Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How to remove darksma grokster and others

Started by kenny_turner52 , Nov 17 2008 06:02 AM

  • Please log in to reply

#1
kenny_turner52
Posted 17 November 2008 - 06:02 AM

kenny_turner52

    Member

  • Member
  • PipPip
  • 17 posts
I use yahoo anti-spy and everything comes back instantly. Anytime i go on any site that may help me the virus redirects me to the page cannot be displayed screen. it also does that if i try to download anything. im actually on my other computer because the virus wont let me come to your site. But i can search normal sites along with a million pop-ups. Please can you help
  • 0

Advertisements

#2
kahdah
Posted 17 November 2008 - 12:47 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello kenny_turner52

Welcome to G2Go. :)
=====================
Please transfer this to the infected computer with either a flash drive or cd.
Copy it to the desktop and run it from there.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#3
kenny_turner52
Posted 17 November 2008 - 01:28 PM

kenny_turner52

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I apologize but my only means to tranfer to the other comp. i email. i hope it stayed formated right. Also only the log came up not the info



Logfile of random's system information tool 1.04 (written by random/random)
Run by Kenneth at 2008-11-17 13:23:14
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 5 GB (13%) free of 38 GB
Total RAM: 510 MB (45% free)HijackThis download failed======Scheduled tasks folder======C:\WINDOWS\tasks\AppleSoftwareUpdate.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-20 878352][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{120AE728-97D7-4491-A1B7-FA955A3BABB8}]
C:\WINDOWS\system32\bootvi.dll [2002-09-03 88576][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B44E59C-165C-4EE2-B3CD-4DFD348BE123}]
C:\WINDOWS\system32\opnmKApQ.dll [2008-07-13 33152][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CEECCFF-B60C-4849-9CA9-3F160CFB4293}]
C:\WINDOWS\system32\bootvi.dll [2002-09-03 88576][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58936b2c-af4a-478c-8b31-33989aff7546}]
C:\WINDOWS\system32\pnkyss.dll [2008-11-16 125952][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A671C3E-B5EA-4512-A6AC-2CA1D623AFDB}]
QXK Olive - C:\WINDOWS\wbxdpgfefml.dll [2008-07-12 503808][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A639B53D-09E5-436A-88B0-9BE7238E9F65}]
C:\WINDOWS\system32\bootvi.dll [2002-09-03 88576][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCA78DDB-560A-4597-9110-47A8D2D7F732}]
C:\WINDOWS\system32\bootvi.dll [2002-09-03 88576][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFC3E517-C420-4236-87E9-29228F7A481B}]
C:\WINDOWS\system32\bootvi.dll [2002-09-03 88576][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC8E7F68-1FFB-4556-93FF-23F0527602ED}]
C:\WINDOWS\system32\ljJButTk.dll [2008-07-13 322304][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4EDFBF3-8C9F-4953-80DB-6D98E742D4E6}]
C:\WINDOWS\system32\bootvi.dll [2002-09-03 88576][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-20 878352]
{874AE4BD-B9D0-410D-ABE3-CAA3F2DBD219} - sqvgnrpx - C:\WINDOWS\sqvgnrpx.dll [2008-07-12 155648][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe [2004-12-06 36975]
"C2kWep"=C:\Program Files\Netopia\C3kWepN.exe [2004-03-24 233472]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ares"=C:\Program Files\Ares\Ares.exe [2006-07-15 1212928]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-11-10 1880064]
"System Mechanic Popup Stopper"=C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe [2004-08-30 486912]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe [2006-07-15 1212928][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellSouthAlertManager.exe]
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2003-10-06 53248][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-11-10 1880064][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReJf5vH]
[][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
C:\Program Files\SurfAccuracy\SAcc.exe [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Mechanic Startup Guard]
C:\Program Files\iolo\System Mechanic 5\StartupGuard.exe [2004-08-30 730624][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\timesync]
timesync.exe [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdate]
C:\Program Files\winupdate\winupdate.exe /auto [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe /auto [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2008-11-05 4347120][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2008-04-23 29696][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe -startup [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3
"SymWSC"=2
"SNDSrvc"=2
"SBService"=2
"SAVScan"=3
"navapsvc"=3
"ccSetMgr"=2
"ccPwdSvc"=3
"ccProxy"=2
"ccEvtMgr"=2
"sdCoreService"=3
"sdAuxService"=3
"RoxWatch9"=2
"RoxMediaDB9"=3
"RoxLiveShare9"=2
"Roxio Upnp Server 9"=2
"Roxio UPnP Renderer 9"=3
"IDriverT"=3
"Bonjour Service"=2C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe
YouTube Uploader for CASIO.lnk - C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="gdxase.dll zzpnkz.dll btaqkp.dll rjdgam.dll ggylar.dll jvwiwj.dll kficsd.dll vqwhnh.dll pnkyss.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnmKApQ]
C:\WINDOWS\system32\opnmKApQ.dll [2008-07-13 33152][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1B44E59C-165C-4EE2-B3CD-4DFD348BE123}"=C:\WINDOWS\system32\opnmKApQ.dll [2008-07-13 33152][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ljJButTk[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoDispCPL"=1[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoToolbarCustomize"=1
"NoDrives"=12
"StartMenuLogoff"=1
"NoStartMenuMorePrograms"=1
"NoSetFolders"=1[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1154101651\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1154101651\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\iPerform3D\bin\iPerform3D.exe"="C:\Program Files\iPerform3D\bin\iPerform3D.exe:*:Enabled:iPerform3D"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80ec2901-778d-11dc-bd2a-00146ce9779a}]
shell\AutoRun\command - F:\setupSNK.exe
======List of files/folders created in the last 1 months======2008-11-17 13:18:51 ----D---- C:\Program Files\trend micro
2008-11-17 13:18:49 ----D---- C:\rsit
2008-11-17 12:41:34 ----D---- C:\VundoFix Backups
2008-11-17 12:41:34 ----A---- C:\VundoFix.txt
2008-11-17 12:12:25 ----D---- C:\ERDNT
2008-11-17 12:12:23 ----D---- C:\WINDOWS\ERUNT
2008-11-17 12:12:23 ----D---- C:\WINDOWS\ERDNT
2008-11-17 12:12:17 ----D---- C:\!FixIEDef
2008-11-16 22:43:57 ----A---- C:\WINDOWS\system32\pnkyss.dll
2008-11-16 22:43:56 ----A---- C:\WINDOWS\system32\xekvifci.dll
2008-11-16 22:42:13 ----SH---- C:\WINDOWS\system32\ynygggbb.ini
2008-11-16 22:42:12 ----A---- C:\WINDOWS\system32\bbgggyny.dll
2008-11-16 06:30:25 ----A---- C:\WINDOWS\system32\wsdvsp.dll
2008-11-16 06:30:19 ----A---- C:\WINDOWS\system32\syxkpfic.dll
2008-11-16 02:18:53 ----SH---- C:\WINDOWS\system32\qceomyvw.ini
2008-11-14 22:09:09 ----A---- C:\WINDOWS\system32\lilvwh.dll
2008-11-14 22:09:08 ----A---- C:\WINDOWS\system32\squuecrv.dll
2008-11-14 22:06:33 ----SH---- C:\WINDOWS\system32\bdupjrra.ini
2008-11-13 22:09:52 ----A---- C:\WINDOWS\system32\uxzqtk.dll
2008-11-13 22:09:51 ----A---- C:\WINDOWS\system32\pfunktqs.dll
2008-11-13 22:06:16 ----SH---- C:\WINDOWS\system32\cuexmhlr.ini
2008-11-12 22:09:05 ----SH---- C:\WINDOWS\system32\rifksxcx.ini
2008-11-12 22:06:05 ----A---- C:\WINDOWS\system32\xhvxbj.dll
2008-11-12 22:06:04 ----A---- C:\WINDOWS\system32\uwbtjpwm.dll
2008-11-11 22:06:58 ----SH---- C:\WINDOWS\system32\ckhyjogc.ini
2008-11-11 22:04:31 ----A---- C:\WINDOWS\system32\rnnenb.dll
2008-11-11 22:04:30 ----A---- C:\WINDOWS\system32\qwrulmrt.dll
2008-11-10 23:06:18 ----SH---- C:\WINDOWS\system32\bhbjttat.ini
2008-11-10 23:03:18 ----A---- C:\WINDOWS\system32\tyrlfh.dll
2008-11-10 23:03:17 ----A---- C:\WINDOWS\system32\lwcyooia.dll
2008-11-09 23:06:14 ----SH---- C:\WINDOWS\system32\accsrpts.ini
2008-11-09 23:03:15 ----A---- C:\WINDOWS\system32\tojqtj.dll
2008-11-09 23:03:14 ----A---- C:\WINDOWS\system32\abjmikxr.dll
2008-11-08 22:04:32 ----A---- C:\WINDOWS\system32\ctikvl.dll
2008-11-08 22:04:31 ----A---- C:\WINDOWS\system32\avklglkn.dll
2008-11-08 22:01:48 ----SH---- C:\WINDOWS\system32\pqoftuoa.ini
2008-11-05 18:40:37 ----SH---- C:\WINDOWS\system32\rmdoqxgt.ini
2008-11-05 18:37:35 ----A---- C:\WINDOWS\system32\xbndiz.dll
2008-11-05 18:37:34 ----A---- C:\WINDOWS\system32\ynnujtyl.dll
2008-11-02 03:21:31 ----SH---- C:\WINDOWS\system32\drpogvif.ini
2008-11-02 03:21:30 ----A---- C:\WINDOWS\system32\fivgoprd.dll
2008-11-01 17:56:22 ----A---- C:\WINDOWS\system32\SetACL_GPL.txt
2008-10-25 22:17:14 ----SH---- C:\WINDOWS\system32\deklggrj.ini
2008-10-25 22:15:45 ----A---- C:\WINDOWS\system32\lvcuuj.dll
2008-10-25 22:15:44 ----A---- C:\WINDOWS\system32\fdkvweyh.dll
2008-10-25 21:14:08 ----SH---- C:\WINDOWS\system32\tuphstfs.ini
2008-10-25 21:11:18 ----A---- C:\WINDOWS\system32\bommni.dll
2008-10-25 21:11:17 ----A---- C:\WINDOWS\system32\jgyoikxb.dll
2008-10-24 21:16:19 ----SH---- C:\WINDOWS\system32\fdyrevvj.ini
2008-10-24 21:16:18 ----A---- C:\WINDOWS\system32\jvverydf.dll
2008-10-24 21:13:19 ----A---- C:\WINDOWS\system32\iclrey.dll
2008-10-24 21:13:18 ----A---- C:\WINDOWS\system32\cemhylgt.dll
2008-10-23 08:58:16 ----SH---- C:\WINDOWS\system32\pcmvgvat.ini
2008-10-23 08:55:21 ----A---- C:\WINDOWS\system32\qrqcby.dll
2008-10-23 08:55:19 ----A---- C:\WINDOWS\system32\sullvxlf.dll
2008-10-22 08:58:18 ----A---- C:\WINDOWS\system32\fjclfy.dll
2008-10-22 08:58:17 ----A---- C:\WINDOWS\system32\cflriviy.dll
2008-10-22 08:55:21 ----SH---- C:\WINDOWS\system32\snishsxe.ini
2008-10-21 08:58:15 ----SH---- C:\WINDOWS\system32\tslvoytw.ini
2008-10-21 08:55:16 ----A---- C:\WINDOWS\system32\omdmyp.dll
2008-10-21 08:55:15 ----A---- C:\WINDOWS\system32\kmrrwydi.dll
2008-10-20 08:54:52 ----A---- C:\WINDOWS\system32\znvbpu.dll
2008-10-20 08:54:51 ----A---- C:\WINDOWS\system32\cqhcbthe.dll
2008-10-20 08:51:57 ----SH---- C:\WINDOWS\system32\lssqkujl.ini
2008-10-19 08:54:46 ----SH---- C:\WINDOWS\system32\jmiupnyr.ini
2008-10-19 08:51:46 ----A---- C:\WINDOWS\system32\keulcs.dll
2008-10-19 08:51:45 ----A---- C:\WINDOWS\system32\kuaysgfc.dll
2008-10-18 08:52:05 ----SH---- C:\WINDOWS\system32\mjtkflbn.ini
2008-10-18 08:50:56 ----A---- C:\WINDOWS\system32\jsfjcx.dll
2008-10-18 08:50:55 ----A---- C:\WINDOWS\system32\iexpoidq.dll======List of files/folders modified in the last 1 months======2008-11-17 13:23:15 ----ASH---- C:\WINDOWS\system32\kTtuBJjl.ini
2008-11-17 13:22:46 ----ASH---- C:\WINDOWS\system32\kTtuBJjl.ini2
2008-11-17 13:18:51 ----AD---- C:\Program Files
2008-11-17 13:17:49 ----D---- C:\WINDOWS\Prefetch
2008-11-17 13:16:57 ----D---- C:\WINDOWS\Temp
2008-11-17 12:58:20 ----SHD---- C:\WINDOWS\Installer
2008-11-17 12:58:17 ----HD---- C:\Config.Msi
2008-11-17 12:13:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-17 12:12:23 ----D---- C:\WINDOWS
2008-11-17 12:12:22 ----SHD---- C:\System Volume Information
2008-11-17 12:12:22 ----D---- C:\WINDOWS\system32\Restore
2008-11-17 12:12:18 ----SHD---- C:\WINDOWS\system32
2008-11-17 08:31:47 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-17 06:29:16 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-17 06:16:14 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-11-17 06:13:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-17 03:21:41 ----D---- C:\Program Files\Bonjour
2008-11-16 22:41:41 ----A---- C:\WINDOWS\system32\cf795318-.txt
2008-11-15 09:18:49 ----HD---- C:\WINDOWS\inf
2008-11-15 09:18:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-15 09:18:29 ----D---- C:\WINDOWS\system32\drivers
2008-11-15 09:18:05 ----D---- C:\Program Files\Common Files
2008-11-15 08:27:46 ----RHD---- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-11-15 08:26:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-15 08:26:32 ----D---- C:\WINDOWS\WinSxS
2008-11-15 08:20:29 ----A---- C:\YServer.txt
2008-10-18 08:48:24 ----SH---- C:\WINDOWS\system32\rblxfodq.ini======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2003-06-18 36826]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-02-01 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-07-28 8552]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2003-06-18 38997]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-09-05 362944]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2008-02-24 28256]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2003-06-18 138485]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2003-06-18 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2003-06-18 8058]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2003-06-18 63002]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-10-04 41288]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-10-04 62280]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-10-04 79688]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-21 47360]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-03 5888]
S3 RT2500USB;RT2500 USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-03-12 243456]
S3 SGUARD;SGUARD; \??\C:\WINDOWS\system32\drivers\SGuard.sys []
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter; C:\WINDOWS\system32\DRIVERS\SWLD23U.sys []
S3 swlubtl;WLAN USB Boot Device; C:\WINDOWS\System32\Drivers\swlubtl.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2003-06-18 294972]
R2 ScsiAccess;ScsiAccess; C:\WINDOWS\system32\ScsiAccess.EXE [2003-02-04 181312]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe []
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe []
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe []
S4 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe []
S4 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\swdsvc.exe []-----------------EOF-----------------
  • 0

