Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Abebot Virus And Trojandownloader.xs Popups


  • This topic is locked This topic is locked
5 replies to this topic

#1 papa carrie

papa carrie

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 04 April 2008 - 10:54 PM

I receive 2 security control panel warnings, one for ABEBOT virus in C:\WINDOWS\WML.EXE,
and the other for TROJANDOWNLOADER.XS, which leads me to site: <hxxp://antispyware.reviews.biz/?wmid=46638...bmid=R3n1c2Bg8A>
asking for a purchase of the full version of the pc-antispyware software to remove the infections.
Both applications seem to be driven by LKHKTERA.EXE process.

O4 - HKCU\..\Run: [kyhihrsm] C:\WINDOWS\system32\lkhktera.exe

Please view the attached hijackthis log and advice.

Thanks.

Attached Files


Edited by Orange Blossom, 11 February 2013 - 01:06 AM.
Deactivated link. ~ OB


BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:41 AM

Posted 05 April 2008 - 06:04 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 papa carrie

papa carrie
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 05 April 2008 - 11:11 PM

Hi Sam:
I ran the combofix as you suggested and uploaded the logfile.

Attached Files



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:41 AM

Posted 06 April 2008 - 06:15 PM

Going forward please do not attach your log files, but rather paste the text directly into your reply.
It makes it much easier to review if it's right there in the thread.

ComboFix 08-04-04.1 - osei mensah 2008-04-05 23:42:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.480 [GMT -4:00]
Running from: C:\Documents and Settings\osei mensah\Desktop\ComboFix.exe
* Created a new restore point
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
C:\Documents and Settings\All Users\Application Data\Starware316
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\U006E1DC2.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\allofus\Application Data\macromedia\Flash Player\#SharedObjects\63SHBX29\www.broadcaster.com
C:\Documents and Settings\allofus\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\allofus\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\allofus\Application Data\ShoppingReport
C:\Documents and Settings\allofus\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\allofus\Application Data\Starware316
C:\Documents and Settings\allofus\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\allofus\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\allofus\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\Layouts\PitchLayout.xml
C:\Documents and Settings\allofus\Application Data\Starware316\Layouts\PitchLayout.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\allofus\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\allofus\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\allofus\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\allofus\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\allofus\Desktopblackbird.jpg
C:\Documents and Settings\allofus\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\allofus\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\allofus\Desktopfilemanagerclient.exe
C:\Documents and Settings\allofus\Desktopfkwp1.5.exe
C:\Documents and Settings\allofus\Desktopfkwp2.0.exe
C:\Documents and Settings\allofus\Desktopfwebd.exe
C:\Documents and Settings\allofus\DesktopFWebdEditor.exe
C:\Documents and Settings\allofus\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\allofus\Desktopvirii
C:\Documents and Settings\allofus\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\hp_tech\Application Data\Starware316
C:\Documents and Settings\hp_tech\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\Layouts\WeatherLayout.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\Layouts\WeatherLayout.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\hp_tech\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\hp_tech\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\osei mensah\Application Data\ShoppingReport
C:\Documents and Settings\osei mensah\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\osei mensah\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\osei mensah\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\osei mensah\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\osei mensah\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\osei mensah\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\osei mensah\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\osei mensah\Application Data\Starware316
C:\Documents and Settings\osei mensah\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\osei mensah\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\osei mensah\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\osei mensah\Desktopblackbird.jpg
C:\Documents and Settings\osei mensah\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\osei mensah\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\osei mensah\Desktopfilemanagerclient.exe
C:\Documents and Settings\osei mensah\Desktopfkwp1.5.exe
C:\Documents and Settings\osei mensah\Desktopfkwp2.0.exe
C:\Documents and Settings\osei mensah\Desktopfwebd.exe
C:\Documents and Settings\osei mensah\DesktopFWebdEditor.exe
C:\Documents and Settings\osei mensah\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\osei mensah\Desktopvirii
C:\Documents and Settings\osei mensah\Start Menu\Programs\Startup\.protected
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\Starware316
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1194483279.old
C:\Program Files\WinBudget\bin\matrix.dat
C:\Program Files\WinBudget\bin\matrix.dll.1192241393.old
C:\WINDOWS\.protected
C:\WINDOWS\bobsaver.exe
C:\WINDOWS\bobsaver.scr
C:\WINDOWS\dwltqnmx.exe
C:\WINDOWS\fkdnrwsv.dll
C:\WINDOWS\mslagent
C:\WINDOWS\sxfnewqb.dll
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-04 21:10 . 2008-04-04 21:48 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-04 21:08 . 2008-04-04 21:12 60,566 --a------ C:\WINDOWS\hpwins03.dat
2008-04-04 21:08 . 2005-07-22 22:53 1,238 --------- C:\WINDOWS\hpwmdl03.dat
2008-04-04 19:50 . 2008-04-04 19:50 <DIR> d-------- C:\Documents and Settings\osei mensah\Application Data\McAfee
2008-04-03 21:37 . 2008-04-03 21:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-03 21:35 . 2008-04-03 21:35 <DIR> d-------- C:\HiJackThis
2008-04-03 07:39 . 2008-04-03 07:39 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-04-02 19:14 . 2008-04-02 19:14 <DIR> d-------- C:\Documents and Settings\allofus\Application Data\McAfee
2008-04-01 21:41 . 2008-04-02 01:42 <DIR> d-------- C:\Documents and Settings\allofus\Application Data\SiteAdvisor
2008-04-01 21:31 . 2008-04-04 21:08 11,795 --a------ C:\WINDOWS\system32\Config.MPF
2008-04-01 21:30 . 2008-04-02 23:13 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-04-01 21:30 . 2008-04-01 21:37 <DIR> d-------- C:\Documents and Settings\osei mensah\Application Data\SiteAdvisor
2008-04-01 21:30 . 2008-04-01 21:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-01 21:30 . 2008-04-02 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-01 21:29 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-04-01 21:28 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-04-01 21:28 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-04-01 21:28 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-04-01 21:28 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-04-01 21:28 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-04-01 21:27 . 2008-04-01 21:27 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-01 21:27 . 2008-04-04 23:44 <DIR> d-------- C:\Program Files\McAfee
2008-04-01 21:27 . 2008-04-01 21:27 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-01 21:27 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-04-01 20:57 . 2008-04-02 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-01 07:33 . 2008-04-01 22:47 <DIR> d-------- C:\Program Files\MalwareAlarm
2008-04-01 07:11 . 2008-04-01 07:11 <DIR> d-------- C:\Documents and Settings\osei mensah\Application Data\cs
2008-04-01 07:11 . 2008-04-01 07:11 <DIR> d-------- C:\Documents and Settings\osei mensah\Application Data\Application Data
2008-04-01 06:30 . 2008-04-01 06:30 <DIR> d-------- C:\Documents and Settings\osei mensah\Application Data\PC-Cleaner
2008-04-01 06:15 . 2008-04-01 16:53 <DIR> d-------- C:\Program Files\PC-Antispyware
2008-04-01 06:15 . 2008-04-01 07:06 <DIR> d-------- C:\Documents and Settings\osei mensah\Application Data\PC-Antispyware
2008-04-01 06:11 . 2008-04-01 06:11 <DIR> d-------- C:\Documents and Settings\osei mensah\Application Data\Zango
2008-03-31 18:49 . 2008-04-01 07:53 <DIR> d-------- C:\WINDOWS\system32\299914
2008-03-31 18:40 . 2008-03-31 18:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2008-03-31 14:58 . 2008-03-31 15:00 <DIR> d-------- C:\Documents and Settings\allofus\Application Data\PC-Cleaner
2008-03-31 08:09 . 2008-04-01 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\hotynyhg
2008-03-31 08:09 . 2008-03-31 08:09 90,112 --a------ C:\WINDOWS\system32\lkhktera.exe
2008-03-31 08:06 . 2008-03-31 08:06 58 --a------ C:\smp.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 01:12 --------- d-----w C:\Program Files\HP
2008-04-04 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-02 10:28 --------- d-----w C:\Program Files\SymNetDrv
2008-04-02 10:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-02 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-02 03:39 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-04-02 01:44 --------- d-----w C:\Program Files\Symantec
2008-04-01 11:50 --------- d-----w C:\Program Files\Common Files\Java
2008-04-01 11:07 --------- d-----w C:\Program Files\Viewpoint
2008-04-01 10:12 --------- d-----w C:\Documents and Settings\osei mensah\Application Data\Intuit
2008-03-31 23:42 --------- d-----w C:\Program Files\Google
2008-03-31 23:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-24 16:04 --------- d--h--w C:\Documents and Settings\allofus\Application Data\Move Networks
2008-03-23 12:39 --------- d-----w C:\Documents and Settings\allofus\Application Data\Tutor
2008-03-20 02:20 --------- d-----w C:\Documents and Settings\allofus\Application Data\Intuit
2008-03-05 23:03 --------- d-----w C:\Program Files\iTunes
2008-02-29 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZangoSA
2008-02-27 23:02 --------- d-----w C:\Program Files\LimeWire
2008-02-26 18:45 --------- d-----w C:\Program Files\AIM6
2008-02-17 13:23 --------- d-----w C:\Program Files\Audit Support Center
2008-02-17 11:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-17 11:50 --------- d-----w C:\Program Files\Quicken
2008-02-17 11:50 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-17 11:45 --------- d-----w C:\Program Files\TurboTax
2008-02-16 18:25 --------- d-----w C:\Program Files\SopCast
2008-02-14 15:56 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-14 15:56 --------- d-----w C:\Program Files\Common Files\Real
2008-02-14 07:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 00:42 --------- d-----w C:\Program Files\LG Electronics
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2006-10-14 11:19 52,904 ----a-w C:\Documents and Settings\allofus\Application Data\GDIPFONTCACHEV1.DAT
2006-10-12 04:01 25,600 ----a-w C:\Documents and Settings\allofus\usbsermptxp.sys
2006-10-12 04:01 22,768 ----a-w C:\Documents and Settings\allofus\usbsermpt.sys
2006-09-07 23:49 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-05-12 07:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 122,880 2003-08-22 14:16:30 C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\GRAS301\bak\GUpload.exe

----a-w 61,440 2005-02-02 20:44:24 C:\hp\KBD\bak\KBD.EXE

----a-w 57,344 2005-06-07 04:46:24 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

----a-w 40,048 2007-05-11 07:06:32 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 14,348 2008-02-26 18:43:13 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

----a-w 1,398,272 2006-03-23 21:06:50 C:\Program Files\Ahead\InCD\bak\InCD.exe

----a-w 50,528 2007-10-04 15:20:54 C:\Program Files\AIM6\bak\aim6.exe
----a-w 14,348 2008-02-26 18:43:13 C:\Program Files\AIM6\aim6.exe

----a-w 90,112 2006-05-10 15:12:06 C:\Program Files\ATI Technologies\ATI.ACE\bak\CLIStart.exe

----a-w 50,760 2006-05-10 00:24:16 C:\Program Files\Common Files\AOL\1144076895\ee\bak\AOLSoftware.exe

----a-w 124,520 2006-02-17 16:59:46 C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe

----a-w 50,760 2006-05-10 00:24:17 C:\Program Files\Common Files\AOL\Launch\bak\AOLLaunch.exe

----a-w 81,920 2004-07-28 00:50:18 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 221,184 2004-07-28 00:50:42 C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

----a-w 180,269 2006-03-22 01:09:26 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 14,348 2008-02-26 18:43:13 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

----a-w 49,824 2006-04-12 16:54:46 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

----a-w 98,304 2004-10-05 14:52:32 C:\Program Files\Creative\MediaSource\Detector\bak\CTDetect.exe

----a-w 1,073,152 2006-04-13 02:02:57 C:\Program Files\DISC\bak\DISCover.exe

----a-w 61,440 2005-09-27 00:42:26 C:\Program Files\DISC\bak\DiscUpdateMgr.exe

----a-w 1,605,740 2005-09-21 10:41:10 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe

----a-w 49,152 2005-06-01 23:35:56 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe

----a-w 49,152 2005-05-12 07:12:54 C:\Program Files\HP\HP Software Update\bak\HPwuSchd2.exe

----a-w 143,360 2006-02-21 20:59:00 C:\Program Files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe

----a-w 271,672 2007-07-31 22:44:42 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 271,672 2007-07-31 23:44:42 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 83,608 2007-03-14 07:43:44 C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe

----a-w 5,419,008 2007-05-30 01:34:50 C:\Program Files\MySpace\IM\bak\MySpaceIM.exe

----a-w 286,720 2007-06-29 10:24:52 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 143,360 2007-02-09 13:00:00 C:\Program Files\ROVA\bak\rovatray.exe

----a-w 100,056 2006-04-01 07:01:03 C:\Program Files\SymNetDrv\bak\SNDMon.exe

----a-w 2,019,328 2007-05-03 21:43:38 C:\Program Files\Veoh Networks\Veoh\bak\VeohClient.exe
----a-w 14,348 2008-02-26 18:43:13 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

----a-w 64,512 2005-08-05 21:56:34 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-05 21:56:34 C:\WINDOWS\ehome\ehtray.exe

----a-w 15,360 2004-08-10 05:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-10 05:00:00 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 01:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 17:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 20:19 77312 C:\WINDOWS\arpwrmsg.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"HPWU_MPM_Agent"="C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe" [2005-07-23 02:18 106496]
"PSPVideo9"="C:\Documents and Settings\allofus\Shared\pspvideo9\pspVideo9.exe" [ ]
"ZangoOE"="C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe" [ ]
"ZangoSA"="C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-02-26 14:43 14348]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 14:43 14348]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 19:44 271672]
"antiviirus"="C:\Program Files\antiviirus.exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 17:57 36640]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"HPWUTOOLBOX"="C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" [2005-07-23 02:18 352256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 14:45 36040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 01:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\allofus\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe [2007-03-29 23:09:46 446464]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2006-04-01 03:50:41 221247]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 03:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-03-21 21:25:40 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"4Ka7S0cYVm"= C:\Documents and Settings\All Users\Application Data\hotynyhg\hknkhkzm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"vidc.LEAD"= LCODCCMP.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1144076895\\ee\\aim6.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\HP\\HP Officejet Pro K550 Series\\Toolbox\\HPWUTBX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 Neoteris Setup Service;Neoteris Setup Service;"C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe" [2006-09-25 15:28]
R2 ROVA_Srvc;ROVA Service;C:\Program Files\ROVA Update\rovasrvc.exe [2006-11-09 09:00]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-08-16 11:24]
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2006-09-25 17:47]
S2 0087871207367068mcinstcleanup;McAfee Application Installer Cleanup (0087871207367068);C:\WINDOWS\TEMP\008787~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []
S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 21:23]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 21:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-05-31 05:12:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exef/remind /LaunchPoint reminder /App C:\Program Files\Hewlett-Packard\Easy Internet signup\StartEIS.aml
"2008-04-02 01:27:40 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-02 01:27:38 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-04 23:35:33 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-06 03:50:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 23:49:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HPWU_MPM_Agent = C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\mpm.exe?r?????w???w???????????? ???????4??wj?J?u???????????9??]????????T???9??]???????w?????????A?w@????A?wu???j?J??um?????????????????????????????????????????????4???P???l???g??w?A?w?????A?w???w???
McAfee Backup = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-05 23:51:14
ComboFix-quarantined-files.txt 2008-04-06 03:51:10
Pre-Run: 209,145,004,032 bytes free
Post-Run: 209,142,292,480 bytes free
.
2008-03-12 07:02:18 --- E O F ---
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:41 AM

Posted 06 April 2008 - 06:22 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

AWF::
C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
C:\Program Files\AIM6\bak\aim6.exe
C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
C:\Program Files\Veoh Networks\Veoh\bak\VeohClient.exe

Folder::
C:\Documents and Settings\All Users\Application Data\hotynyhg
C:\Documents and Settings\osei mensah\Application Data\Zango
C:\Program Files\Zango

File::
C:\WINDOWS\system32\lkhktera.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZangoOE"=-
"ZangoSA"=-
"antiviirus"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"4Ka7S0cYVm"=-
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:41 AM

Posted 21 April 2008 - 07:21 AM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users