Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Networm-i.virus@fp


  • Please log in to reply
10 replies to this topic

#1 applepet2002

applepet2002

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:12:47 PM

Posted 14 November 2007 - 01:19 AM

I keep getting virus,malware and worm messages please help here is my hjt log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:18 PM, on 11/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\cohajsgw.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\game setup\aaw2007.exe
C:\WINDOWS\System32\MSIEXEC.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\game setup\stinger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [a0a0b6e0] rundll32.exe "C:\WINDOWS\System32\coxkvhrx.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} -
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\cohajsgw.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

--
End of file - 3502 bytes

BC AdBot (Login to Remove)

 


#2 applepet2002

applepet2002
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:12:47 PM

Posted 18 November 2007 - 06:16 AM

This is what I get after combo fix please help ComboFix 07-11-08.1 - April 2007-11-17 4:02:17.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.245 [GMT -7:00]
Running from: C:\game setup\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\April\Desktop\Live Safety Center.lnk
C:\Documents and Settings\April\Desktop\Online Security Guide.lnk
C:\Documents and Settings\April\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\wkkvjtvy.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-16 18:13 85,056 --a------ C:\WINDOWS\system32\rfhcrtor.dll
2007-11-16 18:08 144,480 --a------ C:\WINDOWS\system32\wkkvjtvy.dll
2007-11-16 18:07 144,480 --a------ C:\WINDOWS\system32\veqcprgy.dll
2007-11-16 18:04 82,496 --a------ C:\WINDOWS\system32\hqnxwrve.dll
2007-11-16 17:54 82,496 --a------ C:\WINDOWS\system32\ggsfklml.dll
2007-11-16 17:39 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-16 17:35 82,496 --a------ C:\WINDOWS\system32\wcgfojfq.dll
2007-11-16 17:29 144,480 --a------ C:\WINDOWS\system32\yosbucyu.dll
2007-11-15 19:40 81,984 --a------ C:\WINDOWS\system32\xdecslxs.dll
2007-11-15 19:37 144,480 --a------ C:\WINDOWS\system32\aaynndmo.dll
2007-11-14 23:20 144,480 --a------ C:\WINDOWS\system32\sgxbdaih.dll
2007-11-14 23:14 81,984 --a------ C:\WINDOWS\system32\jfmpnvoi.dll
2007-11-14 22:43 144,480 --a------ C:\WINDOWS\system32\mftxmbjc.dll
2007-11-14 22:37 81,984 --a------ C:\WINDOWS\system32\skrixthn.dll
2007-11-12 23:40 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\logs
2007-11-12 23:36 <DIR> d----c--- C:\Documents and Settings\April\.housecall6.6
2007-11-12 23:36 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-11-12 23:36 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-11-12 23:25 54,584 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2007-11-12 23:13 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-12 23:05 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-12 23:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-12 23:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-12 23:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-12 22:07 80,448 --a------ C:\WINDOWS\system32\fuffsvek.dll
2007-11-12 22:01 85,056 --a------ C:\WINDOWS\system32\coxkvhrx.dll
2007-11-12 21:55 144,480 --a------ C:\WINDOWS\system32\mvsqokmx.dll
2007-11-12 20:27 <DIR> d----c--- C:\Documents and Settings\April\Application Data\Sunbelt Software
2007-11-12 19:36 <DIR> d----c--- C:\Rustbfix
2007-11-12 19:35 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 19:34 80,448 --a------ C:\WINDOWS\system32\atcjhuic.dll
2007-11-12 18:29 144,480 --a------ C:\WINDOWS\system32\xugwiqht.dll
2007-11-12 02:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WildTangent
2007-11-11 23:01 <DIR> d----c--- C:\VundoFix Backups
2007-11-11 21:19 <DIR> d-------- C:\Program Files\a-squared Free
2007-11-11 21:16 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2007-11-11 21:06 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2007-11-11 21:05 1,632,200 --a--c--- C:\a2HiJackFreeSetup.exe
2007-11-11 20:38 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-11 20:38 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-11 18:30 89,664 --a------ C:\WINDOWS\system32\htkksuxk.dll
2007-11-11 18:24 144,480 --a------ C:\WINDOWS\system32\fwfrlncp.dll
2007-11-11 18:21 81,472 --a------ C:\WINDOWS\system32\hdoxgajg.dll
2007-11-11 12:58 <DIR> d-------- C:\Program Files\Realtek AC97
2007-11-11 06:34 <DIR> d-------- C:\Program Files\MumboJumbo
2007-11-11 06:15 <DIR> d----c--- C:\Documents and Settings\April\Application Data\DAEMON Tools Pro
2007-11-11 06:15 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-11-11 06:08 35,328 --a------ C:\WINDOWS\system32\yayxuuv.dll
2007-11-11 06:08 35,328 --a------ C:\WINDOWS\system32\fccbaxv.dll
2007-11-11 06:02 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2007-11-11 06:00 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-11 03:06 <DIR> d-------- C:\Program Files\Journey to the Center of the Earth
2007-11-11 02:39 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\GrimmsHatchery
2007-11-11 02:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-11 02:09 <DIR> d-------- C:\Program Files\Grimm's Hatchery
2007-11-11 01:48 <DIR> d-------- C:\Program Files\Neopets Codestone Quest
2007-11-11 01:26 <DIR> d-------- C:\Program Files\bfgclient
2007-11-11 01:26 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2007-11-11 01:19 <DIR> d-------- C:\Program Files\Your Uninstaller 2006
2007-11-11 00:53 <DIR> d-------- C:\Program Files\Xceed Components
2007-11-10 06:16 <DIR> d-------- C:\Program Files\AMUST
2007-11-10 06:16 149,248 --a------ C:\WINDOWS\system32\RegCompact.dll
2007-11-10 05:24 1,332 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-10 05:19 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-10 05:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-10 05:19 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-10 05:19 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-10 05:18 <DIR> d----c--- C:\Documents and Settings\April\SmitfraudFix
2007-11-08 19:27 <DIR> d-------- C:\Program Files\Mystery Case Files - Madame Fate
2007-11-07 10:41 <DIR> d-------- C:\Program Files\iolo
2007-11-07 10:41 696,320 --a------ C:\WINDOWS\system32\libeay32.dll
2007-11-07 10:41 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-11-07 10:37 <DIR> d----c--- C:\Documents and Settings\April\Application Data\iolo
2007-11-07 10:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\iolo
2007-11-07 09:14 <DIR> d-------- C:\Program Files\PC Doc Pro
2007-11-07 09:14 494,352 --a------ C:\WINDOWS\system32\SHDOC401.DLL
2007-11-07 09:14 356,352 --a------ C:\WINDOWS\system32\eSellerateEngine.dll
2007-11-07 09:08 <DIR> d-------- C:\Program Files\Security Task Manager
2007-11-07 09:08 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-07 09:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\CaveDays
2007-11-07 08:17 <DIR> d-------- C:\Program Files\PlayFirst
2007-11-07 06:51 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-11-07 05:43 22,016 --a--c--- C:\Documents and Settings\April\Application Data\qurb.exe
2007-11-07 04:44 <DIR> d-------- C:\Program Files\Delicious Deluxe
2007-11-07 04:43 <DIR> d-------- C:\Program Files\Delicious 2 Deluxe
2007-11-07 03:17 <DIR> d----c--- C:\Documents and Settings\April\Application Data\ViquaSoft
2007-11-07 01:30 <DIR> d-------- C:\Program Files\Windows Resource Kits
2007-11-07 01:15 <DIR> d-------- C:\Program Files\ijlvid
2007-11-07 01:15 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll
2007-11-07 01:15 198,144 --a------ C:\WINDOWS\system32\ir50_qc.dll
2007-11-07 01:15 181,760 --a------ C:\WINDOWS\system32\ir50_qcx.dll
2007-11-07 01:15 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll
2007-11-07 01:15 27,648 --a------ C:\WINDOWS\system32\ir50_lcs.dll
2007-11-07 00:28 <DIR> d-------- C:\Temp\Tmp___1417
2007-11-07 00:12 <DIR> d-------- C:\Program Files\uTorrent
2007-11-07 00:11 <DIR> d----c--- C:\Documents and Settings\April\Application Data\uTorrent
2007-11-07 00:00 <DIR> d-------- C:\WINDOWS\system32\Mz02r
2007-11-07 00:00 <DIR> d--hs---- C:\WINDOWS\QXByaWw
2007-11-07 00:00 <DIR> d-------- C:\Temp\mZOr
2007-11-06 22:50 <DIR> d-------- C:\Program Files\Ligos

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 09:25 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-11 18:23 --------- d-----w C:\Program Files\Paradise Pet Salon
2007-11-10 06:37 --------- d-----w C:\Program Files\iWin.com
2007-11-09 09:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 09:11 --------- d-----w C:\Program Files\Shockwave.com
2007-11-03 08:58 --------- d-----w C:\Program Files\RealArcade
2007-10-28 07:09 --------- d-----w C:\Program Files\Crazy Eggs
2007-10-26 18:20 4,124,352 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-10-26 07:54 --------- d-----w C:\Documents and Settings\April\Application Data\MSN6
2007-10-25 07:44 --------- dc----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-10-24 17:24 --------- d-----w C:\Program Files\Real
2007-10-24 17:16 --------- d-----w C:\Program Files\Common Files\Real
2007-10-24 17:14 --------- d-----w C:\Program Files\MECC
2007-10-24 13:49 --------- d-----w C:\Program Files\tg games
2007-10-21 21:37 --------- dc----w C:\Documents and Settings\April\Application Data\GetRightToGo
2007-10-21 11:44 --------- d-----w C:\Program Files\Janes Hotel
2007-10-20 23:58 --------- d-----w C:\Documents and Settings\April\Application Data\PlayFirst
2007-10-17 23:39 --------- dc----w C:\Documents and Settings\All Users\Application Data\Tenebril
2007-10-17 23:09 830,257 -c--a-w C:\registrycleaner.zip
2007-10-17 06:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-16 07:35 110 -c--a-w C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
2007-10-15 22:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\NannyMania
2007-10-15 22:30 --------- dc----w C:\Documents and Settings\April\Application Data\Jamdat
2007-10-15 06:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\HiWired
2007-10-14 00:10 --------- d-----w C:\Program Files\Dr.Daisy Pet Vet
2007-10-14 00:09 --------- dc----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-13 23:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\MostFun
2007-10-13 23:35 --------- d-----w C:\Program Files\MostFun
2007-10-13 20:21 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-13 13:10 --------- d-----w C:\Program Files\iWin Games
2007-10-13 11:33 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-13 11:33 --------- d--h--r C:\Documents and Settings\April\Application Data\yahoo!
2007-10-13 11:32 --------- d-----w C:\Program Files\Yahoo!
2007-10-11 04:14 --------- d-----w C:\Program Files\QuickTime
2007-10-09 07:16 --------- d-----w C:\Program Files\Telltale Games
2007-10-09 06:26 --------- d-----w C:\Documents and Settings\April\Application Data\Super-Cow
2007-10-09 03:21 --------- d-----w C:\Program Files\Hidden Expedition Titanic
2007-10-09 02:58 --------- dc----w C:\Documents and Settings\April\Application Data\iWin
2007-10-09 02:58 --------- dc----w C:\Documents and Settings\All Users\Application Data\iWin
2007-10-08 19:54 --------- dc----w C:\Documents and Settings\April\Application Data\Chasing Dogs Studios
2007-10-08 19:54 --------- dc----w C:\Documents and Settings\All Users\Application Data\Chasing Dogs Studios
2007-10-08 19:52 --------- d-----w C:\Program Files\Tinos Fruit Stand
2007-10-07 22:45 --------- d-----w C:\Program Files\Firstload
2007-10-07 09:24 --------- dc----w C:\Documents and Settings\April\Application Data\Legends of pirates
2007-10-07 09:10 --------- d-----w C:\Program Files\The Scruffs
2007-10-06 08:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\iWin Games
2007-10-05 18:39 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-10-05 14:29 --------- dc----w C:\Documents and Settings\April\Application Data\.ABC
2007-10-05 06:09 --------- d-----w C:\Program Files\MySpace
2007-10-05 06:09 --------- d-----w C:\Documents and Settings\April\Application Data\MySpace
2007-10-05 05:30 --------- dc----w C:\Documents and Settings\April\Application Data\InstallShield
2007-10-05 04:49 --------- d-----w C:\Program Files\RegCleaner
2007-10-05 04:36 --------- d-----w C:\Documents and Settings\April\Application Data\Tenebril
2007-10-04 21:02 --------- dc----w C:\Documents and Settings\April\Application Data\Jane s Hotel
2007-10-04 07:22 --------- dc----w C:\Documents and Settings\April\Application Data\AlwaysNeat
2007-10-04 03:58 --------- d-----w C:\Program Files\Pure Poker
2007-10-03 05:22 --------- d-----w C:\Program Files\Fever Frenzy
2007-10-03 05:18 --------- d-----w C:\Program Files\ReflexiveArcade
2007-10-03 04:24 --------- d-----w C:\Documents and Settings\April\Application Data\Talkback
2007-10-03 04:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-03 04:12 --------- d-----w C:\Program Files\Java
2007-10-03 04:11 --------- d-----w C:\Program Files\Common Files\Java
2007-10-03 03:59 --------- dc----w C:\Documents and Settings\All Users\Application Data\PurePlay
2007-10-03 03:59 --------- d-----w C:\Program Files\PurePlay
2007-10-03 02:20 --------- d-----w C:\Program Files\microsoft frontpage
2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\QXByaWw\kr1VuqT.vbs
.

((((((((((((((((((((((((((((( snapshot@2007-11-16_18.26.59.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-17 01:24:52 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-17 11:05:10 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-17 01:24:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-17 11:05:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-17 01:24:52 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-17 11:05:10 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-17 01:25:09 213,026 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2007-11-17 11:05:18 213,025 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2007-11-17 11:05:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_380.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58E9AC24-5A2A-4908-9E3B-0633C0F8DF30}]
2007-11-11 06:08 35328 --a------ C:\WINDOWS\system32\fccbaxv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-16 18:08 144480 --a------ C:\WINDOWS\system32\wkkvjtvy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\wkkvjtvy.dll [2007-11-16 18:08 144480]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{58E9AC24-5A2A-4908-9E3B-0633C0F8DF30}"= C:\WINDOWS\system32\fccbaxv.dll [2007-11-11 06:08 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccbaxv]
fccbaxv.dll 2007-11-11 06:08 35328 C:\WINDOWS\system32\fccbaxv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact]
RegCompact.dll 2006-11-09 19:32 149248 C:\WINDOWS\system32\RegCompact.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wkkvjtvy]
wkkvjtvy.dll 2007-11-16 18:08 144480 C:\WINDOWS\system32\wkkvjtvy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^April^Start Menu^Programs^Startup^MostFun.lnk]
backup=C:\WINDOWS\pss\MostFun.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realsched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys
S3 SiSV;SiSV;C:\WINDOWS\System32\DRIVERS\SiSV.sys
S3 viafilter;VIA USB Filter;C:\WINDOWS\System32\Drivers\viausb.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-17 01:01:47 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-17 10:03:10 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 04:05:43
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 4:06:49 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-16 19:37
C:\ComboFix3.txt ... 2007-11-16 18:27
.
--- E O F ---

#3 applepet2002

applepet2002
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:12:47 PM

Posted 22 November 2007 - 10:57 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:26 AM, on 11/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wkkvjtvy.dll
O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\System32\ali.exe
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\System32\ali.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

--
End of file - 2040 bytes

#4 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:47 PM

Posted 22 November 2007 - 12:30 PM

Hi applepet2002!

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I'm in Hijackthis school and Teachers will check my posts.
Posted Image

#5 applepet2002

applepet2002
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:12:47 PM

Posted 22 November 2007 - 01:27 PM

ok ty very much cause I need help do u need a new log file

Edited by applepet2002, 23 November 2007 - 12:08 AM.


#6 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:47 PM

Posted 23 November 2007 - 06:00 AM

No, those logs are enough :blink: Now i'm waiting that one Teacher checks my post :thumbsup:

Edited by Baabiouz, 23 November 2007 - 06:01 AM.

Posted Image

#7 applepet2002

applepet2002
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:12:47 PM

Posted 23 November 2007 - 04:56 PM

ok tyvm

#8 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:47 PM

Posted 24 November 2007 - 05:20 AM

Hi!

#1
Rename your Hijackthis.exe to Scanner.exe.

#2
Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wkkvjtvy.dll
O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\System32\ali.exe
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\System32\ali.exe
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

#3
Please, download Deldomains
1. Save it to your desktop.
2. Right-click DelDomains.inf and select: Install (no need to restart)
3. You may not see any noticeable changes or prompts; this is normal.

Note: The DelDomains.inf file will remove ALL entries in the Trusted, Restricted, and Enhanced Security Configuration Zones. Any entries that you had will need to be entered again. You will have to reimmunize with SpywareBlaster, and/or Spybot after doing this, and reinstall IESpyads if you use any of these programs.

#4
Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\veqcprgy.dll
C:\WINDOWS\system32\hqnxwrve.dll
C:\WINDOWS\system32\ggsfklml.dll
C:\WINDOWS\system32\wcgfojfq.dll
C:\WINDOWS\system32\yosbucyu.dll
C:\WINDOWS\system32\xdecslxs.dll
C:\WINDOWS\system32\aaynndmo.dll
C:\WINDOWS\system32\sgxbdaih.dll
C:\WINDOWS\system32\jfmpnvoi.dll
C:\WINDOWS\system32\mftxmbjc.dll
C:\WINDOWS\system32\skrixthn.dll
C:\WINDOWS\system32\fuffsvek.dll
C:\WINDOWS\system32\coxkvhrx.dll
C:\WINDOWS\system32\mvsqokmx.dll
C:\WINDOWS\system32\atcjhuic.dll
C:\WINDOWS\system32\xugwiqht.dll
C:\WINDOWS\system32\htkksuxk.dll
C:\WINDOWS\system32\fwfrlncp.dll
C:\WINDOWS\system32\hdoxgajg.dll
C:\WINDOWS\system32\yayxuuv.dll
C:\WINDOWS\system32\fccbaxv.dll
C:\WINDOWS\System32\ali.exe

Folder::
C:\Program Files\ijlvid
C:\WINDOWS\system32\Mz02r
C:\WINDOWS\QXByaWw
C:\Temp\mZOr

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58E9AC24-5A2A-4908-9E3B-0633C0F8DF30}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{58E9AC24-5A2A-4908-9E3B-0633C0F8DF30}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccbaxv]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wkkvjtvy]


Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

#5
Let's run ATF-Cleaner and scan your computer;

Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.

Under Main select the following:
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
AVG Anti-Spyware
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Do not automatically generate reports and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.

#6
Please, post these logs back here
  • a fresh HijackThis log (scanner.exe)
  • Combofix log
  • AVG Anti-Spyware results

Edited by Baabiouz, 24 November 2007 - 05:21 AM.

Posted Image

#9 applepet2002

applepet2002
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:12:47 PM

Posted 27 November 2007 - 02:15 AM

I will do that but thought I should tell u I have something new it's uommkslu.exe so should I still do as u instructed or no?

#10 applepet2002

applepet2002
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:12:47 PM

Posted 29 November 2007 - 03:57 AM

ComboFix 07-11-19.4C - April 2007-11-30 1:18:04.13 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.295 [GMT -7:00]
Running from: C:\Documents and Settings\April\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\April\Application Data\inst.exe
C:\Documents and Settings\April\Desktop\Live Safety Center.lnk
C:\Documents and Settings\April\Desktop\Online Security Guide.lnk
C:\Documents and Settings\April\Favorites\Online Security Guide.lnk
C:\Program Files\WhenUSearch
C:\Program Files\WhenUSearch\Content\css\dialog.css
C:\Program Files\WhenUSearch\Content\css\menu.css
C:\Program Files\WhenUSearch\Content\css\module_weather.css
C:\Program Files\WhenUSearch\Content\css\module_weather_dialog.css
C:\Program Files\WhenUSearch\Content\css\quick.css
C:\Program Files\WhenUSearch\Content\customize.html
C:\Program Files\WhenUSearch\Content\daemon.ico
C:\Program Files\WhenUSearch\Content\dialog.css
C:\Program Files\WhenUSearch\Content\global.js
C:\Program Files\WhenUSearch\Content\images\add_image.gif
C:\Program Files\WhenUSearch\Content\images\add_image_down.gif
C:\Program Files\WhenUSearch\Content\images\add_image_on.gif
C:\Program Files\WhenUSearch\Content\images\arrow_down.gif
C:\Program Files\WhenUSearch\Content\images\arrow_down_on.gif
C:\Program Files\WhenUSearch\Content\images\arrow_right.gif
C:\Program Files\WhenUSearch\Content\images\arrow_right_on.gif
C:\Program Files\WhenUSearch\Content\images\button_go.gif
C:\Program Files\WhenUSearch\Content\images\button_go_down.gif
C:\Program Files\WhenUSearch\Content\images\button_go_on.gif
C:\Program Files\WhenUSearch\Content\images\button_search_down.gif
C:\Program Files\WhenUSearch\Content\images\button_search_off.gif
C:\Program Files\WhenUSearch\Content\images\button_search_on.gif
C:\Program Files\WhenUSearch\Content\images\button_search_sm_down.gif
C:\Program Files\WhenUSearch\Content\images\button_search_sm_off.gif
C:\Program Files\WhenUSearch\Content\images\button_search_sm_on.gif
C:\Program Files\WhenUSearch\Content\images\button_specials_on.gif
C:\Program Files\WhenUSearch\Content\images\corner_bottom_left.gif
C:\Program Files\WhenUSearch\Content\images\corner_top_left.gif
C:\Program Files\WhenUSearch\Content\images\delete_button.gif
C:\Program Files\WhenUSearch\Content\images\delete_button_down.gif
C:\Program Files\WhenUSearch\Content\images\delete_button_on.gif
C:\Program Files\WhenUSearch\Content\images\divider.gif
C:\Program Files\WhenUSearch\Content\images\dot_orange.gif
C:\Program Files\WhenUSearch\Content\images\dt_min_logo.gif
C:\Program Files\WhenUSearch\Content\images\gear.gif
C:\Program Files\WhenUSearch\Content\images\gear_down.gif
C:\Program Files\WhenUSearch\Content\images\gear_grey.gif
C:\Program Files\WhenUSearch\Content\images\gear_on.gif
C:\Program Files\WhenUSearch\Content\images\instructions_border_corner.gif
C:\Program Files\WhenUSearch\Content\images\instructions_border_right.gif
C:\Program Files\WhenUSearch\Content\images\instructions_border_top.gif
C:\Program Files\WhenUSearch\Content\images\link.gif
C:\Program Files\WhenUSearch\Content\images\lock.gif
C:\Program Files\WhenUSearch\Content\images\lock_down.gif
C:\Program Files\WhenUSearch\Content\images\lock_grey.gif
C:\Program Files\WhenUSearch\Content\images\lock_on.gif
C:\Program Files\WhenUSearch\Content\images\logo_searchbar_down.gif
C:\Program Files\WhenUSearch\Content\images\logo_searchbar_off.gif
C:\Program Files\WhenUSearch\Content\images\logo_searchbar_on.gif
C:\Program Files\WhenUSearch\Content\images\main_bg.gif
C:\Program Files\WhenUSearch\Content\images\manage.gif
C:\Program Files\WhenUSearch\Content\images\manage_down.gif
C:\Program Files\WhenUSearch\Content\images\manage_grey.gif
C:\Program Files\WhenUSearch\Content\images\manage_on.gif
C:\Program Files\WhenUSearch\Content\images\menu_aim_bw.gif
C:\Program Files\WhenUSearch\Content\images\menu_arrow_right.gif
C:\Program Files\WhenUSearch\Content\images\menu_bg.gif
C:\Program Files\WhenUSearch\Content\images\menu_left_bg.gif
C:\Program Files\WhenUSearch\Content\images\menu_main_bw.gif
C:\Program Files\WhenUSearch\Content\images\menu_pbandit_bw.gif
C:\Program Files\WhenUSearch\Content\images\menu_right_bg.gif
C:\Program Files\WhenUSearch\Content\images\menu_ucontrol_bw.gif
C:\Program Files\WhenUSearch\Content\images\menu_ucontrol_filler_bw.gif
C:\Program Files\WhenUSearch\Content\images\menu_whenu_bw.gif
C:\Program Files\WhenUSearch\Content\images\message_alert.gif
C:\Program Files\WhenUSearch\Content\images\min_new_res_menu.gif
C:\Program Files\WhenUSearch\Content\images\min_new_res_menu_down.gif
C:\Program Files\WhenUSearch\Content\images\min_new_res_menu_on.gif
C:\Program Files\WhenUSearch\Content\images\min_new_results_new.gif
C:\Program Files\WhenUSearch\Content\images\min_new_results_new_down.gif
C:\Program Files\WhenUSearch\Content\images\min_new_results_new_on.gif
C:\Program Files\WhenUSearch\Content\images\min_new_results_new_text.gif
C:\Program Files\WhenUSearch\Content\images\min_new_results_new_text_on.gif
C:\Program Files\WhenUSearch\Content\images\module_weather_left_bg_top.gif
C:\Program Files\WhenUSearch\Content\images\more_bg.gif
C:\Program Files\WhenUSearch\Content\images\more_bottom_bg.gif
C:\Program Files\WhenUSearch\Content\images\more_bottom_main.gif
C:\Program Files\WhenUSearch\Content\images\more_bottom_main_bg.gif
C:\Program Files\WhenUSearch\Content\images\more_left_bg.gif
C:\Program Files\WhenUSearch\Content\images\more_right_bg.gif
C:\Program Files\WhenUSearch\Content\images\more_top_bg.gif
C:\Program Files\WhenUSearch\Content\images\more_top_left.gif
C:\Program Files\WhenUSearch\Content\images\more_top_left_bw.gif
C:\Program Files\WhenUSearch\Content\images\more_top_right.gif
C:\Program Files\WhenUSearch\Content\images\more_top_right_bw.gif
C:\Program Files\WhenUSearch\Content\images\more_top_x.gif
C:\Program Files\WhenUSearch\Content\images\more_top_x_bw.gif
C:\Program Files\WhenUSearch\Content\images\more_top_x_down.gif
C:\Program Files\WhenUSearch\Content\images\more_top_x_on.gif
C:\Program Files\WhenUSearch\Content\images\mount.gif
C:\Program Files\WhenUSearch\Content\images\mount_down.gif
C:\Program Files\WhenUSearch\Content\images\mount_grey.gif
C:\Program Files\WhenUSearch\Content\images\mount_on.gif
C:\Program Files\WhenUSearch\Content\images\nav_button_bg.gif
C:\Program Files\WhenUSearch\Content\images\nav_button_bg_down.gif
C:\Program Files\WhenUSearch\Content\images\nav_button_bg_on.gif
C:\Program Files\WhenUSearch\Content\images\notyet.gif
C:\Program Files\WhenUSearch\Content\images\notyet_bw.gif
C:\Program Files\WhenUSearch\Content\images\open_bg.gif
C:\Program Files\WhenUSearch\Content\images\open_bottom_bg.gif
C:\Program Files\WhenUSearch\Content\images\open_bottom_left.gif
C:\Program Files\WhenUSearch\Content\images\open_bottom_left_bw.gif
C:\Program Files\WhenUSearch\Content\images\open_bottom_right.gif
C:\Program Files\WhenUSearch\Content\images\open_bottom_right_bw.gif
C:\Program Files\WhenUSearch\Content\images\open_cancel.gif
C:\Program Files\WhenUSearch\Content\images\open_cancel_down.gif
C:\Program Files\WhenUSearch\Content\images\open_cancel_on.gif
C:\Program Files\WhenUSearch\Content\images\open_defaults.gif
C:\Program Files\WhenUSearch\Content\images\open_defaults_down.gif
C:\Program Files\WhenUSearch\Content\images\open_defaults_on.gif
C:\Program Files\WhenUSearch\Content\images\open_open.gif
C:\Program Files\WhenUSearch\Content\images\open_open_down.gif
C:\Program Files\WhenUSearch\Content\images\open_open_on.gif
C:\Program Files\WhenUSearch\Content\images\open_save.gif
C:\Program Files\WhenUSearch\Content\images\open_save_down.gif
C:\Program Files\WhenUSearch\Content\images\open_save_on.gif
C:\Program Files\WhenUSearch\Content\images\open_search.gif
C:\Program Files\WhenUSearch\Content\images\open_search_down.gif
C:\Program Files\WhenUSearch\Content\images\open_search_on.gif
C:\Program Files\WhenUSearch\Content\images\right_bg.gif
C:\Program Files\WhenUSearch\Content\images\right_bg_grey.gif
C:\Program Files\WhenUSearch\Content\images\right_instructions.gif
C:\Program Files\WhenUSearch\Content\images\right_instructions_on.gif
C:\Program Files\WhenUSearch\Content\images\right_instructions_red.gif
C:\Program Files\WhenUSearch\Content\images\right_left.gif
C:\Program Files\WhenUSearch\Content\images\right_left_grey.gif
C:\Program Files\WhenUSearch\Content\images\right_main_bg.gif
C:\Program Files\WhenUSearch\Content\images\right_more_left.gif
C:\Program Files\WhenUSearch\Content\images\right_more_off.gif
C:\Program Files\WhenUSearch\Content\images\right_more_on.gif
C:\Program Files\WhenUSearch\Content\images\right_more_up.gif
C:\Program Files\WhenUSearch\Content\images\spacer.gif
C:\Program Files\WhenUSearch\Content\images\tab_left_bg.gif
C:\Program Files\WhenUSearch\Content\images\tab_left_bw.gif
C:\Program Files\WhenUSearch\Content\images\tab_left_down.gif
C:\Program Files\WhenUSearch\Content\images\tab_left_off.gif
C:\Program Files\WhenUSearch\Content\images\tab_left_on.gif
C:\Program Files\WhenUSearch\Content\images\tab_right_down.gif
C:\Program Files\WhenUSearch\Content\images\tab_right_off.gif
C:\Program Files\WhenUSearch\Content\images\tab_right_on.gif
C:\Program Files\WhenUSearch\Content\images\unmount.gif
C:\Program Files\WhenUSearch\Content\images\unmount_down.gif
C:\Program Files\WhenUSearch\Content\images\unmount_grey.gif
C:\Program Files\WhenUSearch\Content\images\unmount_on.gif
C:\Program Files\WhenUSearch\Content\index.htm
C:\Program Files\WhenUSearch\Content\instructions.html
C:\Program Files\WhenUSearch\Content\loading.html
C:\Program Files\WhenUSearch\Content\main_menu_sub.html
C:\Program Files\WhenUSearch\Content\menu.css
C:\Program Files\WhenUSearch\Content\menu_emu.html
C:\Program Files\WhenUSearch\Content\menu_main.html
C:\Program Files\WhenUSearch\Content\menu_manage.html
C:\Program Files\WhenUSearch\Content\menu_opt.html
C:\Program Files\WhenUSearch\Content\menu_ucontrol.html
C:\Program Files\WhenUSearch\Content\menu_whenu.html
C:\Program Files\WhenUSearch\Content\message.html
C:\Program Files\WhenUSearch\Content\min.html
C:\Program Files\WhenUSearch\Content\module_weather.css
C:\Program Files\WhenUSearch\Content\module_weather_dialog.css
C:\Program Files\WhenUSearch\Content\more.html
C:\Program Files\WhenUSearch\Content\movement.js
C:\Program Files\WhenUSearch\Content\newresults.html
C:\Program Files\WhenUSearch\Content\notyet.html
C:\Program Files\WhenUSearch\Content\open_browser.html
C:\Program Files\WhenUSearch\Content\open_search.html
C:\Program Files\WhenUSearch\Content\quick.css
C:\Program Files\WhenUSearch\Content\quick_coupon.html
C:\Program Files\WhenUSearch\Content\quick_instructions.html
C:\Program Files\WhenUSearch\Content\quick_search.html
C:\Program Files\WhenUSearch\Content\quick_tutorial.html
C:\Program Files\WhenUSearch\Content\right.html
C:\Program Files\WhenUSearch\Content\search.html
C:\Program Files\WhenUSearch\Content\splash.html
C:\Program Files\WhenUSearch\Content\tooltip_emu.html
C:\Program Files\WhenUSearch\Content\tooltip_go.html
C:\Program Files\WhenUSearch\Content\tooltip_logo.html
C:\Program Files\WhenUSearch\Content\tooltip_manage.html
C:\Program Files\WhenUSearch\Content\tooltip_more.html
C:\Program Files\WhenUSearch\Content\tooltip_opt.html
C:\Program Files\WhenUSearch\Content\tooltip_search.html
C:\Program Files\WhenUSearch\Content\tooltip_slider.html
C:\Program Files\WhenUSearch\Content\tooltip_whenu.html
C:\Program Files\WhenUSearch\Content\tooltip_whenu2.html
C:\Program Files\WhenUSearch\Content\ui.cfg
C:\Program Files\WhenUSearch\Content\uninst.ico
C:\Program Files\WhenUSearch\search.cch
C:\Program Files\WhenUSearch\search.db
C:\Program Files\WhenUSearch\search.dll
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\WhenUSearch\search.htm
C:\Program Files\WhenUSearch\Uninst.exe
C:\Program Files\WhenUSearch\whse.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.bak2
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\System32\jkkjj.dll
C:\WINDOWS\system32\wkkvjtvy.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-30 01:20 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Christmasville
2007-11-30 00:57 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-30 00:57 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-30 00:51 <DIR> d-------- C:\Program Files\Save
2007-11-30 00:50 <DIR> d-------- C:\Program Files\Common Files\WhenU
2007-11-30 00:50 <DIR> d----c--- C:\Documents and Settings\April\Application Data\WhenU
2007-11-30 00:49 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-30 00:43 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-30 00:15 <DIR> d-------- C:\Program Files\Fashion Craze
2007-11-30 00:14 <DIR> d-------- C:\Program Files\Christmasville
2007-11-30 00:13 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-30 00:13 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2007-11-29 23:57 <DIR> dr-h-c--- C:\Documents and Settings\April\Application Data\SecuROM
2007-11-29 23:57 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-29 23:55 <DIR> d----c--- C:\Funsta
2007-11-29 23:22 97 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-29 08:31 745,562 --ahs---- C:\WINDOWS\system32\bwfaaboi.ini
2007-11-29 08:31 85,056 --a------ C:\WINDOWS\system32\iobaafwb.dll
2007-11-29 08:25 81,984 --a------ C:\WINDOWS\system32\dwdhmitf.dll
2007-11-29 08:20 71,232 --a------ C:\WINDOWS\system32\achnojtx.exe
2007-11-28 01:46 <DIR> d----c--- C:\Documents and Settings\April\Application Data\Earthsim
2007-11-28 01:43 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2007-11-28 01:42 <DIR> d----c--- C:\Intel
2007-11-28 00:38 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-28 00:36 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-27 23:56 78,912 --a------ C:\WINDOWS\system32\admmqimv.dll
2007-11-27 23:50 783,056 --ahs---- C:\WINDOWS\system32\kdjjixce.ini
2007-11-27 23:44 71,232 --a------ C:\WINDOWS\system32\wiqpclbc.exe
2007-11-25 22:35 78,912 --a------ C:\WINDOWS\system32\bdseypcj.dll
2007-11-25 22:23 71,232 --a------ C:\WINDOWS\system32\xggkyetq.exe
2007-11-24 21:29 <DIR> d-------- C:\Program Files\Undisker
2007-11-24 20:13 79,936 --a------ C:\WINDOWS\system32\bsajcisd.dll
2007-11-23 20:11 776,048 --ahs---- C:\WINDOWS\system32\bffebkdi.ini
2007-11-23 16:38 <DIR> d----c--- C:\Documents and Settings\April\Application Data\Vso
2007-11-23 16:38 47,360 --a--c--- C:\Documents and Settings\April\Application Data\pcouffin.sys
2007-11-23 16:23 <DIR> d-------- C:\Program Files\XP Codec Pack
2007-11-23 16:15 <DIR> d-------- C:\Program Files\AVIcodec
2007-11-23 16:12 <DIR> d----c--- C:\DECCHECK
2007-11-23 16:11 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-11-23 16:05 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2007-11-23 16:05 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2007-11-23 16:05 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-11-23 16:04 217,600 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2007-11-23 16:04 9,728 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2007-11-23 05:44 <DIR> d-------- C:\Program Files\Fashion Fits
2007-11-22 20:15 83,520 --a------ C:\WINDOWS\system32\rrkiwswv.dll
2007-11-22 20:12 775,952 --ahs---- C:\WINDOWS\system32\rphknfgs.ini
2007-11-22 20:06 71,232 --a------ C:\WINDOWS\system32\jpoolmfx.exe
2007-11-22 14:58 7,424 --a--c--- C:\AK922.sys
2007-11-22 14:56 47,616 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2007-11-21 20:18 79,936 --a------ C:\WINDOWS\system32\jdjfrjuy.dll
2007-11-21 20:15 738,306 --ahs---- C:\WINDOWS\system32\mmsmmtnc.ini
2007-11-21 20:15 85,056 --a------ C:\WINDOWS\system32\cntmmsmm.dll
2007-11-21 09:40 <DIR> d-------- C:\Program Files\Steam
2007-11-21 09:38 <DIR> d-------- C:\Program Files\ATI Technologies
2007-11-21 08:44 <DIR> d-------- C:\Program Files\CCleaner
2007-11-21 08:05 <DIR> d-------- C:\Program Files\IZArc
2007-11-21 07:59 1,635 --a------ C:\WINDOWS\bhookpl.dll
2007-11-21 07:00 169,984 --a--c--- C:\WINDOWS\system32\dllcache\pcx500.sys
2007-11-21 07:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\pctspk.exe
2007-11-21 07:00 35,328 --a--c--- C:\WINDOWS\system32\dllcache\pcntpci5.sys
2007-11-21 07:00 32,840 --a--c--- C:\WINDOWS\system32\dllcache\ngrpci.sys
2007-11-21 07:00 30,282 --a--c--- C:\WINDOWS\system32\dllcache\pcntn5hl.sys
2007-11-21 07:00 29,769 --a--c--- C:\WINDOWS\system32\dllcache\pcntn5m.sys
2007-11-21 07:00 26,153 --a--c--- C:\WINDOWS\system32\dllcache\pcmlm56.sys
2007-11-21 07:00 3,328 --a--c--- C:\WINDOWS\system32\dllcache\pciide.sys
2007-11-21 06:58 444,416 --a--c--- C:\WINDOWS\system32\dllcache\fpcibase.sys
2007-11-21 06:58 71,680 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2007-11-21 06:58 52,328 --a--c--- C:\WINDOWS\system32\dllcache\forehe.sys
2007-11-21 06:58 27,165 --a--c--- C:\WINDOWS\system32\dllcache\fetnd5.sys
2007-11-21 06:58 25,159 --a--c--- C:\WINDOWS\system32\dllcache\elnk3.sys
2007-11-21 06:58 24,618 --a--c--- C:\WINDOWS\system32\dllcache\fa410nd5.sys
2007-11-21 06:58 22,090 --a--c--- C:\WINDOWS\system32\dllcache\fem556n5.sys
2007-11-21 06:58 16,074 --a--c--- C:\WINDOWS\system32\dllcache\fa312nd5.sys
2007-11-21 06:58 12,362 --a--c--- C:\WINDOWS\system32\dllcache\f3ab18xi.sys
2007-11-21 06:58 11,850 --a--c--- C:\WINDOWS\system32\dllcache\f3ab18xj.sys
2007-11-21 06:57 80,896 --a--c--- C:\WINDOWS\system32\dllcache\dc210usd.dll
2007-11-21 06:57 50,719 --a--c--- C:\WINDOWS\system32\dllcache\e1000nt5.sys
2007-11-21 06:57 20,192 --a--c--- C:\WINDOWS\system32\dllcache\dpti2o.sys
2007-11-21 06:57 17,152 --a--c--- C:\WINDOWS\system32\dllcache\cyclad-z.sys
2007-11-21 06:57 14,848 --a--c--- C:\WINDOWS\system32\dllcache\cyclom-y.sys
2007-11-21 06:56 309,888 --a--c--- C:\WINDOWS\system32\dllcache\atimtag.sys
2007-11-21 06:56 281,600 --a--c--- C:\WINDOWS\system32\dllcache\atimtai.sys
2007-11-21 06:56 164,923 --a--c--- C:\WINDOWS\system32\dllcache\diapi2.sys
2007-11-21 06:56 32,256 --a--c--- C:\WINDOWS\system32\dllcache\diapi2NT.dll
2007-11-21 06:56 9,472 --a--c--- C:\WINDOWS\system32\dllcache\ativmdcd.sys
2007-11-21 06:53 297,728 --a--c--- C:\WINDOWS\system32\dllcache\ac97sis.sys
2007-11-21 06:53 101,888 --a--c--- C:\WINDOWS\system32\dllcache\adpu160m.sys
2007-11-21 06:53 46,112 --a--c--- C:\WINDOWS\system32\dllcache\adptsf50.sys
2007-11-21 06:53 29,056 --a--c--- C:\WINDOWS\system32\dllcache\agpcpq.sys
2007-11-21 06:53 24,576 --a--c--- C:\WINDOWS\system32\dllcache\agcgauge.ax
2007-11-21 04:06 <DIR> d-------- C:\Program Files\Alawar.ru
2007-11-21 03:16 24,576 --a------ C:\WINDOWS\system32\RPKAddon.dll
2007-11-21 02:43 <DIR> d-------- C:\Program Files\ewido anti-spyware 4.0
2007-11-21 00:41 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-11-21 00:17 <DIR> d----c--- C:\Documents and Settings\April\Application Data\RegSweep
2007-11-20 11:58 718,165 --ahs---- C:\WINDOWS\system32\fqjextbf.ini
2007-11-20 11:58 80,960 --a------ C:\WINDOWS\system32\rbdhrpor.dll
2007-11-19 11:58 71,232 --a------ C:\WINDOWS\system32\ymtjxwgo.exe
2007-11-19 05:57 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 23:42 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-13 06:25 54,584 ----a-w C:\WINDOWS\system32\drivers\sbapifs.sys
2007-10-05 14:29 --------- dc----w C:\Documents and Settings\April\Application Data\.ABC
2007-10-03 02:20 --------- d-----w C:\Program Files\microsoft frontpage
2005-07-29 23:24 472 --sha-r C:\WINDOWS\QXByaWw\kr1VuqT.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0430f410-6dbf-4111-85f2-c5e313dc3ff1}]
2007-11-29 08:25 81984 --a------ C:\WINDOWS\System32\dwdhmitf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58E9AC24-5A2A-4908-9E3B-0633C0F8DF30}]
2007-11-11 06:08 35328 --a------ C:\WINDOWS\system32\fccbaxv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-16 18:08 144480 --a------ C:\WINDOWS\system32\wkkvjtvy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\wkkvjtvy.dll [2007-11-16 18:08 144480]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhenUSave"="C:\Program Files\Save\Save.exe" [2006-08-25 14:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 13:09]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{58E9AC24-5A2A-4908-9E3B-0633C0F8DF30}"= C:\WINDOWS\system32\fccbaxv.dll [2007-11-11 06:08 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
wkkvjtvy.dll 2007-11-16 18:08 144480 C:\WINDOWS\system32\wkkvjtvy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccbaxv]
fccbaxv.dll 2007-11-11 06:08 35328 C:\WINDOWS\system32\fccbaxv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wkkvjtvy]
wkkvjtvy.dll 2007-11-16 18:08 144480 C:\WINDOWS\system32\wkkvjtvy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\jkkjj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^April^Start Menu^Programs^Startup^MostFun.lnk]
backup=C:\WINDOWS\pss\MostFun.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realsched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a--c--- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys
S3 SiSV;SiSV;C:\WINDOWS\System32\DRIVERS\SiSV.sys
S4 viafilter;VIA USB Filter;C:\WINDOWS\System32\Drivers\viausb.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1}]
C:\WINDOWS\System32\ali.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 15:38:42 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-21 15:38:42 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 01:48:53
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-30 1:49:52 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-21 08:01
C:\ComboFix3.txt ... 2007-11-21 06:54
.
--- E O F ---
Thi i my new log

#11 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:47 PM

Posted 04 December 2007 - 08:45 AM

Hi!

I'm really sorry, I didn't notice your reply.
I'll need a fresh hijackthis log before we can move forward :thumbsup:

Edited by Baabiouz, 04 December 2007 - 08:46 AM.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users