The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> System Administration
> Antivirus Protection
|
Tons of problems
Discuss Tons of problems in the Antivirus Protection forum on Dev Shed.
Tons of problems Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.
|
|
 |
|
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
October 11th, 2008, 04:01 PM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 34
Time spent in forums: 2 h 31 m 23 sec
Reputation Power: 5
|
|
|
Tons of problems
My parents' computer is riddled with all kinds of nasty stuff. The most visible problems are that editing the registry, using the task manager, and using Run are disabled (viewing the contents of the C drive was disabled, but Malwarebytes' Anti-Malware seems to take care of that... though it has come back), and there's a phishing program masquerading as "AT&T Pop-Up Catcher" that can't be closed.
I've tried editing the registry via an inf file to take care of the first few problems that I mentioned, but it doesn't help.
Any log files that aren't included were things that I couldn't access or run on that computer without errors.
Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 2
10/11/2008 3:21:57 PM
mbam-log-2008-10-11 (15-21-57).txt
Scan type: Quick Scan
Objects scanned: 64405
Time elapsed: 15 minute(s), 34 second(s)
Memory Processes Infected: 7
Memory Modules Infected: 3
Registry Keys Infected: 220
Registry Values Infected: 12
Registry Data Items Infected: 4
Folders Infected: 20
Files Infected: 150
Memory Processes Infected:
C:\WINDOWS\VVNFUg\command.exe (Adware.CommAd) -> Failed to unload process.
C:\Program Files\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Unloaded process successfully.
C:\WINDOWS\faceback.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\update32.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\sysrest32.exe (Rootkit.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.MyDoom) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\VVNFUg\asappsrv.dll (Adware.CommAd) -> Delete on reboot.
C:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (Adware.CommAd) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdservice (Adware.CommAd) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (Adware.CommAd) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f80db5a5-a885-7370-4983-841f62a80af2} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b0edf154-910a-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{061c6e30-e622-11d2-9493-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07ddc146-fc3d-11d2-9d8c-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0dc13d4a-0313-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{11ebc158-e712-4d1f-8bb3-01ed5274c4ce} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{159dbb45-cd1b-4dab-83ea-5cb1f4f21d07} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{160621aa-bbbc-4326-a824-c395aebc6e74} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a5576fc-0e19-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c15d47c-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c15d47d-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c15d47e-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c15d47f-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c15d480-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c15d485-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c15d486-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{286d7f89-760c-4f89-80c4-66841d2507aa} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2ca9fc63-c131-4e5a-955a-544a47c67146} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e6a14e2-571c-11d3-b652-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{334125c1-77e5-11d3-b653-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37647bf7-3dde-4cc8-a4dc-0d534d3d0037} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b03538-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b03539-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b0353a-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b0353b-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b0353d-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b0353e-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b0353f-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b03540-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b03541-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b03545-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b03546-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b03547-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3d7a5166-72d7-484b-a06f-286187b80ca1} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50ce8a7d-9c28-4da8-9042-cdfa7116f979} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6a340dc0-0311-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6bdd5c1e-2810-4159-94bc-05511ae8549b} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6c29b41d-455b-4c33-963a-0d28e5e555ea} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7aef50ce-8e22-4ba8-bc06-a92a458b4ef2} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99652ea1-c1f7-414f-bb7b-1c967de75983} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b0edf162-910a-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b0edf164-910a-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b4f7a674-9b83-49cb-a357-c63b871be958} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b8be681a-eb2c-47f0-b415-94d5452f0e05} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c0020fd4-bee7-43d9-a495-9f213117103d} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c3a9f406-2222-436d-86d5-ba3229279efb} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c5702cd1-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c5702cd2-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c5702cd3-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c5702cd4-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c5702cd5-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c8638e8a-7625-4c51-9366-2f40a9831fc0} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf45f88b-ac56-4ee2-a73a-ed04e2885d3c} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e00cb864-a029-4310-9987-a873f5887d97} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb0c8cf9-6950-4772-87b1-47d11cf3a02f} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f798a36b-b05b-4bbe-9703-eaea7d61cd51} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fcd01846-0e19-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{011b3619-fe63-4814-8a84-15a194ce9ce3} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0149eedf-d08f-4142-8d73-d23903d21e90} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0369b4e5-45b6-11d3-b650-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0369b4e6-45b6-11d3-b650-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0429ec6e-1144-4bed-b88b-2fb9899a4a3d} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055cb2d7-2969-45cd-914b-76890722f112} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0955ac62-bf2e-4cba-a2b9-a63f772d46cf} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b3ffb92-0919-4934-9d5b-619c719d0202} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12d51199-0db5-46fe-a120-47a3d7d937cc} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15d6504a-5494-499c-886c-973c9e53b9f1} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1be49f30-0e1b-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1c15d484-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1df7d126-4050-47f0-a7cf-4c4ca9241333} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{267db0b3-55e3-4902-949b-df8f5cec0191} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2764bce5-cc39-11d2-b639-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{28953661-0231-41db-8986-21ff4388ee9b} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2c63e4eb-4cea-41b8-919c-e947ea19a77c} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{334125c0-77e5-11d3-b653-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3540d440-5b1d-49cb-821a-e84b8cf065a7} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b0353c-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b03543-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b03544-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{38f03426-e83b-4e68-b65b-dcae73304838} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3c4708dc-b181-46a8-8da8-4ab0371758cd} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{418008f3-cf67-4668-9628-10dc52be1d08} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4a5869cf-929d-4040-ae03-fcafc5b9cd42} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{577faa18-4518-445e-8f70-1473f8cf4ba4} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59dc47a8-116c-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6438570b-0c08-4a25-9504-8012bb4d50cf} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6ad28ee1-5002-4e71-aaf7-bd077907b1a4} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7f9cb14d-48e4-43b6-9346-1aebc39c64d3} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{809b6661-94c4-49e6-b6ec-3f0f862215aa} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{823535a0-0318-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8664da16-dda2-42ac-926a-c18f9127c302} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8872ff1b-98fa-4d7a-8d93-c9f1055f85bb} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8a674b49-1f63-11d3-b64c-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8a674b4c-1f63-11d3-b64c-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8a674b4d-1f63-11d3-b64c-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8d04238e-9fd1-41c6-8de3-9e1ee309e935} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9193a8f9-0cba-400e-aa97-eb4709164576} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9cd64701-bdf3-4d14-8e03-f12983d86664} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9e77aac4-35e5-42a1-bdc2-8f3ff399847c} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9f50e8b1-9530-4ddc-825e-1af81d47aed6} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a0b9b497-afbc-45ad-a8a6-9b077c40d4f2} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a1a2b1c4-0e3a-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a2e3074e-6c3d-11d3-b653-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a2e30750-6c3d-11d3-b653-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a8dcf3d5-0780-4ef4-8a83-2cffaacb8ace} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{abe40035-27c3-4a2f-8153-6624471608af} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad8e510d-217f-409b-8076-29c5e73b98e8} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0edf163-910a-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b401c5eb-8457-427f-84ea-a4d2363364b0} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b64016f3-c9a2-4066-96f0-bd9563314726} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb530c63-d9df-4b49-9439-63453962e598} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c531d9fd-9685-4028-8b68-6e1232079f1e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5702ccc-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5702ccd-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5702cce-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5702ccf-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5702cd0-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5702cd6-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6b14b32-76aa-4a86-a7ac-5c79aaf58da7} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{caafdd83-cefc-4e3d-ba03-175f17a24f91} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cbd30858-af45-11d2-b6d6-00c04fbbde6e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc23f537-18d4-4ece-93bd-207a84726979} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d02aac50-027e-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e18af75a-08af-11d3-b64a-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9769a06-7aca-4e39-9cfb-97bb35f0e77e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fa7c375b-66a7-4280-879d-fd459c84bb02} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mwquqtpq (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mwquqtpq (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mwquqtpq (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rrmsusrr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rrmsusrr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rrmsusrr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rssnpwrq (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rssnpwrq (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rssnpwrq (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rvrrtxhp (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rvrrtxhp (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rvrrtxhp (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rvrvnrnr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rvrvnrnr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rvrvnrnr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tusmpumu (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tusmpumu (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tusmpumu (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ucivvrzw (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ucivvrzw (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ucivvrzw (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uotpsrps (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uotpsrps (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\opzysrml (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\opzysrml (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opzysrml (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oxmsjsys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\oxmsjsys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oxmsjsys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lpmnvvvw (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lpmnvvvw (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tnumtrqu (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tnumtrqu (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tnumtrqu (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmmusrtr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vmmusrtr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmmusrtr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vojxylvn (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vojxylvn (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vojxylvn (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vqsqqntr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vqsqqntr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vqsqqntr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nnzrvnrr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nnzrvnrr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nnzrvnrr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvzjovzi (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nvzjovzi (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvzjovzi (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA (Adware.TargetSaver) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc (Trojan.MyDoom) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
|
October 11th, 2008, 04:02 PM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 34
Time spent in forums: 2 h 31 m 23 sec
Reputation Power: 5
|
|
|
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system32 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msdefender (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.FakeAlert.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\webhancer agent (Adware.Webhancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp antispyware 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcvamj0en9e (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD (Hijack.CMDPrompt) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fred\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fred\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\config\31171240.Evt (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\update32.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msdefender.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rs32net.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\VVNFUg\asappsrv.dll (Adware.CommAd) -> Delete on reboot.
C:\WINDOWS\VVNFUg\command.exe (Adware.CommAd) -> Delete on reboot.
C:\Program Files\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Webtools\webtools.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvidctl.dll (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tsuninst.exe (Spyware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\MWQUQTPQ.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\rrmsusrr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\rssnpwrq.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\rvrrtxhp.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\rvrvnrnr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\tusmpumu.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ucivvrzw.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UOTPSRPS.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\OPZYSRML.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\oxmsjsys.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\lpmnvvvw.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\mickey32.sys (Trojan.Srizbi) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Mom46.sys (Trojan.Srizbi) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\tnumtrqu.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\Vlj31.sys (Trojan.Srizbi) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\vmmusrtr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\vojxylvn.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\vqsqqntr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\nnzrvnrr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\nvzjovzi.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\cmdinst.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\__47.tmp (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\405177GB\inst601[1].exe (Trojan.Srizbi) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\405177GB\inst602[1].exe (Trojan.Srizbi) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\405177GB\inst60e[1].exe (Trojan.Srizbi) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\864079360.exe (Trojan.Srizbi) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\917701779.exe (Trojan.Srizbi) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\961679118.exe (Trojan.Srizbi) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Application Data\Microsoft\Windows\fygdx.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\webHancer\Programs\whagent.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\VnrBlock\VnrBlock21.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\GetPack21.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\GetPack22.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\iCheck.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule23.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Application Data\speedrunner\mhtfile.mht (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Application Data\speedrunner\SpeedRunner.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Application Data\RegistrySmart\Log\2008 Sep 16 - 01_06_56 PM_812.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Application Data\RegistrySmart\Log\2008 Sep 16 - 11_33_43 AM_000.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Application Data\RegistrySmart\Log\2008 Sep 16 - 12_57_43 PM_546.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fred\Application Data\RegistrySmart\Log\2008 Sep 15 - 06_42_54 PM_765.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\faceback.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpx139.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpx141.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpx144.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpx148.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pLqgtD11.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\setupapi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32:svchost.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\srff.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\blphcvamj0en9e.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcvamj0en9e.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcvamj0en9e.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle3090OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle3090OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\b103.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b104.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b116.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b157.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b161.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vedxg4am1et2.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vedxg6ame4.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vedxga1me4t1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vedxga4m1et4.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vedxga4me1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vedxga5me3.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vx.tll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.MyDoom) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Cookies\opipyf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fred\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fred\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN32.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\BN30.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fred\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\v3xd1.g22me (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\v4xd3.ga2me (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\v5xd2.g3ame (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\v5xd4.ga2me (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\v6xdt4.game (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\vx1dt1.game (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\vx1dt3.game (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\vx3dt2.game (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Local Settings\Temp\v4xd6.gam5e (Heuristics.Malware) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 2
10/11/2008 4:38:39 PM
mbam-log-2008-10-11 (16-38-39).txt
Scan type: Quick Scan
Objects scanned: 53152
Time elapsed: 6 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qqrrqotv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qqrrqotv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wpwosqrm (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wpwosqrm (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD (Hijack.CMDPrompt) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\drivers\rrzbrzzj.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\PVSXONSO.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\QQRRQOTV.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\wpwosqrm.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
|
October 11th, 2008, 04:02 PM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 34
Time spent in forums: 2 h 31 m 23 sec
Reputation Power: 5
|
|
|
Logfile of HijackThis v1.99.1
Scan saved at 4:43:53 PM, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ATT Internet Tools\blsloader.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\hjt.exe
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Print Process Spooler] spoolsi.exe
O4 - HKLM\..\Run: [IKLKRFDI] %systemroot%\IKLKRFDI.exe
O4 - HKLM\..\Run: [el] regsvr32.exe /u /s "C:\WINDOWS\system32\el32.dll"
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\ATT Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [{ab3b02c5-1dfe-73ca-d1d2-7f5ecb224aeb}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\iyvxpqnyohpzucy.dll" DllStub
O4 - HKLM\..\Run: [anaankvp] %systemroot%\anaankvp.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.pagoo.com/ActiveX/RCAXSetup.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: psyche - Unknown owner - C:\WINDOWS\System32\psyche.exe
O23 - Service: PsycheEnqueue - Unknown owner - C:\WINDOWS\System32\PsycheEnqueue.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
|
October 11th, 2008, 04:39 PM
|
 |
Malware Warrior /AV forum Mod
|
|
Join Date: Nov 2006
Location: San Antonio Tx
|
|
This computer is severely infected.
Lets start here.
Download Fix service to your desktop and double click to run.
Next
Please download ComboFix by sUBs from HERE or HERE directly to your Desktop.
Note: If you already have ComboFix on your machine, please DELETE it from your desktop before downloading the newest version.
Make sure any antivirus or protective software is disabled.
Here is a tutorial for most programs.
http://www.bleepingcomputer.com/forums/topic114351.html
Next
* Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the Quote box below:
Quote:
KillAll::
File::
C:\WINDOWS\system32\spoolsi.exe
C:\WINDOWS\system32\iyvxpqnyohpzucy.dll
C:\WINDOWS\anaankvp.exe
C:\WINDOWS\IKLKRFDI.exe
C:\WINDOWS\system32\el32.dll
C:\WINDOWS\System32\psyche.exe
C:\WINDOWS\System32\PsycheEnqueue.exe
Folder::
C:\WINDOWS\VVNFUg
|
* Save this as CFScript.txt and place it on your desktop.
* Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
* ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
* When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
With a new HJT log This time use THIS version instead Delete the old one.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
I also noticed when you scanned with malwarebytes you did NOT update it first.
Please UPDATE it and run a NEW scan and post that log as well.
__________________
Neera: The wraith will not allow us to escape.
Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
Neera: You do not fear them?
Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.
Last edited by Porthos : October 11th, 2008 at 05:49 PM.
|
October 11th, 2008, 09:31 PM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 34
Time spent in forums: 2 h 31 m 23 sec
Reputation Power: 5
|
|
|
After some initial difficulty I managed to get ComboFix to run successfully. I still have an issue in that svchost.exe run by SYSTEM uses all available CPU. Lots of progress so far though. I can now use the task manager, view the C drive, use the Run command, edit the registry, and use the command line.
ComboFix 08-10-11.01 - Pwner 2008-10-11 21:25:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.206 [GMT -4:00]
Running from: C:\Documents and Settings\Pwner\Desktop\ix.exe
Command switches used :: C:\Documents and Settings\Pwner\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\anaankvp.exe
C:\WINDOWS\IKLKRFDI.exe
C:\WINDOWS\system32\el32.dll
C:\WINDOWS\system32\iyvxpqnyohpzucy.dll
C:\WINDOWS\System32\psyche.exe
C:\WINDOWS\System32\PsycheEnqueue.exe
C:\WINDOWS\system32\spoolsi.exe
.
/wow section not completed
((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.
2008-10-11 21:09 . 2008-10-11 21:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-11 16:26 . 2008-10-11 16:26 37,890 --a------ C:\WINDOWS\system32\BQdb103U.exe
2008-10-11 16:15 . 2008-10-11 16:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-11 15:51 . 2008-10-11 15:53 <DIR> d-------- C:\Program Files\CCleaner
2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Documents and Settings\Pwner\Application Data\Malwarebytes
2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-11 14:59 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-11 14:59 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-11 14:54 . 2008-10-11 14:54 0 --a------ C:\WINDOWS\system32\dlds8.exe
2008-10-11 12:09 . 2008-10-11 12:12 <DIR> d-------- C:\Program Files\NoAdware
2008-10-11 12:05 . 2008-10-11 12:04 30,272 --a------ C:\WINDOWS\system32\pLqgtD11.exe
2008-10-11 12:02 . 2008-10-11 12:13 <DIR> d-------- C:\WINDOWS\AdWare Pro
2008-10-11 12:02 . 2008-10-11 12:02 0 --a------ C:\WINDOWS\system32\MSVolume.dll
2008-10-11 12:00 . 2008-10-11 12:14 <DIR> d-------- C:\Program Files\AdWare Pro
2008-10-11 10:59 . 2008-10-11 10:59 186,368 --a------ C:\Documents and Settings\LocalService\Application Data\871026602.exe
2008-10-11 10:59 . 2008-10-11 10:59 108,544 --a------ C:\Documents and Settings\LocalService\Application Data\870764442.exe
2008-10-11 10:59 . 2008-10-11 10:59 71,715 --a------ C:\WINDOWS\system32\xuuvkpwbtbtope.exe
2008-10-11 10:58 . 2008-10-11 10:58 115,200 --a------ C:\Documents and Settings\LocalService\Application Data\951127177.exe
2008-10-11 10:58 . 2008-10-11 10:58 34,816 --a------ C:\Documents and Settings\LocalService\Application Data\932579358.exe
2008-10-09 17:14 . 2008-10-09 17:14 186,368 --a------ C:\Documents and Settings\LocalService\Application Data\867421903.exe
2008-10-09 17:14 . 2008-10-09 17:14 115,200 --a------ C:\Documents and Settings\LocalService\Application Data\919078116.exe
2008-10-09 17:14 . 2008-10-09 17:14 108,544 --a------ C:\Documents and Settings\LocalService\Application Data\800571103.exe
2008-10-07 13:33 . 2008-10-07 13:33 191,488 --a------ C:\Documents and Settings\LocalService\Application Data\833930960.exe
2008-10-07 13:33 . 2008-10-07 13:33 108,544 --a------ C:\Documents and Settings\LocalService\Application Data\750695162.exe
2008-10-07 10:26 . 2008-10-11 20:39 32,256 --a------ C:\WINDOWS\system32\drivers\ati4wbxx.sys
2008-10-07 08:48 . 2008-10-07 08:48 191,488 --a------ C:\Documents and Settings\LocalService\Application Data\822395920.exe
2008-10-07 08:48 . 2008-10-07 08:48 114,176 --a------ C:\Documents and Settings\LocalService\Application Data\872206320.exe
2008-10-07 08:40 . 2008-10-07 08:40 <DIR> d-------- C:\Program Files\att-nap
2008-10-07 08:28 . 2008-10-07 08:28 23,726 --a------ C:\WINDOWS\system32\12283142141.dll
2008-10-07 08:26 . 2008-10-07 08:26 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2008-10-06 20:58 . 2008-10-06 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-06 19:47 . 2008-09-16 14:07 <DIR> d-------- C:\WINDOWS\WinSxS
2008-10-06 19:47 . 2008-10-11 20:59 <DIR> d-------- C:\Program Files\OINAnalytics
2008-10-06 19:47 . 2008-09-30 09:51 60,928 --a------ C:\WINDOWS\system32\gfr.dll
2008-10-06 19:42 . 2008-10-11 15:23 <DIR> d--hs---- C:\WINDOWS\VVNFUg
2008-10-06 19:37 . 2008-10-06 19:37 <DIR> d-------- C:\WINDOWS\qofr
2008-10-06 19:37 . 2008-10-06 19:39 <DIR> d-------- C:\Program Files\Common Files\qofr
2008-10-06 19:16 . 2008-10-06 19:16 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\Gool
2008-10-06 14:58 . 2008-10-06 14:58 29 --a------ C:\WINDOWS\system32\fyoeiheo.tmp
2008-10-06 14:53 . 2008-10-11 14:44 6,144 --a------ C:\WINDOWS\system32\karna.dat
2008-10-06 11:01 . 2008-10-06 11:01 19,558 --a------ C:\Program Files\Common Files\oceka.sys
2008-10-06 11:01 . 2008-10-06 11:01 17,521 --a------ C:\WINDOWS\aqowoqijy.exe
2008-10-06 11:01 . 2008-10-06 11:01 17,409 --a------ C:\Documents and Settings\Judy\Application Data\wadah.bin
2008-10-06 11:01 . 2008-10-06 11:01 17,403 --a------ C:\WINDOWS\xulupakic.pif
2008-10-06 11:01 . 2008-10-06 11:01 15,409 --a------ C:\WINDOWS\system32\gumuj.dat
2008-10-06 11:01 . 2008-10-06 11:01 15,036 --a------ C:\WINDOWS\system32\ohaqohak.ban
2008-10-06 11:01 . 2008-10-06 11:01 14,126 --a------ C:\Program Files\Common Files\gewigoden.scr
2008-10-06 11:01 . 2008-10-06 11:01 13,619 --a------ C:\Documents and Settings\All Users\Application Data\anili.bat
2008-10-06 11:01 . 2008-10-06 11:01 13,118 --a------ C:\WINDOWS\system32\itugucycis.dl
2008-10-06 11:01 . 2008-10-06 11:01 12,814 --a------ C:\WINDOWS\yvalydi._dl
2008-10-06 11:01 . 2008-10-06 11:01 12,331 --a------ C:\Documents and Settings\All Users\Application Data\tywen.bat
2008-10-06 11:01 . 2008-10-06 11:01 12,319 --a------ C:\Program Files\Common Files\uvumadynug.scr
2008-10-06 11:01 . 2008-10-06 11:01 10,454 --a------ C:\WINDOWS\system32\yzolokof.exe
2008-10-06 11:01 . 2008-10-06 11:01 10,205 --a------ C:\WINDOWS\idakifa.db
2008-10-06 09:14 . 2008-10-06 09:14 18,422 --a------ C:\Documents and Settings\Judy\Application Data\acoh.vbs
2008-10-06 09:14 . 2008-10-06 09:14 18,050 --a------ C:\Documents and Settings\All Users\Application Data\yzopo.bat
2008-10-06 09:14 . 2008-10-06 09:14 14,877 --a------ C:\Documents and Settings\Judy\Application Data\xyzodyfag.scr
2008-10-06 09:14 . 2008-10-06 09:14 12,257 --a------ C:\Documents and Settings\Judy\Application Data\palanysemu.sys
2008-10-05 18:00 . 2008-10-06 13:18 <DIR> d-------- C:\Program Files\XP_AntiSpyware
2008-10-05 18:00 . 2008-10-05 18:00 23,726 --a------ C:\WINDOWS\system32\2201920341.dll
2008-10-05 17:58 . 2008-10-11 12:46 65,428 --a------ C:\WINDOWS\system32\wini10251.exe
2008-10-05 17:55 . 2008-10-11 13:42 10,240 --a------ C:\WINDOWS\system32\brastk.exe
2008-10-05 17:55 . 2008-10-11 13:42 10,240 --a------ C:\WINDOWS\brastk.exe
2008-10-05 17:51 . 2008-10-05 17:51 23,102 --a------ C:\WINDOWS\system32\dlds7.exe
2008-10-05 17:50 . 2008-10-05 17:50 44,544 --a------ C:\WAfg.exe
2008-10-05 17:50 . 2008-10-05 17:50 22,666 --a------ C:\WINDOWS\system32\dlds6.exe
2008-10-05 17:50 . 2008-10-05 17:50 17,782 --a------ C:\WINDOWS\system32\dlds1.exe
2008-10-05 17:50 . 2008-10-05 17:50 16,896 --a------ C:\T8M0.exe
2008-10-05 17:50 . 2008-10-05 17:50 16,186 --a------ C:\WINDOWS\system32\dlds5.exe
2008-10-05 17:50 . 2008-10-05 17:50 16,186 --a------ C:\WINDOWS\system32\dlds2.exe
2008-10-04 11:28 . 2008-10-04 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-10-01 16:48 . 2008-10-01 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-10-01 16:47 . 2008-10-01 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-09-29 16:54 . 2008-09-29 16:54 <DIR> d-------- C:\Program Files\Microsoft
2008-09-24 09:03 . 2008-09-24 09:04 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\SPAMfighter
2008-09-22 11:25 . 2008-09-22 11:25 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\SPAMfighter
2008-09-16 14:58 . 2008-09-16 14:58 0 --a------ C:\WINDOWS\Textart.INI
2008-09-16 14:15 . 2008-09-16 14:15 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-16 12:50 . 2008-09-16 12:50 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\Uniblue
2008-09-15 16:55 . 2008-09-15 16:55 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\vlc
2008-09-13 18:17 . 2008-09-13 18:17 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-13 14:35 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-09-13 14:35 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-09-13 14:35 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-09-12 08:36 . 2008-09-13 17:58 <DIR> d-------- C:\WINDOWS\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-09 21:16 --------- d-----w C:\Program Files\Lx_cats
2008-10-07 12:40 --------- d-----w C:\Program Files\Common Files\Motive
2008-10-07 00:58 --------- d-----w C:\Program Files\Google
2008-10-07 00:35 --------- d-----w C:\Program Files\ATT Internet Tools
2008-10-06 19:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-06 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-06 17:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-06 17:40 --------- d-----w C:\Program Files\Norton AntiVirus
2008-10-06 13:14 19,797 ----a-w C:\WINDOWS\ujilutiwib.bin
2008-10-06 13:14 18,389 ----a-w C:\Program Files\Common Files\ugehun.inf
2008-10-06 13:14 18,216 ----a-w C:\WINDOWS\izewyh.vbs
2008-10-06 13:14 17,449 ----a-w C:\WINDOWS\ezof.vbs
2008-10-06 13:14 15,824 ----a-w C:\WINDOWS\amam.scr
2008-10-06 13:14 13,281 ----a-w C:\WINDOWS\system32\okewygeged.exe
2008-10-06 13:14 10,901 ----a-w C:\WINDOWS\caqovu.vbs
2008-10-05 22:00 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-10-02 11:32 --------- d-----w C:\Program Files\MySpace
2008-09-21 20:07 --------- d-----w C:\Documents and Settings\Fred\Application Data\FaxCtr
2008-09-19 22:06 --------- d-----w C:\Program Files\NOS
2008-09-19 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-09-16 18:16 --------- d-----w C:\Program Files\QuickTime
2008-09-16 18:03 --------- d-----w C:\Program Files\ATT
2008-09-16 18:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-16 18:02 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Lavasoft
2008-09-16 16:24 --------- d-----w C:\Documents and Settings\Judy\Application Data\FaxCtr
2008-09-15 20:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 22:19 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-09-13 22:19 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-09-13 22:19 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-09-06 23:10 --------- d-----w C:\Documents and Settings\Fred\Application Data\MySpace
2008-09-05 13:58 --------- d-----w C:\Program Files\CDex_150
2008-08-31 23:00 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Template
2008-08-31 20:12 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Skype
2008-08-31 20:11 --------- d-----w C:\Documents and Settings\Pwner\Application Data\skypePM
2008-08-29 11:49 166,400 ----a-w C:\WINDOWS\system32\iyvxpqnyohpzucy.dll
2008-08-26 16:53 --------- d-----w C:\Program Files\Java
2008-08-15 15:12 --------- d-----w C:\Documents and Settings\Pwner\Application Data\FaxCtr
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2006-11-07 17:43 0 ----a-w C:\Program Files\Common Files\err.log
2006-07-30 13:55 0 -c--a-w C:\Documents and Settings\Fred\Application Data\Install.dat
2005-07-29 20:24 472 --sha-r C:\WINDOWS\VVNFUg\pphIo0.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-09-05 450560]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-01 12288]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.EXE" [2002-01-28 885760]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-12-10 37376]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-06 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-02-06 771704]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"PhotoExplosionCalCheck"="C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"el"="C:\WINDOWS\system32\el32.dll" [2008-03-03 38400]
"blspcloader"="C:\Program Files\ATT Internet Tools\blsloader.exe" [2008-10-06 103776]
"{ab3b02c5-1dfe-73ca-d1d2-7f5ecb224aeb}"="C:\WINDOWS\system32\iyvxpqnyohpzucy.dll" [2008-08-29 166400]
"VTTrayp"="VTtrayp.exe" [2004-06-21 C:\WINDOWS\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [2004-10-01 C:\WINDOWS\system32\VTTimer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"Appinit_dlls"=karna.dat
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\att-nap\\McciBrowser.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
Contents of the 'Scheduled Tasks' folder
2008-09-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]
2008-10-11 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-12 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At25.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At26.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At27.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At28.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At29.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At30.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At31.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At32.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At33.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At34.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At35.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At36.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At37.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At38.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At39.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At40.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At41.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At42.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At43.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At44.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-12 C:\WINDOWS\Tasks\At45.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At46.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At47.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At48.job
- C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]
2008-10-11 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-10-11 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]
2008-08-04 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
- C:\Program Files\ErrorSmart\ErrorSmart.exe []
2008-08-04 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
- C:\Program Files\ErrorSmart []
2008-09-16 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
- C:\Program Files\RegistrySmart\RegistrySmart.exe []
2008-09-16 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
- C:\Program Files\RegistrySmart []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Print Process Spooler - spoolsi.exe
SharedTaskScheduler-{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 21:28:16
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwQuerySystemInformation
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\drivers\bjnvzzvv.sys 179712 bytes executable
C:\WINDOWS\system32\psyche.exe 114176 bytes executable
C:\WINDOWS\system32\PsycheEnqueue.exe 108544 bytes executable
scan completed successfully
hidden files: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bjnvzzvv]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\bjnvzzvv.sys"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\psyche]
"ImagePath"="%SystemRoot%\System32\psyche.exe -k netsvcs"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsycheEnqueue]
"ImagePath"="%SystemRoot%\System32\PsycheEnqueue.exe -k netsvcs"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
.
**************************************************************************
.
Completion time: 2008-10-11 21:56:02 - machine was rebooted [Pwner]
ComboFix-quarantined-files.txt 2008-10-12 01:55:36
Pre-Run: 28,435,533,824 bytes free
Post-Run: 28,323,274,752 bytes free
405 --- E O F --- 2008-09-10 16:46:26
|
October 11th, 2008, 09:32 PM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 34
Time spent in forums: 2 h 31 m 23 sec
Reputation Power: 5
|
|
|
Malwarebytes' Anti-Malware 1.28
Database version: 1259
Windows 5.1.2600 Service Pack 2
2008-10-11 20:59:03
mbam-log-2008-10-11 (20-59-03).txt
Scan type: Quick Scan
Objects scanned: 12872
Time elapsed: 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iklkrfdi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\anaankvp (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\spoolsi.exe (Backdoor.Bot) -> Delete on reboot.
C:\Program Files\OINAnalytics\OINAnalytics1.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\IKLKRFDI.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\JZJICSAB.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\anaankvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.28
Database version: 1259
Windows 5.1.2600 Service Pack 2
10/11/2008 10:08:56 PM
mbam-log-2008-10-11 (22-08-56).txt
Scan type: Quick Scan
Objects scanned: 51187
Time elapsed: 3 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 29
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4ddbb94d-75a4-215e-8e39-5ec006528cbe} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati4wbxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati4wbxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati4wbxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oinanalytics (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{ab3b02c5-1dfe-73ca-d1d2-7f5ecb224aeb} (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\OINAnalytics (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\psyche.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PsycheEnqueue.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BQdb103U.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfr.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati4wbxx.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\bjnvzzvv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\750695162.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\800571103.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\822395920.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\833930960.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\870764442.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\872206320.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\951127177.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\AVEngn.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Uninstall.exe (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iyvxpqnyohpzucy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlds1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlds2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlds5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlds6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlds7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlds8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10251.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Judy\Application Data\Gool\Gool.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.28
Database version: 1259
Windows 5.1.2600 Service Pack 2
10/11/2008 10:20:14 PM
mbam-log-2008-10-11 (22-20-14).txt
Scan type: Quick Scan
Objects scanned: 51136
Time elapsed: 3 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
|
October 11th, 2008, 09:32 PM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 34
Time spent in forums: 2 h 31 m 23 sec
Reputation Power: 5
|
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:55 PM, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
C:\Program Files\ATT Internet Tools\blsloader.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [el] regsvr32.exe /u /s "C:\WINDOWS\system32\el32.dll"
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\ATT Internet Tools\blsloader.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.pagoo.com/ActiveX/RCAXSetup.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 9232 bytes
|
October 11th, 2008, 10:24 PM
|
|
Malware Warrior /AV forum Mod
|
|
Join Date: Nov 2006
Location: San Antonio Tx
|
|
Now lets delete everything INSIDE this folder. NOT the folder.
C:\WINDOWS\Tasks
Next
Be sure your antivirus is disabled....
* Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the Quote box below:
Quote:
KillAll::
File::
C:\WINDOWS\system32\el32.dll
C:\WINDOWS\system32\BQdb103U.exe
C:\WINDOWS\system32\dlds8.exe
C:\WINDOWS\anaankvp.exe
C:\WINDOWS\IKLKRFDI.exe
C:\WINDOWS\system32\el32.dll
C:\WINDOWS\system32\iyvxpqnyohpzucy.dll
C:\WINDOWS\System32\psyche.exe
C:\WINDOWS\System32\PsycheEnqueue.exe
C:\WINDOWS\system32\spoolsi.exe
C:\WINDOWS\system32\pLqgtD11.exe
C:\Documents and Settings\LocalService\Application Data\871026602.exe
C:\Documents and Settings\LocalService\Application Data\870764442.exe
C:\WINDOWS\system32\xuuvkpwbtbtope.exe
C:\Documents and Settings\LocalService\Application Data\951127177.exe
C:\Documents and Settings\LocalService\Application Data\932579358.exe
C:\Documents and Settings\LocalService\Application Data\867421903.exe
C:\Documents and Settings\LocalService\Application Data\919078116.exe
C:\Documents and Settings\LocalService\Application Data\800571103.exe
C:\Documents and Settings\LocalService\Application Data\833930960.exe
C:\Documents and Settings\LocalService\Application Data\750695162.exe
C:\WINDOWS\system32\drivers\ati4wbxx.sys
C:\Documents and Settings\LocalService\Application Data\822395920.exe
C:\Documents and Settings\LocalService\Application Data\872206320.exe
C:\WINDOWS\system32\12283142141.dll
C:\WINDOWS\system32\gfr.dll
C:\Documents and Settings\Judy\Application Data\Gool
C:\WINDOWS\system32\fyoeiheo.tmp
C:\WINDOWS\system32\karna.dat
C:\Program Files\Common Files\oceka.sys
C:\WINDOWS\aqowoqijy.exe
C:\Documents and Settings\Judy\Application Data\wadah.bin
C:\WINDOWS\xulupakic.pif
C:\WINDOWS\system32\gumuj.dat
C:\WINDOWS\system32\ohaqohak.ban
C:\Program Files\Common Files\gewigoden.scr
C:\Documents and Settings\All Users\Application Data\anili.bat
C:\WINDOWS\system32\itugucycis.dl
C:\WINDOWS\yvalydi._dl
C:\Documents and Settings\All Users\Application Data\tywen.bat
C:\Program Files\Common Files\uvumadynug.scr
C:\WINDOWS\system32\yzolokof.exe
C:\WINDOWS\idakifa.db
C:\Documents and Settings\Judy\Application Data\acoh.vbs
C:\Documents and Settings\All Users\Application Data\yzopo.bat
C:\Documents and Settings\Judy\Application Data\xyzodyfag.scr
C:\Documents and Settings\Judy\Application Data\palanysemu.sys
C:\WINDOWS\system32\2201920341.dll
C:\WINDOWS\system32\wini10251.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\brastk.exe
C:\WINDOWS\system32\dlds7.exe
C:\WAfg.exe
C:\WINDOWS\system32\dlds6.exe
C:\WINDOWS\system32\dlds1.exe
C:\T8M0.exe
C:\WINDOWS\system32\dlds5.exe
C:\WINDOWS\system32\dlds2.exe
C:\WINDOWS\ujilutiwib.bin
C:\Program Files\Common Files\ugehun.inf
C:\WINDOWS\izewyh.vbs
C:\WINDOWS\ezof.vbs
C:\WINDOWS\amam.scr
C:\WINDOWS\system32\okewygeged.exe
C:\WINDOWS\caqovu.vbs
C:\WINDOWS\system32\iyvxpqnyohpzucy.dll
C:\WINDOWS\system32\pLqgtD11.exe
C:\WINDOWS\system32\BQdb103U.exe
C:\WINDOWS\system32\drivers\bjnvzzvv.sys
Folder::
C:\WINDOWS\VVNFUgC:\WINDOWS\VVNFUg
C:\WINDOWS\qofr
C:\Program Files\Common Files\qofr
C:\Program Files\XP_AntiSpyware
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"el"=-
"{ab3b02c5-1dfe-73ca-d1d2-7f5ecb224aeb}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"Appinit_dlls"=
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bjnvzzvv]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\psyche]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsycheEnqueue]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
Driver::
bjnvzzvv
|
* Save this as CFScript.txt and place it on your desktop.
* Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
* ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
* When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
After that runs and you post the Combofix log......
Download SDfix and save it to your Desktop.
http://downloads.andymanchesta.com/...Tools/SDFix.exe
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
· Restart your computer
· After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
· Instead of Windows loading as normal, the Advanced Options Menu should appear;
· Select the first option, to run Windows in Safe Mode, then press Enter.
· Choose your usual account.
· Open the extracted SDFix folder and double click RunThis.bat to start the script.
· Type Y to begin the cleanup process.
· It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
· Press any Key and it will restart the PC.
· When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
· Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
· Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Note: Do NOT use the msconfig option to boot into Safe Mode, if you can't boot into Safe Mode by tapping the F8 key, just post back here and let me know.
__________________
If I have posted multiple programs for the fix do them ALL before posting them and a final hijack log
Post a new HJT log
|
October 11th, 2008, 11:26 PM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 34
Time spent in forums: 2 h 31 m 23 sec
Reputation Power: 5
|
|
|
I forgot to delete the files in the tasks folder before running ComboFix for the first time, so I figured it were better to run it a second time after that than to let something respawn that was removed the first time. Both of the CF logs are here.
ComboFix 08-10-11.01 - Pwner 2008-10-11 23:35:51.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.227 [GMT -4:00]
Running from: C:\Documents and Settings\Pwner\Desktop\ix.exe
Command switches used :: C:\Documents and Settings\Pwner\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Documents and Settings\All Users\Application Data\anili.bat
C:\Documents and Settings\All Users\Application Data\tywen.bat
C:\Documents and Settings\All Users\Application Data\yzopo.bat
C:\Documents and Settings\Judy\Application Data\acoh.vbs
C:\Documents and Settings\Judy\Application Data\Gool
C:\Documents and Settings\Judy\Application Data\palanysemu.sys
C:\Documents and Settings\Judy\Application Data\wadah.bin
C:\Documents and Settings\Judy\Application Data\xyzodyfag.scr
C:\Documents and Settings\LocalService\Application Data\750695162.exe
C:\Documents and Settings\LocalService\Application Data\800571103.exe
C:\Documents and Settings\LocalService\Application Data\822395920.exe
C:\Documents and Settings\LocalService\Application Data\833930960.exe
C:\Documents and Settings\LocalService\Application Data\867421903.exe
C:\Documents and Settings\LocalService\Application Data\870764442.exe
C:\Documents and Settings\LocalService\Application Data\871026602.exe
C:\Documents and Settings\LocalService\Application Data\872206320.exe
C:\Documents and Settings\LocalService\Application Data\919078116.exe
C:\Documents and Settings\LocalService\Application Data\932579358.exe
C:\Documents and Settings\LocalService\Application Data\951127177.exe
C:\Program Files\Common Files\gewigoden.scr
C:\Program Files\Common Files\oceka.sys
C:\Program Files\Common Files\ugehun.inf
C:\Program Files\Common Files\uvumadynug.scr
C:\T8M0.exe
C:\WAfg.exe
C:\WINDOWS\amam.scr
C:\WINDOWS\anaankvp.exe
C:\WINDOWS\aqowoqijy.exe
C:\WINDOWS\brastk.exe
C:\WINDOWS\caqovu.vbs
C:\WINDOWS\ezof.vbs
C:\WINDOWS\idakifa.db
C:\WINDOWS\IKLKRFDI.exe
C:\WINDOWS\izewyh.vbs
C:\WINDOWS\system32\12283142141.dll
C:\WINDOWS\system32\2201920341.dll
C:\WINDOWS\system32\BQdb103U.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\dlds1.exe
C:\WINDOWS\system32\dlds2.exe
C:\WINDOWS\system32\dlds5.exe
C:\WINDOWS\system32\dlds6.exe
C:\WINDOWS\system32\dlds7.exe
C:\WINDOWS\system32\dlds8.exe
C:\WINDOWS\system32\drivers\ati4wbxx.sys
C:\WINDOWS\system32\drivers\bjnvzzvv.sys
C:\WINDOWS\system32\el32.dll
C:\WINDOWS\system32\fyoeiheo.tmp
C:\WINDOWS\system32\gfr.dll
C:\WINDOWS\system32\gumuj.dat
C:\WINDOWS\system32\itugucycis.dl
C:\WINDOWS\system32\iyvxpqnyohpzucy.dll
C:\WINDOWS\system32\karna.dat
C:\WINDOWS\system32\ohaqohak.ban
C:\WINDOWS\system32\okewygeged.exe
C:\WINDOWS\system32\pLqgtD11.exe
C:\WINDOWS\System32\psyche.exe
C:\WINDOWS\System32\PsycheEnqueue.exe
C:\WINDOWS\system32\spoolsi.exe
C:\WINDOWS\system32\wini10251.exe
C:\WINDOWS\system32\xuuvkpwbtbtope.exe
C:\WINDOWS\system32\yzolokof.exe
C:\WINDOWS\ujilutiwib.bin
C:\WINDOWS\xulupakic.pif
C:\WINDOWS\yvalydi._dl
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\anili.bat
C:\Documents and Settings\All Users\Application Data\tywen.bat
C:\Documents and Settings\All Users\Application Data\yzopo.bat
C:\Documents and Settings\Amanda\Application Data\FunWebProducts
C:\Documents and Settings\Amanda\Application Data\FunWebProducts\Data\Amanda\avatar.dat
C:\Documents and Settings\Amanda\Application Data\FunWebProducts\Data\Amanda\register.dat
C:\Documents and Settings\Fred\Application Data\install.dat
C:\Documents and Settings\Fred\err.log
C:\Documents and Settings\Judy\Application Data\acoh.vbs
C:\Documents and Settings\Judy\Application Data\palanysemu.sys
C:\Documents and Settings\Judy\Application Data\wadah.bin
C:\Documents and Settings\Judy\Application Data\xyzodyfag.scr
C:\Documents and Settings\Judy\err.log
C:\Documents and Settings\Judy\Local Settings\Temporary Internet Files\cosero.db
C:\Documents and Settings\Judy\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Judy\Local Settings\Temporary Internet Files\tikuci.inf
C:\Documents and Settings\Judy\Local Settings\Temporary Internet Files\yquco.scr
C:\Documents and Settings\Judy\My Documents\SMANTE~1
C:\Documents and Settings\Judy\My Documents\SMANTE~1\netdde.exe
C:\Documents and Settings\Judy\My Documents\SMANTE~1\S?mantec\
C:\Documents and Settings\LocalService\Application Data\867421903.exe
C:\Documents and Settings\LocalService\Application Data\871026602.exe
C:\Documents and Settings\LocalService\Application Data\919078116.exe
C:\Documents and Settings\LocalService\Application Data\932579358.exe
C:\Documents and Settings\Pwner\err.log
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\log.txt
C:\Program Files\Common Files\gewigoden.scr
C:\Program Files\Common Files\oceka.sys
C:\Program Files\Common Files\qofr
C:\Program Files\Common Files\qofr\qofra.exe
C:\Program Files\Common Files\qofr\qofra.lck
C:\Program Files\Common Files\qofr\qofrd\class-barrel
C:\Program Files\Common Files\qofr\qofrd\qofrc.dll
C:\Program Files\Common Files\qofr\qofrd\vocabulary
C:\Program Files\Common Files\qofr\qofrh
C:\Program Files\Common Files\qofr\qofrl.exe
C:\Program Files\Common Files\qofr\qofrl.lck
C:\Program Files\Common Files\qofr\qofrm.exe
C:\Program Files\Common Files\qofr\qofrm.lck
C:\Program Files\Common Files\qofr\qofrp.exe
C:\Program Files\Common Files\ugehun.inf
C:\Program Files\Common Files\uvumadynug.scr
C:\T8M0.exe
C:\WAfg.exe
C:\WINDOWS\amam.scr
C:\WINDOWS\aqowoqijy.exe
C:\WINDOWS\caqovu.vbs
C:\WINDOWS\ezof.vbs
C:\WINDOWS\idakifa.db
C:\WINDOWS\izewyh.vbs
C:\WINDOWS\qofr
C:\WINDOWS\qofr\qofr.dat
C:\WINDOWS\qofr\wu
C:\WINDOWS\system32\12283142141.dll
C:\WINDOWS\system32\2201920341.dll
C:\WINDOWS\system32\el32.dll
C:\WINDOWS\system32\fyoeiheo.tmp
C:\WINDOWS\system32\gumuj.dat
C:\WINDOWS\system32\itugucycis.dl
C:\WINDOWS\system32\ohaqohak.ban
C:\WINDOWS\system32\okewygeged.exe
C:\WINDOWS\system32\pLqgtD11.exe
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\xuuvkpwbtbtope.exe
C:\WINDOWS\system32\yzolokof.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\ujilutiwib.bin
C:\WINDOWS\wnsxs~1
C:\WINDOWS\wnsxs~1\?hkdsk.exe
C:\WINDOWS\xulupakic.pif
C:\WINDOWS\yvalydi._dl
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BJNVZZVV
-------\Legacy_CBEVTSVC
-------\Legacy_FOPN
-------\Legacy_ICF
-------\Legacy_SYSREST.SYS
-------\Legacy_TCPSR
-------\Service_bjnvzzvv
-------\Service_psyche
-------\Service_PsycheEnqueue
((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.
2008-10-11 21:09 . 2008-10-11 21:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-11 16:15 . 2008-10-11 16:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-11 15:51 . 2008-10-11 15:53 <DIR> d-------- C:\Program Files\CCleaner
2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Documents and Settings\Pwner\Application Data\Malwarebytes
2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-11 14:59 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-11 14:59 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-11 12:09 . 2008-10-11 12:12 <DIR> d-------- C:\Program Files\NoAdware
2008-10-11 12:02 . 2008-10-11 12:13 <DIR> d-------- C:\WINDOWS\AdWare Pro
2008-10-11 12:00 . 2008-10-11 12:14 <DIR> d-------- C:\Program Files\AdWare Pro
2008-10-07 08:40 . 2008-10-07 08:40 <DIR> d-------- C:\Program Files\att-nap
2008-10-07 08:26 . 2008-10-07 08:26 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2008-10-06 20:58 . 2008-10-06 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-06 19:42 . 2008-10-11 15:23 <DIR> d--hs---- C:\WINDOWS\VVNFUg
2008-10-06 19:16 . 2008-10-11 22:08 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\Gool
2008-10-06 09:14 . 2008-10-06 09:14 18,533 --a------ C:\WINDOWS\uzoqytyp._sy
2008-10-06 09:14 . 2008-10-06 09:14 15,155 --a------ C:\WINDOWS\ujuza.dl
2008-10-06 09:14 . 2008-10-06 09:14 14,177 --a------ C:\WINDOWS\apihoz.dl
2008-10-06 09:14 . 2008-10-06 09:14 12,856 --a------ C:\WINDOWS\unanetuv.lib
2008-10-06 09:14 . 2008-10-06 09:14 12,484 --a------ C:\WINDOWS\esuqosoz.inf
2008-10-06 09:14 . 2008-10-06 09:14 11,389 --a------ C:\WINDOWS\xevumezozi.dat
2008-10-04 11:28 . 2008-10-04 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-10-01 16:48 . 2008-10-01 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-10-01 16:47 . 2008-10-01 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-09-29 16:54 . 2008-09-29 16:54 <DIR> d-------- C:\Program Files\Microsoft
2008-09-24 09:03 . 2008-09-24 09:04 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\SPAMfighter
2008-09-22 11:25 . 2008-09-22 11:25 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\SPAMfighter
2008-09-16 14:58 . 2008-09-16 14:58 0 --a------ C:\WINDOWS\Textart.INI
2008-09-16 14:15 . 2008-09-16 14:15 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-16 12:50 . 2008-09-16 12:50 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\Uniblue
2008-09-15 16:55 . 2008-09-15 16:55 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\vlc
2008-09-13 18:17 . 2008-09-13 18:17 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-13 14:35 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-09-13 14:35 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-09-13 14:35 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-09-12 08:36 . 2008-09-13 17:58 <DIR> d-------- C:\WINDOWS\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-09 21:16 --------- d-----w C:\Program Files\Lx_cats
2008-10-07 12:40 --------- d-----w C:\Program Files\Common Files\Motive
2008-10-07 00:58 --------- d-----w C:\Program Files\Google
2008-10-07 00:35 --------- d-----w C:\Program Files\ATT Internet Tools
2008-10-06 19:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-06 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-06 17:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-06 17:40 --------- d-----w C:\Program Files\Norton AntiVirus
2008-10-05 22:00 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-10-02 11:32 --------- d-----w C:\Program Files\MySpace
2008-09-21 20:07 --------- d-----w C:\Documents and Settings\Fred\Application Data\FaxCtr
2008-09-19 22:06 --------- d-----w C:\Program Files\NOS
2008-09-19 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-09-16 18:16 --------- d-----w C:\Program Files\QuickTime
2008-09-16 18:03 --------- d-----w C:\Program Files\ATT
2008-09-16 18:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-16 18:02 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Lavasoft
2008-09-16 16:24 --------- d-----w C:\Documents and Settings\Judy\Application Data\FaxCtr
2008-09-15 20:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 22:19 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-09-13 22:19 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-09-13 22:19 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-09-06 23:10 --------- d-----w C:\Documents and Settings\Fred\Application Data\MySpace
2008-09-05 13:58 --------- d-----w C:\Program Files\CDex_150
2008-08-31 23:00 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Template
2008-08-31 20:12 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Skype
2008-08-31 20:11 --------- d-----w C:\Documents and Settings\Pwner\Application Data\skypePM
2008-08-26 16:53 --------- d-----w C:\Program Files\Java
2008-08-15 15:12 --------- d-----w C:\Documents and Settings\Pwner\Application Data\FaxCtr
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2006-11-07 17:43 0 ----a-w C:\Program Files\Common Files\err.log
2005-07-29 20:24 472 --sha-r C:\WINDOWS\VVNFUg\pphIo0.vbs
.
((((((((((((((((((((((((((((( snapshot@2008-10-11_21.35.54.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-09-05 450560]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-01 12288]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.EXE" [2002-01-28 885760]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-12-10 37376]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-06 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-02-06 771704]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"PhotoExplosionCalCheck"="C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"VTTrayp"="VTtrayp.exe" [2004-06-21 C:\WINDOWS\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [2004-10-01 C:\WINDOWS\system32\VTTimer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\att-nap\\McciBrowser.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lx ddserv.exe [2007-05-25 99248]
R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2008-01-28 303104]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-01-28 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-01-28 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
2008-09-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]
2008-10-11 C:\WINDOWS\Tasks\At25.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At26.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At27.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At28.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At29.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At30.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At31.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At32.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At33.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At34.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At35.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At36.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At37.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At38.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At39.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At40.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At41.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At42.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At43.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At44.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-12 C:\WINDOWS\Tasks\At45.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-11 C:\WINDOWS\Tasks\At46.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-12 C:\WINDOWS\Tasks\At47.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-10-12 C:\WINDOWS\Tasks\At48.job
- C:\WINDOWS\system32\BQdb103U.exe []
2008-08-04 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
- C:\Program Files\ErrorSmart\ErrorSmart.exe []
2008-08-04 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
- C:\Program Files\ErrorSmart []
2008-09-16 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
- C:\Program Files\RegistrySmart\RegistrySmart.exe []
2008-09-16 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
- C:\Program Files\RegistrySmart []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 23:41:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
.
**************************************************************************
.
Completion time: 2008-10-11 23:48:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-12 03:48:11
ComboFix2.txt 2008-10-12 01:56:05
Pre-Run: 28,777,168,896 bytes free
Post-Run: 28,700,311,552 bytes free
449 --- E O F --- 2008-09-10 16:46:26
|
October 11th, 2008, 11:27 PM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 34
Time spent in forums: 2 h 31 m 23 sec
Reputation Power: 5
|
|
|
ComboFix 08-10-11.01 - Pwner 2008-10-11 23:53:07.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.209 [GMT -4:00]
Running from: C:\Documents and Settings\Pwner\Desktop\ix.exe
Command switches used :: C:\Documents and Settings\Pwner\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Documents and Settings\All Users\Application Data\anili.bat
C:\Documents and Settings\All Users\Application Data\tywen.bat
C:\Documents and Settings\All Users\Application Data\yzopo.bat
C:\Documents and Settings\Judy\Application Data\acoh.vbs
C:\Documents and Settings\Judy\Application Data\Gool
C:\Documents and Settings\Judy\Application Data\palanysemu.sys
C:\Documents and Settings\Judy\Application Data\wadah.bin
C:\Documents and Settings\Judy\Application Data\xyzodyfag.scr
C:\Documents and Settings\LocalService\Application Data\750695162.exe
C:\Documents and Settings\LocalService\Application Data\800571103.exe
C:\Documents and Settings\LocalService\Application Data\822395920.exe
C:\Documents and Settings\LocalService\Application Data\833930960.exe
C:\Documents and Settings\LocalService\Application Data\867421903.exe
C:\Documents and Settings\LocalService\Application Data\870764442.exe
C:\Documents and Settings\LocalService\Application Data\871026602.exe
C:\Documents and Settings\LocalService\Application Data\872206320.exe
C:\Documents and Settings\LocalService\Application Data\919078116.exe
C:\Documents and Settings\LocalService\Application Data\932579358.exe
C:\Documents and Settings\LocalService\Application Data\951127177.exe
C:\Program Files\Common Files\gewigoden.scr
C:\Program Files\Common Files\oceka.sys
C:\Program Files\Common Files\ugehun.inf
C:\Program Files\Common Files\uvumadynug.scr
C:\T8M0.exe
C:\WAfg.exe
C:\WINDOWS\amam.scr
C:\WINDOWS\anaankvp.exe
C:\WINDOWS\aqowoqijy.exe
C:\WINDOWS\brastk.exe
C:\WINDOWS\caqovu.vbs
C:\WINDOWS\ezof.vbs
C:\WINDOWS\idakifa.db
C:\WINDOWS\IKLKRFDI.exe
C:\WINDOWS\izewyh.vbs
C:\WINDOWS\system32\12283142141.dll
C:\WINDOWS\system32\2201920341.dll
C:\WINDOWS\system32\BQdb103U.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\dlds1.exe
C:\WINDOWS\system32\dlds2.exe
C:\WINDOWS\system32\dlds5.exe
C:\WINDOWS\system32\dlds6.exe
C:\WINDOWS\system32\dlds7.exe
C:\WINDOWS\system32\dlds8.exe
C:\WINDOWS\system32\drivers\ati4wbxx.sys
C:\WINDOWS\system32\drivers\bjnvzzvv.sys
C:\WINDOWS\system32\el32.dll
C:\WINDOWS\system32\fyoeiheo.tmp
C:\WINDOWS\system32\gfr.dll
C:\WINDOWS\system32\gumuj.dat
C:\WINDOWS\system32\itugucycis.dl
C:\WINDOWS\system32\iyvxpqnyohpzucy.dll
C:\WINDOWS\system32\karna.dat
C:\WINDOWS\system32\ohaqohak.ban
C:\WINDOWS\system32\okewygeged.exe
C:\WINDOWS\system32\pLqgtD11.exe
C:\WINDOWS\System32\psyche.exe
C:\WINDOWS\System32\PsycheEnqueue.exe
C:\WINDOWS\system32\spoolsi.exe
C:\WINDOWS\system32\wini10251.exe
C:\WINDOWS\system32\xuuvkpwbtbtope.exe
C:\WINDOWS\system32\yzolokof.exe
C:\WINDOWS\ujilutiwib.bin
C:\WINDOWS\xulupakic.pif
C:\WINDOWS\yvalydi._dl
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_bjnvzzvv
-------\Service_psyche
-------\Service_PsycheEnqueue
((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.
2008-10-11 21:09 . 2008-10-11 21:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-11 16:15 . 2008-10-11 16:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-11 15:51 . 2008-10-11 15:53 <DIR> d-------- C:\Program Files\CCleaner
2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Documents and Settings\Pwner\Application Data\Malwarebytes
2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-11 14:59 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-11 14:59 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-11 12:09 . 2008-10-11 12:12 <DIR> d-------- C:\Program Files\NoAdware
2008-10-11 12:02 . 2008-10-11 12:13 <DIR> d-------- C:\WINDOWS\AdWare Pro
2008-10-11 12:00 . 2008-10-11 12:14 <DIR> d-------- C:\Program Files\AdWare Pro
2008-10-07 08:40 . 2008-10-07 08:40 <DIR> d-------- C:\Program Files\att-nap
2008-10-07 08:26 . 2008-10-07 08:26 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2008-10-06 20:58 . 2008-10-06 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-06 19:42 . 2008-10-11 15:23 <DIR> d--hs---- C:\WINDOWS\VVNFUg
2008-10-06 19:16 . 2008-10-11 22:08 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\Gool
2008-10-06 09:14 . 2008-10-06 09:14 18,533 --a------ C:\WINDOWS\uzoqytyp._sy
2008-10-06 09:14 . 2008-10-06 09:14 15,155 --a------ C:\WINDOWS\ujuza.dl
2008-10-06 09:14 . 2008-10-06 09:14 14,177 --a------ C:\WINDOWS\apihoz.dl
2008-10-06 09:14 . 2008-10-06 09:14 12,856 --a------ C:\WINDOWS\unanetuv.lib
2008-10-06 09:14 . 2008-10-06 09:14 12,484 --a------ C:\WINDOWS\esuqosoz.inf
2008-10-06 09:14 . 2008-10-06 09:14 11,389 --a------ C:\WINDOWS\xevumezozi.dat
2008-10-04 11:28 . 2008-10-04 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-10-01 16:48 . 2008-10-01 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-10-01 16:47 . 2008-10-01 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-09-29 16:54 . 2008-09-29 16:54 <DIR> d-------- C:\Program Files\Microsoft
2008-09-24 09:03 . 2008-09-24 09:04 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\SPAMfighter
2008-09-22 11:25 . 2008-09-22 11:25 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\SPAMfighter
2008-09-16 14:58 . 2008-09-16 14:58 0 --a------ C:\WINDOWS\Textart.INI
2008-09-16 14:15 . 2008-09-16 14:15 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-16 12:50 . 2008-09-16 12:50 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\Uniblue
2008-09-15 16:55 . 2008-09-15 16:55 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\vlc
2008-09-13 18:17 . 2008-09-13 18:17 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-13 14:35 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-09-13 14:35 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-09-13 14:35 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-09-13 14:35 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-09-12 08:36 . 2008-09-13 17:58 <DIR> d-------- C:\WINDOWS\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-09 21:16 --------- d-----w C:\Program Files\Lx_cats
2008-10-07 12:40 --------- d-----w C:\Program Files\Common Files\Motive
2008-10-07 00:58 --------- d-----w C:\Program Files\Google
2008-10-07 00:35 --------- d-----w C:\Program Files\ATT Internet Tools
2008-10-06 19:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-06 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-06 17:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-06 17:40 --------- d-----w C:\Program Files\Norton AntiVirus
2008-10-05 22:00 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-10-02 11:32 --------- d-----w C:\Program Files\MySpace
2008-09-21 20:07 --------- d-----w C:\Documents and Settings\Fred\Application Data\FaxCtr
2008-09-19 22:06 --------- d-----w C:\Program Files\NOS
2008-09-19 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-09-16 18:16 --------- d-----w C:\Program Files\QuickTime
2008-09-16 18:03 --------- d-----w C:\Program Files\ATT
2008-09-16 18:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-16 18:02 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Lavasoft
2008-09-16 16:24 --------- d-----w C:\Documents and Settings\Judy\Application Data\FaxCtr
2008-09-15 20:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 22:19 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-09-13 22:19 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-09-13 22:19 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-09-06 23:10 --------- d-----w C:\Documents and Settings\Fred\Application Data\MySpace
2008-09-05 13:58 --------- d-----w C:\Program Files\CDex_150
2008-08-31 23:00 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Template
2008-08-31 20:12 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Skype
2008-08-31 20:11 --------- d-----w C:\Documents and Settings\Pwner\Application Data\skypePM
2008-08-26 16:53 --------- d-----w C:\Program Files\Java
2008-08-15 15:12 --------- d-----w C:\Documents and Settings\Pwner\Application Data\FaxCtr
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2006-11-07 17:43 0 ----a-w C:\Program Files\Common Files\err.log
2005-07-29 20:24 472 --sha-r C:\WINDOWS\VVNFUg\pphIo0.vbs
.
((((((((((((((((((((((((((((( snapshot@2008-10-11_21.35.54.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-09-05 450560]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-01 12288]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.EXE" [2002-01-28 885760]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-12-10 37376]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-06 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-02-06 771704]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"PhotoExplosionCalCheck"="C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"VTTrayp"="VTtrayp.exe" [2004-06-21 C:\WINDOWS\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [2004-10-01 C:\WINDOWS\system32\VTTimer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\att-nap\\McciBrowser.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lx ddserv.exe [2007-05-25 99248]
R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2008-01-28 303104]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-01-28 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-01-28 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 23:58:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
.
**************************************************************************
.
Completion time: 2008-10-12 0:03:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-12 04:03:08
ComboFix2.txt 2008-10-12 03:48:16
ComboFix3.txt 2008-10-12 01:56:05
Pre-Run: 28,683,452,416 bytes free
Post-Run: 28,671,033,344 bytes free
289 --- E O F --- 2008-09-10 16:46:26
|
October 11th, 2008, 11:28 PM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 34
Time spent in forums: 2 h 31 m 23 sec
Reputation Power: 5
|
|
|
SDFix: Version 1.234
Run by Pwner on Sun 10/12/2008 at 12:11 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 00:17:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000082
"TracesSuccessful"=dword:00000004
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\att-nap\\McciBrowser.exe"="C:\\Program Files\\att-nap\\McciBrowser.exe:*:Enabled:motivebrowser.exe"
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"="C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"="C:\\Program Files\\Lexmark 2500 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\\WINDOWS\\system32\\lxddcoms.exe"="C:\\WINDOWS\\system32\\lxddcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe:*:Enabled: "
"C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"="C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe:*:Enabled: "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Lexmark 2500 Series\\app4r.exe"="C:\\Program Files\\Lexmark 2500 Series\\App4R.exe:*:Enabled:Printing Application"
Remaining Files :
Files with Hidden Attributes :
Wed 17 Nov 2004 94,458 ...H. --- "C:\Program Files\Nero\data\Nero PhotoShow Express.exe"
Wed 24 Sep 2008 2,211,794 A..H. --- "C:\Documents and Settings\All Users\Application Data\Google Updater\cache\BIT38.tmp"
Wed 24 Sep 2008 2,211,794 A..H. --- "C:\Documents and Settings\All Users\Application Data\Google Updater\cache\BIT39.tmp"
Wed 24 Sep 2008 2,211,796 A..H. --- "C:\Documents and Settings\All Users\Application Data\Google Updater\cache\BIT3A.tmp"
Sat 11 Oct 2008 1,426 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\93b1f7c4b6e77133185a1282ee73ca0a\download\BIT3.tmp"
Finished!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:38 AM, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.pagoo.com/ActiveX/RCAXSetup.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 9124 bytes
|
October 12th, 2008, 12:30 AM
|
|
Malware Warrior /AV forum Mod
|
|
Join Date: Nov 2006
Location: San Antonio Tx
|
|
Looks like we are making progress....
Please continue by following the steps in THIS thread.
When Done please post the logs from
Malwarebytes I know another one 
Superantispyware
Bitdefender online scan
The HJT log and the Uninstall list as directed in the thread.
|
October 12th, 2008, 10:20 AM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 34
Time spent in forums: 2 h 31 m 23 sec
Reputation Power: 5
|
|
|
Bitdefender scan failed even though I tried it several times.
Malwarebytes' Anti-Malware 1.28
Database version: 1259
Windows 5.1.2600 Service Pack 2
10/12/2008 10:05:28 AM
mbam-log-2008-10-12 (10-05-28).txt
Scan type: Quick Scan
Objects scanned: 51027
Time elapsed: 3 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/12/2008 at 10:44 AM
Application Version : 4.21.1004
Core Rules Database Version : 3595
Trace Rules Database Version: 1582
Scan type : Quick Scan
Total Scan Time : 00:23:50
Memory items scanned : 558
Memory threats detected : 0
Registry items scanned : 407
Registry threats detected : 101
File items scanned : 4419
File threats detected : 57
Adware.Tracking Cookie
C:\Documents and Settings\Pwner\Cookies\pwner@casalemedia[1].txt
C:\Documents and Settings\Pwner\Cookies\pwner@ad.m5prod[1].txt
.maxserving.com [ C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\kkc3qitt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\kkc3qitt.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\kkc3qitt.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\kkc3qitt.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\kkc3qitt.default\cookies.txt ]
C:\Documents and Settings\Fred\Cookies\fred@247realmedia[2].txt
C:\Documents and Settings\Fred\Cookies\fred@2o7[1].txt
C:\Documents and Settings\Fred\Cookies\fred@account.juno[2].txt
C:\Documents and Settings\Fred\Cookies\fred@ad.m5prod[2].txt
C:\Documents and Settings\Fred\Cookies\fred@ad.yieldmanager[2].txt
C:\Documents and Settings\Fred\Cookies\fred@adopt.euroclick[2].txt
C:\Documents and Settings\Fred\Cookies\fred@adopt.specificclick[2].txt
C:\Documents and Settings\Fred\Cookies\fred@adrevolver[2].txt
C:\Documents and Settings\Fred\Cookies\fred@ads.addynamix[2].txt
C:\Documents and Settings\Fred\Cookies\fred@ads.pointroll[2].txt
C:\Documents and Settings\Fred\Cookies\fred@adserver[1].txt
C:\Documents and Settings\Fred\Cookies\fred@adultfriendfinder[2].txt
C:\Documents and Settings\Fred\Cookies\fred@advertising[2].txt
C:\Documents and Settings\Fred\Cookies\fred@apmebf[1].txt
C:\Documents and Settings\Fred\Cookies\fred@atdmt[2].txt
C:\Documents and Settings\Fred\Cookies\fred@bluestreak[2].txt
C:\Documents and Settings\Fred\Cookies\fred@bravenet[2].txt
C:\Documents and Settings\Fred\Cookies\fred@bs.serving-sys[1].txt
C:\Documents and Settings\Fred\Cookies\fred@burstnet[2].txt
C:\Documents and Settings\Fred\Cookies\fred@casalemedia[2].txt
C:\Documents and Settings\Fred\Cookies\fred@centralcoastnutra.directtrack[2].txt
C:\Documents and Settings\Fred\Cookies\fred@directtrack[1].txt
C:\Documents and Settings\Fred\Cookies\fred@doubleclick[1].txt
C:\Documents and Settings\Fred\Cookies\fred@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Fred\Cookies\fred@ehg-accuweather.hitbox[1].txt
C:\Documents and Settings\Fred\Cookies\fred@fastclick[1].txt
C:\Documents and Settings\Fred\Cookies\fred@hitbox[2].txt
C:\Documents and Settings\Fred\Cookies\fred@media.adrevolver[1].txt
C:\Documents and Settings\Fred\Cookies\fred@mediaplex[2].txt
C:\Documents and Settings\Fred\Cookies\fred@msnbc.112.2o7[1].txt
C:\Documents and Settings\Fred\Cookies\fred@msnportal.112.2o7[1].txt
C:\Documents and Settings\Fred\Cookies\fred@partner2profit[2].txt
C:\Documents and Settings\Fred\Cookies\fred@paypal.112.2o7[1].txt
C:\Documents and Settings\Fred\Cookies\fred@questionmarket[2].txt
C:\Documents and Settings\Fred\Cookies\fred@realmedia[1].txt
C:\Documents and Settings\Fred\Cookies\fred@revsci[1].txt
C:\Documents and Settings\Fred\Cookies\fred@richmedia.yahoo[2].txt
C:\Documents and Settings\Fred\Cookies\fred@serving-sys[2].txt
C:\Documents and Settings\Fred\Cookies\fred@specificclick[1].txt
C:\Documents and Settings\Fred\Cookies\fred@tacoda[2].txt
C:\Documents and Settings\Fred\Cookies\fred@trafficmp[1].txt
C:\Documents and Settings\Fred\Cookies\fred@tremor.adbureau[2].txt
C:\Documents and Settings\Fred\Cookies\fred@tribalfusion[1].txt
C:\Documents and Settings\Fred\Cookies\fred@zedo[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\anyuser@2o7[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@msnaccountservices.112.2o7[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@account.live[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@questionmarket[1].txt
Adware.WebHancer
HKCR\WhIeHelperObj.WhIeHelperObj
HKCR\WhIeHelperObj.WhIeHelperObj\CurVer
HKCR\WhIeHelperObj.WhIeHelperObj.1
HKCR\WhIeHelperObj.WhIeHelperObj.1\CLSID
Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
Malware.VirusBurst
HKCR\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7}
HKCR\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7}\1.0
HKCR\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7}\1.0\0
HKCR\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7}\1.0\0\win32
HKCR\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7}\1.0\FLAGS
HKCR\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7}\1.0\HELPDIR
HKCR\Interface\{02313722-BB43-4C84-80A2-7CEDFC3F8560}
HKCR\Interface\{02313722-BB43-4C84-80A2-7CEDFC3F8560}\ProxyStubClsid
HKCR\Interface\{02313722-BB43-4C84-80A2-7CEDFC3F8560}\ProxyStubClsid32
HKCR\Interface\{02313722-BB43-4C84-80A2-7CEDFC3F8560}\TypeLib
HKCR\Interface\{02313722-BB43-4C84-80A2-7CEDFC3F8560}\TypeLib#Version
HKCR\Interface\{0A03153E-AE2A-47FE-BBA3-3333C0EEEB86}
HKCR\Interface\{0A03153E-AE2A-47FE-BBA3-3333C0EEEB86}\ProxyStubClsid
HKCR\Interface\{0A03153E-AE2A-47FE-BBA3-3333C0EEEB86}\ProxyStubClsid32
HKCR\Interface\{0A03153E-AE2A-47FE-BBA3-3333C0EEEB86}\TypeLib
HKCR\Interface\{0A03153E-AE2A-47FE-BBA3-3333C0EEEB86}\TypeLib#Version
HKCR\Interface\{13854DA2-8414-4007-9693-2B6E6002520E}
HKCR\Interface\{13854DA2-8414-4007-9693-2B6E6002520E}\ProxyStubClsid
HKCR\Interface\{13854DA2-8414-4007-9693-2B6E6002520E}\ProxyStubClsid32
HKCR\Interface\{13854DA2-8414-4007-9693-2B6E6002520E}\TypeLib
HKCR\Interface\{13854DA2-8414-4007-9693-2B6E6002520E}\TypeLib#Version
HKCR\Interface\{1DF2A595-BB53-46D4-9EED-1343E066C2B0}
HKCR\Interface\{1DF2A595-BB53-46D4-9EED-1343E066C2B0}\ProxyStubClsid
HKCR\Interface\{1DF2A595-BB53-46D4-9EED-1343E066C2B0}\ProxyStubClsid32
HKCR\Interface\{1DF2A595-BB53-46D4-9EED-1343E066C2B0}\TypeLib
HKCR\Interface\{1DF2A595-BB53-46D4-9EED-1343E066C2B0}\TypeLib#Version
HKCR\Interface\{21EFA4BF-6BAC-43E9-9465-9DDB4AC2967E}
HKCR\Interface\{21EFA4BF-6BAC-43E9-9465-9DDB4AC2967E}\ProxyStubClsid
HKCR\Interface\{21EFA4BF-6BAC-43E9-9465-9DDB4AC2967E}\ProxyStubClsid32
HKCR\Interface\{21EFA4BF-6BAC-43E9-9465-9DDB4AC2967E}\TypeLib
HKCR\Interface\{21EFA4BF-6BAC-43E9-9465-9DDB4AC2967E}\TypeLib#Version
HKCR\Interface\{2CB87422-057A-4FFC-A518-6A728D6F5F65}
HKCR\Interface\{2CB87422-057A-4FFC-A518-6A728D6F5F65}\ProxyStubClsid
HKCR\Interface\{2CB87422-057A-4FFC-A518-6A728D6F5F65}\ProxyStubClsid32
HKCR\Interface\{2CB87422-057A-4FFC-A518-6A728D6F5F65}\TypeLib
HKCR\Interface\{2CB87422-057A-4FFC-A518-6A728D6F5F65}\TypeLib#Version
HKCR\Interface\{52B75F3F-0016-4002-9A3A-B68BC9501ED1}
HKCR\Interface\{52B75F3F-0016-4002-9A3A-B68BC9501ED1}\ProxyStubClsid
HKCR\Interface\{52B75F3F-0016-4002-9A3A-B68BC9501ED1}\ProxyStubClsid32
HKCR\Interface\{52B75F3F-0016-4002-9A3A-B68BC9501ED1}\TypeLib
HKCR\Interface\{52B75F3F-0016-4002-9A3A-B68BC9501ED1}\TypeLib#Version
HKCR\Interface\{6DDA751B-CA62-41C6-B622-EA4B4C2E51F8}
HKCR\Interface\{6DDA751B-CA62-41C6-B622-EA4B4C2E51F8}\ProxyStubClsid
HKCR\Interface\{6DDA751B-CA62-41C6-B622-EA4B4C2E51F8}\ProxyStubClsid32
HKCR\Interface\{6DDA751B-CA62-41C6-B622-EA4B4C2E51F8}\TypeLib
HKCR\Interface\{6DDA751B-CA62-41C6-B622-EA4B4C2E51F8}\TypeLib#Version
HKCR\Interface\{88BDD61D-AC47-4D9E-A3ED-1CAA575593E6}
HKCR\Interface\{88BDD61D-AC47-4D9E-A3ED-1CAA575593E6}\ProxyStubClsid
HKCR\Interface\{88BDD61D-AC47-4D9E-A3ED-1CAA575593E6}\ProxyStubClsid32
HKCR\Interface\{88BDD61D-AC47-4D9E-A3ED-1CAA575593E6}\TypeLib
HKCR\Interface\{88BDD61D-AC47-4D9E-A3ED-1CAA575593E6}\TypeLib#Version
HKCR\Interface\{A09DFAEF-BFA3-47CA-9479-D7EC79342146}
HKCR\Interface\{A09DFAEF-BFA3-47CA-9479-D7EC79342146}\ProxyStubClsid
HKCR\Interface\{A09DFAEF-BFA3-47CA-9479-D7EC79342146}\ProxyStubClsid32
HKCR\Interface\{A09DFAEF-BFA3-47CA-9479-D7EC79342146}\TypeLib
HKCR\Interface\{A09DFAEF-BFA3-47CA-9479-D7EC79342146}\TypeLib#Version
HKCR\Interface\{B70B489C-F0D5-4DD9-A2BA-9B6DBCF5090A}
HKCR\Interface\{B70B489C-F0D5-4DD9-A2BA-9B6DBCF5090A}\ProxyStubClsid
HKCR\Interface\{B70B489C-F0D5-4DD9-A2BA-9B6DBCF5090A}\ProxyStubClsid32
HKCR\Interface\{B70B489C-F0D5-4DD9-A2BA-9B6DBCF5090A}\TypeLib
HKCR\Interface\{B70B489C-F0D5-4DD9-A2BA-9B6DBCF5090A}\TypeLib#Version
HKCR\Interface\{B889DE48-EC10-4278-B3FF-76FEB7449215}
HKCR\Interface\{B889DE48-EC10-4278-B3FF-76FEB7449215}\ProxyStubClsid
HKCR\Interface\{B889DE48-EC10-4278-B3FF-76FEB7449215}\ProxyStubClsid32
HKCR\Interface\{B889DE48-EC10-4278-B3FF-76FEB7449215}\TypeLib
HKCR\Interface\{B889DE48-EC10-4278-B3FF-76FEB7449215}\TypeLib#Version
HKCR\Interface\{C9CA446E-0484-4647-BBF0-3C129C42047C}
HKCR\Interface\{C9CA446E-0484-4647-BBF0-3C129C42047C}\ProxyStubClsid
HKCR\Interface\{C9CA446E-0484-4647-BBF0-3C129C42047C}\ProxyStubClsid32
HKCR\Interface\{C9CA446E-0484-4647-BBF0-3C129C42047C}\TypeLib
HKCR\Interface\{C9CA446E-0484-4647-BBF0-3C129C42047C}\TypeLib#Version
HKCR\Interface\{D7DE2292-04DD-48FC-B250-5E9BFE6BB959}
HKCR\Interface\{D7DE2292-04DD-48FC-B250-5E9BFE6BB959}\ProxyStubClsid
HKCR\Interface\{D7DE2292-04DD-48FC-B250-5E9BFE6BB959}\ProxyStubClsid32
HKCR\Interface\{D7DE2292-04DD-48FC-B250-5E9BFE6BB959}\TypeLib
HKCR\Interface\{D7DE2292-04DD-48FC-B250-5E9BFE6BB959}\TypeLib#Version
HKCR\Interface\{F9B659A0-6F32-4D69-A7D0-29A0B8CDDC16}
HKCR\Interface\{F9B659A0-6F32-4D69-A7D0-29A0B8CDDC16}\ProxyStubClsid
HKCR\Interface\{F9B659A0-6F32-4D69-A7D0-29A0B8CDDC16}\ProxyStubClsid32
HKCR\Interface\{F9B659A0-6F32-4D69-A7D0-29A0B8CDDC16}\TypeLib
HKCR\Interface\{F9B659A0-6F32-4D69-A7D0-29A0B8CDDC16}\TypeLib#Version
HKCR\Interface\{FA13560C-D18C-4BE6-AE80-EBEFC6E5AD3C}
HKCR\Interface\{FA13560C-D18C-4BE6-AE80-EBEFC6E5AD3C}\ProxyStubClsid
HKCR\Interface\{FA13560C-D18C-4BE6-AE80-EBEFC6E5AD3C}\ProxyStubClsid32
HKCR\Interface\{FA13560C-D18C-4BE6-AE80-EBEFC6E5AD3C}\TypeLib
HKCR\Interface\{FA13560C-D18C-4BE6-AE80-EBEFC6E5AD3C}\TypeLib#Version
Adware.ClickSpring/Outer Info Network
HKCR\OINCS.OINAnalytics
HKCR\OINCS.OINAnalytics\CLSID
HKCR\OINCS.OINAnalytics\CurVer
HKCR\OINCS.OINAnalytics.1
HKCR\OINCS.OINAnalytics.1\CLSID
Trojan.Unclassified/TestCPV
HKCR\testcpv6.bho
HKCR\testcpv6.bho\CLSID
HKCR\testcpv6.bho\CurVer
HKCR\testcpv6.bho.1
HKCR\testcpv6.bho.1\CLSID
Trojan.Unknown Origin
C:\WINDOWS\VVNFUG\PPHIO0.VBS
|
October 12th, 2008, 10:21 AM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 34
Time spent in forums: 2 h 31 m 23 sec
Reputation Power: 5
|
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:25 AM, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.pagoo.com/ActiveX/RCAXSetup.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 9593 bytes
Uninstall list:
Acrobat.com
Acrobat.com
Adobe Acrobat Reader 3.01
Adobe AIR
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 9
Adobe Shockwave Player 11
AdWare Pro
AnswerWorks 4.0 Runtime - English
AppCore
Apple Software Update
AT&T Pop-Up Catcher
Audacity 1.2.4
AV
CardRd81
ccCommon
CCleaner (remove only)
CCScore
CR2
Enhancement Browser Tools Bigadnetwork
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
FoxyTunes for Firefox
getPlus(R) for Adobe
Google Updater
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Icy Tower v1.3.1
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 7
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Lexmark 2500 Series
Lexmark Fax Solutions
Lexmark Supplies Monitor
Lexmark Toolbar
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office Live Add-in beta
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works 7.0
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
Nero PhotoShow Express
Nero Suite
netbrdg
NoAdware v5.0
Norton AntiVirus Online (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Notifier
OfotoXMI
PCI SoftV92 Modem
Photo Explosion 3.0 Special Edition
QuickTime
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3 S3TrayPlus
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
SFR
SFR2
SHASTA
skin0001
SKINXSDK
Skype™ 3.8
Spybot - Search & Destroy 1.4
staticcr
SUPERAntiSpyware Free Edition
Symantec
TextBridge Pro 8.0
tooltips
TurboTax Deluxe 2007
UniChrome Pro IGP Display Driver and Utilities
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
VIA Platform Device Manager
VIA Vinyl Audio Codecs Driver Setup Program
VideoLAN VLC media player 0.8.5
Viewpoint Media Player
VPRINTOL
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WIRELESS
WordPerfect Office 12
|
October 12th, 2008, 12:49 PM
|
|
Malware Warrior /AV forum Mod
|
|
Join Date: Nov 2006
Location: San Antonio Tx
|
|
Uninstall
AdWare Pro
AT&T Pop-Up Catcher
Enhancement Browser Tools Bigadnetwork
J2SE Runtime Environment 5.0 Update 9
NoAdware v5.0
Spybot - Search & Destroy 1.4
Viewpoint Media Player
Also, Is your Norton paid and UP TO Date????
If it is out of date uninstall it as well.
Next
Download Dr.Web CureIt! from HERE to your Desktop.
When you have done this, boot into safe mode (restart your computer and tap F8 continuously as it restarts)
Doubleclick on the drweb cureit.exe file and click on Start and Ok and allow it to run the express scan. This is a short scan and will scan all files currently running in memory. If something is found, click the Yes button when it asks you if you want to cure it but do not ok any delete option.
Once the short scan has finished, click on Custom Scan and choose the drives that you want to scan. Click on the drive to select it. A red dot shows which drives have been chosen. Click the green arrow > to the right and the scan will begin.
When the scan has finished, click the "Select all" button and then click on the Move button. This will move any infected files to the %userprofile%\DoctorWeb\quarantine folder.
Next and this is important, from the main Dr.Web CureIt menu (top left), click File and choose save report list and save the report to your desktop. The report will be called DrWeb.csv and it can be opened in Notepad.
Close Cureit and restart your computer to completely remove any stubborn files. You may get a message saying "No operations performed with some objects in list. Exit program". If so, click "Yes" (You may get a popup offering you a discount if you purchase DrWeb AntiVirus. You may or may not wish to take advantage of this offer later but for now, just close the popup and wait for the scan to finish).
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