#4
kahdah
Posted 17 November 2008 - 07:26 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi it may be better to zip these programs in a .zip folder as they may be picked up by your e-mail antivirus scanner.
You can save them both to your computer renaming only Combofix then making a new .zip folder and copy\paste them into the zip folder and e-mail it.
============================================
1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

files to delete: 
C:\WINDOWS\system32\xekvifci.dll 
C:\WINDOWS\system32\ynygggbb.ini 
C:\WINDOWS\system32\bbgggyny.dll 
C:\WINDOWS\system32\wsdvsp.dll 
C:\WINDOWS\system32\syxkpfic.dll 
C:\WINDOWS\system32\qceomyvw.ini 
C:\WINDOWS\system32\lilvwh.dll 
C:\WINDOWS\system32\squuecrv.dll 
C:\WINDOWS\system32\bdupjrra.ini 
C:\WINDOWS\system32\uxzqtk.dll 
C:\WINDOWS\system32\pfunktqs.dll 
C:\WINDOWS\system32\cuexmhlr.ini 
C:\WINDOWS\system32\rifksxcx.ini 
C:\WINDOWS\system32\xhvxbj.dll 
C:\WINDOWS\system32\uwbtjpwm.dll
C:\WINDOWS\system32\ckhyjogc.ini 
C:\WINDOWS\system32\rnnenb.dll 
C:\WINDOWS\system32\qwrulmrt.dll 
C:\WINDOWS\system32\bhbjttat.ini 
C:\WINDOWS\system32\tyrlfh.dll 
C:\WINDOWS\system32\lwcyooia.dll 
C:\WINDOWS\system32\accsrpts.ini 
C:\WINDOWS\system32\tojqtj.dll 
C:\WINDOWS\system32\abjmikxr.dll 
C:\WINDOWS\system32\ctikvl.dll 
C:\WINDOWS\system32\avklglkn.dll 
C:\WINDOWS\system32\pqoftuoa.ini 
C:\WINDOWS\system32\rmdoqxgt.ini 
C:\WINDOWS\system32\xbndiz.dll 
C:\WINDOWS\system32\ynnujtyl.dll 
C:\WINDOWS\system32\drpogvif.ini 
C:\WINDOWS\system32\fivgoprd.dll
C:\WINDOWS\system32\lvcuuj.dll 
C:\WINDOWS\system32\fdkvweyh.dll 
C:\WINDOWS\system32\tuphstfs.ini 
C:\WINDOWS\system32\bommni.dll 
C:\WINDOWS\system32\jgyoikxb.dll
C:\WINDOWS\system32\fdyrevvj.ini 
C:\WINDOWS\system32\jvverydf.dll 
C:\WINDOWS\system32\iclrey.dll 
C:\WINDOWS\system32\cemhylgt.dll 
C:\WINDOWS\system32\pcmvgvat.ini 
C:\WINDOWS\system32\qrqcby.dll 
C:\WINDOWS\system32\sullvxlf.dll 
C:\WINDOWS\system32\fjclfy.dll 
C:\WINDOWS\system32\cflriviy.dll 
C:\WINDOWS\system32\snishsxe.ini 
C:\WINDOWS\system32\tslvoytw.ini 
C:\WINDOWS\system32\omdmyp.dll 
C:\WINDOWS\system32\kmrrwydi.dll 
C:\WINDOWS\system32\znvbpu.dll 
C:\WINDOWS\system32\cqhcbthe.dll 
C:\WINDOWS\system32\lssqkujl.ini 
C:\WINDOWS\system32\jmiupnyr.ini 
C:\WINDOWS\system32\keulcs.dll 
C:\WINDOWS\system32\kuaysgfc.dll 
C:\WINDOWS\system32\mjtkflbn.ini 
C:\WINDOWS\system32\jsfjcx.dll 
C:\WINDOWS\system32\iexpoidq.dll
C:\WINDOWS\system32\kTtuBJjl.ini
C:\WINDOWS\system32\kTtuBJjl.ini2
C:\WINDOWS\sqvgnrpx.dll 
C:\WINDOWS\system32\bootvi.dll 
C:\WINDOWS\system32\opnmKApQ.dll 
C:\WINDOWS\system32\pnkyss.dll 
C:\WINDOWS\system32\ljJButTk.dll 

Registry values to replace with dummy:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLS

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
==============
After that Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

  • 0

#5
kenny_turner52
Posted 17 November 2008 - 10:31 PM

kenny_turner52

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////Platform: Windows XP (build 2600, Service Pack 2)
Mon Nov 17 21:38:44 200821:38:44: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.gee...go.comPlatform: Windows XP*******************Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.Hidden driver "clbdriver" found!
ImagePath: \??\globalroot\systemroot\system32\drivers\clbdriver.sys
Start Type: 1 (System)Rootkit scan completed.File "C:\WINDOWS\system32\xekvifci.dll" deleted successfully.
File "C:\WINDOWS\system32\ynygggbb.ini" deleted successfully.
File "C:\WINDOWS\system32\bbgggyny.dll" deleted successfully.
File "C:\WINDOWS\system32\wsdvsp.dll" deleted successfully.
File "C:\WINDOWS\system32\syxkpfic.dll" deleted successfully.
File "C:\WINDOWS\system32\qceomyvw.ini" deleted successfully.
File "C:\WINDOWS\system32\lilvwh.dll" deleted successfully.
File "C:\WINDOWS\system32\squuecrv.dll" deleted successfully.
File "C:\WINDOWS\system32\bdupjrra.ini" deleted successfully.
File "C:\WINDOWS\system32\uxzqtk.dll" deleted successfully.
File "C:\WINDOWS\system32\pfunktqs.dll" deleted successfully.
File "C:\WINDOWS\system32\cuexmhlr.ini" deleted successfully.
File "C:\WINDOWS\system32\rifksxcx.ini" deleted successfully.
File "C:\WINDOWS\system32\xhvxbj.dll" deleted successfully.
File "C:\WINDOWS\system32\uwbtjpwm.dll" deleted successfully.
File "C:\WINDOWS\system32\ckhyjogc.ini" deleted successfully.
File "C:\WINDOWS\system32\rnnenb.dll" deleted successfully.
File "C:\WINDOWS\system32\qwrulmrt.dll" deleted successfully.
File "C:\WINDOWS\system32\bhbjttat.ini" deleted successfully.
File "C:\WINDOWS\system32\tyrlfh.dll" deleted successfully.
File "C:\WINDOWS\system32\lwcyooia.dll" deleted successfully.
File "C:\WINDOWS\system32\accsrpts.ini" deleted successfully.
File "C:\WINDOWS\system32\tojqtj.dll" deleted successfully.
File "C:\WINDOWS\system32\abjmikxr.dll" deleted successfully.
File "C:\WINDOWS\system32\ctikvl.dll" deleted successfully.
File "C:\WINDOWS\system32\avklglkn.dll" deleted successfully.
File "C:\WINDOWS\system32\pqoftuoa.ini" deleted successfully.
File "C:\WINDOWS\system32\rmdoqxgt.ini" deleted successfully.
File "C:\WINDOWS\system32\xbndiz.dll" deleted successfully.
File "C:\WINDOWS\system32\ynnujtyl.dll" deleted successfully.
File "C:\WINDOWS\system32\drpogvif.ini" deleted successfully.
File "C:\WINDOWS\system32\fivgoprd.dll" deleted successfully.
File "C:\WINDOWS\system32\lvcuuj.dll" deleted successfully.
File "C:\WINDOWS\system32\fdkvweyh.dll" deleted successfully.
File "C:\WINDOWS\system32\tuphstfs.ini" deleted successfully.
File "C:\WINDOWS\system32\bommni.dll" deleted successfully.
File "C:\WINDOWS\system32\jgyoikxb.dll" deleted successfully.
File "C:\WINDOWS\system32\fdyrevvj.ini" deleted successfully.
File "C:\WINDOWS\system32\jvverydf.dll" deleted successfully.
File "C:\WINDOWS\system32\iclrey.dll" deleted successfully.
File "C:\WINDOWS\system32\cemhylgt.dll" deleted successfully.
File "C:\WINDOWS\system32\pcmvgvat.ini" deleted successfully.
File "C:\WINDOWS\system32\qrqcby.dll" deleted successfully.
File "C:\WINDOWS\system32\sullvxlf.dll" deleted successfully.
File "C:\WINDOWS\system32\fjclfy.dll" deleted successfully.
File "C:\WINDOWS\system32\cflriviy.dll" deleted successfully.
File "C:\WINDOWS\system32\snishsxe.ini" deleted successfully.
File "C:\WINDOWS\system32\tslvoytw.ini" deleted successfully.
File "C:\WINDOWS\system32\omdmyp.dll" deleted successfully.
File "C:\WINDOWS\system32\kmrrwydi.dll" deleted successfully.
File "C:\WINDOWS\system32\znvbpu.dll" deleted successfully.
File "C:\WINDOWS\system32\cqhcbthe.dll" deleted successfully.
File "C:\WINDOWS\system32\lssqkujl.ini" deleted successfully.
File "C:\WINDOWS\system32\jmiupnyr.ini" deleted successfully.
File "C:\WINDOWS\system32\keulcs.dll" deleted successfully.
File "C:\WINDOWS\system32\kuaysgfc.dll" deleted successfully.
File "C:\WINDOWS\system32\mjtkflbn.ini" deleted successfully.
File "C:\WINDOWS\system32\jsfjcx.dll" deleted successfully.
File "C:\WINDOWS\system32\iexpoidq.dll" deleted successfully.
File "C:\WINDOWS\system32\kTtuBJjl.ini" deleted successfully.
File "C:\WINDOWS\system32\kTtuBJjl.ini2" deleted successfully.
File "C:\WINDOWS\sqvgnrpx.dll" deleted successfully.
File "C:\WINDOWS\system32\bootvi.dll" deleted successfully.
File "C:\WINDOWS\system32\opnmKApQ.dll" deleted successfully.
File "C:\WINDOWS\system32\pnkyss.dll" deleted successfully.
File "C:\WINDOWS\system32\ljJButTk.dll" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLS" replaced with dummy successfully.Completed script processing.*******************Finished! Terminate.





