLnch.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\SbPFSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SbPFCl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Windows\system32\YUR8.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SafeConnect\scClient.exe
E:\Programs\V CAST Music Manager\MEMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Programs\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [\YUR8.exe] C:\Windows\system32\YUR8.exe
O4 - HKLM\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [\YUR8.exe] C:\Windows\system32\YUR8.exe
O4 - HKCU\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe
O4 - HKUS\S-1-5-19\..\Run: [larepemijo] Rundll32.exe "C:\WINDOWS\system32\petolahu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [larepemijo] Rundll32.exe "C:\WINDOWS\system32\petolahu.dll",s (User 'NETWORK SERVICE')
O4 - Startup: MEMonitor.lnk = E:\Programs\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SafeConnect.lnk = ?
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.ai...AIM.9.5.1.8.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\SbPFLnch.exe
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\SbPFSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

--
End of file - 9485 bytes

thanks

#17
Rorschach112

Posted 26 September 2008 - 04:38 PM

Ralphie

Retired Staff
47,710 posts

Thats from the tools we ran

Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo.com/forum/Someone-Inside-Computer-t212811.html&st=15#entry1341142

Collect::[12]
C:\WINDOWS\system32\YUR8.exe
C:\WINDOWS\system32\YURE.exe

Suspect::

Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.
A browser will open.
Simply follow the instructions to copy/paste/send the requested file.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Also post a new HJT log

#18
mendillo

Posted 27 September 2008 - 12:04 AM

Member

Topic Starter
Member
37 posts

Everything from your directions have been going just well from your last post to me up until the webscan.

I went to that website to do the system scan and it updated just fine. Once I started the scan process, everything SLLLLOOWWWWEEDDD DDOWWWWNNN. I figured that since it was scanning my computer, it WOULD take a while... so I went to watch the debate, and then a movie. clearly about 3 hours of activity. I go back to my computer and it has only scanned 4200+ files, and the time elapsed was only and hour and a half.... and counting... so it wasn't frozen. It is also taking up 100% of my CPU Usage so I can't do anything else. I'm writing this post from my roomate's computer.

it has found infections... but at this rate, it wont be finished scanning until next week. (according to the clock IT'S going by, it'll only take 4 days or so.)

What can i do to not have this be going on? the eradication was going so well...

#19
mendillo

Posted 27 September 2008 - 02:39 AM

Member

Topic Starter
Member
37 posts

The Kaspersky Online Scanner said it has been going for 6.5 hours. It's actually been going on for 8+ hours. I had to stop the scan. It was going nowhere and was scanning the same file for about 4 hours. I stopped the scan, viewed the report thus far and got the txt below. But here is what you asked for in the order I did it.

COMBOFIX

ComboFix 08-09-26.01 - NICHOLAS MENDILLO 2008-09-26 19:02:13.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.197 [GMT -4:00]
Running from: C:\Documents and Settings\NICHOLAS MENDILLO\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\NICHOLAS MENDILLO\Desktop\cfscript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\YUR8.exe
C:\WINDOWS\system32\YURE.exe
C:\x

.
((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-26 18:31 . 2008-09-26 18:31 <DIR> d-------- C:\WINDOWS\LastGood
2008-09-26 01:07 . 2008-09-26 01:07 <DIR> d----c--- C:\_OTMoveIt
2008-09-25 21:16 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-25 21:16 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-09-25 21:16 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-25 21:16 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-25 16:32 . 2008-09-26 01:22 <DIR> d----c--- C:\rsit
2008-09-24 19:38 . 2008-09-24 19:38 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-24 19:23 . 2008-09-26 11:45 <DIR> d----c--- C:\SDFix
2008-09-24 15:52 . 2008-09-24 15:52 <DIR> d-------- C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\Lexmark Productivity Studio
2008-09-24 13:11 . 2008-09-24 13:11 <DIR> dr-hsc--- C:\resycled
2008-09-23 23:59 . 2008-09-23 23:59 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2008-09-23 23:57 . 2008-09-24 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Lx_cats
2008-09-23 23:48 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-23 23:48 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-23 23:46 . 2008-09-23 23:46 <DIR> d----c--- C:\logs
2008-09-23 23:45 . 2006-08-01 01:53 40,960 --a------ C:\WINDOWS\system32\lxdivs.dll
2008-09-23 23:44 . 2007-03-30 10:13 344,064 --a------ C:\WINDOWS\system32\lxdicoin.dll
2008-09-23 23:43 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-23 23:43 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-23 23:42 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-09-23 23:42 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-09-23 23:41 . 2007-03-23 15:44 692,224 --a------ C:\WINDOWS\system32\lxdidrs.dll
2008-09-23 23:41 . 2007-02-09 14:07 69,632 --a------ C:\WINDOWS\system32\lxdicnv4.dll
2008-09-23 23:41 . 2007-01-23 19:40 65,536 --a------ C:\WINDOWS\system32\lxdicaps.dll
2008-09-23 23:20 . 2008-09-23 23:42 <DIR> d-------- C:\Program Files\Lexmark 3500-4500 Series
2008-09-22 23:13 . 2008-09-23 01:34 <DIR> d-------- C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\ImgBurn
2008-09-22 02:35 . 2008-09-22 02:35 <DIR> d-------- C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\dvdcss
2008-09-17 00:46 . 2008-09-24 12:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-15 13:59 . 2008-09-24 16:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-15 13:59 . 2008-09-15 13:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-06 15:54 . 2008-09-06 15:55 117,527 --a--c--- C:\Route 2 on Independence Day.mp3
2008-09-06 15:52 . 2008-09-06 15:52 894,504 --a------ C:\Program Files\WGAPluginInstall.exe
2008-08-30 00:15 . 2008-08-30 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-08-30 00:13 . 2008-08-30 00:14 <DIR> d-------- C:\Program Files\Dell Support Center
2008-08-30 00:13 . 2008-08-30 00:13 <DIR> d-------- C:\Program Files\Common Files\supportsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 22:47 --------- d-----w C:\Program Files\Bonjour
2008-09-26 20:00 --------- d-----w C:\Program Files\Config
2008-09-26 19:59 --------- d-----w C:\Program Files\Logs
2008-09-26 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-26 01:38 4,150 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-24 05:11 --------- d-----w C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\uTorrent
2008-09-23 02:41 --------- d-----w C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\Vso
2008-09-10 03:21 267,056 ----a-w C:\Program Files\uTorrent.exe
2008-09-03 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-09-01 06:24 --------- d-----w C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\Registry Booster
2008-08-31 20:07 --------- d-----w C:\Program Files\TabIt
2008-08-30 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-08-25 04:31 --------- d-----w C:\Program Files\Reports
2008-08-25 04:26 --------- d-----w C:\Program Files\wxp
2008-08-25 04:26 --------- d-----w C:\Program Files\w2k
2008-08-25 04:26 --------- d-----w C:\Program Files\Trans
2008-08-25 04:26 --------- d-----w C:\Program Files\License
2008-08-25 04:26 --------- d-----w C:\Program Files\DbgHelp
2008-08-25 04:24 5,991,904 ----a-w C:\Program Files\Sunbelt-Personal-Firewall.exe
2008-08-24 22:18 86,733,638 -c--a-w C:\registrybackup.reg
2008-08-24 17:34 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 17:34 --------- d-----w C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\Malwarebytes
2008-08-24 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-24 17:33 2,085,280 ----a-w C:\Program Files\mbam-setup.exe
2008-08-22 16:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 17:31 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 19:01 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-17 19:01 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-07 05:53 --------- d-----w C:\Program Files\Google
2008-07-31 00:59 32,768 ----a-w C:\Program Files\bcd_installed.exe
2008-07-30 14:36 95,528 ----a-w C:\Program Files\SbPFLnch.exe
2008-07-30 14:36 95,528 ----a-w C:\Program Files\SbFw.dll
2008-07-30 14:36 91,432 ----a-w C:\Program Files\SbFwIm.dll
2008-07-30 14:36 79,144 ----a-w C:\Program Files\SbPFWsc.dll
2008-07-30 14:36 62,760 ----a-w C:\Program Files\SDK_Inst.exe
2008-07-30 14:36 275,752 ----a-w C:\Program Files\SbFwe.dll
2008-07-30 14:36 111,912 ----a-w C:\Program Files\SbErrRpt.exe
2008-07-30 14:36 1,705,256 ----a-w C:\Program Files\SbPFCl.exe
2008-07-30 14:36 1,361,192 ----a-w C:\Program Files\SbPFSvc.exe
2008-07-30 13:58 3,293 ----a-w C:\Program Files\Readme.txt
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-12 23:24 1,495,112 ----a-w C:\Program Files\install_flash_player.exe
2008-03-21 15:40 122,879 -c--a-w C:\Program Files\4482-utorrent.8020.dmp
2008-03-19 08:37 144,665 -c--a-w C:\Program Files\4482-utorrent.d009.dmp
2008-03-14 21:38 1,454,656 ----a-w C:\Program Files\Silverlight.exe
2008-02-17 03:12 132,608 ----a-w C:\Program Files\VundoFix.exe
2008-02-15 22:29 50,688 ----a-w C:\Program Files\ATF-Cleaner.exe
2008-02-04 19:04 555,572 ----a-w C:\Program Files\spf4-en.chm
2008-01-29 21:47 125,164 -c--a-w C:\Program Files\4482-utorrent.5094.dmp
2008-01-26 18:36 158,275 -c--a-w C:\Program Files\4482-utorrent.b16a.dmp
2007-12-09 08:36 2,400,784 ----a-w C:\Program Files\WLinstaller.exe
2007-10-02 12:34 148,511 -c--a-w C:\Program Files\4482-utorrent.54f2.dmp
2007-08-10 03:11 1,436,096 ----a-w C:\Program Files\Silverlight.1.0.RC.exe
2007-08-09 11:32 270,336 ----a-w C:\Program Files\cfgconv.exe
2007-06-28 15:41 47,360 -c--a-w C:\Documents and Settings\NICHOLAS MENDILLO\Application Data\pcouffin.sys
2007-05-18 00:40 1,066 -c--a-w C:\Program Files\SuperDAT.log
2007-05-18 00:36 736,180 ----a-w C:\Program Files\CSA.exe
2007-04-09 21:47 5,632 -csha-w C:\Program Files\Thumbs.db
2007-01-22 15:22 859,648 ----a-w C:\Program Files\PocoFoundation.dll
2007-01-22 15:22 470,016 ----a-w C:\Program Files\PocoXML.dll
2007-01-22 15:22 467,456 ----a-w C:\Program Files\PocoNet.dll
2007-01-22 15:22 211,456 ----a-w C:\Program Files\PocoUtil.dll
2007-01-22 15:22 18,432 ----a-w C:\Program Files\PocoExt.dll
2007-01-08 18:15 29,424 ----a-w C:\Program Files\1942.zip
2006-12-24 01:40 680,575 ----a-w C:\Program Files\TabIt-2.03-full.exe
2006-09-25 16:11 263,680 ----a-w C:\Program Files\FairUse4WM.exe
2006-07-19 20:52 466,944 ----a-w C:\Program Files\boost_regex-vc71-mt-1_33_1.dll
2006-03-09 15:59 36,465,208 ----a-w C:\Program Files\iTunesSetup.exe
2006-02-28 19:46 290,816 ----a-w C:\Program Files\curllib.dll
2006-02-14 19:36 97,280 ----a-w C:\Program Files\zlibwapi.dll
2006-02-14 19:36 155,648 ----a-w C:\Program Files\ssleay32.dll
2006-02-14 19:35 888,832 ----a-w C:\Program Files\kticonv.dll
2006-02-14 19:35 827,392 ----a-w C:\Program Files\libeay32.dll
2006-01-21 21:10 11,817,800 ----a-w C:\Program Files\GoogleEarth.exe
2006-01-17 23:28 8,715,352 ----a-w C:\Program Files\Install_AIM.exe
2005-12-05 23:00 74,448 -c----w C:\Program Files\DSETUP.dll
2005-12-05 23:00 484,560 ------w C:\Program Files\DXSETUP.exe
2005-12-05 23:00 2,247,888 -c----w C:\Program Files\dsetup32.dll
2004-11-09 14:21 29,619,712 ----a-w C:\Program Files\finaldraft7.exe
2003-08-20 11:05 41 -c--a-w C:\Program Files\Setup.Ini
2003-03-19 01:20 1,060,864 ----a-w C:\Program Files\mfc71.dll
2003-03-19 01:12 1,047,552 ----a-w C:\Program Files\mfc71u.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-06-02 67160]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 73728]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 77824]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2008-01-24 136512]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-06 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
SafeConnect.lnk - C:\Program Files\SafeConnect\scClient.exe [2007-04-09 206368]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-10-19 21:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\uTorrent.exe"=
"E:\\Programs\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\program files\\bcd_installed.exe"=
"C:\\WINDOWS\\system32\\lxdicoms.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"C:\\WINDOWS\\system32\\lxdicfg.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"C:\\WINDOWS\\system32\\lxdiih.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-06-11 517040]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\SbPFLnch.exe [2008-07-30 95528]
R2 SCManager;SafeConnect Manager;C:\Program Files\SafeConnect\scManager.sys servicestart [ ]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\SbPFSvc.exe [2008-07-30 1361192]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-\YUR8.exe - C:\Windows\system32\YUR8.exe
HKCU-Run-\YURE.exe - C:\Windows\system32\YURE.exe
HKLM-Run-\YUR8.exe - C:\Windows\system32\YUR8.exe
HKLM-Run-\YURE.exe - C:\Windows\system32\YURE.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 19:09:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2008-09-26 19:14:38
ComboFix-quarantined-files.txt 2008-09-26 23:13:27
ComboFix2.txt 2008-09-26 20:17:14
ComboFix3.txt 2008-09-26 15:38:19
ComboFix4.txt 2008-08-24 07:43:13
ComboFix5.txt 2008-09-26 22:55:27

Pre-Run: 22,426,812,416 bytes free
Post-Run: 22,421,938,176 bytes free

242 --- E O F --- 2008-09-10 07:06:54

MalwareByte

Malwarebytes' Anti-Malware 1.28
Database version: 1211
Windows 5.1.2600 Service Pack 2

9/26/2008 8:35:06 PM
mbam-log-2008-09-26 (20-35-06).txt

Scan type: Quick Scan
Objects scanned: 45424
Time elapsed: 23 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instbndlkeyldr (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.bmso (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{51310a3f-b7d4-4142-b8d8-5ef0376ea2aa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.108,85.255.112.137 -> Quarantined and deleted successfully.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Kaspersky (up to when I manually stopped it)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, September 26, 2008 22:02:08
Records in database: 1264151
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 4322
Threat name: 16
Infected objects: 179
Suspicious objects: 0
Duration of the scan: 06:24:01

File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.exe Infected: not-a-virus:PSWTool.Win32.Cain.20 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.exe Infected: not-a-virus:PSWTool.Win32.Cain.a 2
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP1.exe Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP14.tmp Infected: Trojan-Downloader.Win32.VB.bla 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP2.exe Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP3.exe Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02440000.VBN Infected: Trojan-Downloader.Win32.VB.bla 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06300000.VBN Infected: Trojan-Downloader.Win32.Zlob.fwu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06300001.VBN Infected: Trojan-Downloader.Win32.Zlob.fwu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06300002.VBN Infected: Trojan-Downloader.Win32.Zlob.ihw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06300003.VBN Infected: Trojan-Downloader.Win32.Zlob.ihw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06300004.VBN Infected: Trojan-Downloader.Win32.Zlob.eyy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06300005.VBN Infected: Trojan-Downloader.Win32.Zlob.eyy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06300006.VBN Infected: Trojan-Downloader.Win32.Zlob.dbh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06300007.VBN Infected: Trojan-Downloader.Win32.Zlob.dbh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06300008.VBN Infected: Trojan-Downloader.Win32.Zlob.dbn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06300009.VBN Infected: Trojan-Downloader.Win32.Zlob.dbn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09100000.VBN Infected: Trojan-Downloader.Win32.Small.fwx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN Infected: Exploit.HTML.IESlice.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AF80000.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AF80001.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B000000.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B000001.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B040000.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B040001.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B040002.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B100000.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B100001.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B140000.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B1C0000.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B1C0001.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B1C0002.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B1C0003.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B1C0004.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B200000.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B340000.VBN Infected: Trojan-Downloader.Win32.Zlob.fwu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B340001.VBN Infected: Trojan-Downloader.Win32.Zlob.ihw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B440000.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B440001.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B4C0000.VBN Infected: Trojan-Downloader.Win32.Zlob.eyy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B4C0001.VBN Infected: Trojan-Downloader.Win32.Zlob.dbh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B4C0002.VBN Infected: Trojan-Downloader.Win32.Zlob.dbn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA00006.VBN Infected: Trojan-Downloader.Win32.VB.bla 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA00007.VBN Infected: Trojan-Downloader.Win32.VB.bla 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BAC0000.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BAC0001.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000.VBN Infected: Trojan.Win32.Monder.cc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0001.VBN Infected: Trojan.Win32.Monder.cc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0002.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0003.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0004.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0005.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0008.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0009.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC000A.VBN Infected: Trojan.Win32.Monder.bv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC000B.VBN Infected: Trojan.Win32.Monder.bv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC000C.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC000D.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC000E.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC000F.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0010.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0011.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0012.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0013.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0014.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0015.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0016.VBN Infected: Trojan.Win32.Monder.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0017.VBN Infected: Trojan.Win32.Monder.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0018.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BFC0019.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D4C0000.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB8000C.VBN Infected: Trojan-Downloader.Win32.Zlob.fwu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB8000D.VBN Infected: Trojan-Downloader.Win32.Zlob.fwu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB8000E.VBN Infected: Trojan-Downloader.Win32.Zlob.ihw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB8000F.VBN Infected: Trojan-Downloader.Win32.Zlob.ihw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB80010.VBN Infected: Trojan-Downloader.Win32.Zlob.eyy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB80011.VBN Infected: Trojan-Downloader.Win32.Zlob.eyy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB80012.VBN Infected: Trojan-Downloader.Win32.Zlob.dbh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB80013.VBN Infected: Trojan-Downloader.Win32.Zlob.dbh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB80014.VBN Infected: Trojan-Downloader.Win32.Zlob.dbn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB80015.VBN Infected: Trojan-Downloader.Win32.Zlob.dbn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB80016.VBN Infected: Trojan-Downloader.Win32.VB.bla 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DB80017.VBN Infected: Trojan-Downloader.Win32.VB.bla 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E000000.VBN Infected: Trojan-Downloader.Win32.Small.ieg 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240002.VBN Infected: Trojan-Downloader.Win32.Small.fwx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240003.VBN Infected: Trojan-Downloader.Win32.Small.fwx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24000C.VBN Infected: Exploit.HTML.IESlice.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24000D.VBN Infected: Exploit.HTML.IESlice.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24000E.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24000F.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240010.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240011.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240012.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240013.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240014.VBN Infected: Trojan-Downloader.Win32.VB.bla 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240015.VBN Infected: Trojan-Downloader.Win32.VB.bla 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240016.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240017.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24001E.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24001F.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240022.VBN Infected: Trojan.Win32.Monder.cc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240023.VBN Infected: Trojan.Win32.Monder.cc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24002A.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24002B.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24002C.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24002D.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24002E.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24002F.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240032.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240033.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240036.VBN Infected: Trojan-Downloader.Win32.Zlob.fwu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240037.VBN Infected: Trojan-Downloader.Win32.Zlob.fwu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240038.VBN Infected: Trojan-Downloader.Win32.Zlob.fwu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240039.VBN Infected: Trojan-Downloader.Win32.Zlob.fwu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24003A.VBN Infected: Trojan-Downloader.Win32.Zlob.ihw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24003B.VBN Infected: Trojan-Downloader.Win32.Zlob.ihw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24003C.VBN Infected: Trojan-Downloader.Win32.Zlob.ihw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24003D.VBN Infected: Trojan-Downloader.Win32.Zlob.ihw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240040.VBN Infected: Trojan-Downloader.Win32.Zlob.eyy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240041.VBN Infected: Trojan-Downloader.Win32.Zlob.eyy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240042.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240043.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240044.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240045.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240046.VBN Infected: Trojan-Downloader.Win32.Zlob.eyy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240047.VBN Infected: Trojan-Downloader.Win32.Zlob.eyy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240048.VBN Infected: Trojan-Downloader.Win32.Zlob.dbh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240049.VBN Infected: Trojan-Downloader.Win32.Zlob.dbh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24004A.VBN Infected: Trojan-Downloader.Win32.Zlob.dbh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24004B.VBN Infected: Trojan-Downloader.Win32.Zlob.dbh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24004C.VBN Infected: Trojan.Win32.Monder.bv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24004D.VBN Infected: Trojan.Win32.Monder.bv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240050.VBN Infected: Trojan-Downloader.Win32.Zlob.dbn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240051.VBN Infected: Trojan-Downloader.Win32.Zlob.dbn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240052.VBN Infected: Trojan-Downloader.Win32.Zlob.dbn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240053.VBN Infected: Trojan-Downloader.Win32.Zlob.dbn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240054.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240055.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240056.VBN Infected: Trojan-Downloader.Win32.VB.bla 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240057.VBN Infected: Trojan-Downloader.Win32.VB.bla 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24005A.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24005B.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24005C.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24005D.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24005E.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24005F.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240060.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240061.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240062.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240063.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240064.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240065.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240068.VBN Infected: Trojan.Win32.Monder.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240069.VBN Infected: Trojan.Win32.Monder.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24006A.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24006B.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24006C.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24006D.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240076.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240077.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24007A.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24007B.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240080.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240081.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240086.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240087.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24008C.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24008D.VBN Infected: not-a-virus:PSWTool.Win32.Brutus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24008E.VBN Infected: Trojan-Downloader.Win32.Zlob.fwu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E24008F.VBN Infected: Trojan-Downloader.Win32.Zlob.fwu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240090.VBN Infected: Trojan-Downloader.Win32.Zlob.ihw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240091.VBN Infected: Trojan-Downloader.Win32.Zlob.ihw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240092.VBN Infected: Trojan-Downloader.Win32.Zlob.eyy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240093.VBN Infected: Trojan-Downloader.Win32.Zlob.eyy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240094.VBN Infected: Trojan-Downloader.Win32.Zlob.dbh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240095.VBN Infected: Trojan-Downloader.Win32.Zlob.dbh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240096.VBN Infected: Trojan-Downloader.Win32.Zlob.dbn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240097.VBN Infected: Trojan-Downloader.Win32.Zlob.dbn 1

The scan was stopped by the user.

HIJACK THIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:39:15, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SafeConnect\scClient.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Programs\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,

#20
Rorschach112

Posted 27 September 2008 - 05:27 AM

Ralphie

Retired Staff
47,710 posts

Nearly done

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Also post a new HJT log

#21
mendillo

Posted 27 September 2008 - 11:17 AM

Member

Topic Starter
Member
37 posts

ignore this post...

Edited by mendillo, 27 September 2008 - 11:18 AM.

#22
Rorschach112

Posted 27 September 2008 - 11:20 AM

Ralphie

Retired Staff
47,710 posts

#23
mendillo

Posted 27 September 2008 - 11:24 AM

Member

Topic Starter
Member
37 posts

SmitFraudFix v2.354

Scan done at 13:19:47.81, Sat 09/27/2008
Run from C:\Documents and Settings\NICHOLAS MENDILLO\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SafeConnect\scClient.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\NICHOLAS MENDILLO\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\NICHOLAS MENDILLO

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\NICHOLAS MENDILLO\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\NICHOL~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Dell Wireless 1370 WLAN Mini-PCI Card - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{51310A3F-B7D4-4142-B8D8-5EF0376EA2AA}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{51310A3F-B7D4-4142-B8D8-5EF0376EA2AA}: DhcpNameServer=192.168.2.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:49, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SafeConnect\scClient.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\NOTEPAD.EXE
E:\Programs\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-19\..\Run: [larepemijo] Rundll32.exe "C:\WINDOWS\system32\petolahu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [larepemijo] Rundll32.exe "C:\WINDOWS\system32\petolahu.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SafeConnect.lnk = ?
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.ai...AIM.9.5.1.8.cab
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\SbPFLnch.exe
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\SbPFSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

--
End of file - 8222 bytes

#24
mendillo

Posted 27 September 2008 - 08:24 PM

Member

Topic Starter
Member
37 posts

don't ignore the above post...

#25
mendillo

Posted 28 September 2008 - 11:19 AM

Member

Topic Starter
Member
37 posts

i take it there's nothing more for me to do? am i cured?

#26
Rorschach112

Posted 28 September 2008 - 11:34 AM

Ralphie

Retired Staff
47,710 posts

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Make sure you have an Internet Connection.
Double-click OTMoveIt2.exe to run it.
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

*ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

*Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#27
mendillo

Posted 28 September 2008 - 11:22 PM

Member

Topic Starter
Member
37 posts

man, i dont know how to thank you enough. you were awesome. I really appreciate the help and your patience.

#28
Rorschach112

Posted 29 September 2008 - 05:30 AM

Ralphie

Retired Staff
47,710 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.