Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Troj/Virtum-Gen [RESOLVED]

Started by sharonmerz , Nov 12 2007 08:59 PM

  • This topic is locked This topic is locked

#1
sharonmerz
Posted 12 November 2007 - 08:59 PM

sharonmerz

    Member

  • Member
  • PipPip
  • 21 posts
Hi... I have the logs from the recomended thread. My friend's computer has been very slow so I ran several scans and the viruses can't be cleaned. Also, i can not boot up in Safe Mode. Anything else you need please let me know! Thanks in advance for your help.

SUPERAntiSpyware Scan Log
Generated 11/12/2007 at 07:42 PM

Application Version : 3.6.1000

Core Rules Database Version : 3342
Trace Rules Database Version: 1343

Scan type : Complete Scan
Total Scan Time : 01:16:47

Memory items scanned : 698
Memory threats detected : 0
Registry items scanned : 5991
Registry threats detected : 37
File items scanned : 58774
File threats detected : 286

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{482C3C0E-D4AE-4184-881B-9535E76AC556}
HKCR\CLSID\{482C3C0E-D4AE-4184-881B-9535E76AC556}
HKCR\CLSID\{482C3C0E-D4AE-4184-881B-9535E76AC556}\InprocServer32
HKCR\CLSID\{482C3C0E-D4AE-4184-881B-9535E76AC556}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DDCCB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{482C3C0E-D4AE-4184-881B-9535E76AC556}

MyWay Search Assistant Computers
HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\DESRCAS.DLL
HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKU\S-1-5-21-1460079812-3071989328-3970672322-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{89AD4D75-2429-462e-BD4E-443F233F6033}
HKCR\CLSID\{89AD4D75-2429-462E-BD4E-443F233F6033}
HKCR\CLSID\{89AD4D75-2429-462E-BD4E-443F233F6033}\InprocServer32
HKCR\CLSID\{89AD4D75-2429-462E-BD4E-443F233F6033}\InprocServer32#ThreadingModel
[SASINPROCSERVER32]
HKLM\Software\Classes\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}
HKCR\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}
HKCR\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}\InprocServer32
HKCR\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BYXUURR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{C84D8A0A-E708-42B6-90CA-9C30956A87C6}
HKCR\CLSID\{89AD4D75-2429-462E-BD4E-443F233F6033}
HKCR\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}
HKCR\CLSID\{CF46BFB3-2ACC-441B-B82B-36B9562C7FF1}
HKCR\CLSID\{CF46BFB3-2ACC-441B-B82B-36B9562C7FF1}\InprocServer32
HKCR\CLSID\{CF46BFB3-2ACC-441B-B82B-36B9562C7FF1}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\HEKXNUDD.DLL
HKCR\CLSID\{CF46BFB3-2ACC-441B-B82B-36B9562C7FF1}

Adware.Tracking Cookie
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@gcc[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@cgi-bin[7].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@1066658953[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@revsci[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@fastclick[5].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@smileycentral[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@partner2profit[3].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@cpvfeed[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@MobileRingDownloads[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@dcsi583rp10000oevcqz9y4us_6l6d[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][3].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantivirus[3].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@optimost[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@doubleclick[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@cgi-bin[3].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@roiservice[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@adbrite[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@ad[3].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@cgi-bin[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@cgi-bin[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@hitbox[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@teenink[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@hornymatches[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@keywordmax[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@clickaider[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@jamster[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@lynxtrack[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@78771998[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@sexbuddies[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@html[4].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@indiads[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@clicksor[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@cgi-bin[6].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@entrepreneur[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@onlinerewardcenter[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@teenhollywood[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@cgi-bin[4].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@N2335[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@trafficvenuedirect[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@drivecleaner[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@media6degrees[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@indexstats[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@adredired[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@qnsr[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@avsystemcare[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@clicksector[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@partner2profit[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[10].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[11].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[12].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[13].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[14].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[15].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[16].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[17].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[18].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[19].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[20].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[21].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[22].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[23].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[24].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[25].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[26].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[27].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[28].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[29].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[2].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[30].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[31].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[32].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[33].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[34].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[35].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[36].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[37].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[38].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[39].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[3].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[40].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[41].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[42].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[43].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[44].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[45].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[46].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[47].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[48].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[49].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[4].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[50].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[51].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[52].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[53].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[54].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[55].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[56].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[57].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[58].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[59].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[5].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[60].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[61].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[62].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[63].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[64].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[65].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[66].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[67].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[68].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[69].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[6].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[70].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[71].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[72].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[73].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[74].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[75].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[76].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[77].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[78].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[79].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[7].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[80].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[81].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[82].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[83].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[84].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[85].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[86].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[87].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[88].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[89].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[8].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[90].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[91].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[92].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[93].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[94].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[95].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[96].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[97].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[98].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[99].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantispyware[9].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantivirus[1].txt
C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@winantivirus[2].txt

Trojan.WinAntiSpyware 2007
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007
C:\Documents and Settings\Gina Rivelli\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\Gina Rivelli\Application Data\WinAntiSpyware 2007\Logs
C:\Documents and Settings\Gina Rivelli\Application Data\WinAntiSpyware 2007
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211\A0111923.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211\A0111944.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215\A0113491.EXE

Trojan.Downloader-Stera/WinSoftware
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP211\A0111924.EXE

Trojan.Downloader-Gen/TStamp
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215\A0113490.EXE

Trojan.Downloader-Gen/DDC
C:\WINDOWS\SYSTEM32\AHYOPOHB.EXE
C:\WINDOWS\SYSTEM32\AJUUGSYR.EXE
C:\WINDOWS\SYSTEM32\BAIANUWK.EXE
C:\WINDOWS\SYSTEM32\BCIWDDCY.EXE
C:\WINDOWS\SYSTEM32\BIQMRUPU.EXE
C:\WINDOWS\SYSTEM32\CJMFGJYB.EXE
C:\WINDOWS\SYSTEM32\CJSGWGAS.EXE
C:\WINDOWS\SYSTEM32\CLXSIFLC.EXE
C:\WINDOWS\SYSTEM32\CNWPCACE.EXE
C:\WINDOWS\SYSTEM32\DORYFWEL.EXE
C:\WINDOWS\SYSTEM32\DTVAHPQL.EXE
C:\WINDOWS\SYSTEM32\EDVLTPRV.EXE
C:\WINDOWS\SYSTEM32\ELARLKHW.EXE
C:\WINDOWS\SYSTEM32\EXIJDSFX.EXE
C:\WINDOWS\SYSTEM32\FEYOVEQO.EXE
C:\WINDOWS\SYSTEM32\FRWXNQVC.EXE
C:\WINDOWS\SYSTEM32\FUXEABMP.EXE
C:\WINDOWS\SYSTEM32\FXYKQCGK.EXE
C:\WINDOWS\SYSTEM32\GHAJTSVY.EXE
C:\WINDOWS\SYSTEM32\GKCFVHXQ.EXE
C:\WINDOWS\SYSTEM32\GQOEWQXY.EXE
C:\WINDOWS\SYSTEM32\HUEECTGU.EXE
C:\WINDOWS\SYSTEM32\ICTMCCKO.EXE
C:\WINDOWS\SYSTEM32\IIMPBBUK.EXE
C:\WINDOWS\SYSTEM32\JGFAOLPE.EXE
C:\WINDOWS\SYSTEM32\JWOXBKLE.EXE
C:\WINDOWS\SYSTEM32\JXXGBHJU.EXE
C:\WINDOWS\SYSTEM32\KKAFSJJQ.EXE
C:\WINDOWS\SYSTEM32\KKOLBLJW.EXE
C:\WINDOWS\SYSTEM32\KLDVFNLJ.EXE
C:\WINDOWS\SYSTEM32\MCUDJVLR.EXE
C:\WINDOWS\SYSTEM32\MDPBHYYB.EXE
C:\WINDOWS\SYSTEM32\MMEQTPAH.EXE
C:\WINDOWS\SYSTEM32\MRQBFOGT.EXE
C:\WINDOWS\SYSTEM32\NEFCDUPT.EXE
C:\WINDOWS\SYSTEM32\NMPIGMHX.EXE
C:\WINDOWS\SYSTEM32\NNPTUTJE.EXE
C:\WINDOWS\SYSTEM32\NQQJIJXH.EXE
C:\WINDOWS\SYSTEM32\NVYUXUFD.EXE
C:\WINDOWS\SYSTEM32\OLMMTSIH.EXE
C:\WINDOWS\SYSTEM32\ONUACXWU.EXE
C:\WINDOWS\SYSTEM32\POYUNFXG.EXE
C:\WINDOWS\SYSTEM32\PWUCXFQP.EXE
C:\WINDOWS\SYSTEM32\QFXDXORW.EXE
C:\WINDOWS\SYSTEM32\QIHSRMJL.EXE
C:\WINDOWS\SYSTEM32\RFRMLUBM.EXE
C:\WINDOWS\SYSTEM32\RKRUDWJK.EXE
C:\WINDOWS\SYSTEM32\RVRLIORK.EXE
C:\WINDOWS\SYSTEM32\RWAQMBXM.EXE
C:\WINDOWS\SYSTEM32\SJUMDDMX.EXE
C:\WINDOWS\SYSTEM32\SNKCQXRB.EXE
C:\WINDOWS\SYSTEM32\SNWYLVOT.EXE
C:\WINDOWS\SYSTEM32\SUPAXOVR.EXE
C:\WINDOWS\SYSTEM32\UEBAKCVH.EXE
C:\WINDOWS\SYSTEM32\UFHEDSVA.EXE
C:\WINDOWS\SYSTEM32\UJSPPEPN.EXE
C:\WINDOWS\SYSTEM32\UJSTXMUH.EXE
C:\WINDOWS\SYSTEM32\VQHJYKOE.EXE
C:\WINDOWS\SYSTEM32\WDPUUIOA.EXE
C:\WINDOWS\SYSTEM32\WUDQQHHE.EXE
C:\WINDOWS\SYSTEM32\XNTGEFXM.EXE
C:\WINDOWS\SYSTEM32\YADIQCPQ.EXE
C:\WINDOWS\SYSTEM32\YJGVIBKQ.EXE
C:\WINDOWS\SYSTEM32\YPJBCKRY.EXE

Active scan Log

Incident Status Location

Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Gina Rivelli\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@com[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@errorsafe[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@systemdoctor[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina rivelli@target[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina [email protected][2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina__rivelli@2o7[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina__rivelli@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina__rivelli@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina__rivelli@atwola[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina__rivelli@mediaplex[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Gina Rivelli\Cookies\gina__rivelli@questionmarket[1].txt
Virus:Trj/Downloader.PNC Disinfected C:\Program Files\svhost\wr-1-0000077.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\augcljay.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bvdikdet.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ctqvffya.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hcrxmjsb.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\kbyoicsl.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\kgamnjbj.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\kkfvfrof.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\lpjvlusl.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mjvwspdl.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mnuhbmyl.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\nqjvelml.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\opgbisuw.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\qxdlucci.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\syvdobbj.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tingqflb.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tucqqhql.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\txlptcvu.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vcnhbwpf.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wkfifxir.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ybtfpjcj.dll
Virus:Generic Malware Disinfected C:\WINDOWS\system32\yjigeojl.dll

HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:53 PM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1165004502\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\common files\aol\1165004502\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Common Files\AOL\1165004502\EE\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1165004502\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe&quo

Edited by sharonmerz, 14 November 2007 - 06:03 PM.

  • 0

Advertisements

#2
don77
Posted 16 November 2007 - 11:51 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello and welcome sharonmerz

Part of your hjt log got cut off

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
sharonmerz
Posted 16 November 2007 - 04:44 PM

sharonmerz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
HI Thanks for responding. I downloaded DSS and I tried to run it after I shut everything down. Both times I tired to run it, it told me there was an error and had to close. This happened as it was getting to the point where it was cleaning Temp files.
  • 0

#4
don77
Posted 16 November 2007 - 06:54 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Lets go a different route
Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
sharonmerz
Posted 16 November 2007 - 08:44 PM

sharonmerz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Sorry, It takes a while to run this stuff. :)

ComboFix 07-11-08.1 - Gina Rivelli 2007-11-16 20:48:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.100 [GMT -5:00]
Running from: C:\Documents and Settings\Gina Rivelli\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\Gina Rivelli\Desktop\internet.lnk
C:\Documents and Settings\Gina Rivelli\err.log
C:\Program Files\svhost
C:\Temp\fse
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\atsyteby.dll
C:\WINDOWS\system32\augcljay.dll
C:\WINDOWS\system32\ayffvqtc.ini
C:\WINDOWS\system32\blfqgnit.ini
C:\WINDOWS\system32\bsjmxrch.ini
C:\WINDOWS\system32\bvdikdet.dll
C:\WINDOWS\system32\chlcpxjv.dll
C:\WINDOWS\system32\ctqvffya.dll
C:\WINDOWS\system32\dcxhmhlr.ini
C:\WINDOWS\system32\esauxsfs.dll
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\ffwagjxm.ini
C:\WINDOWS\system32\forfvfkk.ini
C:\WINDOWS\system32\fpwbhncv.ini
C:\WINDOWS\system32\hcrxmjsb.dll
C:\WINDOWS\system32\ialcupww.ini
C:\WINDOWS\system32\icculdxq.ini
C:\WINDOWS\system32\jbbodvys.ini
C:\WINDOWS\system32\jbjnmagk.ini
C:\WINDOWS\system32\jcjpftby.ini
C:\WINDOWS\system32\jraxgtql.ini
C:\WINDOWS\system32\kbyoicsl.dll
C:\WINDOWS\system32\kgamnjbj.dll
C:\WINDOWS\system32\kkfvfrof.dll
C:\WINDOWS\system32\lbuvgcsr.ini
C:\WINDOWS\system32\ldpswvjm.ini
C:\WINDOWS\system32\liucfxio.ini
C:\WINDOWS\system32\lmlevjqn.ini
C:\WINDOWS\system32\lpjvlusl.dll
C:\WINDOWS\system32\lqhqqcut.ini
C:\WINDOWS\system32\lqtgxarj.dll
C:\WINDOWS\system32\lscioybk.ini
C:\WINDOWS\system32\lsulvjpl.ini
C:\WINDOWS\system32\lymbhunm.ini
C:\WINDOWS\system32\mjvwspdl.dll
C:\WINDOWS\system32\mnuhbmyl.dll
C:\WINDOWS\system32\msnpxaly.ini
C:\WINDOWS\system32\mxjgawff.dll
C:\WINDOWS\system32\nqjvelml.dll
C:\WINDOWS\system32\nsgtowns.dll
C:\WINDOWS\system32\oixfcuil.dll
C:\WINDOWS\system32\opgbisuw.dll
C:\WINDOWS\system32\prkwxtyb.dll
C:\WINDOWS\system32\qxdlucci.dll
C:\WINDOWS\system32\rixfifkw.ini
C:\WINDOWS\system32\rlhmhxcd.dll
C:\WINDOWS\system32\rscgvubl.dll
C:\WINDOWS\system32\sfsxuase.ini
C:\WINDOWS\system32\snwotgsn.ini2
C:\WINDOWS\system32\snwotgsn.tmp
C:\WINDOWS\system32\syvdobbj.dll
C:\WINDOWS\system32\tedkidvb.ini
C:\WINDOWS\system32\tedkidvb.ini2
C:\WINDOWS\system32\tedkidvb.tmp
C:\WINDOWS\system32\tingqflb.dll
C:\WINDOWS\system32\tucqqhql.dll
C:\WINDOWS\system32\txlptcvu.dll
C:\WINDOWS\system32\uvctplxt.ini
C:\WINDOWS\system32\vcnhbwpf.dll
C:\WINDOWS\system32\vjxpclhc.ini
C:\WINDOWS\system32\wkfifxir.dll
C:\WINDOWS\system32\wusibgpo.ini
C:\WINDOWS\system32\wwpuclai.dll
C:\WINDOWS\system32\yajlcgua.ini
C:\WINDOWS\system32\ybetysta.ini
C:\WINDOWS\system32\ybtfpjcj.dll
C:\WINDOWS\system32\ylaxpnsm.dll
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN
-------\ApiMon


((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-16 20:40 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 17:37 <DIR> d-------- C:\Deckard
2007-11-13 21:29 <DIR> d-------- C:\Documents and Settings\Gina Rivelli\Application Data\PlayFirst
2007-11-13 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-13 21:28 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-13 21:27 <DIR> d-------- C:\Program Files\Oberon Media
2007-11-12 23:06 <DIR> d-------- C:\Documents and Settings\Gina Rivelli\Application Data\Viewpoint
2007-11-12 23:02 <DIR> d-------- C:\Program Files\AIM6
2007-11-12 21:47 <DIR> d-------- C:\Program Files\ieSpell
2007-11-12 21:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-12 20:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-12 18:25 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-12 18:25 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-12 18:25 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-12 18:25 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-12 18:25 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-12 18:25 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-12 18:25 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-12 18:25 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-12 18:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-12 18:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-12 18:20 <DIR> d-------- C:\Documents and Settings\Gina Rivelli\Application Data\SUPERAntiSpyware.com
2007-11-12 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-11 23:51 <DIR> d-------- C:\Documents and Settings\Gina Rivelli\Application Data\Grisoft
2007-11-11 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-11 23:51 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-11 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2007-11-11 21:46 88,128 --a------ C:\WINDOWS\system32\tdfskegp.dll
2007-11-11 21:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-11 21:35 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-11-11 21:35 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-11-11 21:35 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-11-11 21:35 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-11-11 21:34 <DIR> d-------- C:\Program Files\Webroot
2007-11-11 21:34 <DIR> d-------- C:\Documents and Settings\Gina Rivelli\Application Data\Webroot
2007-11-11 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-11 21:34 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-11-11 21:26 88,128 --a------ C:\WINDOWS\system32\ydyewxfm.dll
2007-11-11 21:24 <DIR> d--h----- C:\Documents and Settings\Gina Rivelli\Application Data\GTek
2007-11-11 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-11 21:14 164 --a------ C:\install.dat
2007-11-11 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-11 21:04 88,128 --a------ C:\WINDOWS\system32\rbbwupdp.dll
2007-11-11 20:52 1,600,540 ---hs---- C:\WINDOWS\system32\bccdd.ini2
2007-11-11 20:15 88,128 --a------ C:\WINDOWS\system32\lrqexbnp.dll
2007-11-11 20:09 88,128 --a------ C:\WINDOWS\system32\tunrhaoj.dll
2007-11-11 20:07 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-11 20:07 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-11 20:04 88,128 --a------ C:\WINDOWS\system32\xhyjhkie.dll
2007-11-11 17:41 88,128 --a------ C:\WINDOWS\system32\huhughxk.dll
2007-11-09 21:24 88,128 --a------ C:\WINDOWS\system32\avypwrxu.dll
2007-11-08 18:58 86,080 --a------ C:\WINDOWS\system32\jpqthfgk.dll
2007-11-05 15:28 85,568 --a------ C:\WINDOWS\system32\qynftvdv.dll
2007-11-03 19:36 87,616 --a------ C:\WINDOWS\system32\ielhajds.dll
2007-10-28 22:05 <DIR> d-------- C:\Program Files\iTunes
2007-10-28 21:52 <DIR> d-------- C:\Program Files\Apple Software Update
2007-10-24 13:01 53,800 --a------ C:\WINDOWS\system32\wnimuhjx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 02:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-13 04:04 --------- d-----w C:\Program Files\Viewpoint
2007-11-13 02:03 --------- d-----w C:\Program Files\QuickTime
2007-11-13 02:01 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-13 01:50 --------- d-----w C:\Program Files\DellSupport
2007-11-13 01:49 --------- d-----w C:\Program Files\Common Files\Scanner
2007-11-13 01:42 --------- d-----w C:\Program Files\America Online 9.0b
2007-11-13 01:42 --------- d-----w C:\Program Files\America Online 9.0
2007-11-13 01:17 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-12 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-11 05:31 --------- d-----w C:\Program Files\PokerStars
2007-11-04 22:21 --------- d-----w C:\Program Files\PokerStars.NET
2007-11-04 20:39 --------- d-----w C:\Program Files\Common Files\Intuit
2007-11-04 20:34 --------- d-----w C:\Program Files\Canon
2007-10-29 03:06 --------- d-----w C:\Program Files\iPod
2007-10-11 01:37 --------- d-----w C:\Documents and Settings\Gina Rivelli\Application Data\acccore
2007-10-11 01:33 --------- d-----w C:\Program Files\AIM
2007-10-11 01:31 --------- d-----w C:\Documents and Settings\Gina Rivelli\Application Data\AIM
2007-09-18 01:09 --------- d-----w C:\Documents and Settings\Gina Rivelli\Application Data\AdobeUM
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 08:50]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 08:50]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-09-14 20:10]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-15 15:33]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18]
"HostManager"="C:\Program Files\Common Files\AOL\1165004502\ee\AOLSoftware.exe" [2007-04-12 16:23]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"AOL Fast Start"="C:\Program Files\America Online 9.0b\AOL.exe" [2005-07-25 16:30]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]
"Aim6"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-08-14 14:53:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuurr]
byxuurr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccb]
C:\WINDOWS\system32\ddccb.dll

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-10 04:16:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-17 01:38:52 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Gina Rivelli.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2007-11-17 02:35:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 21:39:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-16 21:40:46 - machine was rebooted
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:10 PM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1165004502\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
c:\program files\common files\aol\1165004502\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1165004502\EE\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1165004502\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byxuurr - byxuurr.dll (file missing)
O20 - Winlogon Notify: ddccb - C:\WINDOWS\system32\ddccb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12748 bytes

Edited by sharonmerz, 16 November 2007 - 08:46 PM.

  • 0

#6
don77
Posted 16 November 2007 - 09:15 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
One more tool

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

  • 0

#7
sharonmerz
Posted 16 November 2007 - 09:39 PM

sharonmerz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
VundoFix V6.6.1

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 10:18:27 PM 11/16/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:15 PM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1165004502\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\common files\aol\1165004502\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1165004502\EE\aolsoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1165004502\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byxuurr - byxuurr.dll (file missing)
O20 - Winlogon Notify: ddccb - C:\WINDOWS\system32\ddccb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12654 bytes
  • 0

#8
don77
Posted 16 November 2007 - 09:48 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
did your friend download the various poker games on the system ?

sometimes they com bundled with malware
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,

  • 0

#9
sharonmerz
Posted 16 November 2007 - 10:01 PM

sharonmerz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Her father installed the poker games. He also has it on her brother's computer. I am picking up that one tomorrow when I bring this one back. He is having the same issues. :)

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
AIM 6
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
AOLIcon
Apple Mobile Device Support
Apple Software Update
AVG Anti-Spyware 7.5
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dell Picture Studio v3.0
DellSupport
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2005-09-23
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
MyWay Search Assistant
NetZeroInstallers
Norton Security Center
Panda ActiveScan
Photo Click
PokerStars
PokerStars.net
Preclick PhotoBack Plug-in
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spy Sweeper
SUPERAntiSpyware Free Edition
The Sims 2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WG111v2 Configuration Utility
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WordPerfect Office 12
  • 0

#10
don77
Posted 16 November 2007 - 10:05 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK we will leave the poker games alone then



1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\ydyewxfm.dll
C:\WINDOWS\system32\rbbwupdp.dll
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\lrqexbnp.dll
C:\WINDOWS\system32\tunrhaoj.dll
C:\WINDOWS\system32\xhyjhkie.dll
C:\WINDOWS\system32\huhughxk.dll
C:\WINDOWS\system32\avypwrxu.dll
C:\WINDOWS\system32\jpqthfgk.dll
C:\WINDOWS\system32\qynftvdv.dll
C:\WINDOWS\system32\ielhajds.dll
C:\WINDOWS\system32\ddccb.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuurr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccb]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

Advertisements

#11
sharonmerz
Posted 16 November 2007 - 10:24 PM

sharonmerz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ComboFix 07-11-08.1 - Gina Rivelli 2007-11-16 23:09:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.207 [GMT -5:00]
Running from: C:\Documents and Settings\Gina Rivelli\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gina Rivelli\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\avypwrxu.dll
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\huhughxk.dll
C:\WINDOWS\system32\ielhajds.dll
C:\WINDOWS\system32\jpqthfgk.dll
C:\WINDOWS\system32\lrqexbnp.dll
C:\WINDOWS\system32\qynftvdv.dll
C:\WINDOWS\system32\rbbwupdp.dll
C:\WINDOWS\system32\tunrhaoj.dll
C:\WINDOWS\system32\xhyjhkie.dll
C:\WINDOWS\system32\ydyewxfm.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\avypwrxu.dll
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\huhughxk.dll
C:\WINDOWS\system32\ielhajds.dll
C:\WINDOWS\system32\jpqthfgk.dll
C:\WINDOWS\system32\lrqexbnp.dll
C:\WINDOWS\system32\qynftvdv.dll
C:\WINDOWS\system32\rbbwupdp.dll
C:\WINDOWS\system32\tunrhaoj.dll
C:\WINDOWS\system32\xhyjhkie.dll
C:\WINDOWS\system32\ydyewxfm.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-16 22:18 <DIR> d-------- C:\VundoFix Backups
2007-11-16 20:40 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 17:37 <DIR> d-------- C:\Deckard
2007-11-13 21:29 <DIR> d-------- C:\Documents and Settings\Gina Rivelli\Application Data\PlayFirst
2007-11-13 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-13 21:28 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-13 21:27 <DIR> d-------- C:\Program Files\Oberon Media
2007-11-12 23:06 <DIR> d-------- C:\Documents and Settings\Gina Rivelli\Application Data\Viewpoint
2007-11-12 23:02 <DIR> d-------- C:\Program Files\AIM6
2007-11-12 21:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-12 20:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-12 18:25 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-12 18:25 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-12 18:25 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-12 18:25 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-12 18:25 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-12 18:25 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-12 18:25 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-12 18:25 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-12 18:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-12 18:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-12 18:20 <DIR> d-------- C:\Documents and Settings\Gina Rivelli\Application Data\SUPERAntiSpyware.com
2007-11-12 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-11 23:51 <DIR> d-------- C:\Documents and Settings\Gina Rivelli\Application Data\Grisoft
2007-11-11 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-11 23:51 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-11 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2007-11-11 21:46 88,128 --a------ C:\WINDOWS\system32\tdfskegp.dll
2007-11-11 21:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-11 21:35 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-11-11 21:35 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-11-11 21:35 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-11-11 21:35 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-11-11 21:34 <DIR> d-------- C:\Program Files\Webroot
2007-11-11 21:34 <DIR> d-------- C:\Documents and Settings\Gina Rivelli\Application Data\Webroot
2007-11-11 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-11 21:34 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-11-11 21:24 <DIR> d--h----- C:\Documents and Settings\Gina Rivelli\Application Data\GTek
2007-11-11 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-11 21:14 164 --a------ C:\install.dat
2007-11-11 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-11 20:07 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-11 20:07 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2007-10-28 22:05 <DIR> d-------- C:\Program Files\iTunes
2007-10-28 21:52 <DIR> d-------- C:\Program Files\Apple Software Update
2007-10-24 13:01 53,800 --a------ C:\WINDOWS\system32\wnimuhjx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 04:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-17 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-17 03:58 --------- d-----w C:\Program Files\Symantec
2007-11-13 04:04 --------- d-----w C:\Program Files\Viewpoint
2007-11-13 02:03 --------- d-----w C:\Program Files\QuickTime
2007-11-13 01:50 --------- d-----w C:\Program Files\DellSupport
2007-11-13 01:49 --------- d-----w C:\Program Files\Common Files\Scanner
2007-11-13 01:42 --------- d-----w C:\Program Files\America Online 9.0b
2007-11-13 01:42 --------- d-----w C:\Program Files\America Online 9.0
2007-11-13 01:17 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-12 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-12 02:41 450,476 --sh--w C:\WINDOWS\system32\bccdd.bak2
2007-11-11 05:31 --------- d-----w C:\Program Files\PokerStars
2007-11-04 22:21 --------- d-----w C:\Program Files\PokerStars.NET
2007-11-04 20:39 --------- d-----w C:\Program Files\Common Files\Intuit
2007-11-04 20:34 --------- d-----w C:\Program Files\Canon
2007-10-29 03:06 --------- d-----w C:\Program Files\iPod
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-11 01:37 --------- d-----w C:\Documents and Settings\Gina Rivelli\Application Data\acccore
2007-10-11 01:33 --------- d-----w C:\Program Files\AIM
2007-10-11 01:31 --------- d-----w C:\Documents and Settings\Gina Rivelli\Application Data\AIM
2007-09-18 01:09 --------- d-----w C:\Documents and Settings\Gina Rivelli\Application Data\AdobeUM
2007-08-22 12:55 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 20:34 3,584,512 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 08:50]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 08:50]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-09-14 20:10]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18]
"HostManager"="C:\Program Files\Common Files\AOL\1165004502\ee\AOLSoftware.exe" [2007-04-12 16:23]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"AOL Fast Start"="C:\Program Files\America Online 9.0b\AOL.exe" [2005-07-25 16:30]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]
"Aim6"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-08-14 14:53:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys

*Newly Created Service* - ATWPKT2
.
Contents of the 'Scheduled Tasks' folder
"2007-11-17 04:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-17 04:20:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 23:15:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-16 23:22:23 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-16 21:40
.
--- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:03 PM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1165004502\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\common files\aol\1165004502\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Common Files\AOL\1165004502\EE\aolsoftware.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1165004502\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9339 bytes
  • 0

#12
don77
Posted 16 November 2007 - 10:36 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Almost there

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\wnimuhjx.dll
    C:\Program Files\MyWaySA

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

Next

Reboot into SAFE MODE

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll


close out HJT

Reboot to normal mode and post back a fresh log and let me know how things are running
  • 0

#13
sharonmerz
Posted 16 November 2007 - 10:50 PM

sharonmerz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
The computer will not let me choose safe mode when I reboot. When I get into the menue, I can't even highlight an option with the arrow keys, but I know the arrow keys do work. The only option I have is to let the countdown continue until it opens in Normal Mode.

Edited by sharonmerz, 16 November 2007 - 10:57 PM.

  • 0

#14
don77
Posted 17 November 2007 - 07:36 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Lets have a look at something
:
  • Click Start>Run
  • Copy the lines in the box below, and paste it in the run box that opens:

    regedit /e c:\safeboot.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot"

  • Click “Ok”
  • Double click the My Computer icon, then your C drive
  • In there, you will see a file called safeboot.txt. Double click to open it.
  • Copy and paste the text into a reply to your thread.

  • 0

#15
sharonmerz
Posted 17 November 2007 - 07:44 AM

sharonmerz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AVG Anti-Spyware Driver]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP