Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer And Other Problems


  • This topic is locked This topic is locked
5 replies to this topic

#1 talag1ga

talag1ga

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 08 November 2007 - 10:08 AM

Massive amounts of pop ups appearing on my computer and also messages desquised as windows messages attemting me to download stuff. I believe there is a rouge spyware program called Spy Guard Pro that I am unable to uninstall. It also will not let me delete the program and related files. Installed McAfee and it is detecting the Winfixer bug and other adware trogan but is unable to uninstall it. My system is at critical status please help. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:23 AM, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ihljhesx.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\COMMON~1\SPYGUA~1\ugcw.exe
C:\Program Files\Common Files\SpyGuardPro\bm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator.COMPLYLINK\Application Data\?ppPatch\l?ass.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Office2000\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {1527D63F-7241-44F1-BE73-2C1A85F44FEC} - C:\Program Files\Online Services\hosebuj83122.dll (file missing)
O2 - BHO: 0 - {3366EB32-841F-4A64-6096-479B4BF70E5B} - C:\Program Files\Messenger\lafutekef293.dll (file missing)
O2 - BHO: (no name) - {351B7A15-6A12-4346-9FFA-71A75DF26888} - C:\WINDOWS\system32\inetIST.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - C:\Program Files\Muwrzroi\oybcjvdy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\byxxvtq.dll
O2 - BHO: CIEIntegrator Object - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - C:\Program Files\SpyGuardPro\Tools\pg.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {97D8D867-60FA-3B23-D22B-4BE6048C5CB0} - C:\WINDOWS\system32\vlkupbd.dll
O2 - BHO: {99a0b6c7-f623-ce0b-c8f4-c433740b9d3a} - {a3d9b047-334c-4f8c-b0ec-326f7c6b0a99} - C:\WINDOWS\system32\snervmor.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\nqqqyrbv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B31D40E7-0890-4D4C-BE36-C101ED7240A6} - C:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\nqqqyrbv.dll
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [SpyGuardPro] C:\Program Files\SpyGuardPro\pgs.exe
O4 - HKLM\..\Run: [ugcw] "C:\PROGRA~1\COMMON~1\SPYGUA~1\ugcw.exe" -start
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SpyGuardPro\bm.exe" dm=http://spyguardpro.com; ad=http://spyguardpro.com
O4 - HKLM\..\Run: [lqlcxydg] rundll32.exe "C:\Program Files\glytyrgn\kxgtapob.dll",Init
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinmldq.exe CHD001
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [qxafwlkx] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\qxafwlkx.dll"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ccfb738f] rundll32.exe "C:\WINDOWS\system32\mgvyflyg.dll",b
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Hcdbbl] "C:\Documents and Settings\Administrator.COMPLYLINK\Application Data\?ppPatch\l?ass.exe"
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsrngt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = E-SUPPLYLINK
O17 - HKLM\Software\..\Telephony: DomainName = E-SUPPLYLINK
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = E-SUPPLYLINK
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = E-SUPPLYLINK
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: byxxvtq - C:\WINDOWS\SYSTEM32\byxxvtq.dll
O20 - Winlogon Notify: inetIST - inetIST.dll (file missing)
O20 - Winlogon Notify: nqqqyrbv - C:\WINDOWS\SYSTEM32\nqqqyrbv.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O21 - SSODL: Rtfctl - {9147CC94-B4EC-41B6-9076-7A8F6BAE0FC4} - C:\WINDOWS\system32\statftp.dll
O23 - Service: McAfee Application Installer Cleanup (0162431194455129) (0162431194455129mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\ADMINI~1.COM\LOCALS~1\Temp\016243~1.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\ihljhesx.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: WebSphere Embedded Messaging Publish And SubscribeWAS_localhost_server1 (WebSphereEmbeddedMessagingPublishAndSubscribeWAS_localhost_server1) - Unknown owner - c:/Program Files/IBM/WebSphere MQ/WEMPS/bin/bipservice.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\pronyjadud.html
O24 - Desktop Component 1: (no name) - http://www.blueplanetbiomes.org/images/bald_eagle.jpg

--
End of file - 12019 bytes

BC AdBot (Login to Remove)

 


m

#2 talag1ga

talag1ga
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 08 November 2007 - 11:27 AM

I thought I would clarify a little more on my problem. I was attacked last weekend when I opened my computer and craziness was happening. Outerinfo was installed as well as WebBuying and MalwareAlarm. I went to my add/remove programs and removed everything I didn't install and looked suspicious. I was unable to remove a program I never installed called SpyGuardPro. When trying to uninstall it opens a IE window asking me to fill out a survery and does nothing. Programs icons are consistantly appearing on my desktop for Casinos, fake spyware removal tools and more. I get a yellow triangle in my task bar that trys to get me to download syware programs. I a recieving windows messages that try to get me to download programs and more spyware. It really has ahold of my PC. This is a developer PC that I use for work and is realy important that I get this fixed. I ran SpyBot Search and destroy and got rid of some things. I also ran AVG and got rid of some things and I ran McAfee and got rid of some things. McAfee keeps detecting Winfixer but is unable to install it. It points to the SpyGuardPro directory as the location of the Winfixer exe. I cannot delete it though. I really would appreciate someones help on this since I am not a Hijack this expert. Please help, Thank you.

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:49 PM

Posted 08 November 2007 - 12:25 PM

Hello talag1ga,

Welcome to Bleeping Computer :thumbsup:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 talag1ga

talag1ga
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 08 November 2007 - 03:22 PM

Here is the combofix log:

ComboFix 07-11-08.1 - Administrator 2007-11-08 14:31:03.1 - NTFSx86
Running from: C:\Documents and Settings\Administrator.COMPLYLINK\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator.COMPLYLINK\Application Data\PPPATC~1
C:\Documents and Settings\Administrator.COMPLYLINK\Application Data\PPPATC~1\l?ass.exe
C:\Documents and Settings\Administrator.COMPLYLINK\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\Administrator.COMPLYLINK\Desktop\Free Online Dating.lnk
C:\Documents and Settings\Administrator.COMPLYLINK\Desktop\Go to Casino.lnk
C:\Documents and Settings\Administrator.COMPLYLINK\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator.COMPLYLINK\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator.COMPLYLINK\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Administrator.COMPLYLINK\g2mdlhlpx.exe
C:\Documents and Settings\Administrator.COMPLYLINK\My Documents\YSTEM3~1
C:\Documents and Settings\Administrator.COMPLYLINK\My Documents\YSTEM3~1\?ystem32\
C:\Documents and Settings\Administrator.COMPLYLINK\ResErrors.log
C:\Documents and Settings\Administrator.COMPLYLINK\Start Menu\Programs\Startup\TA_Start.lnk
C:\Documents and Settings\All Users.WINDOWS\Application Data.\qxafwlkx.dll
C:\Documents and Settings\All Users.WINDOWS\Application Data.\salesmonitor
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Online Security Guide.lnk
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\Messenger\pronyjadud.html
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\UGA6P
C:\WINDOWS\avp.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\a1
C:\WINDOWS\system32\bvgevqai
C:\WINDOWS\system32\bvgevqai\bg1.gif
C:\WINDOWS\system32\bvgevqai\bgtop.gif
C:\WINDOWS\system32\bvgevqai\bottom1.gif
C:\WINDOWS\system32\bvgevqai\bvgevqai1.exe
C:\WINDOWS\system32\bvgevqai\bvgevqai2.exe
C:\WINDOWS\system32\bvgevqai\bvgevqai3.exe
C:\WINDOWS\system32\bvgevqai\essentials.gif
C:\WINDOWS\system32\bvgevqai\icon1.ico
C:\WINDOWS\system32\bvgevqai\install1.gif
C:\WINDOWS\system32\bvgevqai\left1.gif
C:\WINDOWS\system32\bvgevqai\li.gif
C:\WINDOWS\system32\bvgevqai\logo.gif
C:\WINDOWS\system32\bvgevqai\main.htm
C:\WINDOWS\system32\bvgevqai\mainframe.htm
C:\WINDOWS\system32\bvgevqai\reinstall1.gif
C:\WINDOWS\system32\bvgevqai\right1.gif
C:\WINDOWS\system32\bvgevqai\s1.htm
C:\WINDOWS\system32\bvgevqai\s2.htm
C:\WINDOWS\system32\bvgevqai\s3.htm
C:\WINDOWS\system32\bvgevqai\SMTop1.gif
C:\WINDOWS\system32\bvgevqai\SMTop2.gif
C:\WINDOWS\system32\bvgevqai\SMTop3.gif
C:\WINDOWS\system32\bvgevqai\SMTop4.gif
C:\WINDOWS\system32\bvgevqai\soft1_off.gif
C:\WINDOWS\system32\bvgevqai\soft1_off_ext.gif
C:\WINDOWS\system32\bvgevqai\soft1_on.gif
C:\WINDOWS\system32\bvgevqai\soft1_on_ext.gif
C:\WINDOWS\system32\bvgevqai\soft2_off.gif
C:\WINDOWS\system32\bvgevqai\soft2_off_ext.gif
C:\WINDOWS\system32\bvgevqai\soft2_on.gif
C:\WINDOWS\system32\bvgevqai\soft2_on_ext.gif
C:\WINDOWS\system32\bvgevqai\soft3_off.gif
C:\WINDOWS\system32\bvgevqai\soft3_off_ext.gif
C:\WINDOWS\system32\bvgevqai\soft3_on.gif
C:\WINDOWS\system32\bvgevqai\soft3_on_ext.gif
C:\WINDOWS\system32\bvgevqai\softbottom_off.gif
C:\WINDOWS\system32\bvgevqai\softbottom_on.gif
C:\WINDOWS\system32\bvgevqai\softleft_off.gif
C:\WINDOWS\system32\bvgevqai\softleft_on.gif
C:\WINDOWS\system32\bvgevqai\top1.gif
C:\WINDOWS\system32\bvgevqai\top2.gif
C:\WINDOWS\system32\bvgevqai\turnoff1.gif
C:\WINDOWS\system32\bvgevqai\turnon1.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\g2
C:\WINDOWS\system32\h1
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\nqqqyrbv.dllbox
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\r2
C:\WINDOWS\system32\r2\wr31drs.exe
C:\WINDOWS\system32\v8
C:\WINDOWS\system32\v8\taldrvr11.exe
C:\WINDOWS\system32\vlkupbd.dll
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FMTR
-------\LEGACY_NETWORK_MONITOR
-------\core
-------\DomainService
-------\fmtr
-------\nm


((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-08 13:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-08 13:00 <DIR> d-------- C:\Program Files\E404 Helper
2007-11-08 08:47 9,728 --------- C:\Program Files\xloader10181.exe
2007-11-08 08:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-07 13:40 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-07 12:20 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-11-07 12:09 79,936 --a------ C:\WINDOWS\SYSTEM32\snervmor.dll
2007-11-07 12:08 201,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-11-07 12:08 79,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-11-07 12:08 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-11-07 12:08 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-11-07 12:08 33,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-11-07 12:06 86,080 --a------ C:\WINDOWS\SYSTEM32\mgvyflyg.dll
2007-11-07 12:05 113,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-11-07 12:03 145,984 --a------ C:\WINDOWS\SYSTEM32\xmkmhlkl.dll
2007-11-07 12:03 145,984 --a------ C:\WINDOWS\SYSTEM32\nqqqyrbv.dll
2007-11-07 12:03 71,232 --a------ C:\WINDOWS\SYSTEM32\ihljhesx.exe
2007-11-07 12:01 <DIR> d-------- C:\Program Files\McAfee.com
2007-11-07 12:00 <DIR> d-------- C:\Program Files\McAfee
2007-11-07 11:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2007-11-06 09:15 423,217 ---hs---- C:\WINDOWS\SYSTEM32\ijjlm.bak2
2007-11-05 11:20 42,792 --a------ C:\WINDOWS\SYSTEM32\gotomon.dll
2007-11-05 10:19 6,465 ---hs---- C:\WINDOWS\SYSTEM32\ijjlm.bak1
2007-11-05 10:16 36,352 --a------ C:\WINDOWS\SYSTEM32\iifecdb.dll
2007-11-05 10:15 507,180 --a------ C:\Temp\ocli.exe
2007-11-05 10:14 <DIR> d-------- C:\Program Files\Muwrzroi
2007-11-05 10:14 43,065 --a------ C:\WINDOWS\acdt-pid72.exe
2007-11-05 10:14 12 --a------ C:\WINDOWS\SYSTEM32\dpqaqlqx.bin
2007-11-05 10:13 <DIR> d-------- C:\Program Files\glytyrgn
2007-11-05 10:13 <DIR> d-------- C:\Documents and Settings\Administrator.COMPLYLINK\Application Data\SpyGuardPro
2007-11-05 10:13 35,328 --a------ C:\WINDOWS\SYSTEM32\ljjgged.dll
2007-11-05 10:13 21,504 --a------ C:\WINDOWS\SYSTEM32\aivskurq.dll
2007-11-05 10:12 <DIR> d-------- C:\Program Files\Common Files\SpyGuardPro
2007-11-05 10:12 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-11-05 10:12 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-11-05 10:10 <DIR> d--hs---- C:\WINDOWS\U29iaGEgS29kYWxp
2007-11-05 10:10 <DIR> d-------- C:\WINDOWS\SYSTEM32\Mz08r
2007-11-05 10:10 <DIR> d-------- C:\Temp\mZOr
2007-11-05 10:10 36,352 --a------ C:\WINDOWS\SYSTEM32\byxxvtq.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 19:41 7,713 ----a-w C:\WINDOWS\SYSTEM32\ldcore.dll
2007-11-07 18:24 --------- d-----w C:\Program Files\Common Files\McAfee
2007-11-07 17:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2007-11-07 16:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-06 22:27 --------- d-----w C:\Program Files\AOL Companion
2007-11-05 16:18 3,902,784 -c--a-w C:\Documents and Settings\Administrator.COMPLYLINK\gosetup.exe
2007-11-05 15:09 --------- d-----w C:\Program Files\CS6
2007-10-23 20:46 286,720 ----a-w C:\WINDOWS\SYSTEM32\p2sodbc.dll
2007-09-30 13:03 --------- d-----w C:\Documents and Settings\Administrator.COMPLYLINK\Application Data\Sony Corporation
2007-09-30 12:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-30 12:47 --------- d-----w C:\Program Files\Sony
2007-09-30 12:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-27 17:46 563,712 ----a-w C:\Documents and Settings\Administrator.COMPLYLINK\gotomypc_372.exe
2007-09-06 19:01 724,984 ----a-w C:\Documents and Settings\Administrator.COMPLYLINK\gotomypc_437.exe
2007-08-30 20:34 11,544 ----a-w C:\MSJTER35.zip
2007-08-04 20:27 0 -c--a-w C:\Documents and Settings\Administrator.COMPLYLINK\www.yahoo.com
2007-01-19 15:49 722,176 ----a-w C:\Documents and Settings\Administrator.COMPLYLINK\gotomypc_428.exe
2006-09-27 16:08 483,401 -c--a-w C:\Documents and Settings\Administrator.COMPLYLINK\gotomypc_314.exe
2006-08-29 13:10 563,712 -c--a-w C:\Documents and Settings\Administrator.COMPLYLINK\gotomypc_370.exe
2006-06-09 13:07 206 -c--a-w C:\Program Files\INSTALL.LOG
2006-02-03 19:16 563,712 -c--a-w C:\Documents and Settings\Administrator.COMPLYLINK\370_gotomypc.exe
2005-09-29 17:01 483,401 -c--a-w C:\Documents and Settings\Administrator.COMPLYLINK\314_gotomypc.exe
2005-03-24 14:20 483,401 -c--a-w C:\Documents and Settings\Administrator.COMPLYLINK\gotomypc.exe
2004-12-08 18:03 80,090 -c--a-w C:\Documents and Settings\Administrator.COMPLYLINK\Application Data\SMBIOSSP.exe
2003-11-05 15:14 131 ----a-w C:\Documents and Settings\Administrator.COMPLYLINK\mit.bat
2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\U29iaGEgS29kYWxp\oZ62u3H0mZ64sqUD.vbs
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 172,102 2004-11-03 22:22:02 C:\Program Files\Citrix\GoToMyPC\bak\g2svc.exe
----a-w 258,856 2007-06-20 16:09:14 C:\Program Files\Citrix\GoToMyPC\g2svc.exe

-c--a-w 180,269 2004-12-14 15:44:56 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 110,592 2004-01-07 05:01:00 C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe

-c--a-w 57,344 2004-08-23 22:19:22 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe

-c--a-w 290,816 2004-04-12 01:15:14 C:\Program Files\Dell\Media Experience\bak\PCMService.exe

-c--a-w 155,896 2006-09-13 18:37:09 C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\bak\GoogleToolbarNotifier.exe

-c--a-w 221,184 2003-09-04 02:12:44 C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe

-c--a-w 36,975 2005-06-03 07:52:54 C:\Program Files\Java\jre1.5.0_04\bin\bak\jusched.exe

-c--a-w 118,784 2004-02-10 16:51:30 C:\WINDOWS\SYSTEM32\bak\hkcmd.exe

-c--a-w 155,648 2004-02-10 16:55:32 C:\WINDOWS\SYSTEM32\bak\igfxtray.exe

-c--a-w 122,939 2004-08-13 05:05:00 C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1527D63F-7241-44F1-BE73-2C1A85F44FEC}]
C:\Program Files\Online Services\hosebuj83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3366EB32-841F-4A64-6096-479B4BF70E5B}]
C:\Program Files\Messenger\lafutekef293.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{351B7A15-6A12-4346-9FFA-71A75DF26888}]
C:\WINDOWS\system32\inetIST.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{391B174C-A6B7-C9D7-6743-01F7A0D663D6}]
2007-11-05 10:14 106496 --a------ C:\Program Files\Muwrzroi\oybcjvdy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
2007-11-05 10:10 36352 --a------ C:\WINDOWS\system32\byxxvtq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a3d9b047-334c-4f8c-b0ec-326f7c6b0a99}]
2007-11-07 12:09 79936 --a------ C:\WINDOWS\system32\snervmor.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-07 12:03 145984 --a------ C:\WINDOWS\system32\nqqqyrbv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B31D40E7-0890-4D4C-BE36-C101ED7240A6}]
C:\WINDOWS\system32\mljji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
2007-11-08 13:00 15872 --a------ C:\Program Files\E404 Helper\e404.v1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\nqqqyrbv.dll [2007-11-07 12:03 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\nqqqyrbv.dll [2007-11-07 12:03 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.2"="C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 15:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 17:14]
"SpyGuardPro"="C:\Program Files\SpyGuardPro\pgs.exe" []
"GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [2007-06-20 11:09]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
"ccfb738f"="C:\WINDOWS\system32\mgvyflyg.dll" [2007-11-07 12:06]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 18:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 19:28]
"Hcdbbl"="C:\Documents and Settings\Administrator.COMPLYLINK\Application Data\?ppPatch\l?ass.exe" []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
eFax 4.2.lnk - C:\Program Files\eFax Messenger 4.2\J2GTray.exe [2006-10-05 16:10:13]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 07:45:28]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08]
Microsoft Office.lnk - C:\Program Files\Microsoft Office2000\Office\OSA9.EXE [1999-02-17 15:05:56]
MiniMavis.lnk - C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe [2006-01-02 17:19:46]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-09-26]
Service Manager.lnk - C:\MSSQL7\Binn\sqlmangr.exe [2005-01-19 13:17:27]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-01-12 09:15:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\byxxvtq.dll [2007-11-05 10:10 36352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Rtfctl"= {9147CC94-B4EC-41B6-9076-7A8F6BAE0FC4} - C:\WINDOWS\system32\statftp.dll [2004-08-12 08:20 1032192]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxvtq]
byxxvtq.dll 2007-11-05 10:10 36352 C:\WINDOWS\SYSTEM32\byxxvtq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 2007-06-20 11:09 10536 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\inetIST]
inetIST.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nqqqyrbv]
nqqqyrbv.dll 2007-11-07 12:03 145984 C:\WINDOWS\SYSTEM32\nqqqyrbv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32]
winjrs32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

S2 0162431194455129mcinstcleanup;McAfee Application Installer Cleanup (0162431194455129);C:\DOCUME~1\ADMINI~1.COM\LOCALS~1\Temp\016243~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service

.
Contents of the 'Scheduled Tasks' folder
"2007-11-07 17:03:12 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-11-07 17:03:10 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 14:50:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebSphereEmbeddedMessagingPublishAndSubscribeWAS_localhost_server1]
"ImagePath"="c:/Program Files/IBM/WebSphere MQ/WEMPS/bin/bipservice.exe"
.
Completion time: 2007-11-08 14:58:05 - machine was rebooted
.
--- E O F ---

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:49 PM

Posted 08 November 2007 - 06:54 PM

Hello,

This is a real mess. :thumbsup: It's going to take a while.

# *Please download FindAWF by noahdfear and save it to your desktop:

# Please double-click FindAWF.exe to run it.
# If a security alert shows, allow the program to run.
# Choose option #1.
# When the tool has completed, a report will open in Notepad.
# Please post the results of the awf.txt in your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:49 PM

Posted 30 November 2007 - 11:17 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users