ComboFix 08-11-16.05 - Kenneth 2008-11-17 21:57:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.272 [GMT -6:00]
Running from: E:\doit.exe
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:\docume~1\Kenneth\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Kenneth\Application Data\ErrorProtector Free
c:\documents and settings\Kenneth\Application Data\ErrorProtector Free\Logs\update.log
c:\documents and settings\Kenneth\Application Data\inst.exe
c:\program files\outlook
c:\program files\outlook\p.zip
c:\program files\winupdates
c:\program files\winupdates\a.tmp
c:\program files\winupdates\a.zip
c:\windows\cookies.ini
c:\windows\eone.exe
c:\windows\fdxbameg.dll
c:\windows\fsrpknov.dll
c:\windows\gpefaowr.exe
c:\windows\system32\amjacqkm.ini
c:\windows\system32\arofohke.dll
c:\windows\system32\avpsaxsq.ini
c:\windows\system32\aynuuock.ini
c:\windows\system32\bedfhx.dll
c:\windows\system32\bqlvdxgj.ini
c:\windows\system32\bucbxq.dll
c:\windows\system32\clbdll.dll
c:\windows\system32\clbdll.old
c:\windows\system32\clbinit.dll
c:\windows\system32\clgedkvh.ini
c:\windows\system32\clmjle.dll
c:\windows\system32\cqqnwlou.ini
c:\windows\system32\dcnfcnau.ini
c:\windows\system32\deklggrj.ini
c:\windows\system32\drivers\clbdriver.sys
c:\windows\system32\ewhtddcy.ini
c:\windows\system32\eyjgqknf.ini
c:\windows\system32\fiohgipj.ini
c:\windows\system32\habwptxs.ini
c:\windows\system32\hlltnlpv.ini
c:\windows\system32\hmorjsny.dll
c:\windows\system32\ hxibwnts.ini
c:\windows\system32\iyqccw.dll
c:\windows\system32\jejmnrjb.ini
c:\windows\system32\jmyyhcps.ini
c:\windows\system32\jwndimav.dll
c:\windows\system32\jyxcbpdi.ini
c:\windows\system32\kjoyff.dll
c:\windows\system32\ljluekrs.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mpehusdn.ini
c:\windows\system32\npenomls.ini
c:\windows\system32\oflvjd.dll
c:\windows\system32\ojmmtdht.dll
c:\windows\system32\okjbdsvq.ini
c:\windows\system32\oxvbmtbs.dll
c:\windows\system32\qgdnjdve.ini
c:\windows\system32\qoloduia.ini
c:\windows\system32\rblxfodq.ini
c:\windows\system32\rittlcxi.ini
c:\windows\system32\rkmnjiim.ini
c:\windows\system32\ryozss.dll
c:\windows\system32\tkevofmi.ini
c:\windows\system32\tplaslpi.ini
c:\windows\system32\urakgcqf.dll
c:\windows\system32\uvacuced.ini
c:\windows\system32\vbpewxxa.dll
c:\windows\system32\vduwgihp.ini
c:\windows\system32\wlncivp o.ini
c:\windows\system32\wpcewjrw.ini
c:\windows\system32\wweialmk.ini
c:\windows\system32\xdkxkelr.ini
c:\windows\system32\xjjqaeoc.ini
c:\windows\system32\xveuynpw.ini
c:\windows\system32\ycweevbt.ini
c:\windows\system32\ycwzgw.dll
c:\windows\system32\ynyxgwma.ini
c:\windows\wbxdpgfefml.dll.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.-------\Legacy_CLBDRIVER
((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 )))))))))))))))))))))))))))))))
.2008-11-17 19:00 . 2008-11-17 19:00 <DIR> d-------- c:\program files\Motorola
2008-11-17 19:00 . 2008-11-17 19:00 <DIR> d-------- c:\program files\Common Files\Motorola Shared
2008-11-17 17:02 . 2005-10-20 19:47 30,592 --a--c--- c:\windows\system32\dllcache\SET1A.tmp
2008-11-17 17:02 . 2005-10-20 19:47 30,592 --a--c--- c:\windows\system32\dllcache\SET19.tmp
2008-11-17 17:02 . 2005-10-20 19:47 12,800 --a--c--- c:\windows\system32\dllcache\SET18.tmp
2008-11-17 17:02 . 2005-10-20 19:47 12,800 --a--c--- c:\windows\system32\dllcache\SET17.tmp
2008-11-17 16:58 . 2008-11-17 16:58 <DIR> d-------- c:\program files\Windows Mobile Device Handbook
2008-11-17 13:18 . 2008-11-17 13:19 <DIR> d-------- C:\rsit
2008-11-17 13:18 . 2008-11-17 13:18 <DIR> d-------- c:\program files\trend micro
2008-11-17 12:41 . 2008-11-17 12:41 <DIR> d-------- C:\VundoFix Backups
2008-11-17 12:12 . 2008-11-17 12:12 <DIR> d-------- c:\windows\ERUNT
2008-11-17 12:12 . 2008-11-17 12:12 <DIR> d-------- C:\ERDNT
2008-11-17 12:12 . 2008-11-17 12:13 <DIR> d-------- C:\!FixIEDef
2008-11-01 17:56 . 2008-05-07 19:03 453,632 --a------ c:\windows\system32\SetACL.ocx.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 23:02 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-17 09:21 --------- d-----w c:\program files\Bonjour
2008-11-15 14:27 --------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2008-10-15 06:24 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-10-15 05:26 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-10-15 05:24 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2008-10-08 04:24 136,832 ----a-w c:\windows\system32\vrwall.dll
2008-10-08 04:24 136,832 ----a-w c:\windows\system32\fhexjaum.dll
2008-10-07 04:27 137,344 ----a-w c:\windows\system32\zqrwlq.dll
2008-10-07 04:27 137,344 ----a-w c:\windows\system32\wiuhcagx.dll
2008-10-04 14:24 256 ----a-w c:\documents and settings\Kenneth\pool.bin
2008-09-01 04:55 125,056 ----a-w c:\windows\system32\wcspxuao.dll
2008-09-01 04:55 125,056 ----a-w c:\windows\system32\cgdfgr.dll
2008-08-31 04:58 121,472 ----a-w c:\windows\system32\otjryutw.dll
2008-08-31 04:58 121,472 ----a-w c:\windows\system32\nwatjj.dll
2008-08-30 03:56 125,568 ----a-w c:\windows\system32\wpopzd.dll
2008-08-30 03:56 125,568 ----a-w c:\windows\system32\qionuvyf.dll
2008-08-29 01:13 135,936 ----a-w c:\windows\system32\vqwhnh.dll
2008-08-29 01:13 135,936 ----a-w c:\windows\system32\abehafqh.dll
2008-08-22 22:03 135,936 ----a-w c:\windows\system32\zzpnkz.dll
2008-08-22 22:03 135,936 ----a-w c:\windows\system32\whkvtbys.dll
2008-08-21 22:00 135,936 ----a-w c:\windows\system32\ifdveprg.dll
2008-08-21 22:00 135,936 ----a-w c:\windows\system32\gdxase.dll
2008-05-08 02:15 47,360 ----a-w c:\documents and settings\Kenneth\Application Data\pcouffin.sys
2008-05-08 01:20 19,288 -c--a-w c:\documents and settings\Kenneth\Application Data\GDIPFONTCACHEV1.DAT
2005-03-12 21:48 243,456 -c----w c:\windows\inf\rt2500usb.sys
2002-06-04 11:06 65,536 -c----w c:\windows\inf\copyinf.exe
2002-02-16 05:20 375,097 ----a-w c:\documents and settings\Kenneth\VR107.EXE
2002-02-13 01:01 380,284 ----a-w c:\documents and settings\Kenneth\VR.EXE
2001-03-11 22:44 139,383 -c--a-w c:\program files\help.dcr
2001-03-11 21:54 156 -c--a-w c:\program files\File_id.diz
2001-01-05 19:53 1,588 -c--a-w c:\program files\license.txt
2001-01-05 19:38 18,322 -c--a-w c:\program files\gpl.txt
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2006-07-15 1212928]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-10 1880064]
"System Mechanic Popup Stopper"="c:\program files\iolo\System Mechanic 5\PopupStopper.exe" [2004-08-30 486912]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 36975]
"C2kWep"="c:\program files\Netopia\C3kWepN.exe" [2004-03-24 233472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 614531]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 16432]
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2007-02-01 884840]
YouTube Uploader for CASIO.lnk - c:\program files\CASIO\YouTube Uploader for CASIO\YStart.exe [2007-06-11 79488][HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Kenneth\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReJf5vH[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2006-07-15 04:34 1212928 c:\program files\Ares\Ares.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a--c--- 2003-10-06 10:05 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--a--c--- 2004-11-10 17:02 1880064 c:\program files\Ahead\Nero BackItUp\NBJ.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-16 07:56 236016 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Mechanic Startup Guard]
--a------ 2004-08-30 14:24 730624 c:\program files\iolo\System Mechanic 5\StartupGuard.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-11-05 21:59 4347120 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"SymWSC"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WG11TND5.sys [2007-02-01 362944]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\windows\system32\DNINDIS5.SYS [2007-02-01 17149]
S3 SGUARD;SGUARD;\??\c:\windows\system32\drivers\SGuard.sys [2007-10-27 28236]
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter;c:\windows\system32\DRIVERS\SWLD23U.sys []
S3 swlubtl;WLAN USB Boot Device;c:\windows\system32\Drivers\swlubtl.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80ec2901-778d-11dc-bd2a-00146ce9779a}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
.
- - - - ORPHANS REMOVED - - - -URLSearchHooks-_{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
BHO-{1116bcf2-f8ff-44b4-aeb8-16e8af0e80b2} - c:\windows\system32\clmjle.dll
BHO-{120AE728-97D7-4491-A1B7-FA955A3BABB8} - c:\windows\system32\bootvi.dll
BHO-{4CEECCFF-B60C-4849-9CA9-3F160CFB4293} - c:\windows\system32\bootvi.dll
BHO-{A639B53D-09E5-436A-88B0-9BE7238E9F65} - c:\windows\system32\bootvi.dll
BHO-{B952B250-B372-4143-9519-9BCFBD0E9DF6} - c:\windows\system32\ljJButTk.dll
BHO-{BCA78DDB-560A-4597-9110-47A8D2D7F732} - c:\windows\system32\bootvi.dll
BHO-{BFC3E517-C420-4236-87E9-29228F7A481B} - c:\windows\system32\bootvi.dll
BHO-{E4EDFBF3-8C9F-4953-80DB-6D98E742D4E6} - c:\windows\system32\bootvi.dll
HKLM-Run-c45a9766 - c:\windows\system32\imfovekt.dll
Notify-opnmKApQ - opnmKApQ.dll
MSConfigStartUp-BellSouthAlertManager - c:\program files\BellSouth\Alert Manager\BellSouthAlertManager.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-SurfAccuracy - c:\program files\SurfAccuracy\SAcc.exe
MSConfigStartUp-winupdate - c:\program files\winupdate\winupdate.exe
MSConfigStartUp-winupdates - c:\program files\winupdates\winupdates.exe
MSConfigStartUp-timesync - timesync.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Kenneth\Application Data\Mozilla\Firefox\Profiles\srsozlij.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.**************************************************************************catch
me 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 22:08:51
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ...
c:\windows\system32\wuaueng.dll.wusetup.334240.bak 1712984 bytes executablescan completed successfully
hidden files: 1**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\ScsiAccess.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-17 22:16:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-18 04:15:54Pre-Run: 4,667,879,424 bytes free
Post-Run: 4,891,508,736 bytes free303 --- E O F --- 2008-07-09 08:01:31
  • 0

#6
kahdah
Posted 18 November 2008 - 06:45 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\vrwall.dll
c:\windows\system32\fhexjaum.dll 
c:\windows\system32\zqrwlq.dll 
c:\windows\system32\wiuhcagx.dll
c:\windows\system32\wcspxuao.dll 
c:\windows\system32\cgdfgr.dll 
c:\windows\system32\otjryutw.dll 
c:\windows\system32\nwatjj.dll 
c:\windows\system32\wpopzd.dll 
c:\windows\system32\qionuvyf.dll 
c:\windows\system32\vqwhnh.dll 
c:\windows\system32\abehafqh.dll 
c:\windows\system32\zzpnkz.dll 
c:\windows\system32\whkvtbys.dll 
c:\windows\system32\ifdveprg.dll 
c:\windows\system32\gdxase.dll
c:\windows\system32\dllcache\SET1A.tmp 
c:\windows\system32\dllcache\SET19.tmp 
c:\windows\system32\dllcache\SET18.tmp 
c:\windows\system32\dllcache\SET17.tmp


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
kenny_turner52
Posted 19 November 2008 - 10:55 PM

kenny_turner52

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
HI sorry it took a while. Im able to get on the website from the infected computer now so that makes things a little easier.


ComboFix 08-11-16.05 - Kenneth 2008-11-19 22:37:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.274 [GMT -6:00]
Running from: E:\doit.exe
Command switches used :: c:\documents and settings\Kenneth\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\abehafqh.dll
c:\windows\system32\cgdfgr.dll
c:\windows\system32\dllcache\SET17.tmp
c:\windows\system32\dllcache\SET18.tmp
c:\windows\system32\dllcache\SET19.tmp
c:\windows\system32\dllcache\SET1A.tmp
c:\windows\system32\fhexjaum.dll
c:\windows\system32\gdxase.dll
c:\windows\system32\ifdveprg.dll
c:\windows\system32\nwatjj.dll
c:\windows\system32\otjryutw.dll
c:\windows\system32\qionuvyf.dll
c:\windows\system32\vqwhnh.dll
c:\windows\system32\vrwall.dll
c:\windows\system32\wcspxuao.dll
c:\windows\system32\whkvtbys.dll
c:\windows\system32\wiuhcagx.dll
c:\windows\system32\wpopzd.dll
c:\windows\system32\zqrwlq.dll
c:\windows\system32\zzpnkz.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\abehafqh.dll
c:\windows\system32\cgdfgr.dll
c:\windows\system32\dllcache\SET17.tmp
c:\windows\system32\dllcache\SET18.tmp
c:\windows\system32\dllcache\SET19.tmp
c:\windows\system32\dllcache\SET1A.tmp
c:\windows\system32\fhexjaum.dll
c:\windows\system32\gdxase.dll
c:\windows\system32\ifdveprg.dll
c:\windows\system32\nwatjj.dll
c:\windows\system32\otjryutw.dll
c:\windows\system32\qionuvyf.dll
c:\windows\system32\vqwhnh.dll
c:\windows\system32\vrwall.dll
c:\windows\system32\wcspxuao.dll
c:\windows\system32\whkvtbys.dll
c:\windows\system32\wiuhcagx.dll
c:\windows\system32\wpopzd.dll
c:\windows\system32\zqrwlq.dll
c:\windows\system32\zzpnkz.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
.

2008-11-18 03:04 . 2008-11-18 03:04 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-17 22:19 . 2008-11-17 22:46 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-17 19:00 . 2008-11-17 19:00 <DIR> d-------- c:\program files\Motorola
2008-11-17 19:00 . 2008-11-17 19:00 <DIR> d-------- c:\program files\Common Files\Motorola Shared
2008-11-17 16:58 . 2008-11-17 16:58 <DIR> d-------- c:\program files\Windows Mobile Device Handbook
2008-11-17 13:18 . 2008-11-17 13:19 <DIR> d-------- C:\rsit
2008-11-17 13:18 . 2008-11-17 13:18 <DIR> d-------- c:\program files\trend micro
2008-11-17 12:41 . 2008-11-17 12:41 <DIR> d-------- C:\VundoFix Backups
2008-11-17 12:12 . 2008-11-17 12:12 <DIR> d-------- c:\windows\ERUNT
2008-11-17 12:12 . 2008-11-17 12:12 <DIR> d-------- C:\ERDNT
2008-11-17 12:12 . 2008-11-17 12:13 <DIR> d-------- C:\!FixIEDef
2008-11-01 17:56 . 2008-05-07 19:03 453,632 --a------ c:\windows\system32\SetACL.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 23:02 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-17 09:21 --------- d-----w c:\program files\Bonjour
2008-11-15 14:27 --------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 06:24 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-10-15 05:26 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-10-15 05:24 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2008-10-04 14:24 256 ----a-w c:\documents and settings\Kenneth\pool.bin
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-30 02:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-20 05:38 659,456 ----a-w c:\windows\system32\wininet.dll
2008-05-08 02:15 47,360 ----a-w c:\documents and settings\Kenneth\Application Data\pcouffin.sys
2008-05-08 01:20 19,288 -c--a-w c:\documents and settings\Kenneth\Application Data\GDIPFONTCACHEV1.DAT
2005-03-12 21:48 243,456 -c----w c:\windows\inf\rt2500usb.sys
2002-06-04 11:06 65,536 -c----w c:\windows\inf\copyinf.exe
2002-02-16 05:20 375,097 ----a-w c:\documents and settings\Kenneth\VR107.EXE
2002-02-13 01:01 380,284 ----a-w c:\documents and settings\Kenneth\VR.EXE
2001-03-11 22:44 139,383 -c--a-w c:\program files\help.dcr
2001-03-11 21:54 156 -c--a-w c:\program files\File_id.diz
2001-01-05 19:53 1,588 -c--a-w c:\program files\license.txt
2001-01-05 19:38 18,322 -c--a-w c:\program files\gpl.txt
.

((((((((((((((((((((((((((((( snapshot@2008-11-17_22.14.37.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 20:06:43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-08-20 05:33:19 1,024,000 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\browseui.dll
+ 2008-08-20 05:33:17 151,040 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\cdfview.dll
+ 2008-08-20 05:33:18 1,054,208 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\danim.dll
+ 2008-08-20 05:33:18 357,888 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\dxtmsft.dll
+ 2008-08-20 05:33:18 205,312 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\dxtrans.dll
+ 2008-08-20 05:33:18 55,808 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\extmgr.dll
+ 2008-08-19 09:38:57 18,432 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\iedw.exe
+ 2008-08-20 05:33:18 251,904 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\iepeers.dll
+ 2008-08-20 05:33:18 96,256 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\inseng.dll
+ 2008-08-20 05:33:19 16,384 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\jsproxy.dll
+ 2008-08-20 05:33:20 3,067,392 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll
+ 2008-08-20 05:33:19 449,024 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\mshtmled.dll
+ 2008-08-20 05:33:18 146,432 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\msrating.dll
+ 2008-08-20 05:33:18 532,480 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\mstime.dll
+ 2008-08-20 05:33:18 39,424 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\pngfilt.dll
+ 2008-08-20 05:33:19 1,499,136 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\shdocvw.dll
+ 2008-08-20 05:33:19 474,112 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\shlwapi.dll
+ 2008-08-20 05:33:19 619,008 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\urlmon.dll
+ 2008-08-20 05:33:19 667,648 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
+ 2008-08-19 09:20:32 351,744 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\xpsp3res.dll
+ 2008-08-20 05:30:53 3,067,904 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
+ 2008-08-20 05:30:51 1,499,136 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\shdocvw.dll
+ 2008-08-20 05:30:52 619,520 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\urlmon.dll
+ 2008-08-20 05:30:51 666,112 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
+ 2008-08-20 04:58:54 3,067,904 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
+ 2008-08-20 04:58:47 1,499,136 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\shdocvw.dll
+ 2008-08-20 04:58:50 620,032 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\urlmon.dll
+ 2008-08-20 04:58:48 666,624 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956390\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956390\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956390\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB956390\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB956390\update\updspapi.dll
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2007-02-28 09:08:48 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-11-18 09:00:40 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-04-21 07:03:56 1,023,488 ----a-w c:\windows\system32\browseui.dll
+ 2008-08-20 05:38:45 1,023,488 ----a-w c:\windows\system32\browseui.dll
- 2008-04-21 07:03:56 151,040 ----a-w c:\windows\system32\cdfview.dll
+ 2008-08-20 05:38:39 151,040 ----a-w c:\windows\system32\cdfview.dll
- 2008-04-21 07:03:57 1,054,208 ----a-w c:\windows\system32\danim.dll
+ 2008-08-20 05:38:40 1,054,208 ----a-w c:\windows\system32\danim.dll
- 2008-06-20 10:44:38 138,368 -c----w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c----w c:\windows\system32\dllcache\afd.sys
- 2008-04-21 07:03:56 1,023,488 -c----w c:\windows\system32\dllcache\browseui.dll
+ 2008-08-20 05:38:45 1,023,488 -c----w c:\windows\system32\dllcache\browseui.dll
- 2008-04-21 07:03:56 151,040 -c----w c:\windows\system32\dllcache\cdfview.dll
+ 2008-08-20 05:38:39 151,040 -c----w c:\windows\system32\dllcache\cdfview.dll
- 2007-07-31 00:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 20:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-04-21 07:03:57 1,054,208 -c----w c:\windows\system32\dllcache\danim.dll
+ 2008-08-20 05:38:40 1,054,208 -c----w c:\windows\system32\dllcache\danim.dll
- 2008-04-21 07:03:57 357,888 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-20 05:38:40 357,888 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-04-21 07:03:57 205,312 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-20 05:38:40 205,312 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 -c----w c:\windows\system32\dllcache\es.dll
- 2008-04-21 07:03:57 55,808 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-20 05:38:40 55,808 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2008-04-17 10:52:54 18,432 -c----w c:\windows\system32\dllcache\iedw.exe
+ 2008-08-19 09:30:39 18,432 -c----w c:\windows\system32\dllcache\iedw.exe
- 2008-04-21 07:03:58 251,392 -c----w c:\windows\system32\dllcache\iepeers.dll
+ 2008-08-20 05:38:41 251,392 -c----w c:\windows\system32\dllcache\iepeers.dll
- 2007-08-21 06:15:44 683,520 -c----w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c----w c:\windows\system32\dllcache\inetcomm.dll
- 2008-04-21 07:03:58 96,256 -c----w c:\windows\system32\dllcache\inseng.dll
+ 2008-08-20 05:38:41 96,256 -c----w c:\windows\system32\dllcache\inseng.dll
- 2008-04-21 07:03:58 16,384 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-20 05:38:44 16,384 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
- 2004-08-04 07:56:42 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-06-24 16:23:05 74,240 -c----w c:\windows\system32\dllcache\mscms.dll
- 2008-04-21 07:03:59 3,059,712 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-20 05:38:47 3,060,224 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-04-21 07:03:59 449,024 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-20 05:38:43 449,024 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-21 07:03:59 146,432 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-20 05:38:41 146,432 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-04-21 07:03:59 532,480 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-20 05:38:41 532,480 -c----w c:\windows\system32\dllcache\mstime.dll
- 2007-06-26 06:08:16 1,104,896 -c----w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll
- 2006-08-17 12:28:27 332,288 -c----w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 -c----w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-04-21 07:03:59 39,424 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-20 05:38:41 39,424 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-21 07:04:00 1,494,528 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:38:42 1,494,528 -c----w c:\windows\system32\dllcache\shdocvw.dll
- 2008-04-21 07:04:00 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-08-20 05:38:44 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll
- 2006-08-14 10:34:41 332,928 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c----w c:\windows\system32\dllcache\srv.sys
- 2008-04-21 07:04:00 615,936 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-20 05:38:45 615,936 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-03-19 09:47:00 1,845,248 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 -c----w c:\windows\system32\dllcache\win32k.sys
- 2008-04-21 07:04:00 659,456 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-20 05:38:43 659,456 -c----w c:\windows\system32\dllcache\wininet.dll
- 2007-07-31 00:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 20:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-31 00:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 20:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-31 00:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 20:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-31 00:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 20:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-31 00:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 20:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2007-07-31 00:19:28 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 20:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-04-21 07:03:57 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-20 05:38:40 357,888 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-04-21 07:03:57 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-20 05:38:40 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll
- 2008-04-21 07:03:57 55,808 ------w c:\windows\system32\extmgr.dll
+ 2008-08-20 05:38:40 55,808 ------w c:\windows\system32\extmgr.dll
- 2008-11-03 16:03:24 116,560 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-18 09:12:18 116,560 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-04-21 07:03:58 251,392 ----a-w c:\windows\system32\iepeers.dll
+ 2008-08-20 05:38:41 251,392 ----a-w c:\windows\system32\iepeers.dll
- 2007-08-21 06:15:44 683,520 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll
- 2008-04-21 07:03:58 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2008-08-20 05:38:41 96,256 ----a-w c:\windows\system32\inseng.dll
- 2008-04-21 07:03:58 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-08-20 05:38:44 16,384 ----a-w c:\windows\system32\jsproxy.dll
- 2005-06-29 01:46:00 74,240 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll
- 2008-04-21 07:03:59 3,059,712 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-20 05:38:47 3,060,224 ----a-w c:\windows\system32\mshtml.dll
- 2008-04-21 07:03:59 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-20 05:38:43 449,024 ----a-w c:\windows\system32\mshtmled.dll
- 2008-04-21 07:03:59 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-08-20 05:38:41 146,432 ----a-w c:\windows\system32\msrating.dll
- 2008-04-21 07:03:59 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-08-20 05:38:41 532,480 ----a-w c:\windows\system32\mstime.dll
- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2007-02-28 08:38:55 2,057,600 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 09:10:57 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
- 2008-04-21 07:03:59 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-20 05:38:41 39,424 ----a-w c:\windows\system32\pngfilt.dll
- 2008-04-21 07:04:00 1,494,528 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-08-20 05:38:42 1,494,528 ----a-w c:\windows\system32\shdocvw.dll
- 2008-04-21 07:04:00 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-08-20 05:38:44 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-10-16 20:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 20:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-13 11:31:11 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-04-21 07:04:00 615,936 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-20 05:38:45 615,936 ----a-w c:\windows\system32\urlmon.dll
- 2008-04-17 10:37:04 351,744 ----a-w c:\windows\system32\xpsp3res.dll
+ 2008-08-19 09:20:32 351,744 ----a-w c:\windows\system32\xpsp3res.dll
+ 2008-09-30 22:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 22:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2006-07-15 1212928]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-10 1880064]
"System Mechanic Popup Stopper"="c:\program files\iolo\System Mechanic 5\PopupStopper.exe" [2004-08-30 486912]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 36975]
"C2kWep"="c:\program files\Netopia\C3kWepN.exe" [2004-03-24 233472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 614531]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 16432]
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2007-02-01 884840]
YouTube Uploader for CASIO.lnk - c:\program files\CASIO\YouTube Uploader for CASIO\YStart.exe [2007-06-11 79488]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Kenneth\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2006-07-15 04:34 1212928 c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a--c--- 2003-10-06 10:05 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--a--c--- 2004-11-10 17:02 1880064 c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-16 07:56 236016 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Mechanic Startup Guard]
--a------ 2004-08-30 14:24 730624 c:\program files\iolo\System Mechanic 5\StartupGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-11-05 21:59 4347120 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"SymWSC"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WG11TND5.sys [2007-02-01 362944]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\windows\system32\DNINDIS5.SYS [2007-02-01 17149]
S3 SGUARD;SGUARD;\??\c:\windows\system32\drivers\SGuard.sys [2007-10-27 28236]
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter;c:\windows\system32\DRIVERS\SWLD23U.sys []
S3 swlubtl;WLAN USB Boot Device;c:\windows\system32\Drivers\swlubtl.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80ec2901-778d-11dc-bd2a-00146ce9779a}]
\Shell\AutoRun\command - F:\setupSNK.exe

*Newly Created Service* - WMIAPSRV
.
Contents of the 'Scheduled Tasks' folder

2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 22:40:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-19 22:42:32
ComboFix-quarantined-files.txt 2008-11-20 04:42:15
ComboFix2.txt 2008-11-18 04:16:05

Pre-Run: 4,102,418,432 bytes free
Post-Run: 4,081,688,576 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

441 --- E O F --- 2008-11-18 09:06:10









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52, on 11/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [C2kWep] C:\Program Files\Netopia\C3kWepN.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: YouTube Uploader for CASIO.lnk = C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk572CIUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

--
End of file - 7833 bytes
  • 0

#8
kahdah
Posted 20 November 2008 - 06:26 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=========================
Please post these logs in your next reply:
  • Malware Bytes log
  • New Rsit log
  • 0

#9
kenny_turner52
Posted 20 November 2008 - 12:13 PM

kenny_turner52

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 2

11/20/2008 12:04:42 PM
mbam-log-2008-11-20 (12-04-42).txt

Scan type: Full Scan (C:\|)
Objects scanned: 101717
Time elapsed: 45 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 116

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bnpr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55277-OEM-0011903-00102) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\eone.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\abehafqh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\arofohke.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bedfhx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bucbxq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cgdfgr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\clmjle.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fhexjaum.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gdxase.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hmorjsny.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ifdveprg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iyqccw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jwndimav.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kjoyff.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ljluekrs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nwatjj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\oflvjd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ojmmtdht.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\otjryutw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\oxvbmtbs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qionuvyf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ryozss.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\urakgcqf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vbpewxxa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vqwhnh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vrwall.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wcspxuao.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\whkvtbys.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wiuhcagx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wpopzd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ycwzgw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zqrwlq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zzpnkz.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000409.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000410.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000433.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000435.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000437.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000440.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000441.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000442.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000443.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000445.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000446.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000450.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000452.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000453.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000454.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000455.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000456.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000458.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000459.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000460.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000461.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000463.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000464.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000465.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000468.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000469.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000472.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000473.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000475.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000476.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000479.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000480.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000483.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000487.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000488.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000489.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000493.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000494.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000495.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000496.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000497.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000498.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000499.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000485.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP11\A0000501.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000516.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000521.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000526.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000528.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000537.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000539.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000544.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000545.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000548.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000549.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000551.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000557.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000562.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000571.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000524.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000542.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP12\A0000560.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000987.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000974.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000975.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000976.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000977.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000978.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000979.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000980.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000981.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000982.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000983.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000984.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000985.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000986.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000988.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A513FC14-F152-4F4B-A1C5-DF3E820C60DA}\RP14\A0000989.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqQjJAr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqPiJBs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXRIbBq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kenneth\results.txt (Malware.Trace) -> Quarantined and deleted successfully.







Logfile of random's system information tool 1.04 (written by random/random)
Run by Kenneth at 2008-11-20 12:12:19
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 4 GB (10%) free of 38 GB
Total RAM: 510 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12, on 11/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Netopia\C3kWepN.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kenneth.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [C2kWep] C:\Program Files\Netopia\C3kWepN.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: YouTube Uploader for CASIO.lnk = C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

--
End of file - 7840 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe [2004-12-06 36975]
"C2kWep"=C:\Program Files\Netopia\C3kWepN.exe [2004-03-24 233472]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ares"=C:\Program Files\Ares\Ares.exe [2006-07-15 1212928]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-11-10 1880064]
"System Mechanic Popup Stopper"=C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe [2004-08-30 486912]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe [2006-07-15 1212928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2003-10-06 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-11-10 1880064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Mechanic Startup Guard]
C:\Program Files\iolo\System Mechanic 5\StartupGuard.exe [2004-08-30 730624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3
"SymWSC"=2
"SNDSrvc"=2
"SBService"=2
"SAVScan"=3
"navapsvc"=3
"ccSetMgr"=2
"ccPwdSvc"=3
"ccProxy"=2
"ccEvtMgr"=2
"sdCoreService"=3
"sdAuxService"=3
"RoxWatch9"=2
"RoxMediaDB9"=3
"RoxLiveShare9"=2
"Roxio Upnp Server 9"=2
"Roxio UPnP Renderer 9"=3
"IDriverT"=3
"Bonjour Service"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe
YouTube Uploader for CASIO.lnk - C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80ec2901-778d-11dc-bd2a-00146ce9779a}]
shell\AutoRun\command - F:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-11-20 10:50:29 ----D---- C:\Documents and Settings\Kenneth\Application Data\Malwarebytes
2008-11-20 10:50:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-20 10:50:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-19 22:42:39 ----D---- C:\WINDOWS\temp
2008-11-19 22:42:36 ----A---- C:\ComboFix.txt
2008-11-19 22:36:37 ----A---- C:\Boot.bak
2008-11-19 22:36:31 ----RASHD---- C:\cmdcons
2008-11-18 03:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-18 03:05:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-18 03:05:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-18 03:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-18 03:05:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-18 03:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-18 03:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-18 03:04:03 ----D---- C:\Program Files\MSXML 6.0
2008-11-18 03:03:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-18 03:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-18 03:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-18 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-18 03:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-18 03:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-18 03:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-18 03:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-17 22:19:46 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-17 21:56:12 ----A---- C:\WINDOWS\zip.exe
2008-11-17 21:56:12 ----A---- C:\WINDOWS\VFIND.exe
2008-11-17 21:56:12 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-17 21:56:12 ----A---- C:\WINDOWS\SWSC.exe
2008-11-17 21:56:12 ----A---- C:\WINDOWS\SWREG.exe
2008-11-17 21:56:12 ----A---- C:\WINDOWS\sed.exe
2008-11-17 21:56:12 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-17 21:56:12 ----A---- C:\WINDOWS\grep.exe
2008-11-17 21:56:12 ----A---- C:\WINDOWS\fdsv.exe
2008-11-17 21:55:59 ----D---- C:\Qoobox
2008-11-17 19:00:24 ----D---- C:\Program Files\Common Files\Motorola Shared
2008-11-17 19:00:18 ----D---- C:\Program Files\Motorola
2008-11-17 17:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB909394$
2008-11-17 17:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB894476$
2008-11-17 16:58:58 ----D---- C:\Program Files\Windows Mobile Device Handbook
2008-11-17 13:18:51 ----D---- C:\Program Files\trend micro
2008-11-17 13:18:49 ----D---- C:\rsit
2008-11-17 12:41:34 ----D---- C:\VundoFix Backups
2008-11-17 12:41:34 ----A---- C:\VundoFix.txt
2008-11-17 12:12:25 ----D---- C:\ERDNT
2008-11-17 12:12:23 ----D---- C:\WINDOWS\ERUNT
2008-11-17 12:12:23 ----D---- C:\WINDOWS\ERDNT
2008-11-17 12:12:17 ----D---- C:\!FixIEDef
2008-11-01 17:56:22 ----A---- C:\WINDOWS\system32\SetACL_GPL.txt

======List of files/folders modified in the last 1 months======

2008-11-20 12:12:23 ----D---- C:\WINDOWS\Prefetch
2008-11-20 12:06:20 ----SHD---- C:\WINDOWS\system32
2008-11-20 12:06:20 ----D---- C:\WINDOWS\system32\drivers
2008-11-20 12:05:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-20 10:50:21 ----AD---- C:\Program Files
2008-11-19 22:42:39 ----D---- C:\WINDOWS
2008-11-19 22:40:23 ----A---- C:\WINDOWS\system.ini
2008-11-19 22:39:19 ----D---- C:\Program Files\Common Files
2008-11-19 22:39:18 ----D---- C:\WINDOWS\AppPatch
2008-11-19 22:37:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-19 22:36:38 ----RASH---- C:\boot.ini
2008-11-18 03:12:31 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-18 03:06:10 ----HD---- C:\WINDOWS\inf
2008-11-18 03:05:56 ----A---- C:\WINDOWS\imsins.BAK
2008-11-18 03:05:45 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-18 03:04:11 ----SHD---- C:\WINDOWS\Installer
2008-11-18 03:04:11 ----HD---- C:\Config.Msi
2008-11-18 03:02:52 ----D---- C:\WINDOWS\WinSxS
2008-11-18 03:01:55 ----D---- C:\Program Files\Internet Explorer
2008-11-17 22:47:54 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-17 22:19:46 ----D---- C:\WINDOWS\Debug
2008-11-17 22:12:25 ----D---- C:\WINDOWS\Help
2008-11-17 22:06:05 ----D---- C:\WINDOWS\system32\config
2008-11-17 19:17:08 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-17 19:03:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-17 18:50:11 ----A---- C:\WINDOWS\system32\cf795318-.txt
2008-11-17 18:41:41 ----SD---- C:\Documents and Settings\Kenneth\Application Data\Microsoft
2008-11-17 17:02:47 ----D---- C:\Program Files\Microsoft ActiveSync
2008-11-17 16:59:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-17 12:13:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-17 12:12:22 ----SHD---- C:\System Volume Information
2008-11-17 12:12:22 ----D---- C:\WINDOWS\system32\Restore
2008-11-17 08:31:47 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-17 06:16:14 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-11-17 03:21:41 ----D---- C:\Program Files\Bonjour
2008-11-15 08:27:46 ----RHD---- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-11-15 08:20:29 ----A---- C:\YServer.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2003-06-18 36826]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-02-01 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-07-28 8552]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2003-06-18 38997]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-09-05 362944]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2008-02-24 28256]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2003-06-18 138485]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 catchme;catchme; \??\C:\doit\catchme.sys []
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2003-06-18 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2003-06-18 8058]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2003-06-18 63002]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-10-04 41288]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-10-04 62280]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-10-04 79688]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-21 47360]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-03 5888]
S3 RT2500USB;RT2500 USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-03-12 243456]
S3 SGUARD;SGUARD; \??\C:\WINDOWS\system32\drivers\SGuard.sys []
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter; C:\WINDOWS\system32\DRIVERS\SWLD23U.sys []
S3 swlubtl;WLAN USB Boot Device; C:\WINDOWS\System32\Drivers\swlubtl.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2003-06-18 294972]
R2 ScsiAccess;ScsiAccess; C:\WINDOWS\system32\ScsiAccess.EXE [2003-02-04 181312]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe []
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe []
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe []
S4 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe []
S4 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\swdsvc.exe []

-----------------EOF-----------------
  • 0

#10
kahdah
Posted 21 November 2008 - 07:05 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looks good how are things running now ?
  • 0

#11
kenny_turner52
Posted 23 November 2008 - 06:20 PM

kenny_turner52

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Everything is in tact as far as i can tell. Thats amazing. Thank you so very much. I get paid tuesday and i promise to donate. your the man. oh one thing my time is a little wacked. it happened when the virus started.
  • 0

#12
kahdah
Posted 24 November 2008 - 06:38 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
For the time do the following:
Go to Start >Control Panel >Date ,Time and regional settings.
Click on Regional and language options.
Next to the section that says your regional language (mine is English) click on customise.
Click on the Time tab at the top.
The next to time format make sure that it looks like this >h:mm:ss tt if it doesn't then change it to that.
Then click apply then ok.
==========================
I will need you to do is to Download ONE of these anti-virus programs and install it.
These are free.
AVG free 8.0
Note this is free antispyware protection and Antivirus protection.

or

Antivir
this is just antivirus protection.

If you have an anti virus present then do not do the above only install one if you are not currently running an antivirus program.
=====================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

======================
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP