Page 1 of 3 123 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7

    Tons of problems


    My parents' computer is riddled with all kinds of nasty stuff. The most visible problems are that editing the registry, using the task manager, and using Run are disabled (viewing the contents of the C drive was disabled, but Malwarebytes' Anti-Malware seems to take care of that... though it has come back), and there's a phishing program masquerading as "AT&T Pop-Up Catcher" that can't be closed.

    I've tried editing the registry via an inf file to take care of the first few problems that I mentioned, but it doesn't help.

    Any log files that aren't included were things that I couldn't access or run on that computer without errors.

    Malwarebytes' Anti-Malware 1.28
    Database version: 1134
    Windows 5.1.2600 Service Pack 2

    10/11/2008 3:21:57 PM
    mbam-log-2008-10-11 (15-21-57).txt

    Scan type: Quick Scan
    Objects scanned: 64405
    Time elapsed: 15 minute(s), 34 second(s)

    Memory Processes Infected: 7
    Memory Modules Infected: 3
    Registry Keys Infected: 220
    Registry Values Infected: 12
    Registry Data Items Infected: 4
    Folders Infected: 20
    Files Infected: 150

    Memory Processes Infected:
    C:\WINDOWS\VVNFUg\command.exe (Adware.CommAd) -> Failed to unload process.
    C:\Program Files\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Unloaded process successfully.
    C:\WINDOWS\faceback.exe (Trojan.Agent) -> Unloaded process successfully.
    C:\WINDOWS\system32\update32.exe (Trojan.Downloader) -> Unloaded process successfully.
    C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully.
    C:\WINDOWS\system32\sysrest32.exe (Rootkit.Agent) -> Unloaded process successfully.
    C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.MyDoom) -> Unloaded process successfully.

    Memory Modules Infected:
    C:\WINDOWS\VVNFUg\asappsrv.dll (Adware.CommAd) -> Delete on reboot.
    C:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> Delete on reboot.
    C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (Adware.CommAd) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdservice (Adware.CommAd) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (Adware.CommAd) -> Delete on reboot.
    HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f80db5a5-a885-7370-4983-841f62a80af2} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{b0edf154-910a-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{061c6e30-e622-11d2-9493-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07ddc146-fc3d-11d2-9d8c-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0dc13d4a-0313-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{11ebc158-e712-4d1f-8bb3-01ed5274c4ce} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{159dbb45-cd1b-4dab-83ea-5cb1f4f21d07} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{160621aa-bbbc-4326-a824-c395aebc6e74} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1a5576fc-0e19-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1c15d47c-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1c15d47d-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1c15d47e-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1c15d47f-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1c15d480-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1c15d485-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1c15d486-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{286d7f89-760c-4f89-80c4-66841d2507aa} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2ca9fc63-c131-4e5a-955a-544a47c67146} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e6a14e2-571c-11d3-b652-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{334125c1-77e5-11d3-b653-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{37647bf7-3dde-4cc8-a4dc-0d534d3d0037} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{37b03538-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{37b03539-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{37b0353a-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{37b0353b-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{37b0353d-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{37b0353e-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{37b0353f-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{37b03540-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{37b03541-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{37b03545-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{37b03546-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{37b03547-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3d7a5166-72d7-484b-a06f-286187b80ca1} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{50ce8a7d-9c28-4da8-9042-cdfa7116f979} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6a340dc0-0311-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6bdd5c1e-2810-4159-94bc-05511ae8549b} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6c29b41d-455b-4c33-963a-0d28e5e555ea} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7aef50ce-8e22-4ba8-bc06-a92a458b4ef2} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{99652ea1-c1f7-414f-bb7b-1c967de75983} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b0edf162-910a-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b0edf164-910a-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b4f7a674-9b83-49cb-a357-c63b871be958} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b8be681a-eb2c-47f0-b415-94d5452f0e05} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c0020fd4-bee7-43d9-a495-9f213117103d} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c3a9f406-2222-436d-86d5-ba3229279efb} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c5702cd1-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c5702cd2-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c5702cd3-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c5702cd4-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c5702cd5-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c8638e8a-7625-4c51-9366-2f40a9831fc0} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf45f88b-ac56-4ee2-a73a-ed04e2885d3c} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e00cb864-a029-4310-9987-a873f5887d97} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{eb0c8cf9-6950-4772-87b1-47d11cf3a02f} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f798a36b-b05b-4bbe-9703-eaea7d61cd51} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fcd01846-0e19-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{011b3619-fe63-4814-8a84-15a194ce9ce3} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0149eedf-d08f-4142-8d73-d23903d21e90} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0369b4e5-45b6-11d3-b650-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0369b4e6-45b6-11d3-b650-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0429ec6e-1144-4bed-b88b-2fb9899a4a3d} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{055cb2d7-2969-45cd-914b-76890722f112} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0955ac62-bf2e-4cba-a2b9-a63f772d46cf} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b3ffb92-0919-4934-9d5b-619c719d0202} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{12d51199-0db5-46fe-a120-47a3d7d937cc} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{15d6504a-5494-499c-886c-973c9e53b9f1} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1be49f30-0e1b-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1c15d484-911d-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1df7d126-4050-47f0-a7cf-4c4ca9241333} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{267db0b3-55e3-4902-949b-df8f5cec0191} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2764bce5-cc39-11d2-b639-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{28953661-0231-41db-8986-21ff4388ee9b} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2c63e4eb-4cea-41b8-919c-e947ea19a77c} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{334125c0-77e5-11d3-b653-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3540d440-5b1d-49cb-821a-e84b8cf065a7} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{37b0353c-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{37b03543-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{37b03544-a4c8-11d2-b634-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{38f03426-e83b-4e68-b65b-dcae73304838} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3c4708dc-b181-46a8-8da8-4ab0371758cd} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{418008f3-cf67-4668-9628-10dc52be1d08} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4a5869cf-929d-4040-ae03-fcafc5b9cd42} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{577faa18-4518-445e-8f70-1473f8cf4ba4} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{59dc47a8-116c-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6438570b-0c08-4a25-9504-8012bb4d50cf} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6ad28ee1-5002-4e71-aaf7-bd077907b1a4} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7f9cb14d-48e4-43b6-9346-1aebc39c64d3} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{809b6661-94c4-49e6-b6ec-3f0f862215aa} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{823535a0-0318-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8664da16-dda2-42ac-926a-c18f9127c302} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8872ff1b-98fa-4d7a-8d93-c9f1055f85bb} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8a674b49-1f63-11d3-b64c-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8a674b4c-1f63-11d3-b64c-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8a674b4d-1f63-11d3-b64c-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8d04238e-9fd1-41c6-8de3-9e1ee309e935} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9193a8f9-0cba-400e-aa97-eb4709164576} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9cd64701-bdf3-4d14-8e03-f12983d86664} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9e77aac4-35e5-42a1-bdc2-8f3ff399847c} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9f50e8b1-9530-4ddc-825e-1af81d47aed6} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a0b9b497-afbc-45ad-a8a6-9b077c40d4f2} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a1a2b1c4-0e3a-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a2e3074e-6c3d-11d3-b653-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a2e30750-6c3d-11d3-b653-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a8dcf3d5-0780-4ef4-8a83-2cffaacb8ace} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{abe40035-27c3-4a2f-8153-6624471608af} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ad8e510d-217f-409b-8076-29c5e73b98e8} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b0edf163-910a-11d2-b632-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b401c5eb-8457-427f-84ea-a4d2363364b0} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b64016f3-c9a2-4066-96f0-bd9563314726} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bb530c63-d9df-4b49-9439-63453962e598} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c531d9fd-9685-4028-8b68-6e1232079f1e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5702ccc-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5702ccd-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5702cce-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5702ccf-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5702cd0-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5702cd6-9b79-11d3-b654-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c6b14b32-76aa-4a86-a7ac-5c79aaf58da7} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{caafdd83-cefc-4e3d-ba03-175f17a24f91} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cbd30858-af45-11d2-b6d6-00c04fbbde6e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cc23f537-18d4-4ece-93bd-207a84726979} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d02aac50-027e-11d3-9d8e-00c04f72d980} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e18af75a-08af-11d3-b64a-00c04f79498e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f9769a06-7aca-4e39-9cfb-97bb35f0e77e} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{fa7c375b-66a7-4280-879d-fd459c84bb02} (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mwquqtpq (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mwquqtpq (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mwquqtpq (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rrmsusrr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rrmsusrr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rrmsusrr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rssnpwrq (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rssnpwrq (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rssnpwrq (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rvrrtxhp (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rvrrtxhp (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rvrrtxhp (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rvrvnrnr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rvrvnrnr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rvrvnrnr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tusmpumu (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tusmpumu (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tusmpumu (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ucivvrzw (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ucivvrzw (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ucivvrzw (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uotpsrps (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uotpsrps (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\opzysrml (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\opzysrml (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opzysrml (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oxmsjsys (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\oxmsjsys (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oxmsjsys (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lpmnvvvw (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lpmnvvvw (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tnumtrqu (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tnumtrqu (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tnumtrqu (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmmusrtr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vmmusrtr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmmusrtr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vojxylvn (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vojxylvn (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vojxylvn (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vqsqqntr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vqsqqntr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vqsqqntr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nnzrvnrr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nnzrvnrr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nnzrvnrr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvzjovzi (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nvzjovzi (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvzjovzi (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA (Adware.TargetSaver) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc (Trojan.MyDoom) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system32 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msdefender (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.FakeAlert.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\webhancer agent (Adware.Webhancer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp antispyware 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcvamj0en9e (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD (Hijack.CMDPrompt) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot.
    C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot.
    C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fred\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fred\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\config\31171240.Evt (Rootkit.Agent.H) -> Delete on reboot.
    C:\WINDOWS\system32\update32.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msdefender.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rs32net.exe (Trojan.FakeAlert.H) -> Delete on reboot.
    C:\WINDOWS\VVNFUg\asappsrv.dll (Adware.CommAd) -> Delete on reboot.
    C:\WINDOWS\VVNFUg\command.exe (Adware.CommAd) -> Delete on reboot.
    C:\Program Files\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Program Files\Webtools\webtools.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msvidctl.dll (Rogue.Virus.Rescue) -> Quarantined and deleted successfully.
    C:\WINDOWS\iexplorer.exe (Trojan.Inject) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tsuninst.exe (Spyware.TargetSaver) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\MWQUQTPQ.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\rrmsusrr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\rssnpwrq.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\rvrrtxhp.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\rvrvnrnr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\tusmpumu.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\ucivvrzw.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\UOTPSRPS.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\OPZYSRML.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\oxmsjsys.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\lpmnvvvw.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Drivers\mickey32.sys (Trojan.Srizbi) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\Mom46.sys (Trojan.Srizbi) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\tnumtrqu.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Drivers\Vlj31.sys (Trojan.Srizbi) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\vmmusrtr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\vojxylvn.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\vqsqqntr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\nnzrvnrr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\nvzjovzi.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\cmdinst.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\__47.tmp (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\405177GB\inst601[1].exe (Trojan.Srizbi) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\405177GB\inst602[1].exe (Trojan.Srizbi) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\405177GB\inst60e[1].exe (Trojan.Srizbi) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\864079360.exe (Trojan.Srizbi) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\917701779.exe (Trojan.Srizbi) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\961679118.exe (Trojan.Srizbi) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Application Data\Microsoft\Windows\fygdx.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> Delete on reboot.
    C:\Program Files\webHancer\Programs\whagent.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
    C:\Program Files\VnrBlock\VnrBlock21.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\GetPack\GetPack21.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\GetPack\GetPack22.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\iCheck\iCheck.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\GetModule\GetModule23.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Application Data\speedrunner\mhtfile.mht (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Application Data\speedrunner\SpeedRunner.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Application Data\RegistrySmart\Log\2008 Sep 16 - 01_06_56 PM_812.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Application Data\RegistrySmart\Log\2008 Sep 16 - 11_33_43 AM_000.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Application Data\RegistrySmart\Log\2008 Sep 16 - 12_57_43 PM_546.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fred\Application Data\RegistrySmart\Log\2008 Sep 15 - 06_42_54 PM_765.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\WINDOWS\faceback.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wpx139.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wpx141.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wpx144.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wpx148.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pLqgtD11.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\setupapi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32:svchost.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\components\srff.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Delete on reboot.
    C:\WINDOWS\system32\blphcvamj0en9e.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lphcvamj0en9e.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phcvamj0en9e.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Program Files\Common Files\Yazzle3090OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\Program Files\Common Files\Yazzle3090OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\b103.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\b104.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\b116.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\b157.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\b161.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vedxg4am1et2.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vedxg6ame4.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vedxga1me4t1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vedxga4m1et4.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vedxga4me1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vedxga5me3.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vx.tll (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\CbEvtSvc.exe (Trojan.MyDoom) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Cookies\opipyf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fred\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fred\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\BN32.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\BN30.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fred\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\v3xd1.g22me (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\v4xd3.ga2me (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\v5xd2.g3ame (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\v5xd4.ga2me (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\v6xdt4.game (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\vx1dt1.game (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\vx1dt3.game (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\vx3dt2.game (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Local Settings\Temp\v4xd6.gam5e (Heuristics.Malware) -> Quarantined and deleted successfully.



    Malwarebytes' Anti-Malware 1.28
    Database version: 1134
    Windows 5.1.2600 Service Pack 2

    10/11/2008 4:38:39 PM
    mbam-log-2008-10-11 (16-38-39).txt

    Scan type: Quick Scan
    Objects scanned: 53152
    Time elapsed: 6 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 11
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\qqrrqotv (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qqrrqotv (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wpwosqrm (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wpwosqrm (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD (Hijack.CMDPrompt) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\drivers\rrzbrzzj.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Drivers\PVSXONSO.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\QQRRQOTV.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\wpwosqrm.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    Logfile of HijackThis v1.99.1
    Scan saved at 4:43:53 PM, on 10/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\ATT Internet Tools\blsloader.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\hjt.exe

    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
    O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Print Process Spooler] spoolsi.exe
    O4 - HKLM\..\Run: [IKLKRFDI] %systemroot%\IKLKRFDI.exe
    O4 - HKLM\..\Run: [el] regsvr32.exe /u /s "C:\WINDOWS\system32\el32.dll"
    O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\ATT Internet Tools\blsloader.exe"
    O4 - HKLM\..\Run: [{ab3b02c5-1dfe-73ca-d1d2-7f5ecb224aeb}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\iyvxpqnyohpzucy.dll" DllStub
    O4 - HKLM\..\Run: [anaankvp] %systemroot%\anaankvp.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.pagoo.com/ActiveX/RCAXSetup.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: karna.dat
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
    O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: psyche - Unknown owner - C:\WINDOWS\System32\psyche.exe
    O23 - Service: PsycheEnqueue - Unknown owner - C:\WINDOWS\System32\PsycheEnqueue.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
  6. #4
  7. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    This computer is severely infected.

    Lets start here.

    Download Fix service to your desktop and double click to run.


    Next

    Please download ComboFix by sUBs from HERE or HERE directly to your Desktop.

    Note: If you already have ComboFix on your machine, please DELETE it from your desktop before downloading the newest version.

    Make sure any antivirus or protective software is disabled.
    Here is a tutorial for most programs.

    http://www.bleepingcomputer.com/forums/topic114351.html


    Next

    * Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the Quote box below:

    KillAll::
    File::
    C:\WINDOWS\system32\spoolsi.exe
    C:\WINDOWS\system32\iyvxpqnyohpzucy.dll
    C:\WINDOWS\anaankvp.exe
    C:\WINDOWS\IKLKRFDI.exe
    C:\WINDOWS\system32\el32.dll
    C:\WINDOWS\System32\psyche.exe
    C:\WINDOWS\System32\PsycheEnqueue.exe
    Folder::
    C:\WINDOWS\VVNFUg

    * Save this as CFScript.txt and place it on your desktop.





    * Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    * ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    * When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

    With a new HJT log This time use THIS version instead Delete the old one.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.



    I also noticed when you scanned with malwarebytes you did NOT update it first.

    Please UPDATE it and run a NEW scan and post that log as well.
    Last edited by Porthos; October 11th, 2008 at 05:49 PM.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    After some initial difficulty I managed to get ComboFix to run successfully. I still have an issue in that svchost.exe run by SYSTEM uses all available CPU. Lots of progress so far though. I can now use the task manager, view the C drive, use the Run command, edit the registry, and use the command line.

    ComboFix 08-10-11.01 - Pwner 2008-10-11 21:25:27.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.206 [GMT -4:00]
    Running from: C:\Documents and Settings\Pwner\Desktop\ix.exe
    Command switches used :: C:\Documents and Settings\Pwner\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\anaankvp.exe
    C:\WINDOWS\IKLKRFDI.exe
    C:\WINDOWS\system32\el32.dll
    C:\WINDOWS\system32\iyvxpqnyohpzucy.dll
    C:\WINDOWS\System32\psyche.exe
    C:\WINDOWS\System32\PsycheEnqueue.exe
    C:\WINDOWS\system32\spoolsi.exe
    .
    /wow section not completed

    ((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
    .

    2008-10-11 21:09 . 2008-10-11 21:09 <DIR> d-------- C:\Program Files\Trend Micro
    2008-10-11 16:26 . 2008-10-11 16:26 37,890 --a------ C:\WINDOWS\system32\BQdb103U.exe
    2008-10-11 16:15 . 2008-10-11 16:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-11 15:51 . 2008-10-11 15:53 <DIR> d-------- C:\Program Files\CCleaner
    2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Documents and Settings\Pwner\Application Data\Malwarebytes
    2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-11 14:59 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-11 14:59 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-11 14:54 . 2008-10-11 14:54 0 --a------ C:\WINDOWS\system32\dlds8.exe
    2008-10-11 12:09 . 2008-10-11 12:12 <DIR> d-------- C:\Program Files\NoAdware
    2008-10-11 12:05 . 2008-10-11 12:04 30,272 --a------ C:\WINDOWS\system32\pLqgtD11.exe
    2008-10-11 12:02 . 2008-10-11 12:13 <DIR> d-------- C:\WINDOWS\AdWare Pro
    2008-10-11 12:02 . 2008-10-11 12:02 0 --a------ C:\WINDOWS\system32\MSVolume.dll
    2008-10-11 12:00 . 2008-10-11 12:14 <DIR> d-------- C:\Program Files\AdWare Pro
    2008-10-11 10:59 . 2008-10-11 10:59 186,368 --a------ C:\Documents and Settings\LocalService\Application Data\871026602.exe
    2008-10-11 10:59 . 2008-10-11 10:59 108,544 --a------ C:\Documents and Settings\LocalService\Application Data\870764442.exe
    2008-10-11 10:59 . 2008-10-11 10:59 71,715 --a------ C:\WINDOWS\system32\xuuvkpwbtbtope.exe
    2008-10-11 10:58 . 2008-10-11 10:58 115,200 --a------ C:\Documents and Settings\LocalService\Application Data\951127177.exe
    2008-10-11 10:58 . 2008-10-11 10:58 34,816 --a------ C:\Documents and Settings\LocalService\Application Data\932579358.exe
    2008-10-09 17:14 . 2008-10-09 17:14 186,368 --a------ C:\Documents and Settings\LocalService\Application Data\867421903.exe
    2008-10-09 17:14 . 2008-10-09 17:14 115,200 --a------ C:\Documents and Settings\LocalService\Application Data\919078116.exe
    2008-10-09 17:14 . 2008-10-09 17:14 108,544 --a------ C:\Documents and Settings\LocalService\Application Data\800571103.exe
    2008-10-07 13:33 . 2008-10-07 13:33 191,488 --a------ C:\Documents and Settings\LocalService\Application Data\833930960.exe
    2008-10-07 13:33 . 2008-10-07 13:33 108,544 --a------ C:\Documents and Settings\LocalService\Application Data\750695162.exe
    2008-10-07 10:26 . 2008-10-11 20:39 32,256 --a------ C:\WINDOWS\system32\drivers\ati4wbxx.sys
    2008-10-07 08:48 . 2008-10-07 08:48 191,488 --a------ C:\Documents and Settings\LocalService\Application Data\822395920.exe
    2008-10-07 08:48 . 2008-10-07 08:48 114,176 --a------ C:\Documents and Settings\LocalService\Application Data\872206320.exe
    2008-10-07 08:40 . 2008-10-07 08:40 <DIR> d-------- C:\Program Files\att-nap
    2008-10-07 08:28 . 2008-10-07 08:28 23,726 --a------ C:\WINDOWS\system32\12283142141.dll
    2008-10-07 08:26 . 2008-10-07 08:26 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
    2008-10-06 20:58 . 2008-10-06 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-06 19:47 . 2008-09-16 14:07 <DIR> d-------- C:\WINDOWS\WinSxS
    2008-10-06 19:47 . 2008-10-11 20:59 <DIR> d-------- C:\Program Files\OINAnalytics
    2008-10-06 19:47 . 2008-09-30 09:51 60,928 --a------ C:\WINDOWS\system32\gfr.dll
    2008-10-06 19:42 . 2008-10-11 15:23 <DIR> d--hs---- C:\WINDOWS\VVNFUg
    2008-10-06 19:37 . 2008-10-06 19:37 <DIR> d-------- C:\WINDOWS\qofr
    2008-10-06 19:37 . 2008-10-06 19:39 <DIR> d-------- C:\Program Files\Common Files\qofr
    2008-10-06 19:16 . 2008-10-06 19:16 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\Gool
    2008-10-06 14:58 . 2008-10-06 14:58 29 --a------ C:\WINDOWS\system32\fyoeiheo.tmp
    2008-10-06 14:53 . 2008-10-11 14:44 6,144 --a------ C:\WINDOWS\system32\karna.dat
    2008-10-06 11:01 . 2008-10-06 11:01 19,558 --a------ C:\Program Files\Common Files\oceka.sys
    2008-10-06 11:01 . 2008-10-06 11:01 17,521 --a------ C:\WINDOWS\aqowoqijy.exe
    2008-10-06 11:01 . 2008-10-06 11:01 17,409 --a------ C:\Documents and Settings\Judy\Application Data\wadah.bin
    2008-10-06 11:01 . 2008-10-06 11:01 17,403 --a------ C:\WINDOWS\xulupakic.pif
    2008-10-06 11:01 . 2008-10-06 11:01 15,409 --a------ C:\WINDOWS\system32\gumuj.dat
    2008-10-06 11:01 . 2008-10-06 11:01 15,036 --a------ C:\WINDOWS\system32\ohaqohak.ban
    2008-10-06 11:01 . 2008-10-06 11:01 14,126 --a------ C:\Program Files\Common Files\gewigoden.scr
    2008-10-06 11:01 . 2008-10-06 11:01 13,619 --a------ C:\Documents and Settings\All Users\Application Data\anili.bat
    2008-10-06 11:01 . 2008-10-06 11:01 13,118 --a------ C:\WINDOWS\system32\itugucycis.dl
    2008-10-06 11:01 . 2008-10-06 11:01 12,814 --a------ C:\WINDOWS\yvalydi._dl
    2008-10-06 11:01 . 2008-10-06 11:01 12,331 --a------ C:\Documents and Settings\All Users\Application Data\tywen.bat
    2008-10-06 11:01 . 2008-10-06 11:01 12,319 --a------ C:\Program Files\Common Files\uvumadynug.scr
    2008-10-06 11:01 . 2008-10-06 11:01 10,454 --a------ C:\WINDOWS\system32\yzolokof.exe
    2008-10-06 11:01 . 2008-10-06 11:01 10,205 --a------ C:\WINDOWS\idakifa.db
    2008-10-06 09:14 . 2008-10-06 09:14 18,422 --a------ C:\Documents and Settings\Judy\Application Data\acoh.vbs
    2008-10-06 09:14 . 2008-10-06 09:14 18,050 --a------ C:\Documents and Settings\All Users\Application Data\yzopo.bat
    2008-10-06 09:14 . 2008-10-06 09:14 14,877 --a------ C:\Documents and Settings\Judy\Application Data\xyzodyfag.scr
    2008-10-06 09:14 . 2008-10-06 09:14 12,257 --a------ C:\Documents and Settings\Judy\Application Data\palanysemu.sys
    2008-10-05 18:00 . 2008-10-06 13:18 <DIR> d-------- C:\Program Files\XP_AntiSpyware
    2008-10-05 18:00 . 2008-10-05 18:00 23,726 --a------ C:\WINDOWS\system32\2201920341.dll
    2008-10-05 17:58 . 2008-10-11 12:46 65,428 --a------ C:\WINDOWS\system32\wini10251.exe
    2008-10-05 17:55 . 2008-10-11 13:42 10,240 --a------ C:\WINDOWS\system32\brastk.exe
    2008-10-05 17:55 . 2008-10-11 13:42 10,240 --a------ C:\WINDOWS\brastk.exe
    2008-10-05 17:51 . 2008-10-05 17:51 23,102 --a------ C:\WINDOWS\system32\dlds7.exe
    2008-10-05 17:50 . 2008-10-05 17:50 44,544 --a------ C:\WAfg.exe
    2008-10-05 17:50 . 2008-10-05 17:50 22,666 --a------ C:\WINDOWS\system32\dlds6.exe
    2008-10-05 17:50 . 2008-10-05 17:50 17,782 --a------ C:\WINDOWS\system32\dlds1.exe
    2008-10-05 17:50 . 2008-10-05 17:50 16,896 --a------ C:\T8M0.exe
    2008-10-05 17:50 . 2008-10-05 17:50 16,186 --a------ C:\WINDOWS\system32\dlds5.exe
    2008-10-05 17:50 . 2008-10-05 17:50 16,186 --a------ C:\WINDOWS\system32\dlds2.exe
    2008-10-04 11:28 . 2008-10-04 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-10-01 16:48 . 2008-10-01 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM
    2008-10-01 16:47 . 2008-10-01 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-09-29 16:54 . 2008-09-29 16:54 <DIR> d-------- C:\Program Files\Microsoft
    2008-09-24 09:03 . 2008-09-24 09:04 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\SPAMfighter
    2008-09-22 11:25 . 2008-09-22 11:25 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\SPAMfighter
    2008-09-16 14:58 . 2008-09-16 14:58 0 --a------ C:\WINDOWS\Textart.INI
    2008-09-16 14:15 . 2008-09-16 14:15 <DIR> d-------- C:\Program Files\Apple Software Update
    2008-09-16 12:50 . 2008-09-16 12:50 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\Uniblue
    2008-09-15 16:55 . 2008-09-15 16:55 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\vlc
    2008-09-13 18:17 . 2008-09-13 18:17 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2008-09-13 14:35 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-09-13 14:35 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-09-13 14:35 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2008-09-12 08:36 . 2008-09-13 17:58 <DIR> d-------- C:\WINDOWS\system32\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-11 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-10-09 21:16 --------- d-----w C:\Program Files\Lx_cats
    2008-10-07 12:40 --------- d-----w C:\Program Files\Common Files\Motive
    2008-10-07 00:58 --------- d-----w C:\Program Files\Google
    2008-10-07 00:35 --------- d-----w C:\Program Files\ATT Internet Tools
    2008-10-06 19:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-10-06 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-06 17:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-06 17:40 --------- d-----w C:\Program Files\Norton AntiVirus
    2008-10-06 13:14 19,797 ----a-w C:\WINDOWS\ujilutiwib.bin
    2008-10-06 13:14 18,389 ----a-w C:\Program Files\Common Files\ugehun.inf
    2008-10-06 13:14 18,216 ----a-w C:\WINDOWS\izewyh.vbs
    2008-10-06 13:14 17,449 ----a-w C:\WINDOWS\ezof.vbs
    2008-10-06 13:14 15,824 ----a-w C:\WINDOWS\amam.scr
    2008-10-06 13:14 13,281 ----a-w C:\WINDOWS\system32\okewygeged.exe
    2008-10-06 13:14 10,901 ----a-w C:\WINDOWS\caqovu.vbs
    2008-10-05 22:00 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-10-02 11:32 --------- d-----w C:\Program Files\MySpace
    2008-09-21 20:07 --------- d-----w C:\Documents and Settings\Fred\Application Data\FaxCtr
    2008-09-19 22:06 --------- d-----w C:\Program Files\NOS
    2008-09-19 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
    2008-09-16 18:16 --------- d-----w C:\Program Files\QuickTime
    2008-09-16 18:03 --------- d-----w C:\Program Files\ATT
    2008-09-16 18:02 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-09-16 18:02 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Lavasoft
    2008-09-16 16:24 --------- d-----w C:\Documents and Settings\Judy\Application Data\FaxCtr
    2008-09-15 20:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-13 22:19 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
    2008-09-13 22:19 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
    2008-09-13 22:19 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
    2008-09-06 23:10 --------- d-----w C:\Documents and Settings\Fred\Application Data\MySpace
    2008-09-05 13:58 --------- d-----w C:\Program Files\CDex_150
    2008-08-31 23:00 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Template
    2008-08-31 20:12 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Skype
    2008-08-31 20:11 --------- d-----w C:\Documents and Settings\Pwner\Application Data\skypePM
    2008-08-29 11:49 166,400 ----a-w C:\WINDOWS\system32\iyvxpqnyohpzucy.dll
    2008-08-26 16:53 --------- d-----w C:\Program Files\Java
    2008-08-15 15:12 --------- d-----w C:\Documents and Settings\Pwner\Application Data\FaxCtr
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2006-11-07 17:43 0 ----a-w C:\Program Files\Common Files\err.log
    2006-07-30 13:55 0 -c--a-w C:\Documents and Settings\Fred\Application Data\Install.dat
    2005-07-29 20:24 472 --sha-r C:\WINDOWS\VVNFUg\pphIo0.vbs
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-09-05 450560]
    "RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-01 12288]
    "LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.EXE" [2002-01-28 885760]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
    "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-12-10 37376]
    "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-06 115816]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-02-06 771704]
    "lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
    "lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
    "PhotoExplosionCalCheck"="C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "el"="C:\WINDOWS\system32\el32.dll" [2008-03-03 38400]
    "blspcloader"="C:\Program Files\ATT Internet Tools\blsloader.exe" [2008-10-06 103776]
    "{ab3b02c5-1dfe-73ca-d1d2-7f5ecb224aeb}"="C:\WINDOWS\system32\iyvxpqnyohpzucy.dll" [2008-08-29 166400]
    "VTTrayp"="VTtrayp.exe" [2004-06-21 C:\WINDOWS\system32\VTTrayp.exe]
    "VTTimer"="VTTimer.exe" [2004-10-01 C:\WINDOWS\system32\VTTimer.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "Appinit_dlls"=karna.dat

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001


    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "C:\\Program Files\\att-nap\\McciBrowser.exe"=
    "C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
    "C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
    "C:\\WINDOWS\\system32\\lxddcoms.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
    "C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020

    .
    Contents of the 'Scheduled Tasks' folder

    2008-09-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

    2008-10-11 C:\WINDOWS\Tasks\At1.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At10.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At11.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At12.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At13.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At14.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At15.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At16.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At17.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At18.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At19.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At2.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At20.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-12 C:\WINDOWS\Tasks\At21.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At22.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At23.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At24.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At25.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At26.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At27.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At28.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At29.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At3.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At30.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At31.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At32.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At33.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At34.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At35.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At36.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At37.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At38.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At39.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At4.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At40.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At41.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At42.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At43.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At44.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-12 C:\WINDOWS\Tasks\At45.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At46.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At47.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At48.job
    - C:\WINDOWS\system32\BQdb103U.exe [2008-10-11 16:26]

    2008-10-11 C:\WINDOWS\Tasks\At5.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At6.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At7.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At8.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-10-11 C:\WINDOWS\Tasks\At9.job
    - C:\WINDOWS\system32\pLqgtD11.exe [2008-10-11 12:04]

    2008-08-04 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
    - C:\Program Files\ErrorSmart\ErrorSmart.exe []

    2008-08-04 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
    - C:\Program Files\ErrorSmart []

    2008-09-16 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
    - C:\Program Files\RegistrySmart\RegistrySmart.exe []

    2008-09-16 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
    - C:\Program Files\RegistrySmart []
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Print Process Spooler - spoolsi.exe
    SharedTaskScheduler-{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file)



    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-11 21:28:16
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwQuerySystemInformation

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\WINDOWS\system32\drivers\bjnvzzvv.sys 179712 bytes executable
    C:\WINDOWS\system32\psyche.exe 114176 bytes executable
    C:\WINDOWS\system32\PsycheEnqueue.exe 108544 bytes executable

    scan completed successfully
    hidden files: 3

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bjnvzzvv]
    "ImagePath"="\??\C:\WINDOWS\system32\drivers\bjnvzzvv.sys"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\psyche]
    "ImagePath"="%SystemRoot%\System32\psyche.exe -k netsvcs"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsycheEnqueue]
    "ImagePath"="%SystemRoot%\System32\PsycheEnqueue.exe -k netsvcs"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-11 21:56:02 - machine was rebooted [Pwner]
    ComboFix-quarantined-files.txt 2008-10-12 01:55:36

    Pre-Run: 28,435,533,824 bytes free
    Post-Run: 28,323,274,752 bytes free

    405 --- E O F --- 2008-09-10 16:46:26
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    Malwarebytes' Anti-Malware 1.28
    Database version: 1259
    Windows 5.1.2600 Service Pack 2

    2008-10-11 20:59:03
    mbam-log-2008-10-11 (20-59-03).txt

    Scan type: Quick Scan
    Objects scanned: 12872
    Time elapsed: 40 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iklkrfdi (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\anaankvp (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\spoolsi.exe (Backdoor.Bot) -> Delete on reboot.
    C:\Program Files\OINAnalytics\OINAnalytics1.dll (Adware.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\IKLKRFDI.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\JZJICSAB.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\anaankvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.




    Malwarebytes' Anti-Malware 1.28
    Database version: 1259
    Windows 5.1.2600 Service Pack 2

    10/11/2008 10:08:56 PM
    mbam-log-2008-10-11 (22-08-56).txt

    Scan type: Quick Scan
    Objects scanned: 51187
    Time elapsed: 3 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 16
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 2
    Files Infected: 29

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{4ddbb94d-75a4-215e-8e39-5ec006528cbe} (Adware.ClickSpring) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati4wbxx (Rootkit.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati4wbxx (Rootkit.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati4wbxx (Rootkit.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oinanalytics (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{ab3b02c5-1dfe-73ca-d1d2-7f5ecb224aeb} (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\OINAnalytics (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\psyche.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\PsycheEnqueue.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\BQdb103U.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gfr.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\ati4wbxx.sys (Rootkit.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\Drivers\bjnvzzvv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\750695162.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\800571103.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\822395920.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\833930960.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\870764442.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\872206320.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\951127177.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\OINAnalytics\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\AVEngn.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\XP_AntiSpyware\Uninstall.exe (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iyvxpqnyohpzucy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dlds1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dlds2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dlds5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dlds6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dlds7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dlds8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wini10251.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Judy\Application Data\Gool\Gool.exe (Trojan.Agent) -> Quarantined and deleted successfully.


    Malwarebytes' Anti-Malware 1.28
    Database version: 1259
    Windows 5.1.2600 Service Pack 2

    10/11/2008 10:20:14 PM
    mbam-log-2008-10-11 (22-20-14).txt

    Scan type: Quick Scan
    Objects scanned: 51136
    Time elapsed: 3 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 8
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:20:55 PM, on 10/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
    C:\Program Files\ATT Internet Tools\blsloader.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
    O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [el] regsvr32.exe /u /s "C:\WINDOWS\system32\el32.dll"
    O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\ATT Internet Tools\blsloader.exe"
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.pagoo.com/ActiveX/RCAXSetup.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: karna.dat
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
    O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 9232 bytes
  14. #8
  15. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Now lets delete everything INSIDE this folder. NOT the folder.

    C:\WINDOWS\Tasks


    Next

    Be sure your antivirus is disabled....

    * Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the Quote box below:

    KillAll::
    File::
    C:\WINDOWS\system32\el32.dll
    C:\WINDOWS\system32\BQdb103U.exe
    C:\WINDOWS\system32\dlds8.exe
    C:\WINDOWS\anaankvp.exe
    C:\WINDOWS\IKLKRFDI.exe
    C:\WINDOWS\system32\el32.dll
    C:\WINDOWS\system32\iyvxpqnyohpzucy.dll
    C:\WINDOWS\System32\psyche.exe
    C:\WINDOWS\System32\PsycheEnqueue.exe
    C:\WINDOWS\system32\spoolsi.exe
    C:\WINDOWS\system32\pLqgtD11.exe
    C:\Documents and Settings\LocalService\Application Data\871026602.exe
    C:\Documents and Settings\LocalService\Application Data\870764442.exe
    C:\WINDOWS\system32\xuuvkpwbtbtope.exe
    C:\Documents and Settings\LocalService\Application Data\951127177.exe
    C:\Documents and Settings\LocalService\Application Data\932579358.exe
    C:\Documents and Settings\LocalService\Application Data\867421903.exe
    C:\Documents and Settings\LocalService\Application Data\919078116.exe
    C:\Documents and Settings\LocalService\Application Data\800571103.exe
    C:\Documents and Settings\LocalService\Application Data\833930960.exe
    C:\Documents and Settings\LocalService\Application Data\750695162.exe
    C:\WINDOWS\system32\drivers\ati4wbxx.sys
    C:\Documents and Settings\LocalService\Application Data\822395920.exe
    C:\Documents and Settings\LocalService\Application Data\872206320.exe
    C:\WINDOWS\system32\12283142141.dll
    C:\WINDOWS\system32\gfr.dll
    C:\Documents and Settings\Judy\Application Data\Gool
    C:\WINDOWS\system32\fyoeiheo.tmp
    C:\WINDOWS\system32\karna.dat
    C:\Program Files\Common Files\oceka.sys
    C:\WINDOWS\aqowoqijy.exe
    C:\Documents and Settings\Judy\Application Data\wadah.bin
    C:\WINDOWS\xulupakic.pif
    C:\WINDOWS\system32\gumuj.dat
    C:\WINDOWS\system32\ohaqohak.ban
    C:\Program Files\Common Files\gewigoden.scr
    C:\Documents and Settings\All Users\Application Data\anili.bat
    C:\WINDOWS\system32\itugucycis.dl
    C:\WINDOWS\yvalydi._dl
    C:\Documents and Settings\All Users\Application Data\tywen.bat
    C:\Program Files\Common Files\uvumadynug.scr
    C:\WINDOWS\system32\yzolokof.exe
    C:\WINDOWS\idakifa.db
    C:\Documents and Settings\Judy\Application Data\acoh.vbs
    C:\Documents and Settings\All Users\Application Data\yzopo.bat
    C:\Documents and Settings\Judy\Application Data\xyzodyfag.scr
    C:\Documents and Settings\Judy\Application Data\palanysemu.sys
    C:\WINDOWS\system32\2201920341.dll
    C:\WINDOWS\system32\wini10251.exe
    C:\WINDOWS\system32\brastk.exe
    C:\WINDOWS\brastk.exe
    C:\WINDOWS\system32\dlds7.exe
    C:\WAfg.exe
    C:\WINDOWS\system32\dlds6.exe
    C:\WINDOWS\system32\dlds1.exe
    C:\T8M0.exe
    C:\WINDOWS\system32\dlds5.exe
    C:\WINDOWS\system32\dlds2.exe
    C:\WINDOWS\ujilutiwib.bin
    C:\Program Files\Common Files\ugehun.inf
    C:\WINDOWS\izewyh.vbs
    C:\WINDOWS\ezof.vbs
    C:\WINDOWS\amam.scr
    C:\WINDOWS\system32\okewygeged.exe
    C:\WINDOWS\caqovu.vbs
    C:\WINDOWS\system32\iyvxpqnyohpzucy.dll
    C:\WINDOWS\system32\pLqgtD11.exe
    C:\WINDOWS\system32\BQdb103U.exe
    C:\WINDOWS\system32\drivers\bjnvzzvv.sys
    Folder::
    C:\WINDOWS\VVNFUgC:\WINDOWS\VVNFUg
    C:\WINDOWS\qofr
    C:\Program Files\Common Files\qofr
    C:\Program Files\XP_AntiSpyware
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "el"=-
    "{ab3b02c5-1dfe-73ca-d1d2-7f5ecb224aeb}"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "Appinit_dlls"=
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bjnvzzvv]
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\psyche]
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsycheEnqueue]
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
    Driver::
    bjnvzzvv

    * Save this as CFScript.txt and place it on your desktop.





    * Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    * ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.


    * When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.




    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    After that runs and you post the Combofix log......


    Download SDfix and save it to your Desktop.

    http://downloads.andymanchesta.com/R...ools/SDFix.exe

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    · Restart your computer
    · After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    · Instead of Windows loading as normal, the Advanced Options Menu should appear;
    · Select the first option, to run Windows in Safe Mode, then press Enter.
    · Choose your usual account.
    · Open the extracted SDFix folder and double click RunThis.bat to start the script.
    · Type Y to begin the cleanup process.
    · It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    · Press any Key and it will restart the PC.
    · When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    · Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    · Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


    Note: Do NOT use the msconfig option to boot into Safe Mode, if you can't boot into Safe Mode by tapping the F8 key, just post back here and let me know.
    __________________
    If I have posted multiple programs for the fix do them ALL before posting them and a final hijack log



    Post a new HJT log
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    I forgot to delete the files in the tasks folder before running ComboFix for the first time, so I figured it were better to run it a second time after that than to let something respawn that was removed the first time. Both of the CF logs are here.

    ComboFix 08-10-11.01 - Pwner 2008-10-11 23:35:51.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.227 [GMT -4:00]
    Running from: C:\Documents and Settings\Pwner\Desktop\ix.exe
    Command switches used :: C:\Documents and Settings\Pwner\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\Documents and Settings\All Users\Application Data\anili.bat
    C:\Documents and Settings\All Users\Application Data\tywen.bat
    C:\Documents and Settings\All Users\Application Data\yzopo.bat
    C:\Documents and Settings\Judy\Application Data\acoh.vbs
    C:\Documents and Settings\Judy\Application Data\Gool
    C:\Documents and Settings\Judy\Application Data\palanysemu.sys
    C:\Documents and Settings\Judy\Application Data\wadah.bin
    C:\Documents and Settings\Judy\Application Data\xyzodyfag.scr
    C:\Documents and Settings\LocalService\Application Data\750695162.exe
    C:\Documents and Settings\LocalService\Application Data\800571103.exe
    C:\Documents and Settings\LocalService\Application Data\822395920.exe
    C:\Documents and Settings\LocalService\Application Data\833930960.exe
    C:\Documents and Settings\LocalService\Application Data\867421903.exe
    C:\Documents and Settings\LocalService\Application Data\870764442.exe
    C:\Documents and Settings\LocalService\Application Data\871026602.exe
    C:\Documents and Settings\LocalService\Application Data\872206320.exe
    C:\Documents and Settings\LocalService\Application Data\919078116.exe
    C:\Documents and Settings\LocalService\Application Data\932579358.exe
    C:\Documents and Settings\LocalService\Application Data\951127177.exe
    C:\Program Files\Common Files\gewigoden.scr
    C:\Program Files\Common Files\oceka.sys
    C:\Program Files\Common Files\ugehun.inf
    C:\Program Files\Common Files\uvumadynug.scr
    C:\T8M0.exe
    C:\WAfg.exe
    C:\WINDOWS\amam.scr
    C:\WINDOWS\anaankvp.exe
    C:\WINDOWS\aqowoqijy.exe
    C:\WINDOWS\brastk.exe
    C:\WINDOWS\caqovu.vbs
    C:\WINDOWS\ezof.vbs
    C:\WINDOWS\idakifa.db
    C:\WINDOWS\IKLKRFDI.exe
    C:\WINDOWS\izewyh.vbs
    C:\WINDOWS\system32\12283142141.dll
    C:\WINDOWS\system32\2201920341.dll
    C:\WINDOWS\system32\BQdb103U.exe
    C:\WINDOWS\system32\brastk.exe
    C:\WINDOWS\system32\dlds1.exe
    C:\WINDOWS\system32\dlds2.exe
    C:\WINDOWS\system32\dlds5.exe
    C:\WINDOWS\system32\dlds6.exe
    C:\WINDOWS\system32\dlds7.exe
    C:\WINDOWS\system32\dlds8.exe
    C:\WINDOWS\system32\drivers\ati4wbxx.sys
    C:\WINDOWS\system32\drivers\bjnvzzvv.sys
    C:\WINDOWS\system32\el32.dll
    C:\WINDOWS\system32\fyoeiheo.tmp
    C:\WINDOWS\system32\gfr.dll
    C:\WINDOWS\system32\gumuj.dat
    C:\WINDOWS\system32\itugucycis.dl
    C:\WINDOWS\system32\iyvxpqnyohpzucy.dll
    C:\WINDOWS\system32\karna.dat
    C:\WINDOWS\system32\ohaqohak.ban
    C:\WINDOWS\system32\okewygeged.exe
    C:\WINDOWS\system32\pLqgtD11.exe
    C:\WINDOWS\System32\psyche.exe
    C:\WINDOWS\System32\PsycheEnqueue.exe
    C:\WINDOWS\system32\spoolsi.exe
    C:\WINDOWS\system32\wini10251.exe
    C:\WINDOWS\system32\xuuvkpwbtbtope.exe
    C:\WINDOWS\system32\yzolokof.exe
    C:\WINDOWS\ujilutiwib.bin
    C:\WINDOWS\xulupakic.pif
    C:\WINDOWS\yvalydi._dl
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\anili.bat
    C:\Documents and Settings\All Users\Application Data\tywen.bat
    C:\Documents and Settings\All Users\Application Data\yzopo.bat
    C:\Documents and Settings\Amanda\Application Data\FunWebProducts
    C:\Documents and Settings\Amanda\Application Data\FunWebProducts\Data\Amanda\avatar.dat
    C:\Documents and Settings\Amanda\Application Data\FunWebProducts\Data\Amanda\register.dat
    C:\Documents and Settings\Fred\Application Data\install.dat
    C:\Documents and Settings\Fred\err.log
    C:\Documents and Settings\Judy\Application Data\acoh.vbs
    C:\Documents and Settings\Judy\Application Data\palanysemu.sys
    C:\Documents and Settings\Judy\Application Data\wadah.bin
    C:\Documents and Settings\Judy\Application Data\xyzodyfag.scr
    C:\Documents and Settings\Judy\err.log
    C:\Documents and Settings\Judy\Local Settings\Temporary Internet Files\cosero.db
    C:\Documents and Settings\Judy\Local Settings\Temporary Internet Files\CPV.stt
    C:\Documents and Settings\Judy\Local Settings\Temporary Internet Files\tikuci.inf
    C:\Documents and Settings\Judy\Local Settings\Temporary Internet Files\yquco.scr
    C:\Documents and Settings\Judy\My Documents\SMANTE~1
    C:\Documents and Settings\Judy\My Documents\SMANTE~1\netdde.exe
    C:\Documents and Settings\Judy\My Documents\SMANTE~1\S?mantec\
    C:\Documents and Settings\LocalService\Application Data\867421903.exe
    C:\Documents and Settings\LocalService\Application Data\871026602.exe
    C:\Documents and Settings\LocalService\Application Data\919078116.exe
    C:\Documents and Settings\LocalService\Application Data\932579358.exe
    C:\Documents and Settings\Pwner\err.log
    C:\Program Files\Common Files\companion wizard
    C:\Program Files\Common Files\companion wizard\log.txt
    C:\Program Files\Common Files\gewigoden.scr
    C:\Program Files\Common Files\oceka.sys
    C:\Program Files\Common Files\qofr
    C:\Program Files\Common Files\qofr\qofra.exe
    C:\Program Files\Common Files\qofr\qofra.lck
    C:\Program Files\Common Files\qofr\qofrd\class-barrel
    C:\Program Files\Common Files\qofr\qofrd\qofrc.dll
    C:\Program Files\Common Files\qofr\qofrd\vocabulary
    C:\Program Files\Common Files\qofr\qofrh
    C:\Program Files\Common Files\qofr\qofrl.exe
    C:\Program Files\Common Files\qofr\qofrl.lck
    C:\Program Files\Common Files\qofr\qofrm.exe
    C:\Program Files\Common Files\qofr\qofrm.lck
    C:\Program Files\Common Files\qofr\qofrp.exe
    C:\Program Files\Common Files\ugehun.inf
    C:\Program Files\Common Files\uvumadynug.scr
    C:\T8M0.exe
    C:\WAfg.exe
    C:\WINDOWS\amam.scr
    C:\WINDOWS\aqowoqijy.exe
    C:\WINDOWS\caqovu.vbs
    C:\WINDOWS\ezof.vbs
    C:\WINDOWS\idakifa.db
    C:\WINDOWS\izewyh.vbs
    C:\WINDOWS\qofr
    C:\WINDOWS\qofr\qofr.dat
    C:\WINDOWS\qofr\wu
    C:\WINDOWS\system32\12283142141.dll
    C:\WINDOWS\system32\2201920341.dll
    C:\WINDOWS\system32\el32.dll
    C:\WINDOWS\system32\fyoeiheo.tmp
    C:\WINDOWS\system32\gumuj.dat
    C:\WINDOWS\system32\itugucycis.dl
    C:\WINDOWS\system32\ohaqohak.ban
    C:\WINDOWS\system32\okewygeged.exe
    C:\WINDOWS\system32\pLqgtD11.exe
    C:\WINDOWS\system32\stera.log
    C:\WINDOWS\system32\xuuvkpwbtbtope.exe
    C:\WINDOWS\system32\yzolokof.exe
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job
    C:\WINDOWS\ujilutiwib.bin
    C:\WINDOWS\wnsxs~1
    C:\WINDOWS\wnsxs~1\?hkdsk.exe
    C:\WINDOWS\xulupakic.pif
    C:\WINDOWS\yvalydi._dl

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BJNVZZVV
    -------\Legacy_CBEVTSVC
    -------\Legacy_FOPN
    -------\Legacy_ICF
    -------\Legacy_SYSREST.SYS
    -------\Legacy_TCPSR
    -------\Service_bjnvzzvv
    -------\Service_psyche
    -------\Service_PsycheEnqueue


    ((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
    .

    2008-10-11 21:09 . 2008-10-11 21:09 <DIR> d-------- C:\Program Files\Trend Micro
    2008-10-11 16:15 . 2008-10-11 16:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-11 15:51 . 2008-10-11 15:53 <DIR> d-------- C:\Program Files\CCleaner
    2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Documents and Settings\Pwner\Application Data\Malwarebytes
    2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-11 14:59 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-11 14:59 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-11 12:09 . 2008-10-11 12:12 <DIR> d-------- C:\Program Files\NoAdware
    2008-10-11 12:02 . 2008-10-11 12:13 <DIR> d-------- C:\WINDOWS\AdWare Pro
    2008-10-11 12:00 . 2008-10-11 12:14 <DIR> d-------- C:\Program Files\AdWare Pro
    2008-10-07 08:40 . 2008-10-07 08:40 <DIR> d-------- C:\Program Files\att-nap
    2008-10-07 08:26 . 2008-10-07 08:26 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
    2008-10-06 20:58 . 2008-10-06 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-06 19:42 . 2008-10-11 15:23 <DIR> d--hs---- C:\WINDOWS\VVNFUg
    2008-10-06 19:16 . 2008-10-11 22:08 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\Gool
    2008-10-06 09:14 . 2008-10-06 09:14 18,533 --a------ C:\WINDOWS\uzoqytyp._sy
    2008-10-06 09:14 . 2008-10-06 09:14 15,155 --a------ C:\WINDOWS\ujuza.dl
    2008-10-06 09:14 . 2008-10-06 09:14 14,177 --a------ C:\WINDOWS\apihoz.dl
    2008-10-06 09:14 . 2008-10-06 09:14 12,856 --a------ C:\WINDOWS\unanetuv.lib
    2008-10-06 09:14 . 2008-10-06 09:14 12,484 --a------ C:\WINDOWS\esuqosoz.inf
    2008-10-06 09:14 . 2008-10-06 09:14 11,389 --a------ C:\WINDOWS\xevumezozi.dat
    2008-10-04 11:28 . 2008-10-04 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-10-01 16:48 . 2008-10-01 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM
    2008-10-01 16:47 . 2008-10-01 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-09-29 16:54 . 2008-09-29 16:54 <DIR> d-------- C:\Program Files\Microsoft
    2008-09-24 09:03 . 2008-09-24 09:04 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\SPAMfighter
    2008-09-22 11:25 . 2008-09-22 11:25 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\SPAMfighter
    2008-09-16 14:58 . 2008-09-16 14:58 0 --a------ C:\WINDOWS\Textart.INI
    2008-09-16 14:15 . 2008-09-16 14:15 <DIR> d-------- C:\Program Files\Apple Software Update
    2008-09-16 12:50 . 2008-09-16 12:50 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\Uniblue
    2008-09-15 16:55 . 2008-09-15 16:55 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\vlc
    2008-09-13 18:17 . 2008-09-13 18:17 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2008-09-13 14:35 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-09-13 14:35 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-09-13 14:35 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2008-09-12 08:36 . 2008-09-13 17:58 <DIR> d-------- C:\WINDOWS\system32\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-11 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-10-09 21:16 --------- d-----w C:\Program Files\Lx_cats
    2008-10-07 12:40 --------- d-----w C:\Program Files\Common Files\Motive
    2008-10-07 00:58 --------- d-----w C:\Program Files\Google
    2008-10-07 00:35 --------- d-----w C:\Program Files\ATT Internet Tools
    2008-10-06 19:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-10-06 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-06 17:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-06 17:40 --------- d-----w C:\Program Files\Norton AntiVirus
    2008-10-05 22:00 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-10-02 11:32 --------- d-----w C:\Program Files\MySpace
    2008-09-21 20:07 --------- d-----w C:\Documents and Settings\Fred\Application Data\FaxCtr
    2008-09-19 22:06 --------- d-----w C:\Program Files\NOS
    2008-09-19 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
    2008-09-16 18:16 --------- d-----w C:\Program Files\QuickTime
    2008-09-16 18:03 --------- d-----w C:\Program Files\ATT
    2008-09-16 18:02 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-09-16 18:02 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Lavasoft
    2008-09-16 16:24 --------- d-----w C:\Documents and Settings\Judy\Application Data\FaxCtr
    2008-09-15 20:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-13 22:19 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
    2008-09-13 22:19 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
    2008-09-13 22:19 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
    2008-09-06 23:10 --------- d-----w C:\Documents and Settings\Fred\Application Data\MySpace
    2008-09-05 13:58 --------- d-----w C:\Program Files\CDex_150
    2008-08-31 23:00 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Template
    2008-08-31 20:12 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Skype
    2008-08-31 20:11 --------- d-----w C:\Documents and Settings\Pwner\Application Data\skypePM
    2008-08-26 16:53 --------- d-----w C:\Program Files\Java
    2008-08-15 15:12 --------- d-----w C:\Documents and Settings\Pwner\Application Data\FaxCtr
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2006-11-07 17:43 0 ----a-w C:\Program Files\Common Files\err.log
    2005-07-29 20:24 472 --sha-r C:\WINDOWS\VVNFUg\pphIo0.vbs
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-11_21.35.54.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-09-05 450560]
    "RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-01 12288]
    "LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.EXE" [2002-01-28 885760]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
    "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-12-10 37376]
    "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-06 115816]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-02-06 771704]
    "lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
    "lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
    "PhotoExplosionCalCheck"="C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "VTTrayp"="VTtrayp.exe" [2004-06-21 C:\WINDOWS\system32\VTTrayp.exe]
    "VTTimer"="VTTimer.exe" [2004-10-01 C:\WINDOWS\system32\VTTimer.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "C:\\Program Files\\att-nap\\McciBrowser.exe"=
    "C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
    "C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
    "C:\\WINDOWS\\system32\\lxddcoms.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
    "C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020

    R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
    R2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lx ddserv.exe [2007-05-25 99248]
    R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2008-01-28 303104]
    S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
    S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-01-28 19712]
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
    S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-01-28 18304]
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
    .
    Contents of the 'Scheduled Tasks' folder

    2008-09-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

    2008-10-11 C:\WINDOWS\Tasks\At25.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At26.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At27.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At28.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At29.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At30.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At31.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At32.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At33.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At34.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At35.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At36.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At37.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At38.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At39.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At40.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At41.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At42.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At43.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At44.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-12 C:\WINDOWS\Tasks\At45.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-11 C:\WINDOWS\Tasks\At46.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-12 C:\WINDOWS\Tasks\At47.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-10-12 C:\WINDOWS\Tasks\At48.job
    - C:\WINDOWS\system32\BQdb103U.exe []

    2008-08-04 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
    - C:\Program Files\ErrorSmart\ErrorSmart.exe []

    2008-08-04 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
    - C:\Program Files\ErrorSmart []

    2008-09-16 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
    - C:\Program Files\RegistrySmart\RegistrySmart.exe []

    2008-09-16 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
    - C:\Program Files\RegistrySmart []
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-11 23:41:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-11 23:48:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-12 03:48:11
    ComboFix2.txt 2008-10-12 01:56:05

    Pre-Run: 28,777,168,896 bytes free
    Post-Run: 28,700,311,552 bytes free

    449 --- E O F --- 2008-09-10 16:46:26
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    ComboFix 08-10-11.01 - Pwner 2008-10-11 23:53:07.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.209 [GMT -4:00]
    Running from: C:\Documents and Settings\Pwner\Desktop\ix.exe
    Command switches used :: C:\Documents and Settings\Pwner\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\Documents and Settings\All Users\Application Data\anili.bat
    C:\Documents and Settings\All Users\Application Data\tywen.bat
    C:\Documents and Settings\All Users\Application Data\yzopo.bat
    C:\Documents and Settings\Judy\Application Data\acoh.vbs
    C:\Documents and Settings\Judy\Application Data\Gool
    C:\Documents and Settings\Judy\Application Data\palanysemu.sys
    C:\Documents and Settings\Judy\Application Data\wadah.bin
    C:\Documents and Settings\Judy\Application Data\xyzodyfag.scr
    C:\Documents and Settings\LocalService\Application Data\750695162.exe
    C:\Documents and Settings\LocalService\Application Data\800571103.exe
    C:\Documents and Settings\LocalService\Application Data\822395920.exe
    C:\Documents and Settings\LocalService\Application Data\833930960.exe
    C:\Documents and Settings\LocalService\Application Data\867421903.exe
    C:\Documents and Settings\LocalService\Application Data\870764442.exe
    C:\Documents and Settings\LocalService\Application Data\871026602.exe
    C:\Documents and Settings\LocalService\Application Data\872206320.exe
    C:\Documents and Settings\LocalService\Application Data\919078116.exe
    C:\Documents and Settings\LocalService\Application Data\932579358.exe
    C:\Documents and Settings\LocalService\Application Data\951127177.exe
    C:\Program Files\Common Files\gewigoden.scr
    C:\Program Files\Common Files\oceka.sys
    C:\Program Files\Common Files\ugehun.inf
    C:\Program Files\Common Files\uvumadynug.scr
    C:\T8M0.exe
    C:\WAfg.exe
    C:\WINDOWS\amam.scr
    C:\WINDOWS\anaankvp.exe
    C:\WINDOWS\aqowoqijy.exe
    C:\WINDOWS\brastk.exe
    C:\WINDOWS\caqovu.vbs
    C:\WINDOWS\ezof.vbs
    C:\WINDOWS\idakifa.db
    C:\WINDOWS\IKLKRFDI.exe
    C:\WINDOWS\izewyh.vbs
    C:\WINDOWS\system32\12283142141.dll
    C:\WINDOWS\system32\2201920341.dll
    C:\WINDOWS\system32\BQdb103U.exe
    C:\WINDOWS\system32\brastk.exe
    C:\WINDOWS\system32\dlds1.exe
    C:\WINDOWS\system32\dlds2.exe
    C:\WINDOWS\system32\dlds5.exe
    C:\WINDOWS\system32\dlds6.exe
    C:\WINDOWS\system32\dlds7.exe
    C:\WINDOWS\system32\dlds8.exe
    C:\WINDOWS\system32\drivers\ati4wbxx.sys
    C:\WINDOWS\system32\drivers\bjnvzzvv.sys
    C:\WINDOWS\system32\el32.dll
    C:\WINDOWS\system32\fyoeiheo.tmp
    C:\WINDOWS\system32\gfr.dll
    C:\WINDOWS\system32\gumuj.dat
    C:\WINDOWS\system32\itugucycis.dl
    C:\WINDOWS\system32\iyvxpqnyohpzucy.dll
    C:\WINDOWS\system32\karna.dat
    C:\WINDOWS\system32\ohaqohak.ban
    C:\WINDOWS\system32\okewygeged.exe
    C:\WINDOWS\system32\pLqgtD11.exe
    C:\WINDOWS\System32\psyche.exe
    C:\WINDOWS\System32\PsycheEnqueue.exe
    C:\WINDOWS\system32\spoolsi.exe
    C:\WINDOWS\system32\wini10251.exe
    C:\WINDOWS\system32\xuuvkpwbtbtope.exe
    C:\WINDOWS\system32\yzolokof.exe
    C:\WINDOWS\ujilutiwib.bin
    C:\WINDOWS\xulupakic.pif
    C:\WINDOWS\yvalydi._dl
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_bjnvzzvv
    -------\Service_psyche
    -------\Service_PsycheEnqueue


    ((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
    .

    2008-10-11 21:09 . 2008-10-11 21:09 <DIR> d-------- C:\Program Files\Trend Micro
    2008-10-11 16:15 . 2008-10-11 16:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-11 15:51 . 2008-10-11 15:53 <DIR> d-------- C:\Program Files\CCleaner
    2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Documents and Settings\Pwner\Application Data\Malwarebytes
    2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-11 14:59 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-11 14:59 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-11 12:09 . 2008-10-11 12:12 <DIR> d-------- C:\Program Files\NoAdware
    2008-10-11 12:02 . 2008-10-11 12:13 <DIR> d-------- C:\WINDOWS\AdWare Pro
    2008-10-11 12:00 . 2008-10-11 12:14 <DIR> d-------- C:\Program Files\AdWare Pro
    2008-10-07 08:40 . 2008-10-07 08:40 <DIR> d-------- C:\Program Files\att-nap
    2008-10-07 08:26 . 2008-10-07 08:26 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
    2008-10-06 20:58 . 2008-10-06 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-06 19:42 . 2008-10-11 15:23 <DIR> d--hs---- C:\WINDOWS\VVNFUg
    2008-10-06 19:16 . 2008-10-11 22:08 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\Gool
    2008-10-06 09:14 . 2008-10-06 09:14 18,533 --a------ C:\WINDOWS\uzoqytyp._sy
    2008-10-06 09:14 . 2008-10-06 09:14 15,155 --a------ C:\WINDOWS\ujuza.dl
    2008-10-06 09:14 . 2008-10-06 09:14 14,177 --a------ C:\WINDOWS\apihoz.dl
    2008-10-06 09:14 . 2008-10-06 09:14 12,856 --a------ C:\WINDOWS\unanetuv.lib
    2008-10-06 09:14 . 2008-10-06 09:14 12,484 --a------ C:\WINDOWS\esuqosoz.inf
    2008-10-06 09:14 . 2008-10-06 09:14 11,389 --a------ C:\WINDOWS\xevumezozi.dat
    2008-10-04 11:28 . 2008-10-04 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-10-01 16:48 . 2008-10-01 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM
    2008-10-01 16:47 . 2008-10-01 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-09-29 16:54 . 2008-09-29 16:54 <DIR> d-------- C:\Program Files\Microsoft
    2008-09-24 09:03 . 2008-09-24 09:04 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\SPAMfighter
    2008-09-22 11:25 . 2008-09-22 11:25 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\SPAMfighter
    2008-09-16 14:58 . 2008-09-16 14:58 0 --a------ C:\WINDOWS\Textart.INI
    2008-09-16 14:15 . 2008-09-16 14:15 <DIR> d-------- C:\Program Files\Apple Software Update
    2008-09-16 12:50 . 2008-09-16 12:50 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\Uniblue
    2008-09-15 16:55 . 2008-09-15 16:55 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\vlc
    2008-09-13 18:17 . 2008-09-13 18:17 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2008-09-13 14:35 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-09-13 14:35 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-09-13 14:35 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-09-13 14:35 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2008-09-12 08:36 . 2008-09-13 17:58 <DIR> d-------- C:\WINDOWS\system32\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-11 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-10-09 21:16 --------- d-----w C:\Program Files\Lx_cats
    2008-10-07 12:40 --------- d-----w C:\Program Files\Common Files\Motive
    2008-10-07 00:58 --------- d-----w C:\Program Files\Google
    2008-10-07 00:35 --------- d-----w C:\Program Files\ATT Internet Tools
    2008-10-06 19:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-10-06 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-06 17:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-06 17:40 --------- d-----w C:\Program Files\Norton AntiVirus
    2008-10-05 22:00 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-10-02 11:32 --------- d-----w C:\Program Files\MySpace
    2008-09-21 20:07 --------- d-----w C:\Documents and Settings\Fred\Application Data\FaxCtr
    2008-09-19 22:06 --------- d-----w C:\Program Files\NOS
    2008-09-19 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
    2008-09-16 18:16 --------- d-----w C:\Program Files\QuickTime
    2008-09-16 18:03 --------- d-----w C:\Program Files\ATT
    2008-09-16 18:02 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-09-16 18:02 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Lavasoft
    2008-09-16 16:24 --------- d-----w C:\Documents and Settings\Judy\Application Data\FaxCtr
    2008-09-15 20:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-13 22:19 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
    2008-09-13 22:19 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
    2008-09-13 22:19 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
    2008-09-06 23:10 --------- d-----w C:\Documents and Settings\Fred\Application Data\MySpace
    2008-09-05 13:58 --------- d-----w C:\Program Files\CDex_150
    2008-08-31 23:00 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Template
    2008-08-31 20:12 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Skype
    2008-08-31 20:11 --------- d-----w C:\Documents and Settings\Pwner\Application Data\skypePM
    2008-08-26 16:53 --------- d-----w C:\Program Files\Java
    2008-08-15 15:12 --------- d-----w C:\Documents and Settings\Pwner\Application Data\FaxCtr
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2006-11-07 17:43 0 ----a-w C:\Program Files\Common Files\err.log
    2005-07-29 20:24 472 --sha-r C:\WINDOWS\VVNFUg\pphIo0.vbs
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-11_21.35.54.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-09-05 450560]
    "RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-01 12288]
    "LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.EXE" [2002-01-28 885760]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
    "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-12-10 37376]
    "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-06 115816]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-02-06 771704]
    "lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
    "lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
    "PhotoExplosionCalCheck"="C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "VTTrayp"="VTtrayp.exe" [2004-06-21 C:\WINDOWS\system32\VTTrayp.exe]
    "VTTimer"="VTTimer.exe" [2004-10-01 C:\WINDOWS\system32\VTTimer.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "C:\\Program Files\\att-nap\\McciBrowser.exe"=
    "C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
    "C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
    "C:\\WINDOWS\\system32\\lxddcoms.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
    "C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020

    R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
    R2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lx ddserv.exe [2007-05-25 99248]
    R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2008-01-28 303104]
    S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
    S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-01-28 19712]
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
    S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-01-28 18304]
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-11 23:58:05
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-12 0:03:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-12 04:03:08
    ComboFix2.txt 2008-10-12 03:48:16
    ComboFix3.txt 2008-10-12 01:56:05

    Pre-Run: 28,683,452,416 bytes free
    Post-Run: 28,671,033,344 bytes free

    289 --- E O F --- 2008-09-10 16:46:26
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    SDFix: Version 1.234
    Run by Pwner on Sun 10/12/2008 at 12:11 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-12 00:17:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:00000082
    "TracesSuccessful"=dword:00000004

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
    "C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
    "C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
    "C:\\Program Files\\att-nap\\McciBrowser.exe"="C:\\Program Files\\att-nap\\McciBrowser.exe:*:Enabled:motivebrowser.exe"
    "C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"="C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
    "C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"="C:\\Program Files\\Lexmark 2500 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
    "C:\\WINDOWS\\system32\\lxddcoms.exe"="C:\\WINDOWS\\system32\\lxddcoms.exe:*:Enabled:Lexmark Communications System"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"="C:\\WINDOWS\\system32\\spool\\driv ers\\w32x86\\3\\lxddjswx.exe:*:Enabled: "
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"="C:\\WINDOWS\\system32\\spool\\driv ers\\w32x86\\3\\lxddpswx.exe:*:Enabled: "
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"="C:\\WINDOWS\\system32\\spool\\driv ers\\w32x86\\3\\lxddtime.exe:*:Enabled: "
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"="C:\\WINDOWS\\system32\\spool\\driv ers\\w32x86\\3\\lxddwbgw.exe:*:Enabled: "
    "C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"="C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe:*:Enabled: "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Lexmark 2500 Series\\app4r.exe"="C:\\Program Files\\Lexmark 2500 Series\\App4R.exe:*:Enabled:Printing Application"

    Remaining Files :



    Files with Hidden Attributes :

    Wed 17 Nov 2004 94,458 ...H. --- "C:\Program Files\Nero\data\Nero PhotoShow Express.exe"
    Wed 24 Sep 2008 2,211,794 A..H. --- "C:\Documents and Settings\All Users\Application Data\Google Updater\cache\BIT38.tmp"
    Wed 24 Sep 2008 2,211,794 A..H. --- "C:\Documents and Settings\All Users\Application Data\Google Updater\cache\BIT39.tmp"
    Wed 24 Sep 2008 2,211,796 A..H. --- "C:\Documents and Settings\All Users\Application Data\Google Updater\cache\BIT3A.tmp"
    Sat 11 Oct 2008 1,426 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\93b1f7c4b6e77133185a1282ee73ca0a\download\BIT3.tmp"

    Finished!




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:20:38 AM, on 10/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
    O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.pagoo.com/ActiveX/RCAXSetup.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
    O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 9124 bytes
  22. #12
  23. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Looks like we are making progress....

    Please continue by following the steps in THIS thread.


    When Done please post the logs from

    Malwarebytes I know another one
    Superantispyware
    Bitdefender online scan
    The HJT log and the Uninstall list as directed in the thread.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    Bitdefender scan failed even though I tried it several times.



    Malwarebytes' Anti-Malware 1.28
    Database version: 1259
    Windows 5.1.2600 Service Pack 2

    10/12/2008 10:05:28 AM
    mbam-log-2008-10-12 (10-05-28).txt

    Scan type: Quick Scan
    Objects scanned: 51027
    Time elapsed: 3 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 8
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)





    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/12/2008 at 10:44 AM

    Application Version : 4.21.1004

    Core Rules Database Version : 3595
    Trace Rules Database Version: 1582

    Scan type : Quick Scan
    Total Scan Time : 00:23:50

    Memory items scanned : 558
    Memory threats detected : 0
    Registry items scanned : 407
    Registry threats detected : 101
    File items scanned : 4419
    File threats detected : 57

    Adware.Tracking Cookie
    C:\Documents and Settings\Pwner\Cookies\pwner@casalemedia[1].txt
    C:\Documents and Settings\Pwner\Cookies\pwner@ad.m5prod[1].txt
    .maxserving.com [ C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\kkc3qitt.default\cookies.txt ]
    .revsci.net [ C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\kkc3qitt.default\cookies.txt ]
    .revsci.net [ C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\kkc3qitt.default\cookies.txt ]
    .fastclick.net [ C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\kkc3qitt.default\cookies.txt ]
    .tribalfusion.com [ C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\kkc3qitt.default\cookies.txt ]
    C:\Documents and Settings\Fred\Cookies\fred@247realmedia[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@2o7[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@account.juno[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@ad.m5prod[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@ad.yieldmanager[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@adopt.euroclick[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@adopt.specificclick[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@adrevolver[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@ads.addynamix[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@ads.pointroll[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@adserver[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@adultfriendfinder[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@advertising[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@apmebf[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@atdmt[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@bluestreak[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@bravenet[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@bs.serving-sys[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@burstnet[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@casalemedia[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@centralcoastnutra.directtrack[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@directtrack[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@doubleclick[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@dynamic.media.adrevolver[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@ehg-accuweather.hitbox[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@fastclick[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@hitbox[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@media.adrevolver[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@mediaplex[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@msnbc.112.2o7[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@partner2profit[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@paypal.112.2o7[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@questionmarket[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@realmedia[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@revsci[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@richmedia.yahoo[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@serving-sys[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@specificclick[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@tacoda[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@trafficmp[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@tremor.adbureau[2].txt
    C:\Documents and Settings\Fred\Cookies\fred@tribalfusion[1].txt
    C:\Documents and Settings\Fred\Cookies\fred@zedo[1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\anyuser@2o7[2].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@msnaccountservices.112.2o7[2].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@2o7[1].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@account.live[2].txt
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@questionmarket[1].txt

    Adware.WebHancer
    HKCR\WhIeHelperObj.WhIeHelperObj
    HKCR\WhIeHelperObj.WhIeHelperObj\CurVer
    HKCR\WhIeHelperObj.WhIeHelperObj.1
    HKCR\WhIeHelperObj.WhIeHelperObj.1\CLSID

    Trojan.Media-Codec
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On

    Malware.VirusBurst
    HKCR\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7}
    HKCR\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7}\1.0
    HKCR\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7}\1.0\0
    HKCR\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7}\1.0\0\win32
    HKCR\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7}\1.0\FLAGS
    HKCR\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7}\1.0\HELPDIR
    HKCR\Interface\{02313722-BB43-4C84-80A2-7CEDFC3F8560}
    HKCR\Interface\{02313722-BB43-4C84-80A2-7CEDFC3F8560}\ProxyStubClsid
    HKCR\Interface\{02313722-BB43-4C84-80A2-7CEDFC3F8560}\ProxyStubClsid32
    HKCR\Interface\{02313722-BB43-4C84-80A2-7CEDFC3F8560}\TypeLib
    HKCR\Interface\{02313722-BB43-4C84-80A2-7CEDFC3F8560}\TypeLib#Version
    HKCR\Interface\{0A03153E-AE2A-47FE-BBA3-3333C0EEEB86}
    HKCR\Interface\{0A03153E-AE2A-47FE-BBA3-3333C0EEEB86}\ProxyStubClsid
    HKCR\Interface\{0A03153E-AE2A-47FE-BBA3-3333C0EEEB86}\ProxyStubClsid32
    HKCR\Interface\{0A03153E-AE2A-47FE-BBA3-3333C0EEEB86}\TypeLib
    HKCR\Interface\{0A03153E-AE2A-47FE-BBA3-3333C0EEEB86}\TypeLib#Version
    HKCR\Interface\{13854DA2-8414-4007-9693-2B6E6002520E}
    HKCR\Interface\{13854DA2-8414-4007-9693-2B6E6002520E}\ProxyStubClsid
    HKCR\Interface\{13854DA2-8414-4007-9693-2B6E6002520E}\ProxyStubClsid32
    HKCR\Interface\{13854DA2-8414-4007-9693-2B6E6002520E}\TypeLib
    HKCR\Interface\{13854DA2-8414-4007-9693-2B6E6002520E}\TypeLib#Version
    HKCR\Interface\{1DF2A595-BB53-46D4-9EED-1343E066C2B0}
    HKCR\Interface\{1DF2A595-BB53-46D4-9EED-1343E066C2B0}\ProxyStubClsid
    HKCR\Interface\{1DF2A595-BB53-46D4-9EED-1343E066C2B0}\ProxyStubClsid32
    HKCR\Interface\{1DF2A595-BB53-46D4-9EED-1343E066C2B0}\TypeLib
    HKCR\Interface\{1DF2A595-BB53-46D4-9EED-1343E066C2B0}\TypeLib#Version
    HKCR\Interface\{21EFA4BF-6BAC-43E9-9465-9DDB4AC2967E}
    HKCR\Interface\{21EFA4BF-6BAC-43E9-9465-9DDB4AC2967E}\ProxyStubClsid
    HKCR\Interface\{21EFA4BF-6BAC-43E9-9465-9DDB4AC2967E}\ProxyStubClsid32
    HKCR\Interface\{21EFA4BF-6BAC-43E9-9465-9DDB4AC2967E}\TypeLib
    HKCR\Interface\{21EFA4BF-6BAC-43E9-9465-9DDB4AC2967E}\TypeLib#Version
    HKCR\Interface\{2CB87422-057A-4FFC-A518-6A728D6F5F65}
    HKCR\Interface\{2CB87422-057A-4FFC-A518-6A728D6F5F65}\ProxyStubClsid
    HKCR\Interface\{2CB87422-057A-4FFC-A518-6A728D6F5F65}\ProxyStubClsid32
    HKCR\Interface\{2CB87422-057A-4FFC-A518-6A728D6F5F65}\TypeLib
    HKCR\Interface\{2CB87422-057A-4FFC-A518-6A728D6F5F65}\TypeLib#Version
    HKCR\Interface\{52B75F3F-0016-4002-9A3A-B68BC9501ED1}
    HKCR\Interface\{52B75F3F-0016-4002-9A3A-B68BC9501ED1}\ProxyStubClsid
    HKCR\Interface\{52B75F3F-0016-4002-9A3A-B68BC9501ED1}\ProxyStubClsid32
    HKCR\Interface\{52B75F3F-0016-4002-9A3A-B68BC9501ED1}\TypeLib
    HKCR\Interface\{52B75F3F-0016-4002-9A3A-B68BC9501ED1}\TypeLib#Version
    HKCR\Interface\{6DDA751B-CA62-41C6-B622-EA4B4C2E51F8}
    HKCR\Interface\{6DDA751B-CA62-41C6-B622-EA4B4C2E51F8}\ProxyStubClsid
    HKCR\Interface\{6DDA751B-CA62-41C6-B622-EA4B4C2E51F8}\ProxyStubClsid32
    HKCR\Interface\{6DDA751B-CA62-41C6-B622-EA4B4C2E51F8}\TypeLib
    HKCR\Interface\{6DDA751B-CA62-41C6-B622-EA4B4C2E51F8}\TypeLib#Version
    HKCR\Interface\{88BDD61D-AC47-4D9E-A3ED-1CAA575593E6}
    HKCR\Interface\{88BDD61D-AC47-4D9E-A3ED-1CAA575593E6}\ProxyStubClsid
    HKCR\Interface\{88BDD61D-AC47-4D9E-A3ED-1CAA575593E6}\ProxyStubClsid32
    HKCR\Interface\{88BDD61D-AC47-4D9E-A3ED-1CAA575593E6}\TypeLib
    HKCR\Interface\{88BDD61D-AC47-4D9E-A3ED-1CAA575593E6}\TypeLib#Version
    HKCR\Interface\{A09DFAEF-BFA3-47CA-9479-D7EC79342146}
    HKCR\Interface\{A09DFAEF-BFA3-47CA-9479-D7EC79342146}\ProxyStubClsid
    HKCR\Interface\{A09DFAEF-BFA3-47CA-9479-D7EC79342146}\ProxyStubClsid32
    HKCR\Interface\{A09DFAEF-BFA3-47CA-9479-D7EC79342146}\TypeLib
    HKCR\Interface\{A09DFAEF-BFA3-47CA-9479-D7EC79342146}\TypeLib#Version
    HKCR\Interface\{B70B489C-F0D5-4DD9-A2BA-9B6DBCF5090A}
    HKCR\Interface\{B70B489C-F0D5-4DD9-A2BA-9B6DBCF5090A}\ProxyStubClsid
    HKCR\Interface\{B70B489C-F0D5-4DD9-A2BA-9B6DBCF5090A}\ProxyStubClsid32
    HKCR\Interface\{B70B489C-F0D5-4DD9-A2BA-9B6DBCF5090A}\TypeLib
    HKCR\Interface\{B70B489C-F0D5-4DD9-A2BA-9B6DBCF5090A}\TypeLib#Version
    HKCR\Interface\{B889DE48-EC10-4278-B3FF-76FEB7449215}
    HKCR\Interface\{B889DE48-EC10-4278-B3FF-76FEB7449215}\ProxyStubClsid
    HKCR\Interface\{B889DE48-EC10-4278-B3FF-76FEB7449215}\ProxyStubClsid32
    HKCR\Interface\{B889DE48-EC10-4278-B3FF-76FEB7449215}\TypeLib
    HKCR\Interface\{B889DE48-EC10-4278-B3FF-76FEB7449215}\TypeLib#Version
    HKCR\Interface\{C9CA446E-0484-4647-BBF0-3C129C42047C}
    HKCR\Interface\{C9CA446E-0484-4647-BBF0-3C129C42047C}\ProxyStubClsid
    HKCR\Interface\{C9CA446E-0484-4647-BBF0-3C129C42047C}\ProxyStubClsid32
    HKCR\Interface\{C9CA446E-0484-4647-BBF0-3C129C42047C}\TypeLib
    HKCR\Interface\{C9CA446E-0484-4647-BBF0-3C129C42047C}\TypeLib#Version
    HKCR\Interface\{D7DE2292-04DD-48FC-B250-5E9BFE6BB959}
    HKCR\Interface\{D7DE2292-04DD-48FC-B250-5E9BFE6BB959}\ProxyStubClsid
    HKCR\Interface\{D7DE2292-04DD-48FC-B250-5E9BFE6BB959}\ProxyStubClsid32
    HKCR\Interface\{D7DE2292-04DD-48FC-B250-5E9BFE6BB959}\TypeLib
    HKCR\Interface\{D7DE2292-04DD-48FC-B250-5E9BFE6BB959}\TypeLib#Version
    HKCR\Interface\{F9B659A0-6F32-4D69-A7D0-29A0B8CDDC16}
    HKCR\Interface\{F9B659A0-6F32-4D69-A7D0-29A0B8CDDC16}\ProxyStubClsid
    HKCR\Interface\{F9B659A0-6F32-4D69-A7D0-29A0B8CDDC16}\ProxyStubClsid32
    HKCR\Interface\{F9B659A0-6F32-4D69-A7D0-29A0B8CDDC16}\TypeLib
    HKCR\Interface\{F9B659A0-6F32-4D69-A7D0-29A0B8CDDC16}\TypeLib#Version
    HKCR\Interface\{FA13560C-D18C-4BE6-AE80-EBEFC6E5AD3C}
    HKCR\Interface\{FA13560C-D18C-4BE6-AE80-EBEFC6E5AD3C}\ProxyStubClsid
    HKCR\Interface\{FA13560C-D18C-4BE6-AE80-EBEFC6E5AD3C}\ProxyStubClsid32
    HKCR\Interface\{FA13560C-D18C-4BE6-AE80-EBEFC6E5AD3C}\TypeLib
    HKCR\Interface\{FA13560C-D18C-4BE6-AE80-EBEFC6E5AD3C}\TypeLib#Version

    Adware.ClickSpring/Outer Info Network
    HKCR\OINCS.OINAnalytics
    HKCR\OINCS.OINAnalytics\CLSID
    HKCR\OINCS.OINAnalytics\CurVer
    HKCR\OINCS.OINAnalytics.1
    HKCR\OINCS.OINAnalytics.1\CLSID

    Trojan.Unclassified/TestCPV
    HKCR\testcpv6.bho
    HKCR\testcpv6.bho\CLSID
    HKCR\testcpv6.bho\CurVer
    HKCR\testcpv6.bho.1
    HKCR\testcpv6.bho.1\CLSID

    Trojan.Unknown Origin
    C:\WINDOWS\VVNFUG\PPHIO0.VBS
  26. #14
  27. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:15:25 AM, on 10/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
    O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.pagoo.com/ActiveX/RCAXSetup.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
    O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 9593 bytes




    Uninstall list:


    Acrobat.com
    Acrobat.com
    Adobe Acrobat Reader 3.01
    Adobe AIR
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 9
    Adobe Shockwave Player 11
    AdWare Pro
    AnswerWorks 4.0 Runtime - English
    AppCore
    Apple Software Update
    AT&T Pop-Up Catcher
    Audacity 1.2.4
    AV
    CardRd81
    ccCommon
    CCleaner (remove only)
    CCScore
    CR2
    Enhancement Browser Tools Bigadnetwork
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    fflink
    FoxyTunes for Firefox
    getPlus(R) for Adobe
    Google Updater
    HijackThis 2.0.2
    Hotfix for Windows XP (KB952287)
    Icy Tower v1.3.1
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 7
    kgcbaby
    kgcbase
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kodak EasyShare software
    KSU
    Lexmark 2500 Series
    Lexmark Fax Solutions
    Lexmark Supplies Monitor
    Lexmark Toolbar
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Office Live Add-in beta
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works 7.0
    Mozilla Firefox (3.0.1)
    MSXML 4.0 SP2 (KB936181)
    Nero PhotoShow Express
    Nero Suite
    netbrdg
    NoAdware v5.0
    Norton AntiVirus Online (Symantec Corporation)
    Norton AntiVirus Parent MSI
    Norton AntiVirus SYMLT MSI
    Norton Protection Center
    Notifier
    OfotoXMI
    PCI SoftV92 Modem
    Photo Explosion 3.0 Special Edition
    QuickTime
    S3 S3Gamma2
    S3 S3Info2
    S3 S3Overlay
    S3 S3TrayPlus
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 8 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    SFR
    SFR2
    SHASTA
    skin0001
    SKINXSDK
    Skype™ 3.8
    Spybot - Search & Destroy 1.4
    staticcr
    SUPERAntiSpyware Free Edition
    Symantec
    TextBridge Pro 8.0
    tooltips
    TurboTax Deluxe 2007
    UniChrome Pro IGP Display Driver and Utilities
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    VIA Platform Device Manager
    VIA Vinyl Audio Codecs Driver Setup Program
    VideoLAN VLC media player 0.8.5
    Viewpoint Media Player
    VPRINTOL
    Winamp (remove only)
    Windows Installer 3.1 (KB893803)
    Windows Live Sign-in Assistant
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WIRELESS
    WordPerfect Office 12
  28. #15
  29. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Uninstall

    AdWare Pro
    AT&T Pop-Up Catcher
    Enhancement Browser Tools Bigadnetwork
    J2SE Runtime Environment 5.0 Update 9
    NoAdware v5.0
    Spybot - Search & Destroy 1.4
    Viewpoint Media Player


    Also, Is your Norton paid and UP TO Date????


    If it is out of date uninstall it as well.


    Next

    Download Dr.Web CureIt! from HERE to your Desktop.

    When you have done this, boot into safe mode (restart your computer and tap F8 continuously as it restarts)

    Doubleclick on the drweb cureit.exe file and click on Start and Ok and allow it to run the express scan. This is a short scan and will scan all files currently running in memory. If something is found, click the Yes button when it asks you if you want to cure it but do not ok any delete option.

    Once the short scan has finished, click on Custom Scan and choose the drives that you want to scan. Click on the drive to select it. A red dot shows which drives have been chosen. Click the green arrow > to the right and the scan will begin.

    When the scan has finished, click the "Select all" button and then click on the Move button. This will move any infected files to the %userprofile%\DoctorWeb\quarantine folder.

    Next and this is important, from the main Dr.Web CureIt menu (top left), click File and choose save report list and save the report to your desktop. The report will be called DrWeb.csv and it can be opened in Notepad.

    Close Cureit and restart your computer to completely remove any stubborn files. You may get a message saying "No operations performed with some objects in list. Exit program". If so, click "Yes" (You may get a popup offering you a discount if you purchase DrWeb AntiVirus. You may or may not wish to take advantage of this offer later but for now, just close the popup and wait for the scan to finish).
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

Page 1 of 3 123 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo