Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Wanted With Pcprivacytool Malware


  • Please log in to reply
5 replies to this topic

#1 karmageek

karmageek

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 03 March 2008 - 02:02 AM

Getting one popup that reads "PCPrivacy tool may find dangerous traces that need to be cleaned. Don’t let your privacy and reputation to be ruined by them. Making your private information public can cause problems with your boss, family, or friends. Click ‘ok’ to start PCPrivacy tool scanner to remove compromising traces and setup controls to protect your privacy by cleaning or removing dangerous information."

And afterwards it tries to open various websites relating to spyware removal tools.

I've tried adaware, spybot, SAV, trendmicro, and stinger and the issue still has not been resolved.

I appreciate any help in this regards.


Here is a copy of my HiJackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:03 AM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UB-VPN\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\CoPilot\Navigator9\App\Spot2741.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
O3 - Toolbar: &Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.6-1415540505.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM673fe479] Rundll32.exe "C:\WINDOWS\system32\afqyxavr.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [{640CD74A-063A-1033-0518-0518050001}] "C:\Program Files\Common Files\{640CD74A-063A-1033-0518-0518050001}\Update.exe" te-110-12-0000213
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: University at Buffalo VPN Client.lnk = C:\Program Files\UB-VPN\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Note&book) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.6-1415540505.dll/gn_menu1.html
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.6-1415540505.dll/gn_menu2.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = itorg.ad.buffalo.edu
O17 - HKLM\Software\..\Telephony: DomainName = itorg.ad.buffalo.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{22AEECEB-D3B9-4B53-838B-045D81A7249E}: NameServer = 202.88.149.6,202.88.149.25
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = itorg.ad.buffalo.edu
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UB-VPN\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ulftnxnu.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spot GPS Maxim (SpotGPSMaxim) - Koninklijke Philips Electronics N.V. - C:\Program Files\CoPilot\Navigator9\App\Spot2741.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10137 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:56 AM

Posted 05 March 2008 - 03:13 PM

Hello karmageek,

Welcome to Bleeping Computer :thumbsup:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 karmageek

karmageek
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 09 March 2008 - 03:19 AM

Thanks for helping me out here. Here is my combofix and HJT logs

Start Time= Sun 03/09/2008 4:14:41.57
Running from: C:\Documents and Settings\rshah\Desktop

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



2008-03-09 04:15 271,319 C:\WINDOWS\system32\vxwvw.ini
2008-03-09 04:12 <DIR> C:\Program Files\mozilla firefox
2008-03-09 03:11 <DIR> C:\Documents and Settings\rshah\Application Data\skype
2008-03-09 02:39 155 C:\WINDOWS\winamp.ini
2008-03-09 02:13 92,224 C:\WINDOWS\system32\grbspvff.dll
2008-03-09 02:10 88,640 C:\WINDOWS\system32\qjoecdsv.dll
2008-03-09 02:10 87,104 C:\WINDOWS\system32\ahaqmepc.dll
2008-03-09 02:10 22 C:\WINDOWS\pskt.ini
2008-03-09 02:10 1,307,621 C:\WINDOWS\system32\cpemqaha.ini
2008-03-08 02:14 1,307,561 C:\WINDOWS\system32\pwovwyjo.ini
2008-03-08 02:10 90,688 C:\WINDOWS\system32\mtbsjiro.dll
2008-03-08 02:07 88,640 C:\WINDOWS\system32\oteugtyf.dll
2008-03-07 02:16 1,308,088 C:\WINDOWS\system32\jvgpxtuf.ini
2008-03-07 02:12 96,320 C:\WINDOWS\system32\tdxjgpuo.dll
2008-03-07 02:09 91,200 C:\WINDOWS\system32\futxpgvj.dll
2008-03-07 02:06 92,736 C:\WINDOWS\system32\dsgbbrki.dll
2008-03-06 01:44 <DIR> C:\Program Files\internet explorer
2008-03-05 10:53 94,784 C:\WINDOWS\system32\vkxxraoj.dll
2008-03-05 10:51 1,309,551 C:\WINDOWS\system32\bbdnfygu.ini
2008-03-05 10:50 89,664 C:\WINDOWS\system32\ugyfndbb.dll
2008-03-05 10:48 91,712 C:\WINDOWS\system32\qxjtyidj.dll
2008-03-05 10:47 1,302,083 C:\WINDOWS\system32\dlsgapdk.ini
2008-03-04 04:24 635 C:\kmxwag.exe
2008-03-04 03:36 1,286,141 C:\WINDOWS\system32\yovgycuu.ini
2008-03-04 03:33 95,296 C:\WINDOWS\system32\sqmagful.dll
2008-03-04 03:30 91,712 C:\WINDOWS\system32\qpomhsmm.dll
2008-03-03 02:51 89,664 C:\WINDOWS\system32\twadebqv.dll
2008-03-03 02:48 91,712 C:\WINDOWS\system32\afqyxavr.dll
2008-03-03 02:38 <DIR> C:\Program Files\symantec antivirus
2008-03-02 11:30 2,684 C:\WINDOWS\system32\tmp.reg
2008-03-02 02:52 1,286,021 C:\WINDOWS\system32\pxdofnsr.ini
2008-03-02 02:50 85,568 C:\WINDOWS\system32\rsnfodxp.dll
2008-03-02 02:46 89,664 C:\WINDOWS\system32\llumgxus.dll
2008-03-02 02:45 91,712 C:\WINDOWS\system32\ylcjmyuq.dll
2008-02-27 02:57 89,152 C:\WINDOWS\system32\ikmtarpv.dll
2008-02-27 02:54 91,712 C:\WINDOWS\system32\bkmakjfn.dll
2008-02-25 01:44 90,176 C:\WINDOWS\system32\wcyiamqv.dll
2008-02-25 01:42 1,253,714 C:\WINDOWS\system32\qhnjwmku.ini
2008-02-25 01:41 86,592 C:\WINDOWS\system32\ukmwjnhq.dll
2008-02-25 01:38 91,712 C:\WINDOWS\system32\pcpvhapl.dll
2008-02-24 01:36 91,712 C:\WINDOWS\system32\exiayoes.dll
2008-02-24 01:36 89,152 C:\WINDOWS\system32\uqspjvtx.dll
2008-02-22 09:45 1,253,986 C:\WINDOWS\system32\cusidkbf.ini
2008-02-22 09:41 91,712 C:\WINDOWS\system32\fkhfoilb.dll
2008-02-22 09:38 89,664 C:\WINDOWS\system32\fbkdisuc.dll
2008-02-22 09:35 91,712 C:\WINDOWS\system32\ohdcghlr.dll
2008-02-22 09:33 91,712 C:\WINDOWS\system32\tbifkaiq.dll
2008-02-21 00:06 94,784 C:\WINDOWS\system32\amluyqgn.dll
2008-02-21 00:04 1,244,504 C:\WINDOWS\system32\ielmtuos.ini
2008-02-21 00:03 87,616 C:\WINDOWS\system32\soutmlei.dll
2008-02-21 00:01 91,712 C:\WINDOWS\system32\luyooxak.dll
2008-02-19 23:14 1,237,291 C:\WINDOWS\system32\fdrsfqvb.ini
2008-02-19 23:08 89,152 C:\WINDOWS\system32\hifkxxds.dll
2008-02-19 23:05 88,128 C:\WINDOWS\system32\bvqfsrdf.dll
2008-02-19 23:02 74,304 C:\WINDOWS\system32\jpudfnux.dll
2008-02-19 01:43 <DIR> C:\Documents and Settings\rshah\Application Data\grisoft
2008-02-19 01:30 1,238,313 C:\WINDOWS\system32\ctvrmlxv.ini
2008-02-19 01:26 91,200 C:\WINDOWS\system32\vxlmrvtc.dll
2008-02-19 01:19 <DIR> C:\Program Files\grisoft
2008-02-18 21:13 93,248 C:\WINDOWS\system32\pvoevoul.dll
2008-02-18 21:11 74,304 C:\WINDOWS\system32\egygmygm.dll
2008-02-18 01:51 1,247,463 C:\WINDOWS\system32\utvnlmhx.ini
2008-02-17 07:33 97,344 C:\WINDOWS\system32\dqfravvu.dll
2008-02-17 07:32 87,616 C:\WINDOWS\system32\xhmlnvtu.dll
2008-02-17 07:31 74,304 C:\WINDOWS\system32\dgytudhu.dll
2008-02-17 07:29 1,247,163 C:\WINDOWS\system32\hpxmrdtb.ini
2008-02-16 03:02 91,712 C:\WINDOWS\system32\psfhjqct.dll
2008-02-16 03:01 74,304 C:\WINDOWS\system32\lqiwsibk.dll
2008-02-16 02:59 1,240,940 C:\WINDOWS\system32\yveonxmw.ini
2008-02-15 00:22 1,242,240 C:\WINDOWS\system32\jcnlttsd.ini
2008-02-15 00:19 73,280 C:\WINDOWS\system32\ucogalrv.dll
2008-02-14 10:04 91,200 C:\WINDOWS\system32\mddisikf.dll
2008-02-13 13:04 <DIR> C:\Program Files\full tilt poker
2008-02-13 12:16 1,235,050 C:\WINDOWS\system32\qkuuelov.ini
2008-02-13 00:23 86,080 C:\WINDOWS\system32\voleuukq.dll
2008-02-13 00:20 70,720 C:\WINDOWS\system32\rforoepv.dll
2008-02-13 00:17 93,248 C:\WINDOWS\system32\ujpogouu.dll
2008-02-12 00:16 86,080 C:\WINDOWS\system32\vsllxpur.dll
2008-02-12 00:16 1,222,839 C:\WINDOWS\system32\rupxllsv.ini
2008-02-12 00:15 93,248 C:\WINDOWS\system32\khxhjgjm.dll
2008-02-12 00:15 70,720 C:\WINDOWS\system32\irspficg.dll
2008-02-11 02:50 1,220,830 C:\WINDOWS\system32\hficevqe.ini
2008-02-11 02:48 1,220,770 C:\WINDOWS\system32\ivkxpwqu.ini
2008-02-11 02:47 70,720 C:\WINDOWS\system32\nsymbvoo.dll
2008-02-10 02:44 70,208 C:\WINDOWS\system32\pcrakoyr.dll
2008-02-10 02:41 93,760 C:\WINDOWS\system32\osrxwors.dll
2008-02-10 02:40 1,220,650 C:\WINDOWS\system32\loyyrpke.ini
2008-02-09 00:39 94,784 C:\WINDOWS\system32\hvpjbmmf.dll
2008-02-09 00:38 68,160 C:\WINDOWS\system32\rarknikc.dll
2008-02-08 13:36 474 C:\WINDOWS\system32\toyknimy.ini
2008-02-08 00:32 87,616 C:\WINDOWS\system32\yminkyot.dll
2008-02-08 00:29 69,184 C:\WINDOWS\system32\lgprukhn.dll
2008-02-08 00:26 95,808 C:\WINDOWS\system32\xitundsw.dll
2008-02-07 00:31 88,640 C:\WINDOWS\system32\tsdqpcil.dll
2008-02-07 00:31 1,199,933 C:\WINDOWS\system32\licpqdst.ini
2008-02-07 00:28 92,224 C:\WINDOWS\system32\ujkvifxt.dll
2008-02-07 00:25 68,672 C:\WINDOWS\system32\fefrndrk.dll
2008-02-06 00:09 90,688 C:\WINDOWS\system32\cuyodpnk.dll
2008-02-06 00:09 1,194,255 C:\WINDOWS\system32\knpdoyuc.ini
2008-02-06 00:06 70,208 C:\WINDOWS\system32\comwxlrq.dll
2008-02-06 00:03 94,272 C:\WINDOWS\system32\joqppdur.dll
2008-02-04 23:07 <DIR> C:\Documents and Settings\rshah\Application Data\adobeum
2008-02-04 23:00 88,128 C:\WINDOWS\system32\rdvyflwu.dll
2008-02-04 23:00 294 C:\WINDOWS\system32\uwlfyvdr.ini
2008-02-04 22:59 93,248 C:\WINDOWS\system32\pabtjtma.dll
2008-02-04 22:54 68,672 C:\WINDOWS\system32\eayhtivo.dll
2008-02-04 22:53 68,672 C:\WINDOWS\system32\hqthqjgl.dll
2008-01-30 20:42 92,736 C:\WINDOWS\system32\ettoquyt.dll
2008-01-30 19:49 88,640 C:\WINDOWS\system32\gatnqycq.dll
2008-01-30 19:49 1,180,927 C:\WINDOWS\system32\qcyqntag.ini
2008-01-30 19:46 78,912 C:\WINDOWS\system32\utisafmt.dll
2008-01-30 19:43 71,232 C:\WINDOWS\system32\ddnuxgim.dll
2008-01-30 19:40 74,304 C:\WINDOWS\system32\syuowfhx.exe
2008-01-29 19:48 88,640 C:\WINDOWS\system32\wichrohu.dll
2008-01-29 19:48 1,167,005 C:\WINDOWS\system32\uhorhciw.ini
2008-01-29 19:45 78,912 C:\WINDOWS\system32\udhhmuyr.dll
2008-01-29 19:42 71,232 C:\WINDOWS\system32\aqdmetew.dll
2008-01-29 19:40 74,304 C:\WINDOWS\system32\bnfjmffh.exe
2008-01-28 03:24 89,152 C:\WINDOWS\system32\eafafoaj.dll
2008-01-28 03:24 1,143,180 C:\WINDOWS\system32\jaofafae.ini
2008-01-28 03:21 74,304 C:\WINDOWS\system32\ybbvpfxu.exe
2008-01-28 03:18 78,912 C:\WINDOWS\system32\cfxxnaqh.dll
2008-01-28 03:15 70,720 C:\WINDOWS\system32\tarjpjxt.dll
2008-01-27 03:23 1,142,572 C:\WINDOWS\system32\cneltgir.ini
2008-01-27 03:22 89,152 C:\WINDOWS\system32\rigtlenc.dll
2008-01-27 03:19 78,912 C:\WINDOWS\system32\lbfqnrag.dll
2008-01-27 03:16 74,304 C:\WINDOWS\system32\hgjorvwh.exe
2008-01-27 03:14 68,160 C:\WINDOWS\system32\poxnucvh.dll
2008-01-26 02:14 87,104 C:\WINDOWS\system32\chepxpfi.dll
2008-01-26 02:14 1,142,572 C:\WINDOWS\system32\ifpxpehc.ini
2008-01-26 02:11 74,304 C:\WINDOWS\system32\agcypshf.exe
2008-01-26 02:08 70,720 C:\WINDOWS\system32\ahbbloor.dll
2008-01-26 02:06 81,472 C:\WINDOWS\system32\fhusxmgq.dll
2008-01-25 02:10 87,616 C:\WINDOWS\system32\uchvmxgj.dll
2008-01-25 02:10 294 C:\WINDOWS\system32\jgxmvhcu.ini
2008-01-25 01:59 74,304 C:\WINDOWS\system32\ctkrbtvn.exe
2008-01-25 01:56 72,768 C:\WINDOWS\system32\qleqpvpm.dll
2008-01-25 01:54 80,448 C:\WINDOWS\system32\gxfpfvyl.dll
2008-01-24 01:55 87,616 C:\WINDOWS\system32\wpwknqfg.dll
2008-01-24 01:55 74,304 C:\WINDOWS\system32\upxgowkf.exe
2008-01-24 01:55 1,117,442 C:\WINDOWS\system32\gfqnkwpw.ini
2008-01-24 01:52 80,960 C:\WINDOWS\system32\mcswluaa.dll
2008-01-24 01:52 68,672 C:\WINDOWS\system32\ohxytisc.dll
2008-01-23 02:01 1,109,005 C:\WINDOWS\system32\cjjerkxu.ini
2008-01-23 02:00 89,664 C:\WINDOWS\system32\uxkrejjc.dll
2008-01-23 01:57 70,720 C:\WINDOWS\system32\geghmdhk.dll
2008-01-23 01:54 77,376 C:\WINDOWS\system32\typrpaiw.dll
2008-01-23 01:52 74,304 C:\WINDOWS\system32\gddartxc.exe
2008-01-21 12:52 88,640 C:\WINDOWS\system32\arspntvm.dll
2008-01-21 12:52 1,087,251 C:\WINDOWS\system32\mvtnpsra.ini
2008-01-21 12:49 74,304 C:\WINDOWS\system32\mvfqpacu.exe
2008-01-21 12:49 70,208 C:\WINDOWS\system32\rmnadbrb.dll
2008-01-21 12:46 78,912 C:\WINDOWS\system32\ghfqnnkl.dll
2008-01-20 02:59 87,104 C:\WINDOWS\system32\fpubxhnw.dll
2008-01-20 02:59 1,073,292 C:\WINDOWS\system32\wnhxbupf.ini
2008-01-20 02:56 69,696 C:\WINDOWS\system32\srvyftdv.dll
2008-01-20 02:53 74,304 C:\WINDOWS\system32\mrksdbps.exe
2008-01-20 02:50 78,400 C:\WINDOWS\system32\glhusmia.dll
2008-01-19 02:57 1,073,292 C:\WINDOWS\system32\qcgwlktp.ini
2008-01-19 02:56 88,128 C:\WINDOWS\system32\ptklwgcq.dll
2008-01-19 02:53 81,984 C:\WINDOWS\system32\qcyuyktg.dll
2008-01-19 02:50 74,304 C:\WINDOWS\system32\gabdwrto.exe
2008-01-19 02:49 69,696 C:\WINDOWS\system32\xaxpgwft.dll
2008-01-18 02:15 86,592 C:\WINDOWS\system32\iyegmdmu.dll
2008-01-18 02:15 1,075,130 C:\WINDOWS\system32\umdmgeyi.ini
2008-01-18 02:09 70,208 C:\WINDOWS\system32\cytagust.dll
2008-01-18 02:06 77,376 C:\WINDOWS\system32\faxvvmet.dll
2008-01-18 02:03 74,304 C:\WINDOWS\system32\oakplgjb.exe
2008-01-17 02:09 1,063,937 C:\WINDOWS\system32\nwhgywuk.ini
2008-01-17 02:08 86,592 C:\WINDOWS\system32\kuwyghwn.dll
2008-01-17 02:06 76,864 C:\WINDOWS\system32\crbkkvdd.dll
2008-01-17 02:06 74,304 C:\WINDOWS\system32\vtuceugt.exe
2008-01-17 02:02 70,208 C:\WINDOWS\system32\yvremete.dll
2008-01-16 02:10 1,061,376 C:\WINDOWS\system32\prbvamov.ini
2008-01-16 02:09 89,152 C:\WINDOWS\system32\vomavbrp.dll
2008-01-16 02:05 70,208 C:\WINDOWS\system32\ihydrcki.dll
2008-01-16 02:02 74,304 C:\WINDOWS\system32\fgrrvxvm.exe
2008-01-16 02:00 79,936 C:\WINDOWS\system32\mhindqsu.dll
2008-01-16 01:59 74,304 C:\WINDOWS\system32\kcrcfxas.exe
2008-01-12 01:41 1,060,382 C:\WINDOWS\system32\atxdsmnb.ini
2008-01-12 01:40 90,176 C:\WINDOWS\system32\bnmsdxta.dll
2008-01-12 01:36 74,304 C:\WINDOWS\system32\cqvswwhv.exe
2008-01-12 01:33 76,864 C:\WINDOWS\system32\dwmbligu.dll
2008-01-12 01:31 70,208 C:\WINDOWS\system32\plvkkqxy.dll
2008-01-10 13:53 1,057,895 C:\WINDOWS\system32\ebmxvaxs.ini
2008-01-10 13:52 90,176 C:\WINDOWS\system32\sxavxmbe.dll
2008-01-10 13:46 74,304 C:\WINDOWS\system32\gwqnvste.exe
2008-01-10 13:43 79,424 C:\WINDOWS\system32\shdtakvj.dll
2008-01-09 13:52 1,049,449 C:\WINDOWS\system32\dkuykgfx.ini
2008-01-09 13:51 90,176 C:\WINDOWS\system32\xfgkyukd.dll
2008-01-09 13:45 79,936 C:\WINDOWS\system32\mvuhnows.dll
2008-01-09 13:42 74,304 C:\WINDOWS\system32\tiwsylpl.exe
2008-01-08 13:47 90,176 C:\WINDOWS\system32\tirjbuyp.dll
2008-01-08 13:47 1,054,842 C:\WINDOWS\system32\pyubjrit.ini
2008-01-08 13:44 77,888 C:\WINDOWS\system32\oldujdkw.dll
2008-01-08 13:42 74,304 C:\WINDOWS\system32\uqqaogql.exe
2008-01-06 13:06 90,176 C:\WINDOWS\system32\lbjjlgem.dll
2008-01-06 13:06 75,840 C:\WINDOWS\system32\tkwyrgbp.dll
2008-01-06 13:06 74,304 C:\WINDOWS\system32\aufjgfwg.exe
2008-01-06 13:06 1,043,800 C:\WINDOWS\system32\megljjbl.ini
2008-01-05 13:06 90,176 C:\WINDOWS\system32\lrxhcpai.dll
2008-01-05 13:06 1,043,800 C:\WINDOWS\system32\iapchxrl.ini
2008-01-05 13:03 78,912 C:\WINDOWS\system32\wwemmdpc.dll
2008-01-05 13:03 74,304 C:\WINDOWS\system32\sojerxgp.exe
2008-01-04 13:14 90,176 C:\WINDOWS\system32\gsbgfsag.dll
2008-01-04 13:14 1,043,800 C:\WINDOWS\system32\gasfgbsg.ini
2008-01-04 13:08 74,304 C:\WINDOWS\system32\xmkfifoh.exe
2008-01-04 13:05 79,424 C:\WINDOWS\system32\ytqwmkvk.dll
2008-01-04 01:55 <DIR> C:\Program Files\sop cast
2008-01-04 01:37 463,278 C:\WINDOWS\system32\perfstringbackup.ini
2008-01-03 12:05 90,176 C:\WINDOWS\system32\axdfahut.dll
2008-01-03 12:05 1,036,162 C:\WINDOWS\system32\tuhafdxa.ini
2008-01-03 12:03 78,912 C:\WINDOWS\system32\pxwcgjkr.dll
2008-01-03 12:03 74,304 C:\WINDOWS\system32\yogwvrge.exe
2008-01-02 02:46 <DIR> C:\Program Files\trend micro
2008-01-02 02:15 78,400 C:\WINDOWS\system32\rlgdmeef.dll
2008-01-02 02:12 90,176 C:\WINDOWS\system32\pjawreat.dll
2008-01-02 02:12 74,304 C:\WINDOWS\system32\rgagprlw.exe
2008-01-02 02:12 1,031,139 C:\WINDOWS\system32\taerwajp.ini
2008-01-01 02:15 77,376 C:\WINDOWS\system32\ifgedywh.dll
2008-01-01 02:12 90,176 C:\WINDOWS\system32\jeyhvdee.dll
2008-01-01 02:12 1,031,139 C:\WINDOWS\system32\eedvhyej.ini
2008-01-01 02:09 74,304 C:\WINDOWS\system32\wptlntcr.exe
2007-12-31 04:06 <DIR> C:\Program Files\common files
2007-12-31 03:24 <DIR> C:\Program Files\ub-vpn
2007-12-31 03:14 <DIR> C:\Program Files\quicktime
2007-12-31 03:00 <DIR> C:\Program Files\google
2007-12-31 02:56 <DIR> C:\Program Files\Common Files\symantec shared
2007-12-31 01:09 78,400 C:\WINDOWS\system32\ekukkuke.dll
2007-12-31 01:05 90,176 C:\WINDOWS\system32\avifgtwi.dll
2007-12-31 01:05 1,031,139 C:\WINDOWS\system32\iwtgfiva.ini
2007-12-31 01:03 74,304 C:\WINDOWS\system32\rvlcscus.exe
2007-12-30 06:11 <DIR> C:\Program Files\?ecurity (ecurit~1)
2007-12-30 05:46 <DIR> C:\Program Files\Common Files\system
2007-12-30 04:45 708 C:\WINDOWS\win.ini
2007-12-29 22:32 78,912 C:\WINDOWS\system32\tpsvwhnw.dll
2007-12-29 22:29 90,176 C:\WINDOWS\system32\tunmtqsm.dll
2007-12-29 22:29 1,031,139 C:\WINDOWS\system32\msqtmnut.ini
2007-12-29 22:26 74,304 C:\WINDOWS\system32\bqhalgcm.exe
2007-12-29 02:00 1,031,139 C:\WINDOWS\system32\oxltvfjn.ini
2007-12-29 01:59 90,176 C:\WINDOWS\system32\njfvtlxo.dll
2007-12-29 01:56 78,912 C:\WINDOWS\system32\olobcnug.dll
2007-12-29 01:52 74,304 C:\WINDOWS\system32\ixyikncn.exe
2007-12-29 01:52 48,768 C:\WINDOWS\system32\s32evnt1.dll
2007-12-29 01:52 110,952 C:\WINDOWS\system32\drivers\symevent.sys
2007-12-29 01:52 <DIR> C:\Program Files\symantec
2007-12-29 01:48 <DIR> C:\Program Files\Common Files\microsoft shared
2007-12-28 01:55 1,031,139 C:\WINDOWS\system32\xpvejfuw.ini
2007-12-28 01:54 90,176 C:\WINDOWS\system32\wufjevpx.dll
2007-12-28 01:51 77,888 C:\WINDOWS\system32\wdxisrfl.dll
2007-12-28 01:51 74,304 C:\WINDOWS\system32\yglicufj.exe
2007-12-26 22:16 80,448 C:\WINDOWS\system32\jxmiiqnh.dll
2007-12-26 22:11 1,027,522 C:\WINDOWS\system32\xhcudlla.ini
2007-12-26 22:10 90,176 C:\WINDOWS\system32\allduchx.dll
2007-12-26 22:07 74,304 C:\WINDOWS\system32\fpymrfsn.exe
2007-12-26 22:06 74,304 C:\WINDOWS\system32\pigcpdjr.exe
2007-12-22 13:43 <DIR> C:\Program Files\installshield installation information
2007-12-22 13:40 990,630 C:\WINDOWS\system32\ykywadrd.ini
2007-12-22 13:39 87,104 C:\WINDOWS\system32\drdawyky.dll
2007-12-22 13:37 78,400 C:\WINDOWS\system32\llbwiaqd.dll
2007-12-22 13:34 74,304 C:\WINDOWS\system32\tglpfxnt.exe
2007-12-21 04:09 <DIR> C:\Program Files\Common Files\{640cd74a-063a-1033-0518-0518050001}
2007-12-21 04:09 <DIR> C:\Program Files\Common Files\{340cd74a-063a-1033-0518-0518050001}
2007-12-21 02:42 85,568 C:\WINDOWS\system32\uaqmtknh.dll
2007-12-21 02:40 80,448 C:\WINDOWS\system32\oqtqemvr.dll
2007-12-21 02:40 74,304 C:\WINDOWS\system32\oywnmxmt.exe
2007-12-20 02:49 990,033 C:\WINDOWS\system32\vcigbfop.ini
2007-12-20 02:48 85,568 C:\WINDOWS\system32\pofbgicv.dll
2007-12-20 02:45 80,448 C:\WINDOWS\system32\jnmeurvx.dll
2007-12-20 02:39 74,304 C:\WINDOWS\system32\pvbfprgs.exe
2007-12-19 04:20 985,992 C:\WINDOWS\system32\qrbtehhl.ini
2007-12-19 02:44 85,568 C:\WINDOWS\system32\lhhetbrq.dll
2007-12-19 02:41 80,448 C:\WINDOWS\system32\uluapjdg.dll
2007-12-18 12:53 <DIR> C:\Program Files\windows nt
2007-12-18 12:53 <DIR> C:\Program Files\winable
2007-12-18 12:53 <DIR> C:\Program Files\temporary
2007-12-18 11:07 981,448 C:\WINDOWS\system32\gahetapn.ini
2007-12-18 11:07 85,568 C:\WINDOWS\system32\npatehag.dll
2007-12-18 11:04 80,448 C:\WINDOWS\system32\nscwrvpp.dll
2007-12-18 05:51 179,584 C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-17 04:27 324,608 C:\WINDOWS\system32\wvwxv.dll
2007-12-16 02:30 <DIR> C:\Program Files\qdrmodule
2007-12-16 02:30 <DIR> C:\Program Files\qdrdrive
2007-12-16 02:30 <DIR> C:\Program Files\ism
2007-12-14 14:03 42 C:\WINDOWS\ib.ini
2007-12-04 14:38 550,912 C:\WINDOWS\system32\oleaut32.dll
2007-12-01 08:17 <DIR> C:\Documents and Settings\rshah\Application Data\u3
2007-11-18 02:38 <DIR> C:\Documents and Settings\rshah\Application Data\microsoft
2007-11-18 02:34 <DIR> C:\Program Files\virtual earth 3d
2007-11-13 07:31 60,416 C:\WINDOWS\system32\tzchange.exe
2007-11-13 06:25 20,480 C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 05:26 721,920 C:\WINDOWS\system32\lsasrv.dll
2007-10-29 18:43 1,287,680 C:\WINDOWS\system32\quartz.dll
2007-10-27 18:39 230,912 C:\WINDOWS\system32\wmasf.dll
2007-10-27 18:37 2,109,440 C:\WINDOWS\system32\wmvcore.dll
2007-10-25 23:36 8,454,656 C:\WINDOWS\system32\shell32.dll
2007-10-25 10:22 61,136 C:\WINDOWS\system32\xinput9_1_0.dll
2007-10-25 10:22 2,332,368 C:\WINDOWS\system32\d3dx9_29.dll


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2008-03-09 04:14 388,608 C:\WINDOWS\system32\CF13092.exe
2008-03-09 04:13 388,608 C:\WINDOWS\system32\CF12964.exe
2008-03-09 02:13 92,224 C:\WINDOWS\system32\grbspvff.dll
2008-03-09 02:10 88,640 C:\WINDOWS\system32\qjoecdsv.dll
2008-03-09 02:10 87,104 C:\WINDOWS\system32\ahaqmepc.dll
2008-03-09 02:10 1,307,621 C:\WINDOWS\system32\cpemqaha.ini
2008-03-08 02:14 1,307,561 C:\WINDOWS\system32\pwovwyjo.ini
2008-03-08 02:10 90,688 C:\WINDOWS\system32\mtbsjiro.dll
2008-03-08 02:07 88,640 C:\WINDOWS\system32\oteugtyf.dll
2008-03-07 02:12 96,320 C:\WINDOWS\system32\tdxjgpuo.dll
2008-03-07 02:09 91,200 C:\WINDOWS\system32\futxpgvj.dll
2008-03-07 02:09 1,308,088 C:\WINDOWS\system32\jvgpxtuf.ini
2008-03-07 02:06 92,736 C:\WINDOWS\system32\dsgbbrki.dll
2008-03-05 10:53 94,784 C:\WINDOWS\system32\vkxxraoj.dll
2008-03-05 10:50 89,664 C:\WINDOWS\system32\ugyfndbb.dll
2008-03-05 10:50 1,309,551 C:\WINDOWS\system32\bbdnfygu.ini
2008-03-05 10:48 91,712 C:\WINDOWS\system32\qxjtyidj.dll
2008-03-04 04:24 635 C:\kMXwAg.exe
2008-03-04 03:36 1,302,083 C:\WINDOWS\system32\dlsgapdk.ini
2008-03-04 03:33 95,296 C:\WINDOWS\system32\sqmagful.dll
2008-03-04 03:30 91,712 C:\WINDOWS\system32\qpomhsmm.dll
2008-03-03 02:54 1,286,141 C:\WINDOWS\system32\yovgycuu.ini
2008-03-03 02:51 89,664 C:\WINDOWS\system32\twadebqv.dll
2008-03-03 02:48 91,712 C:\WINDOWS\system32\afqyxavr.dll
2008-03-03 02:35 518,508,544 C:\hiberfil.sys
2008-03-02 02:50 85,568 C:\WINDOWS\system32\rsnfodxp.dll
2008-03-02 02:50 1,286,021 C:\WINDOWS\system32\pxdofnsr.ini
2008-03-02 02:46 89,664 C:\WINDOWS\system32\llumgxus.dll
2008-03-02 02:45 91,712 C:\WINDOWS\system32\ylcjmyuq.dll
2008-02-27 02:57 89,152 C:\WINDOWS\system32\ikmtarpv.dll
2008-02-27 02:54 91,712 C:\WINDOWS\system32\bkmakjfn.dll
2008-02-25 01:44 90,176 C:\WINDOWS\system32\wcyiamqv.dll
2008-02-25 01:42 1,253,714 C:\WINDOWS\system32\qhnjwmku.ini
2008-02-25 01:41 86,592 C:\WINDOWS\system32\ukmwjnhq.dll
2008-02-25 01:38 91,712 C:\WINDOWS\system32\pcpvhapl.dll
2008-02-24 01:36 91,712 C:\WINDOWS\system32\exiayoes.dll
2008-02-24 01:36 89,152 C:\WINDOWS\system32\uqspjvtx.dll
2008-02-22 09:41 91,712 C:\WINDOWS\system32\fkhfoilb.dll
2008-02-22 09:38 89,664 C:\WINDOWS\system32\fbkdisuc.dll
2008-02-22 09:38 1,253,986 C:\WINDOWS\system32\cusidkbf.ini
2008-02-22 09:35 91,712 C:\WINDOWS\system32\ohdcghlr.dll
2008-02-22 09:32 91,712 C:\WINDOWS\system32\tbifkaiq.dll
2008-02-21 00:06 94,784 C:\WINDOWS\system32\amluyqgn.dll
2008-02-21 00:04 1,244,504 C:\WINDOWS\system32\ielmtuos.ini
2008-02-21 00:03 87,616 C:\WINDOWS\system32\soutmlei.dll
2008-02-21 00:01 91,712 C:\WINDOWS\system32\luyooxak.dll
2008-02-19 23:08 89,152 C:\WINDOWS\system32\hifkxxds.dll
2008-02-19 23:05 88,128 C:\WINDOWS\system32\bvqfsrdf.dll
2008-02-19 23:05 1,237,291 C:\WINDOWS\system32\fdrsfqvb.ini
2008-02-19 23:02 74,304 C:\WINDOWS\system32\jpudfnux.dll
2008-02-19 01:58 2,684 C:\WINDOWS\system32\tmp.reg
2008-02-19 01:27 1,238,313 C:\WINDOWS\system32\ctvrmlxv.ini
2008-02-19 01:26 91,200 C:\WINDOWS\system32\vxlmrvtc.dll
2008-02-18 21:13 93,248 C:\WINDOWS\system32\pvoevoul.dll
2008-02-18 21:11 74,304 C:\WINDOWS\system32\egygmygm.dll
2008-02-17 07:33 97,344 C:\WINDOWS\system32\dqfravvu.dll
2008-02-17 07:32 87,616 C:\WINDOWS\system32\xhmlnvtu.dll
2008-02-17 07:32 1,247,463 C:\WINDOWS\system32\utvnlmhx.ini
2008-02-17 07:31 74,304 C:\WINDOWS\system32\dgytudhu.dll
2008-02-16 03:05 1,247,163 C:\WINDOWS\system32\hpxmrdtb.ini
2008-02-16 03:02 91,712 C:\WINDOWS\system32\psfhjqct.dll
2008-02-16 03:00 74,304 C:\WINDOWS\system32\lqiwsibk.dll
2008-02-15 00:22 1,240,940 C:\WINDOWS\system32\yveonxmw.ini
2008-02-15 00:18 73,280 C:\WINDOWS\system32\ucogalrv.dll
2008-02-14 10:04 1,242,240 C:\WINDOWS\system32\jcnlttsd.ini
2008-02-14 10:03 91,200 C:\WINDOWS\system32\mddisikf.dll
2008-02-13 00:23 86,080 C:\WINDOWS\system32\voleuukq.dll
2008-02-13 00:23 1,235,050 C:\WINDOWS\system32\qkuuelov.ini
2008-02-13 00:20 70,720 C:\WINDOWS\system32\rforoepv.dll
2008-02-13 00:17 93,248 C:\WINDOWS\system32\ujpogouu.dll
2008-02-12 00:16 86,080 C:\WINDOWS\system32\vsllxpur.dll
2008-02-12 00:16 1,222,839 C:\WINDOWS\system32\rupxllsv.ini
2008-02-12 00:15 93,248 C:\WINDOWS\system32\khxhjgjm.dll
2008-02-12 00:15 70,720 C:\WINDOWS\system32\irspficg.dll
2008-02-11 02:50 1,220,830 C:\WINDOWS\system32\hficevqe.ini
2008-02-11 02:47 70,720 C:\WINDOWS\system32\nsymbvoo.dll
2008-02-10 02:48 1,220,770 C:\WINDOWS\system32\ivkxpwqu.ini
2008-02-10 02:44 70,208 C:\WINDOWS\system32\pcrakoyr.dll
2008-02-10 02:41 93,760 C:\WINDOWS\system32\osrxwors.dll
2008-02-09 00:42 1,220,650 C:\WINDOWS\system32\loyyrpke.ini
2008-02-09 00:39 94,784 C:\WINDOWS\system32\hvpjbmmf.dll
2008-02-09 00:38 68,160 C:\WINDOWS\system32\rarknikc.dll
2008-02-08 00:32 87,616 C:\WINDOWS\system32\yminkyot.dll
2008-02-08 00:32 474 C:\WINDOWS\system32\toyknimy.ini
2008-02-08 00:29 69,184 C:\WINDOWS\system32\lgprukhn.dll
2008-02-08 00:26 95,808 C:\WINDOWS\system32\xitundsw.dll
2008-02-07 00:31 88,640 C:\WINDOWS\system32\tsdqpcil.dll
2008-02-07 00:31 1,199,933 C:\WINDOWS\system32\licpqdst.ini
2008-02-07 00:28 92,224 C:\WINDOWS\system32\ujkvifxt.dll
2008-02-07 00:25 68,672 C:\WINDOWS\system32\fefrndrk.dll
2008-02-06 00:09 90,688 C:\WINDOWS\system32\cuyodpnk.dll
2008-02-06 00:09 1,194,255 C:\WINDOWS\system32\knpdoyuc.ini
2008-02-06 00:06 70,208 C:\WINDOWS\system32\comwxlrq.dll
2008-02-06 00:03 94,272 C:\WINDOWS\system32\joqppdur.dll
2008-02-04 23:00 88,128 C:\WINDOWS\system32\rdvyflwu.dll
2008-02-04 23:00 294 C:\WINDOWS\system32\uwlfyvdr.ini
2008-02-04 22:59 93,248 C:\WINDOWS\system32\pabtjtma.dll
2008-02-04 22:54 68,672 C:\WINDOWS\system32\eayhtivo.dll
2008-02-04 22:53 68,672 C:\WINDOWS\system32\hqthqjgl.dll
2008-01-30 20:42 92,736 C:\WINDOWS\system32\ettoquyt.dll
2008-01-30 19:49 88,640 C:\WINDOWS\system32\gatnqycq.dll
2008-01-30 19:49 1,180,927 C:\WINDOWS\system32\qcyqntag.ini
2008-01-30 19:46 78,912 C:\WINDOWS\system32\utisafmt.dll
2008-01-30 19:43 71,232 C:\WINDOWS\system32\ddnuxgim.dll
2008-01-30 19:40 74,304 C:\WINDOWS\system32\syuowfhx.exe
2008-01-29 19:48 88,640 C:\WINDOWS\system32\wichrohu.dll
2008-01-29 19:48 1,167,005 C:\WINDOWS\system32\uhorhciw.ini
2008-01-29 19:45 78,912 C:\WINDOWS\system32\udhhmuyr.dll
2008-01-29 19:42 71,232 C:\WINDOWS\system32\aqdmetew.dll
2008-01-29 19:40 74,304 C:\WINDOWS\system32\bnfjmffh.exe
2008-01-28 03:24 89,152 C:\WINDOWS\system32\eafafoaj.dll
2008-01-28 03:24 1,143,180 C:\WINDOWS\system32\jaofafae.ini
2008-01-28 03:21 74,304 C:\WINDOWS\system32\ybbvpfxu.exe
2008-01-28 03:18 78,912 C:\WINDOWS\system32\cfxxnaqh.dll
2008-01-28 03:15 70,720 C:\WINDOWS\system32\tarjpjxt.dll
2008-01-27 03:23 1,142,572 C:\WINDOWS\system32\cneltgir.ini
2008-01-27 03:22 89,152 C:\WINDOWS\system32\rigtlenc.dll
2008-01-27 03:19 78,912 C:\WINDOWS\system32\lbfqnrag.dll
2008-01-27 03:16 74,304 C:\WINDOWS\system32\hgjorvwh.exe
2008-01-27 03:14 68,160 C:\WINDOWS\system32\poxnucvh.dll
2008-01-26 02:14 87,104 C:\WINDOWS\system32\chepxpfi.dll
2008-01-26 02:14 1,142,572 C:\WINDOWS\system32\ifpxpehc.ini
2008-01-26 02:11 74,304 C:\WINDOWS\system32\agcypshf.exe
2008-01-26 02:08 70,720 C:\WINDOWS\system32\ahbbloor.dll
2008-01-26 02:05 81,472 C:\WINDOWS\system32\fhusxmgq.dll
2008-01-25 02:10 87,616 C:\WINDOWS\system32\uchvmxgj.dll
2008-01-25 02:10 294 C:\WINDOWS\system32\jgxmvhcu.ini
2008-01-25 01:59 74,304 C:\WINDOWS\system32\ctkrbtvn.exe
2008-01-25 01:56 72,768 C:\WINDOWS\system32\qleqpvpm.dll
2008-01-25 01:53 80,448 C:\WINDOWS\system32\gxfpfvyl.dll
2008-01-24 01:55 87,616 C:\WINDOWS\system32\wpwknqfg.dll
2008-01-24 01:55 74,304 C:\WINDOWS\system32\upxgowkf.exe
2008-01-24 01:55 1,117,442 C:\WINDOWS\system32\gfqnkwpw.ini
2008-01-24 01:52 80,960 C:\WINDOWS\system32\mcswluaa.dll
2008-01-24 01:52 68,672 C:\WINDOWS\system32\ohxytisc.dll
2008-01-23 02:01 1,109,005 C:\WINDOWS\system32\cjjerkxu.ini
2008-01-23 02:00 89,664 C:\WINDOWS\system32\uxkrejjc.dll
2008-01-23 01:57 70,720 C:\WINDOWS\system32\geghmdhk.dll
2008-01-23 01:54 77,376 C:\WINDOWS\system32\typrpaiw.dll
2008-01-23 01:52 74,304 C:\WINDOWS\system32\gddartxc.exe
2008-01-21 12:52 88,640 C:\WINDOWS\system32\arspntvm.dll
2008-01-21 12:52 1,087,251 C:\WINDOWS\system32\mvtnpsra.ini
2008-01-21 12:49 74,304 C:\WINDOWS\system32\mvfqpacu.exe
2008-01-21 12:49 70,208 C:\WINDOWS\system32\rmnadbrb.dll
2008-01-21 12:46 78,912 C:\WINDOWS\system32\ghfqnnkl.dll
2008-01-20 02:59 87,104 C:\WINDOWS\system32\fpubxhnw.dll
2008-01-20 02:59 1,073,292 C:\WINDOWS\system32\wnhxbupf.ini
2008-01-20 02:56 69,696 C:\WINDOWS\system32\srvyftdv.dll
2008-01-20 02:53 74,304 C:\WINDOWS\system32\mrksdbps.exe
2008-01-20 02:50 78,400 C:\WINDOWS\system32\glhusmia.dll
2008-01-19 02:57 1,073,292 C:\WINDOWS\system32\qcgwlktp.ini
2008-01-19 02:56 88,128 C:\WINDOWS\system32\ptklwgcq.dll
2008-01-19 02:53 81,984 C:\WINDOWS\system32\qcyuyktg.dll
2008-01-19 02:50 74,304 C:\WINDOWS\system32\gabdwrto.exe
2008-01-19 02:49 69,696 C:\WINDOWS\system32\xaxpgwft.dll
2008-01-18 02:15 86,592 C:\WINDOWS\system32\iyegmdmu.dll
2008-01-18 02:15 1,075,130 C:\WINDOWS\system32\umdmgeyi.ini
2008-01-18 02:09 70,208 C:\WINDOWS\system32\cytagust.dll
2008-01-18 02:06 77,376 C:\WINDOWS\system32\faxvvmet.dll
2008-01-18 02:03 74,304 C:\WINDOWS\system32\oakplgjb.exe
2008-01-17 02:08 86,592 C:\WINDOWS\system32\kuwyghwn.dll
2008-01-17 02:08 1,063,937 C:\WINDOWS\system32\nwhgywuk.ini
2008-01-17 02:06 74,304 C:\WINDOWS\system32\vtuceugt.exe
2008-01-17 02:03 76,864 C:\WINDOWS\system32\crbkkvdd.dll
2008-01-17 02:02 70,208 C:\WINDOWS\system32\yvremete.dll
2008-01-16 02:10 1,061,376 C:\WINDOWS\system32\prbvamov.ini
2008-01-16 02:08 89,152 C:\WINDOWS\system32\vomavbrp.dll
2008-01-16 02:05 70,208 C:\WINDOWS\system32\ihydrcki.dll
2008-01-16 02:02 74,304 C:\WINDOWS\system32\fgrrvxvm.exe
2008-01-16 02:00 79,936 C:\WINDOWS\system32\mhindqsu.dll
2008-01-16 01:59 74,304 C:\WINDOWS\system32\kcrcfxas.exe
2008-01-12 01:40 90,176 C:\WINDOWS\system32\bnmsdxta.dll
2008-01-12 01:40 1,060,382 C:\WINDOWS\system32\atxdsmnb.ini
2008-01-12 01:36 74,304 C:\WINDOWS\system32\cqvswwhv.exe
2008-01-12 01:33 76,864 C:\WINDOWS\system32\dwmbligu.dll
2008-01-12 01:31 70,208 C:\WINDOWS\system32\plvkkqxy.dll
2008-01-12 01:31 22 C:\WINDOWS\pskt.ini
2008-01-10 13:53 1,057,895 C:\WINDOWS\system32\ebmxvaxs.ini
2008-01-10 13:52 90,176 C:\WINDOWS\system32\sxavxmbe.dll
2008-01-10 13:46 74,304 C:\WINDOWS\system32\gwqnvste.exe
2008-01-10 13:43 79,424 C:\WINDOWS\system32\shdtakvj.dll
2008-01-09 13:52 1,049,449 C:\WINDOWS\system32\dkuykgfx.ini
2008-01-09 13:51 90,176 C:\WINDOWS\system32\xfgkyukd.dll
2008-01-09 13:45 79,936 C:\WINDOWS\system32\mvuhnows.dll
2008-01-09 13:42 74,304 C:\WINDOWS\system32\tiwsylpl.exe
2008-01-08 13:47 90,176 C:\WINDOWS\system32\tirjbuyp.dll
2008-01-08 13:47 1,054,842 C:\WINDOWS\system32\pyubjrit.ini
2008-01-08 13:44 77,888 C:\WINDOWS\system32\oldujdkw.dll
2008-01-08 13:41 74,304 C:\WINDOWS\system32\uqqaogql.exe
2008-01-06 13:06 90,176 C:\WINDOWS\system32\lbjjlgem.dll
2008-01-06 13:06 75,840 C:\WINDOWS\system32\tkwyrgbp.dll
2008-01-06 13:06 74,304 C:\WINDOWS\system32\aufjgfwg.exe
2008-01-06 13:06 1,043,800 C:\WINDOWS\system32\megljjbl.ini
2008-01-05 13:06 90,176 C:\WINDOWS\system32\lrxhcpai.dll
2008-01-05 13:06 1,043,800 C:\WINDOWS\system32\iapchxrl.ini
2008-01-05 13:03 78,912 C:\WINDOWS\system32\wwemmdpc.dll
2008-01-05 13:03 74,304 C:\WINDOWS\system32\sojerxgp.exe
2008-01-04 13:14 90,176 C:\WINDOWS\system32\gsbgfsag.dll
2008-01-04 13:14 1,043,800 C:\WINDOWS\system32\gasfgbsg.ini
2008-01-04 13:08 74,304 C:\WINDOWS\system32\xmkfifoh.exe
2008-01-04 13:05 79,424 C:\WINDOWS\system32\ytqwmkvk.dll
2008-01-03 12:05 90,176 C:\WINDOWS\system32\axdfahut.dll
2008-01-03 12:05 1,036,162 C:\WINDOWS\system32\tuhafdxa.ini
2008-01-03 12:03 74,304 C:\WINDOWS\system32\yogwvrge.exe
2008-01-03 12:02 78,912 C:\WINDOWS\system32\pxwcgjkr.dll
2008-01-02 02:15 78,400 C:\WINDOWS\system32\rlgdmeef.dll
2008-01-02 02:12 90,176 C:\WINDOWS\system32\pjawreat.dll
2008-01-02 02:12 74,304 C:\WINDOWS\system32\rgagprlw.exe
2008-01-02 02:12 1,031,139 C:\WINDOWS\system32\taerwajp.ini
2008-01-01 02:15 77,376 C:\WINDOWS\system32\ifgedywh.dll
2008-01-01 02:12 90,176 C:\WINDOWS\system32\jeyhvdee.dll
2008-01-01 02:12 1,031,139 C:\WINDOWS\system32\eedvhyej.ini
2008-01-01 02:09 74,304 C:\WINDOWS\system32\wptlntcr.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
@=""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{640CD74A-063A-1033-0518-0518050001}"="\"C:\\Program Files\\Common Files\\{640CD74A-063A-1033-0518-0518050001}\\Update.exe\" te-110-12-0000213"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (JAC215-SHAHLPTP-test).job

Completion time: Sun 03/09/2008 4:16:18.47
ComboFix ver 06.07.22 - This logfile is located at C:\ComboFix.txt

ComboFix.txt
ComboFix2.txt
ComboFix3.txt

-------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:31 AM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\UB-VPN\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\CoPilot\Navigator9\App\Spot2741.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
O3 - Toolbar: &Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.6-1415540505.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [{640CD74A-063A-1033-0518-0518050001}] "C:\Program Files\Common Files\{640CD74A-063A-1033-0518-0518050001}\Update.exe" te-110-12-0000213
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: University at Buffalo VPN Client.lnk = C:\Program Files\UB-VPN\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Note&book) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.6-1415540505.dll/gn_menu1.html
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.6-1415540505.dll/gn_menu2.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = itorg.ad.buffalo.edu
O17 - HKLM\Software\..\Telephony: DomainName = itorg.ad.buffalo.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{22AEECEB-D3B9-4B53-838B-045D81A7249E}: NameServer = 202.88.149.6,202.88.149.25
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = itorg.ad.buffalo.edu
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UB-VPN\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ulftnxnu.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spot GPS Maxim (SpotGPSMaxim) - Koninklijke Philips Electronics N.V. - C:\Program Files\CoPilot\Navigator9\App\Spot2741.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 9213 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:56 AM

Posted 09 March 2008 - 01:06 PM

Hello,

You're welcome, but why did you run ComboFix 3 times??? :blink: I needed to see the original log to know what what was removed and what remains. Please only do as I ask. :thumbsup:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 karmageek

karmageek
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 13 March 2008 - 12:18 AM

hi tea,

here is my HJT and sdfix report. thanks again


===================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:22 AM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\UB-VPN\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\CoPilot\Navigator9\App\Spot2741.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\rshah\Desktop\HiJackThis(2).exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {9B15D6B7-D993-43D4-80D8-662C1ED2F29C} - C:\WINDOWS\system32\wvwxv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\ssqqqon.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
O3 - Toolbar: &Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.6-1415540505.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: University at Buffalo VPN Client.lnk = C:\Program Files\UB-VPN\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Note&book) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.6-1415540505.dll/gn_menu1.html
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.6-1415540505.dll/gn_menu2.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = itorg.ad.buffalo.edu
O17 - HKLM\Software\..\Telephony: DomainName = itorg.ad.buffalo.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{22AEECEB-D3B9-4B53-838B-045D81A7249E}: NameServer = 202.88.149.6,202.88.149.25
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = itorg.ad.buffalo.edu
O20 - Winlogon Notify: ssqqqon - ssqqqon.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UB-VPN\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ulftnxnu.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spot GPS Maxim (SpotGPSMaxim) - Koninklijke Philips Electronics N.V. - C:\Program Files\CoPilot\Navigator9\App\Spot2741.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 9375 bytes


================================


Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\ntos.exe - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted



Folder C:\Program Files\QdrDrive - Removed
Folder C:\Program Files\QdrModule - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\WinAble - Removed
Folder C:\WINDOWS\system32\wsnpoem - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 02:08:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a54dad9]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a54dad9]

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\achtwota.exe"="C:\\WINDOWS\\system32\\ach"
"C:\\WINDOWS\\system32\\ulftnxnu.exe"="C:\\WINDOWS\\system32\\ulf"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 7 Dec 2005 4,126,240 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 13 Feb 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\rshah\Application Data\U3\temp\Launchpad Removal.exe"
Tue 8 Oct 2002 24,064 A..H. --- "C:\Documents and Settings\rshah\My Documents\For backup_earlier moves\NCC553- 2003\Nba553\class\~WRL3210.tmp"
Sat 6 Aug 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Sat 6 Aug 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Sat 6 Aug 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Wed 24 Aug 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:56 AM

Posted 13 March 2008 - 12:33 AM

Hello,

You're welcome. :thumbsup:

Please be sure your AVG is fully updated, then :

please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {9B15D6B7-D993-43D4-80D8-662C1ED2F29C} - C:\WINDOWS\system32\wvwxv.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\ssqqqon.dll (file missing)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - Winlogon Notify: ssqqqon - ssqqqon.dll (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ulftnxnu.exe (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Then please run a scan with AVG Anti-Spyware:

IMPORTANT: Do NOT open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process.
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab. Click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
    • If you have any infections you will prompted, then select the "Apply all actions" button, AVG Anti-Spyware will then display "All actions have been applied" on the right hand side.
    • Next select the "Save Report" button at the bottom.
    • Then select the "Save report as" button in the lower left hand corner of the screen and save it as a text file on your system (make sure to remember where you saved that file, this is important!).
  • Close AVG Anti-Spyware and reboot your system normally into Windows. Please post the contents of the AVG Anti-Spyware report in your next reply, along with a new HijackThis log.
How is it running now?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users