Multiple Pop-ups And Possible Malware

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Multiple Pop-ups And Possible Malware, I don't know how to resolve either of these after Adaware and Spyb

Options

kdods View Member Profile	May 20 2008, 02:40 AM Post #1
New Member Group: Members Posts: 7 Joined: 29-March 08 Member No.: 199,721	Avira AntiVir Personal Report file date: Saturday, May 17, 2008 23:25 Scanning for 1262699 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: UPSTAIRSPUTER Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 16:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 15:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 15:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 15:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 17:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 20:08:58 ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 5/5/2008 20:39:04 ANTIVIR3.VDF : 7.0.4.27 146944 Bytes 5/12/2008 20:39:05 Engineversion : 8.1.0.42 AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 16:58:21 AESCRIPT.DLL : 8.1.0.31 262522 Bytes 5/12/2008 20:39:18 AESCN.DLL : 8.1.0.16 119156 Bytes 5/12/2008 20:39:17 AERDL.DLL : 8.1.0.20 418165 Bytes 5/12/2008 20:39:16 AEPACK.DLL : 8.1.1.4 364918 Bytes 5/12/2008 20:39:15 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 5/12/2008 20:39:13 AEHEUR.DLL : 8.1.0.26 1237366 Bytes 5/12/2008 20:39:11 AEHELP.DLL : 8.1.0.14 115063 Bytes 5/12/2008 20:39:09 AEGEN.DLL : 8.1.0.20 299380 Bytes 5/12/2008 20:39:09 AEEMU.DLL : 8.1.0.6 430451 Bytes 5/12/2008 20:39:08 AECORE.DLL : 8.1.0.28 168310 Bytes 5/12/2008 20:39:07 AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 00:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 17:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 20:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 00:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 15:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 00:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 21:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 19:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, F:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Monday, May 12, 2008 23:25 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'RoxMediaDB9.exe' - '1' Module(s) have been scanned Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RoxLiveShare9.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'mssysmgr.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'apdproxy.exe' - '1' Module(s) have been scanned Scan process 'RoxioUpnpService9.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'hnm_svc.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'ACService.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'savedump.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 38 processes with 38 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'F:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '17' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0089511.exe [WARNING] No further files can be extracted from this archive. The archive will be closed C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0091318.exe [DETECTION] Is the Trojan horse TR/Vapsup.evv [NOTE] The file was deleted! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0091319.dll [DETECTION] Is the Trojan horse TR/Vapsup.evv.2 [NOTE] The file was deleted! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0092292.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was deleted! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0092296.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was deleted! End of the scan: Monday, May 19, 2008 16:35 Used time: 41:10:29 min The scan has been canceled! 13953 Scanning directories 477969 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 4 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 477965 Files not concerned 4305 Archives were scanned 2 Warnings 4 Notes Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:39:47 AM, on 5/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\EAGAME~1\THESIM~1\TSBin\Sims2.exe C:\DOCUME~1\Kacey\LOCALS~1\Temp\~e5.0001 C:\WINDOWS\explorer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: mkrndofl - {091E4684-9A84-453B-A5AC-E82BCD2109E2} - C:\WINDOWS\mkrndofl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [fvjnorui] C:\WINDOWS\system32\jqbsfulg.exe O4 - HKLM\..\Policies\Explorer\Run: [wA4xHCqJFD] C:\Documents and Settings\All Users\Application Data\nolwjwpg\xynsjads.exe O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0327 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0314 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0320 O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0312 O21 - SSODL: wetkadmr - {AE081E61-2237-4625-9866-F678204F7025} - C:\WINDOWS\wetkadmr.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 8387 bytes

Thunder View Member Profile	May 22 2008, 06:43 AM Post #2
Forum Addict Group: HJT Team Posts: 3,291 Joined: 12-December 05 From: Belgium Member No.: 44,294	Hello Kdods and welcome to BleepingComputer, 1. * Clean your Cache and Cookies in IE: Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tab Under Browsing History, click Delete. Click Delete Files, Delete cookies and Delete history Click Close below. * Clean your Cache and Cookies in Firefox (In case you also have Firefox installed): Go to Tools > Options. Click Privacy in the menu.. Click the Clear now button below.. A new window will popup what to clear. Select all and click the Clear button again. Click OK to close the Options window * Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked. Press OK to remove them. 2. Please download Malwarebytes' Anti-Malware from Here or Here Doubleclick mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply along with a fresh HijackThis log. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. 3. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you . In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial. It must be saved directly to your desktop. Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze. Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !! Greetings, Thunder -------------------- Whatever happens, make believe it was intended to ... ----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware. ----------------------------------------------------------------------- Stand Up & Be Counted --> <-- And make a difference

kdods View Member Profile	May 23 2008, 07:07 AM Post #3
New Member Group: Members Posts: 7 Joined: 29-March 08 Member No.: 199,721	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:06:36 AM, on 5/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [fvjnorui] C:\WINDOWS\system32\jqbsfulg.exe O4 - HKLM\..\Policies\Explorer\Run: [wA4xHCqJFD] C:\Documents and Settings\All Users\Application Data\nolwjwpg\xynsjads.exe O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0327 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0314 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0320 O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0312 O20 - Winlogon Notify: geBqQGaa - C:\WINDOWS\ O21 - SSODL: wetkadmr - {AE081E61-2237-4625-9866-F678204F7025} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 8933 bytes Malwarebytes' Anti-Malware 1.12 Database version: 779 Scan type: Quick Scan Objects scanned: 86564 Time elapsed: 31 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 4 Registry Keys Infected: 60 Registry Values Infected: 8 Registry Data Items Infected: 2 Folders Infected: 16 Files Infected: 156 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\geBrpnLC.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\gsihrbij.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\geBqQGaa.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\wetkadmr.dll (Trojan.FakeAlert) -> Unloaded module successfully. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29c8bdc2-f194-47c0-8e18-1c8da48acc48} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{29c8bdc2-f194-47c0-8e18-1c8da48acc48} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\actvtalk.tchongabho (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cf26fac0-7d4e-46d8-ae64-b277b11443ac} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf26fac0-7d4e-46d8-ae64-b277b11443ac} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\colorutility.colorutility (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\colorutility.colorutility.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebqqgaa (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vipantispyware_is1 (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\IQSoftware (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ae081e61-2237-4625-9866-f678204f7025} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{40815a9a-bc7c-46d1-837d-a49ed3444f06} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40815a9a-bc7c-46d1-837d-a49ed3444f06} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{091e4684-9a84-453b-a5ac-e82bcd2109e2} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mkrndofl.btqo (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mkrndofl.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MSVPS.MSVPSApp (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1cd17f19 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page (Trojan.FakeAlert) -> Delete on reboot. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wetkadmr (Trojan.FakeAlert) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{091e4684-9a84-453b-a5ac-e82bcd2109e2} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrpnlc -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrpnlc -> Delete on reboot. Folders Infected: C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\ColorUtility (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\vipantispyware (Rogue.VIPAantispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\virii (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\geBrpnLC.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\CLnprBeg.ini (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\CLnprBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gsihrbij.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\jibrhisg.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kbesknib.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\binksebk.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pmnnNgfc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cfgNnnmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cfgNnnmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\twbftmdh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hdmtfbwt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\actvtalk.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\ColorUtility\ColorUtility.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\geBqQGaa.dll (Trojan.Vundo) -> Delete on reboot. C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkIxYst.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rwfynkdm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Local Settings\Temp\temp.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Local Settings\Temp\_addon.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Local Settings\Temporary Internet Files\Content.IE5\4QEFV3P4\setup_204_501_[1].exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Local Settings\Temporary Internet Files\Content.IE5\8MZYAST5\setup[1].exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Local Settings\Temporary Internet Files\Content.IE5\AFIN9MQE\hctp[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\alarm.wav (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\click.wav (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\config.cfg (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dbinfo (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\success.wav (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\unins000.dat (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\unins000.exe (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\vipantispyware.exe (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\vipantispyware.url (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\def2.base (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\defbase0.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\defbase1.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\defbase2.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\defbase3.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\defbase4.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\defbase5.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\defbase6.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\defbase7.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\defbase8.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\immunization.pl (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\license (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\sig2.base (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\sigrules.rul (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Program Files\vipantispyware\dll\update.scr (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\ColorUtility\uninstall.dat (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\ColorUtility\Uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080518182352875.log (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\vipantispyware\Uninstall vipantispyware.lnk (Rogue.VIPAantispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\vipantispyware\vipantispyware on the Web.lnk (Rogue.VIPAantispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\vipantispyware\vipantispyware.lnk (Rogue.VIPAantispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\virii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\virii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\virii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\virii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\virii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Not selected for removal. C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\~.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\winxplogon.sys (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\wetkadmr.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\svorbmke.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\qvlbodmnmle.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\mkrndofl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Yazzle1409OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\blackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\EditorFKWP1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\EditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\filemanagerclient.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\fkwp1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\fkwp2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\fwebd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\FWebdEditor.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\Trojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Application Data\Microsoft\Internet Explorer\Quick Launch\vipantispyware.lnk (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\vipantispyware.lnk (Rogue.VIPAntispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Kacey\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Kacey\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Kacey\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Kacey\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Kacey\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Kacey\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Hunter\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. ComboFix 08-05-21.3 - Kacey 2008-05-23 6:39:09.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.506 [GMT -5:00] Running from: C:\Documents and Settings\Kacey\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Angi\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Kacey\Start Menu\Programs\engagesidebar C:\Documents and Settings\Kacey\Start Menu\Programs\engagesidebar\Uninstall.lnk C:\Documents and Settings\Kalene\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Program Files\engagesidebar C:\Program Files\engagesidebar\EffBar.dll C:\Program Files\engagesidebar\magn.bmp C:\Program Files\engagesidebar\style.css C:\WINDOWS\cookies.ini C:\WINDOWS\esbagent.jpg C:\WINDOWS\esblogo.jpg C:\WINDOWS\system32\caomfckh.ini C:\WINDOWS\system32\CLnprBeg.ini C:\WINDOWS\system32\ebjnltfk.ini C:\WINDOWS\system32\ehrhfpfl.ini C:\WINDOWS\system32\elvaqddo.ini C:\WINDOWS\system32\geBrpnLC.dll C:\WINDOWS\system32\jwgphqvw.ini C:\WINDOWS\system32\ldresb C:\WINDOWS\system32\ldresb\Ldresb.exe C:\WINDOWS\system32\ldresb\setup.dat C:\WINDOWS\system32\ldresb\update.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\pdiebhki.ini C:\WINDOWS\system32\piymvtxl.ini C:\WINDOWS\system32\regc64.dll C:\WINDOWS\system32\shlesb.dll C:\WINDOWS\system32\somardvk.ini C:\WINDOWS\system32\xoxkpmev.ini C:\WINDOWS\system32\xrnhrphw.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NWSAPAGENT -------\Service_NwSapAgent ((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))) . 2008-05-22 21:52 . 2008-05-22 21:52 <DIR> d-------- C:\Documents and Settings\Kacey\Application Data\Malwarebytes 2008-05-22 21:50 . 2008-05-22 21:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-22 21:50 . 2008-05-22 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-22 21:50 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-22 21:50 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-12 20:42 . 2008-05-12 20:42 15 --a------ C:\WINDOWS\system32\1cd16d97 2008-05-12 15:35 . 2008-05-12 15:35 <DIR> d-------- C:\Program Files\Avira 2008-05-12 15:35 . 2008-05-12 15:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-08 16:58 . 2008-05-08 16:58 <DIR> d-------- C:\Documents and Settings\Kacey\Application Data\Leadertech 2008-05-07 15:53 . 2008-05-07 15:54 <DIR> d-------- C:\Documents and Settings\Kacey\Application Data\NCH Swift Sound 2008-05-07 15:53 . 2008-04-28 23:36 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll 2008-05-05 19:51 . 2008-05-05 19:51 <DIR> d-------- C:\Documents and Settings\Hunter\Application Data\TmpRecentIcons 2008-05-05 18:32 . 2008-05-22 21:45 <DIR> d-------- C:\Documents and Settings\Kacey\Application Data\TmpRecentIcons 2008-05-05 13:17 . 2008-05-12 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nolwjwpg 2008-04-28 23:51 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-27 11:43 . 2008-04-27 11:44 <DIR> d-------- C:\Program Files\Safari . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Long slow road itch 2008-05-12 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-08 22:03 --------- d-----w C:\Documents and Settings\Kacey\Application Data\Nero 2008-05-08 21:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-05-07 20:54 --------- d-----w C:\Program Files\NCH Swift Sound 2008-05-04 23:45 --------- d-----w C:\Program Files\Java 2008-05-02 23:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-04-30 03:40 --------- d-----w C:\Program Files\FrostWire 2008-04-29 04:36 --------- d-----w C:\Program Files\LimeWire 2008-04-29 04:29 --------- d-----w C:\Documents and Settings\Kacey\Application Data\FrostWire 2008-04-27 16:52 --------- d-----w C:\Program Files\iTunes 2008-04-27 16:51 --------- d-----w C:\Program Files\iPod 2008-04-27 16:49 --------- d-----w C:\Program Files\QuickTime 2008-04-22 23:12 --------- d-----w C:\Program Files\Apple Software Update 2008-04-15 02:21 --------- d-----w C:\Program Files\Rhapsody 2008-04-15 02:21 --------- d-----w C:\Program Files\Real 2008-04-14 02:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Musicnotes 2008-04-06 20:56 --------- d-----w C:\Program Files\World of Warcraft 2008-04-01 00:02 --------- d-----w C:\Documents and Settings\Kacey\Application Data\Roxio 2008-03-31 22:41 --------- d-----w C:\Program Files\MIDI Maestro MM4 2008-03-30 05:09 --------- d-----w C:\Program Files\Trend Micro 2008-03-30 03:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-30 03:30 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-03-30 03:30 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2008-03-30 03:30 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-03-28 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-03-28 20:47 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-03-28 07:36 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-28 07:36 --------- d-----w C:\Program Files\Bonjour 2008-03-28 07:27 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-03-28 05:22 --------- d-----w C:\Program Files\Poster Forge 2008-03-28 04:58 --------- d-----w C:\Program Files\IE Motivational Poster Maker 2008-03-27 03:00 --------- d-----w C:\Program Files\ConquerCam 2008-03-27 02:33 --------- d-----w C:\Documents and Settings\Kacey\Application Data\Uniblue 2008-03-25 00:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5 2008-03-24 23:09 166,777 ----a-w C:\WINDOWS\Video Cleaner Pro Uninstaller.exe 2008-03-24 23:09 --------- d-----w C:\Program Files\River Past 2008-03-24 23:09 --------- d-----w C:\Program Files\Common Files\River Past 2008-03-24 23:09 --------- d-----w C:\Documents and Settings\Kacey\Application Data\River Past G5 2008-03-24 23:01 --------- d-----w C:\Program Files\Microsoft GIF Animator 2008-03-24 22:40 --------- d-----w C:\Program Files\Speedcube Timer 2008-03-24 22:12 --------- d-----w C:\Program Files\Microsoft Visual Studio .NET 2003 2008-03-24 22:12 --------- d-----w C:\Program Files\Common Files\Crystal Decisions 2008-02-27 02:36 33,019 ----a-w C:\WINDOWS\system32\CoreAAC-uninstall.exe 2006-10-12 02:56 88 --sh--r C:\WINDOWS\system32\18B0BD4B20.sys 2006-09-09 21:21 56 --sh--r C:\WINDOWS\system32\204BBDB018.sys 2006-10-12 02:56 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ------- Sigcheck ------- 2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2004-08-04 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2006-08-12 07:59 359808 ba57942c0029b0878afba052a3e33689 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BC0DC4F-043B-4D73-90D0-A0D54F961488}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40815A9A-BC7C-46D1-837D-A49ED3444F06}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE86878F-D099-4FFC-A4DC-E51D192063B1}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF26FAC0-7D4E-46D8-AE64-B277B11443AC}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2008-02-12 10:02 353544] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "fvjnorui"="C:\WINDOWS\system32\jqbsfulg.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "@"="" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-08-17 10:14:08 1447184] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "wA4xHCqJFD"= C:\Documents and Settings\All Users\Application Data\nolwjwpg\xynsjads.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBqQGaa] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.XVID"= xvid.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU] c:\dell\bldbubg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a------ 2006-08-28 22:57 395776 C:\Program Files\Dell Support\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2006-09-11 05:40 218032 c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2006-09-11 05:40 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz] c:\progra~1\mcafee.com\agent\mcregwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2003-11-19 17:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"= "C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"= "C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUpnpService9.exe"= "C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxLiveShare9.exe"= "C:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\FrostWire\\FrostWire.exe"= "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "C:\\Program Files\\ConquerCam\\ConquerCam.exe"= "C:\\Program Files\\World of Warcraft\\WoW-2.3.3.7799-to-2.4.0.8089-enUS-downloader.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "42971:TCP"= 42971:TCP:PORT_42971 "11088:TCP"= 11088:TCP:PORT_11088 "6112:TCP"= 6112:TCP:Blizzard Downloader "33240:TCP"= 33240:TCP:PORT_33240 "32991:TCP"= 32991:TCP:PORT_32991 "49048:TCP"= 49048:TCP:PORT_49048 "5147:TCP"= 5147:TCP:PORT_5147 "46639:TCP"= 46639:TCP:PORT_46639 "59749:TCP"= 59749:TCP:PORT_59749 "44347:TCP"= 44347:TCP:PORT_44347 "18408:TCP"= 18408:TCP:PORT_18408 "10026:TCP"= 10026:TCP:PORT_10026 "26843:TCP"= 26843:TCP:PORT_26843 "38319:TCP"= 38319:TCP:PORT_38319 "41095:TCP"= 41095:TCP:PORT_41095 "47621:TCP"= 47621:TCP:PORT_47621 "42005:TCP"= 42005:TCP:PORT_42005 "54198:TCP"= 54198:TCP:PORT_54198 "60841:TCP"= 60841:TCP:PORT_60841 "60705:TCP"= 60705:TCP:PORT_60705 "17475:TCP"= 17475:TCP:PORT_17475 "8137:TCP"= 8137:TCP:PORT_8137 "18026:TCP"= 18026:TCP:PORT_18026 "10687:TCP"= 10687:TCP:PORT_10687 "60395:TCP"= 60395:TCP:PORT_60395 "23651:TCP"= 23651:TCP:PORT_23651 "22525:TCP"= 22525:TCP:PORT_22525 "27007:TCP"= 27007:TCP:PORT_27007 "64665:TCP"= 64665:TCP:PORT_64665 "51705:TCP"= 51705:TCP:PORT_51705 "24651:TCP"= 24651:TCP:PORT_24651 "61168:TCP"= 61168:TCP:PORT_61168 "28245:TCP"= 28245:TCP:PORT_28245 "52846:TCP"= 52846:TCP:PORT_52846 "46836:TCP"= 46836:TCP:PORT_46836 "19775:TCP"= 19775:TCP:PORT_19775 "31988:TCP"= 31988:TCP:PORT_31988 "50674:TCP"= 50674:TCP:PORT_50674 "58386:TCP"= 58386:TCP:PORT_58386 "64553:TCP"= 64553:TCP:PORT_64553 "61257:TCP"= 61257:TCP:PORT_61257 "37394:TCP"= 37394:TCP:PORT_37394 "38924:TCP"= 38924:TCP:PORT_38924 "21424:TCP"= 21424:TCP:PORT_21424 "49339:TCP"= 49339:TCP:PORT_49339 "49928:TCP"= 49928:TCP:PORT_49928 "20224:TCP"= 20224:TCP:PORT_20224 "7825:TCP"= 7825:TCP:PORT_7825 "19310:TCP"= 19310:TCP:PORT_19310 "54166:TCP"= 54166:TCP:PORT_54166 "18465:TCP"= 18465:TCP:PORT_18465 "22243:TCP"= 22243:TCP:PORT_22243 "63198:TCP"= 63198:TCP:PORT_63198 "20211:TCP"= 20211:TCP:PORT_20211 "7726:TCP"= 7726:TCP:PORT_7726 "8321:TCP"= 8321:TCP:PORT_8321 "8266:TCP"= 8266:TCP:PORT_8266 "27054:TCP"= 27054:TCP:PORT_27054 "7081:TCP"= 7081:TCP:PORT_7081 "29915:TCP"= 29915:TCP:PORT_29915 "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "62882:TCP"= 62882:TCP:PORT_62882 "56591:TCP"= 56591:TCP:PORT_56591 "19850:TCP"= 19850:TCP:PORT_19850 "38623:TCP"= 38623:TCP:PORT_38623 "7878:TCP"= 7878:TCP:PORT_7878 "48977:TCP"= 48977:TCP:PORT_48977 "51160:TCP"= 51160:TCP:PORT_51160 "31701:TCP"= 31701:TCP:PORT_31701 "24195:TCP"= 24195:TCP:PORT_24195 "34096:TCP"= 34096:TCP:PORT_34096 "16386:TCP"= 16386:TCP:PORT_16386 "58035:TCP"= 58035:TCP:PORT_58035 "52987:TCP"= 52987:TCP:PORT_52987 "39639:TCP"= 39639:TCP:PORT_39639 "9024:TCP"= 9024:TCP:PORT_9024 "60273:TCP"= 60273:TCP:PORT_60273 "39248:TCP"= 39248:TCP:PORT_39248 "35112:TCP"= 35112:TCP:PORT_35112 "29783:TCP"= 29783:TCP:PORT_29783 "52050:TCP"= 52050:TCP:PORT_52050 "53529:TCP"= 53529:TCP:PORT_53529 "23882:TCP"= 23882:TCP:PORT_23882 "41116:TCP"= 41116:TCP:PORT_41116 "38062:TCP"= 38062:TCP:PORT_38062 "59571:TCP"= 59571:TCP:PORT_59571 "43787:TCP"= 43787:TCP:PORT_43787 "64851:TCP"= 64851:TCP:PORT_64851 "30941:TCP"= 30941:TCP:PORT_30941 "58546:TCP"= 58546:TCP:PORT_58546 "49070:TCP"= 49070:TCP:PORT_49070 "19370:TCP"= 19370:TCP:PORT_19370 "62633:TCP"= 62633:TCP:PORT_62633 "44258:TCP"= 44258:TCP:PORT_44258 "46281:TCP"= 46281:TCP:PORT_46281 "11163:TCP"= 11163:TCP:PORT_11163 "22365:TCP"= 22365:TCP:PORT_22365 "31278:TCP"= 31278:TCP:PORT_31278 "17495:TCP"= 17495:TCP:PORT_17495 "29244:TCP"= 29244:TCP:PORT_29244 "53401:TCP"= 53401:TCP:PORT_53401 "49416:TCP"= 49416:TCP:PORT_49416 "35213:TCP"= 35213:TCP:PORT_35213 "18823:TCP"= 18823:TCP:PORT_18823 "10355:TCP"= 10355:TCP:PORT_10355 "65288:TCP"= 65288:TCP:PORT_65288 "43150:TCP"= 43150:TCP:PORT_43150 "55288:TCP"= 55288:TCP:PORT_55288 "52224:TCP"= 52224:TCP:PORT_52224 "12893:TCP"= 12893:TCP:PORT_12893 "60263:TCP"= 60263:TCP:PORT_60263 "56629:TCP"= 56629:TCP:PORT_56629 "54960:TCP"= 54960:TCP:PORT_54960 "52883:TCP"= 52883:TCP:PORT_52883 "12870:TCP"= 12870:TCP:PORT_12870 "21701:TCP"= 21701:TCP:PORT_21701 "51060:TCP"= 51060:TCP:PORT_51060 "62396:TCP"= 62396:TCP:PORT_62396 "27773:TCP"= 27773:TCP:PORT_27773 "63280:TCP"= 63280:TCP:PORT_63280 "22375:TCP"= 22375:TCP:PORT_22375 "38664:TCP"= 38664:TCP:PORT_38664 "14106:TCP"= 14106:TCP:PORT_14106 "63624:TCP"= 63624:TCP:PORT_63624 "41378:TCP"= 41378:TCP:PORT_41378 R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2007-10-11 09:45] R3 urvpndrv;F5 Networks VPN Adapter;C:\WINDOWS\system32\DRIVERS\urvpndrv.sys [2007-02-22 22:29] R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01] S3 f5ipfw;F5 Networks StoneWall Filter;C:\WINDOWS\system32\drivers\urfltw2k.sys [2005-12-15 02:41] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 16:10] S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 11:24] S3 SIWIO;SIWIO;C:\WINDOWS\TEMP\SiwIo.sys [] . Contents of the 'Scheduled Tasks' folder "2008-05-23 00:21:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-16 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (HOMEPC-Michael).job" - c:\program files\mcafee.com\vso\mcmnhdlr.exe "2006-10-30 13:02:04 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job" - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1 "2008-05-21 23:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2008-05-23 11:49:02 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-05-22 08:00:00 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2008-05-16 02:31:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-03-26 21:41:03 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-23 06:49:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************ . Completion time: 2008-05-23 6:59:58 - machine was rebooted [Kacey] ComboFix-quarantined-files.txt 2008-05-23 11:59:22 Pre-Run: 100,530,892,800 bytes free Post-Run: 101,895,356,416 bytes free 388 --- E O F --- 2007-12-20 04:51:53

Thunder View Member Profile	May 23 2008, 06:12 PM Post #4
Forum Addict Group: HJT Team Posts: 3,291 Joined: 12-December 05 From: Belgium Member No.: 44,294	Quite a collection you had there, Kdods Please pay attention to this : QUOTE Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you . Install the Recovery Console before proceeding !! Then, let's clean up some more : Open Notepad - don't use any other texteditor than Notepad or the script will fail ! Copy/paste the bold, blue text below into an empty notepad window: Folder:: C:\WINDOWS\system32\1cd16d97 C:\Documents and Settings\All Users\Application Data\nolwjwpg C:\Documents and Settings\All Users\Application Data\Long slow road itch Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BC0DC4F-043B-4D73-90D0-A0D54F961488}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40815A9A-BC7C-46D1-837D-A49ED3444F06}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE86878F-D099-4FFC-A4DC-E51D192063B1}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF26FAC0-7D4E-46D8-AE64-B277B11443AC}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "fvjnorui"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "wA4xHCqJFD"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBqQGaa] Save this as txtfile CFScript Then drag the CFScript into ComboFix.exe as you see in the screenshot below. This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog. Are you still having problems ? Greetingd, Thunder -------------------- Whatever happens, make believe it was intended to ... ----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware. ----------------------------------------------------------------------- Stand Up & Be Counted --> <-- And make a difference

Thunder View Member Profile	Jun 21 2008, 05:28 PM Post #5
Forum Addict Group: HJT Team Posts: 3,291 Joined: 12-December 05 From: Belgium Member No.: 44,294	Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed. If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Whatever happens, make believe it was intended to ... ----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware. ----------------------------------------------------------------------- Stand Up & Be Counted --> <-- And make a difference

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 4th July 2009 - 08:34 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List \| Virus Removal Guides
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides Archive