Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud-c Infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 ghady

ghady

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 15 April 2008 - 07:51 AM

Hey all,

First off, I'm on WinXP pro, 2002, SP2 (and i'm sending this from my computer).

I got simfraud-c stuck on my PC, but I can't seem to get rid of it. I've updated ad-aware and spybot, and they said they've removed a bunch of stuff, but that's not really true. Spybot keeps telling me I have to reboot so it can actually remove the spyware, but everytime I do, I'm STILL left with around 27 smitfraud-C files that can't be removed (also, while scanning before startup, two dialogue boxes appear, saying something about how "the 'includes' file C:\Program Files\Spybot-Search-Destroy\Includes\TrojanC.sbi cannot be found.") The spyware keeps trying to connect to the internet, and pop-ups keep popping up, as per usual. Oh, one more thing, before I ran ad-aware and spybot for the first time, my desktop background changed into a bluescreen with something like "your pc may be infected with spyware, click here to fix it," but now all i have is a blank blue screen (obviously, i didnt click on anything, it just went away after i scanned the first time).

the main.txt and extra.txt files:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-15 15:27:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
53: 2008-04-15 12:27:57 UTC - RP244 - Deckard's System Scanner Restore Point
52: 2008-04-14 22:04:35 UTC - RP243 - Installed Adobe InCopy CS2
51: 2008-04-14 22:04:34 UTC - RP242 - System Checkpoint
50: 2008-04-14 22:04:33 UTC - RP241 - Software Distribution Service 3.0
49: 2008-04-14 22:04:29 UTC - RP240 - System Checkpoint


-- First Restore Point --
1: 2008-04-14 22:03:39 UTC - RP192 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 7.56 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-15 15:31:36
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ylgxipcp.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell\Bluetooth Software\BTStackServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\hpzipm12.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\cpbshrqn.dll
O2 - BHO: DVA Storm - {5952AA77-8433-486C-AD93-19B52BC0E965} - C:\WINDOWS\nslbvxpgbrg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7C803F0D-A7AC-4D91-A013-B1F50BB0C795} - C:\WINDOWS\system32\urQJBRli.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O2 - BHO: (no name) - {C14E6230-757D-4246-81CE-B34E2940C722} - C:\WINDOWS\system32\urqOheFX.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: sgoblxtm - {216C06BF-DC1D-49CD-AF0B-934FCA155DAF} - C:\WINDOWS\sgoblxtm.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kebzqiwl] C:\WINDOWS\system32\ylgxipcp.exe
O4 - HKLM\..\Policies\Explorer\Run: [RqfkbNte4z] C:\Documents and Settings\All Users\Application Data\ctwjizgl\adwngdwz.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Dell\Bluetooth Software\BTTray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164562421524
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164572235212
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll
O20 - Winlogon Notify: urqOheFX - C:\WINDOWS\system32\urqOheFX.dll
O21 - SSODL: VolumeWin - {08cc7869-da01-437e-8238-650cac50002d} - C:\WINDOWS\Resources\VolumeWin.dll
O21 - SSODL: zip - {c1fc57f7-b388-4dd1-ba48-c28d8edf44b9} - C:\WINDOWS\Installer\{c1fc57f7-b388-4dd1-ba48-c28d8edf44b9}\zip.dll
O21 - SSODL: ogxtsepr - {E6091EED-C4A3-45A1-90BF-6F03EB15B177} - C:\WINDOWS\ogxtsepr.dll
O21 - SSODL: dsktbwfe - {F31C45C1-04BE-44E1-BAF8-A52D0C30A642} - C:\WINDOWS\dsktbwfe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVSCAN.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


--
End of file - 13174 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.2.1.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 DM9USB (AS268L USB To Fast Ethernet Adapter) - c:\windows\system32\drivers\dm9usb.sys <Not Verified; DAVICOM Semiconductor, Inc.; DM9USB!!>
S3 USB200M (Linksys USB 2.0 Network Adapter ver.2) - c:\windows\system32\drivers\usb200m2.sys <Not Verified; Linksys; Linksys USB 2.0 Network Adapter ver.2>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RegSrvc - c:\windows\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-15 15:09:23 428 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-04-11 20:00:17 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2007-11-05 08:36:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-15 and 2008-04-15 -----------------------------

2008-04-15 15:14:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-15 15:14:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-15 15:14:34 0 d-------- C:\WINDOWS\LastGood
2008-04-15 03:14:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-04-15 01:06:13 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-15 01:05:54 3648 --a------ C:\WINDOWS\system32\kkfnesfx.dll
2008-04-15 01:05:40 53312 --a------ C:\WINDOWS\system32\cpbshrqn.dll
2008-04-15 01:03:28 163119 --ahs---- C:\WINDOWS\system32\ilRBJQru.ini2
2008-04-15 01:02:35 273408 --a------ C:\WINDOWS\system32\urQJBRli.dll
2008-04-15 00:59:09 4096 -----n--- C:\WINDOWS\system32winlogonpc.exe
2008-04-15 00:59:09 4096 -----n--- C:\WINDOWS\system32taack.exe
2008-04-15 00:59:09 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-15 00:59:09 4096 -----n--- C:\WINDOWS\system32sncntr.exe
2008-04-15 00:59:09 4096 -----n--- C:\WINDOWS\system32mwin32.exe
2008-04-15 00:59:09 4096 -----n--- C:\WINDOWS\system32hxiwlgpm.exe
2008-04-15 00:59:09 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-15 00:59:09 4096 -----n--- C:\WINDOWS\FVProtect.exe
2008-04-15 00:59:08 4096 -----n--- C:\WINDOWS\system32temp#01.exe
2008-04-15 00:59:08 4096 -----n--- C:\WINDOWS\system32ssvchost.exe
2008-04-15 00:59:08 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-15 00:59:08 4096 -----n--- C:\WINDOWS\system32psoft1.exe
2008-04-15 00:59:08 4096 -----n--- C:\WINDOWS\system32psof1.exe
2008-04-15 00:59:08 4096 -----n--- C:\WINDOWS\system32ps1.exe
2008-04-15 00:59:08 4096 -----n--- C:\WINDOWS\system32netode.exe
2008-04-15 00:59:08 4096 -----n--- C:\WINDOWS\system32mtr2.exe
2008-04-15 00:59:08 4096 -----n--- C:\WINDOWS\system32msvchost.exe
2008-04-15 00:59:08 4096 -----n--- C:\WINDOWS\system32msgp.exe
2008-04-15 00:59:08 4096 -----n--- C:\WINDOWS\system32dpcproxy.exe
2008-04-15 00:59:08 4096 -----n--- C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-15 00:59:08 4096 -----n--- C:\WINDOWS\iTunesMusic.exe
2008-04-15 00:59:07 4096 -----n--- C:\WINDOWS\winsystem.exe
2008-04-15 00:59:07 4096 -----n--- C:\WINDOWS\system32WINWGPX.EXE
2008-04-15 00:59:07 4096 -----n--- C:\WINDOWS\system32winsystem.exe
2008-04-15 00:59:07 4096 -----n--- C:\WINDOWS\system32sysreq.exe
2008-04-15 00:59:07 4096 -----n--- C:\WINDOWS\system32Rundl1.exe
2008-04-15 00:59:07 4096 -----n--- C:\WINDOWS\system32newsd32.exe
2008-04-15 00:59:07 4096 -----n--- C:\WINDOWS\system32mssecu.exe
2008-04-15 00:59:07 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-15 00:59:07 4096 -----n--- C:\WINDOWS\system32akttzn.exe
2008-04-15 00:59:07 4096 -----n--- C:\WINDOWS\mssecu.exe
2008-04-15 00:58:37 0 d-------- C:\Documents and Settings\All Users\Application Data\ctwjizgl
2008-04-15 00:58:35 106496 --a------ C:\WINDOWS\system32\ylgxipcp.exe
2008-04-15 00:58:22 98304 --a------ C:\WINDOWS\spnkfwad.exe
2008-04-15 00:58:22 155648 --a------ C:\WINDOWS\sgoblxtm.dll
2008-04-15 00:58:22 188416 --a------ C:\WINDOWS\ogxtsepr.dll
2008-04-15 00:58:22 212992 --a------ C:\WINDOWS\nslbvxpgbrg.dll
2008-04-15 00:58:22 217088 --a------ C:\WINDOWS\dsktbwfe.dll
2008-04-15 00:58:01 16464 -r-hs---- C:\Program Files\tmp3.exe
2008-04-15 00:57:56 16464 -r-hs---- C:\Program Files\tmp2.exe
2008-04-15 00:57:50 16464 -r-hs---- C:\Program Files\tmp1.exe
2008-04-15 00:57:45 16464 -r-hs---- C:\Program Files\tmp0.exe
2008-04-15 00:57:30 40448 --a------ C:\WINDOWS\system32\urqOheFX.dll
2008-04-13 20:09:27 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-02 00:43:42 0 d-------- C:\WINDOWS\system32\windows media
2008-04-02 00:43:32 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-04-02 00:41:01 0 d-------- C:\Program Files\Common Files\SONY Digital Images
2008-04-01 21:52:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-04-01 21:49:54 0 d-------- C:\SmartSound Software
2008-04-01 21:48:34 0 d-------- C:\WINDOWS\system32\Quicktime
2008-04-01 21:48:34 0 d-------- C:\Program Files\SmartSound Software
2008-04-01 21:48:34 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-04-01 21:44:16 0 d-------- C:\Program Files\Windows Media Components
2008-04-01 21:43:59 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-01 21:43:58 0 d-------- C:\Program Files\Ulead Systems
2008-04-01 21:43:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-03-30 23:41:57 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-30 23:41:46 0 d-------- C:\Program Files\Windows Live
2008-03-30 23:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-17 02:52:14 0 d-------- C:\Program Files\K-Lite Codec Pack


-- Find3M Report ---------------------------------------------------------------

2008-04-15 15:06:14 0 d-------- C:\Program Files\Common Files
2008-04-15 01:10:02 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-09 19:09:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-02 00:40:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-02 00:39:20 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-17 02:43:40 0 d-------- C:\Program Files\DivX
2008-03-07 22:54:48 0 d-------- C:\Program Files\Amazon


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
04/15/2008 01:05 AM 53312 --a------ C:\WINDOWS\system32\cpbshrqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5952AA77-8433-486C-AD93-19B52BC0E965}]
04/12/2008 01:04 PM 212992 --a------ C:\WINDOWS\nslbvxpgbrg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C803F0D-A7AC-4D91-A013-B1F50BB0C795}]
04/15/2008 01:03 AM 273408 --a------ C:\WINDOWS\system32\urQJBRli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C14E6230-757D-4246-81CE-B34E2940C722}]
04/15/2008 12:57 AM 40448 --a------ C:\WINDOWS\system32\urqOheFX.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/27/2003 08:09 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/27/2003 07:56 PM]
"PRONoMgr.exe"="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [12/19/2003 01:49 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/04/2004 09:59 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [02/02/2004 04:32 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 04:43 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/09/2006 12:47 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [11/28/2006 01:38 AM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 01:28 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [08/04/2003 06:28 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 09:38 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [08/15/2007 08:15 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"kebzqiwl"="C:\WINDOWS\system32\ylgxipcp.exe" [04/15/2008 12:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"RqfkbNte4z"=C:\Documents and Settings\All Users\Application Data\ctwjizgl\adwngdwz.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\unzipped\DVDREG~1\DVDREG~1\DVDShell.dll [10/09/2004 04:18 PM 49152]
"{C14E6230-757D-4246-81CE-B34E2940C722}"= C:\WINDOWS\system32\urqOheFX.dll [04/15/2008 12:57 AM 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"VolumeWin"= {08cc7869-da01-437e-8238-650cac50002d} - C:\WINDOWS\Resources\VolumeWin.dll [04/15/2008 12:57 AM 12838]
"zip"= {c1fc57f7-b388-4dd1-ba48-c28d8edf44b9} - C:\WINDOWS\Installer\{c1fc57f7-b388-4dd1-ba48-c28d8edf44b9}\zip.dll [04/15/2008 12:57 AM 23338]
"ogxtsepr"= {E6091EED-C4A3-45A1-90BF-6F03EB15B177} - C:\WINDOWS\ogxtsepr.dll [04/12/2008 01:04 PM 188416]
"dsktbwfe"= {F31C45C1-04BE-44E1-BAF8-A52D0C30A642} - C:\WINDOWS\dsktbwfe.dll [04/12/2008 01:04 PM 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 01/13/2004 04:17 PM 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqOheFX]
urqOheFX.dll 04/15/2008 12:57 AM 40448 C:\WINDOWS\system32\urqOheFX.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urQJBRli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0107a751-0f86-11dc-a587-0010c64b72eb}]
AutoRun\command- D:\fooool.exe
explore\Command- D:\fooool.exe
open\Command- D:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c3aea94-cc0c-11db-a548-0010c64b72eb}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{869682f4-245a-11dc-a594-0010c64b72eb}]
AutoRun\command- fooool.exe
explore\Command- fooool.exe
open\Command- fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4c4a0a2-f35a-11db-a567-0010c64b72eb}]
AutoRun\command- .\Recycled\Driveinfo.exe
Open\Command- .\Recycled\Driveinfo.exe




-- End of Deckard's System Scanner: finished at 2008-04-15 15:33:45 ------------





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.70GHz
Percentage of Memory in Use: 81%
Physical Memory (total/avail): 510.21 MiB / 95.31 MiB
Pagefile Memory (total/avail): 1243.11 MiB / 869.83 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.82 MiB

C: is Fixed (NTFS) - 53.9 GiB total, 7.56 GiB free.
D: is Removable (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHT2060AH - 55.89 GiB - 2 partitions
\PARTITION0 - Unknown - 2039.47 MiB
\PARTITION1 (bootable) - Installable File System - 53.9 GiB - C:

\\.\PHYSICALDRIVE1 - HP psc 2410 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.

AV: Norton AntiVirus v2004 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GHADY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\GHADY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=GHADY
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{B5D8CCBF-08D8-46C0-8B04-3BC0CAEDA094}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACE-HIGH MP3 WAV WMA OGG Converter --> C:\PROGRA~1\ACE-HI~1\UNWISE.EXE C:\PROGRA~1\ACE-HI~1\INSTALL.LOG
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe InCopy CS2 --> msiexec /I{C35B3785-531C-4D00-9EFA-44A130BFF73F}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Ahead DVD Ripper 1.1.4 --> "C:\Program Files\Ahead DVD Ripper\unins000.exe"
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Amazon MP3 Downloader 1.0.3 --> C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Apple Mobile Device Support --> MsiExec.exe /I{763E8D6C-0098-4FF4-801A-3F311D2D9D80}
Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
ArcSoft Camera Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD708DF0-9F04-4CB3-821A-85804A833B4D}\setup.exe" -l0x9 -uninst
Aspi setup --> "C:\Program Files\Ahead DVD Ripper\unins001.exe"
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FC3EEA54-C009-4D75-B753-3CD871BF3EBA}
Canon PhotoRecord --> MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2811B04D-5AAB-4117-8FF8-79529D54634F}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C05E2D43-A05F-4835-A15C-CD0AD1576506}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D480 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Cucusoft DVD to iPod + iPod Video Converter Suite 7.2.7.2 --> "C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
Dell Bluetooth Software --> MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD> -l0x9 ControlPanelAnyText
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® mDriver --> MsiExec.exe /I{DDD512C6-2251-4046-8F25-1A5EB355015E}
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wireless --> MsiExec.exe /I{5380063E-2909-4d72-BFA3-625881F2E78B}
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iPod Updater 2004-11-15 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
iTunes --> MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 2.62 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire PRO 4.9.0 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Musicnotes Player V1.22.3 --> "C:\Program Files\Musicnotes\Player\unins000.exe"
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanelAnyText
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NoteWorthy Composer --> C:\PROGRA~1\NOTEWO~1\UNINSTAL.EXE C:\PROGRA~1\NOTEWO~1\INSTALL.LOG
Opera --> C:\PROGRA~1\Opera\uninst\unwise.exe C:\PROGRA~1\Opera\uninst\install.log
PCI 7510 CardBus Controller with SmartCard and Software --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{252F9FB9-FC12-4B08-ADEB-F402BA3A8D28} /l1033
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SigmaTel AC97 Audio Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Ulead VideoStudio 8.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x9
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type11538 / Error
Event Submitted/Written: 04/15/2008 02:20:28 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application zcfgsvc.exe, version 8.0.0.162, faulting module zcfgsvc.exe, version 8.0.0.162, fault address 0x00016b5b.
Processing media-specific event for [zcfgsvc.exe!ws!]

Event Record #/Type11528 / Error
Event Submitted/Written: 04/15/2008 06:22:06 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application zcfgsvc.exe, version 8.0.0.162, faulting module zcfgsvc.exe, version 8.0.0.162, fault address 0x00016b5b.
Processing media-specific event for [zcfgsvc.exe!ws!]

Event Record #/Type11519 / Error
Event Submitted/Written: 04/15/2008 01:37:18 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application zcfgsvc.exe, version 8.0.0.162, faulting module zcfgsvc.exe, version 8.0.0.162, fault address 0x00016b5b.
Processing media-specific event for [zcfgsvc.exe!ws!]

Event Record #/Type11505 / Warning
Event Submitted/Written: 04/15/2008 00:48:00 AM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, OffProv10, has been registered in the WMI namespace, Root\MSAPPS10, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type11504 / Warning
Event Submitted/Written: 04/15/2008 00:48:00 AM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, OffProv10, has been registered in the WMI namespace, Root\MSAPPS10, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24355 / Error
Event Submitted/Written: 04/15/2008 03:06:56 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register with DCOM within the required timeout.

Event Record #/Type24349 / Error
Event Submitted/Written: 04/15/2008 02:20:24 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register with DCOM within the required timeout.

Event Record #/Type24348 / Error
Event Submitted/Written: 04/15/2008 02:19:54 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register with DCOM within the required timeout.

Event Record #/Type24336 / Warning
Event Submitted/Written: 04/15/2008 02:18:24 PM / 04/15/2008 02:18:55 PM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Event Record #/Type24319 / Error
Event Submitted/Written: 04/15/2008 07:25:16 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-04-15 15:33:45 ------------


please help!!!
thanks,
ghady
"Did you know that before Kevin was a novelist, he worked at a recycling center?" - J. Maroney

BC AdBot (Login to Remove)

 


#2 ghady

ghady
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 17 April 2008 - 02:00 AM

erm...anyone on here? i really need help on this! :thumbsup:
"Did you know that before Kevin was a novelist, he worked at a recycling center?" - J. Maroney

#3 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 18 April 2008 - 03:01 PM

HI

Sorry for the delay, but we have over 200 people waiting fot their logs to be analysed ... & we are all volunteers ...

You have a LOT of cleaning to do ...

I see you've run a Kaspersky Online Scan ... please post the log for me ...

THEN ...

Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#4 ghady

ghady
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 20 April 2008 - 08:04 AM

hey, oh wow my pc's pretty much gone back to normal. there are still a few things tho. the icons have this weird blue text box around them, some "fight spyware" websites SOMETIMES randomly open, and i keep getting these two error boxes when i restart:

"the application or DLL C:\Windows\system32\vmnewvhu.dll is not a valid windows image. please check this against your installation diskette"

and

"error loading C:\Windows\system32\vmnewvhu.dll
%1 is not a valid win32 application"

i cancelled that first kaspersky scan, so i dont have a log for that, but i rescanned AFTER running MBAB and then restarting my laptop. here's the log:

Sunday, April 20, 2008 3:55:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/04/2008
Kaspersky Anti-Virus database records: 716091


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
E:\

Scan Statistics
Total number of scanned objects 81005
Number of viruses found 24
Number of infected objects 68
Number of suspicious objects 0
Duration of the scan process 01:57:05

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.32236 Infected: Trojan-Dropper.Win32.Agent.qfy skipped

C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008042020080421\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0008/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0008 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0012 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0018/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0018 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0019/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0019 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0022/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0023/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0023 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0026/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0027/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0027 Infected: Trojan.Win32.Krepper.y skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0029/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0029/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe Inno: infected - 22 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0008/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0008/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0008 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0009/data0002 Infected: not-a-virus:AdWare.Win32.CommonName.g skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0009 Infected: not-a-virus:AdWare.Win32.CommonName.g skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0011/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0014 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0015 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0021/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0021 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0022/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0025/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0025 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0026/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0029/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0030/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0030 Infected: Trojan.Win32.Krepper.y skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0032/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0032/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe/data0032 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped

C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe Inno: infected - 28 skipped

C:\Documents and Settings\Administrator\My Documents\Misc\MSN Messenger Service 7.0.0816 - Loader.exe Infected: Trojan-Downloader.Win32.Small.huo skipped

C:\Documents and Settings\Administrator\My Documents\Misc\Opera 8[1].02.7668.zip/crack.exe/ist1.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped

C:\Documents and Settings\Administrator\My Documents\Misc\Opera 8[1].02.7668.zip/crack.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped

C:\Documents and Settings\Administrator\My Documents\Misc\Opera 8[1].02.7668.zip ZIP: infected - 2 skipped

C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped

C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton AntiVirus\Quarantine\39394B75.exe Infected: Worm.Win32.Small.i skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP242\A0037638.exe/crack.exe Infected: Trojan-Downloader.Win32.Zlob.lfl skipped

C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP242\A0037638.exe ZIP: infected - 1 skipped

C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP243\A0037724.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nvf skipped

C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP244\A0037783.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped

C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP244\A0037784.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped

C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP244\A0037785.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped

C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP244\A0037786.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped

C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP244\A0037798.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pik skipped

C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP244\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Installer\{c1fc57f7-b388-4dd1-ba48-c28d8edf44b9}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{F0BA9E93-A765-41A0-A2E5-F825684910C5}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\cpbshrqn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



and here's the MBAM report i got after scanning/removing stuff (but before restarting my laptop):

Malwarebytes' Anti-Malware 1.11
Database version: 656

Scan type: Quick Scan
Objects scanned: 33819
Time elapsed: 16 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 9
Registry Keys Infected: 31
Registry Values Infected: 9
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 64

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\urqOheFX.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\urQJBRli.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\vmnewvho.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\Installer\{c1fc57f7-b388-4dd1-ba48-c28d8edf44b9}\zip.dll (Trojan.Alphabet) -> Unloaded module successfully.
C:\WINDOWS\nslbvxpgbrg.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\sgoblxtm.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\Resources\VolumeWin.dll (Trojan.Clicker) -> Unloaded module successfully.
C:\WINDOWS\dsktbwfe.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\ogxtsepr.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c14e6230-757d-4246-81ce-b34e2940c722} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c14e6230-757d-4246-81ce-b34e2940c722} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqohefx (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24e44e97-5f9d-4ba2-866d-ff78805ef766} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{24e44e97-5f9d-4ba2-866d-ff78805ef766} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c1fc57f7-b388-4dd1-ba48-c28d8edf44b9} (Trojan.Alphabet) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{9a3fa51b-5e02-4442-a67e-b05bfa17b4c6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b64bf97f-e063-4c43-a290-d08f20a6b7ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{59e0355a-fd4c-40f5-ad3a-1789da131b7d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2d93734d-a08d-4181-b873-95c7554ac356} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2b0d4b34-0f77-45aa-8cf8-e2aaf2b5040c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvps.msvpsapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5952aa77-8433-486c-ad93-19b52bc0e965} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5952aa77-8433-486c-ad93-19b52bc0e965} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sgoblxtm.bpeo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{216c06bf-dc1d-49cd-af0b-934fca155daf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sgoblxtm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08cc7869-da01-437e-8238-650cac50002d} (Trojan.Clicker) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f31c45c1-04be-44e1-baf8-a52d0c30a642} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e6091eed-c4a3-45a1-90bf-6f03eb15b177} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c14e6230-757d-4246-81ce-b34e2940c722} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zip (Trojan.Alphabet) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kebzqiwl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\RqfkbNte4z (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{216c06bf-dc1d-49cd-af0b-934fca155daf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\VolumeWin (Trojan.Clicker) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dsktbwfe (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ogxtsepr (Trojan.FakeAlert) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqjbrli -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqjbrli -> Delete on reboot.

Folders Infected:
C:\WINDOWS\Installer\{c1fc57f7-b388-4dd1-ba48-c28d8edf44b9} (Trojan.Alphabet) -> Delete on reboot.
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\urqOheFX.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\urQJBRli.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ilRBJQru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilRBJQru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vmnewvho.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ohvwenmv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{c1fc57f7-b388-4dd1-ba48-c28d8edf44b9}\zip.dll (Trojan.Alphabet) -> Delete on reboot.
C:\WINDOWS\system32\ylgxipcp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ctwjizgl\adwngdwz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\nslbvxpgbrg.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\sgoblxtm.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OP2FSTU7\zrt20080408[1] (Trojan.AVKiller) -> Delete on reboot.
C:\WINDOWS\system32\ahgloppv.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gdogvpgd.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kkfnesfx.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xepsltgm.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ps1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Resources\VolumeWin.dll (Trojan.Clicker) -> Delete on reboot.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\dsktbwfe.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\ogxtsepr.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\spnkfwad.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.



thank you SO much for your help; sorry for being naggy earlier.
what's the next step?

-g
"Did you know that before Kevin was a novelist, he worked at a recycling center?" - J. Maroney

#5 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 20 April 2008 - 04:50 PM

HI

Well that was a good start ...

next step :-

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

After running Combofix, run & post a new hijackthis log...

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#6 ghady

ghady
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 21 April 2008 - 05:54 AM

here's the log. one thing you should know, even though i disabled norton, it re-enabled itself and asked me to stop combofix from running some scripts; i disabled it again and closed it (yea i get that combofix was telling me not to run anything, but norton seemed to want to stop it from doing what it was doing :s). oh and my icons still have this blue text box around them that wasn't there before. is that just a display thing?

log:


ComboFix 08-04-20.2 - Administrator 2008-04-21 13:31:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.169 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Installer\{c1fc57f7-b388-4dd1-ba48-c28d8edf44b9}
C:\WINDOWS\Installer\{c1fc57f7-b388-4dd1-ba48-c28d8edf44b9}\zip.dll
C:\WINDOWS\resources\VolumeWin.dll
C:\WINDOWS\system32\ilRBJQru.ini
C:\WINDOWS\system32\ilRBJQru.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ocpacsgg.ini
C:\WINDOWS\system32\ohvwenmv.ini
C:\WINDOWS\system32\urQJBRli.dll
C:\WINDOWS\system32\urqOheFX.dll
C:\WINDOWS\system32\vmnewvho.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2008-04-20 00:06 . 2008-04-20 00:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2008-04-20 00:04 . 2008-04-20 00:04 <DIR> d-------- C:\Program Files\VideoLAN
2008-04-19 23:07 . 2008-04-19 23:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-19 23:07 . 2008-04-19 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 23:07 . 2008-04-19 23:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-16 22:28 . 2008-04-17 20:49 1,524,304 ---hs---- C:\WINDOWS\system32\kuquvmqv.ini
2008-04-15 15:27 . 2008-04-15 15:27 <DIR> d-------- C:\Deckard
2008-04-15 15:14 . 2008-04-15 15:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-15 15:14 . 2008-04-15 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-15 03:14 . 2008-04-15 03:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-04-15 01:06 . 2008-04-15 01:06 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-15 01:05 . 2008-04-15 01:05 53,312 --a------ C:\WINDOWS\system32\cpbshrqn.dll
2008-04-15 00:58 . 2008-04-19 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ctwjizgl
2008-04-15 00:58 . 2008-04-19 23:26 212,992 --------- C:\WINDOWS\nslbvxpgbrg.dll
2008-04-15 00:58 . 2008-04-19 23:26 155,648 --------- C:\WINDOWS\sgoblxtm.dll
2008-04-07 20:25 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-04-07 20:25 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-04-07 20:25 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-04-07 20:25 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-04-07 20:25 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2008-04-07 20:25 . 2004-08-03 23:10 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2008-04-02 00:43 . 2008-04-02 00:43 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-04-02 00:43 . 2008-04-02 00:43 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-02 00:41 . 2008-04-02 00:41 <DIR> d-------- C:\Program Files\Common Files\SONY Digital Images
2008-04-01 21:52 . 2008-04-01 21:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-04-01 21:49 . 2008-04-01 21:49 <DIR> d-------- C:\SmartSound Software
2008-04-01 21:48 . 2008-04-01 21:48 <DIR> d-------- C:\WINDOWS\system32\Quicktime
2008-04-01 21:48 . 2008-04-01 21:48 <DIR> d-------- C:\Program Files\SmartSound Software
2008-04-01 21:48 . 2008-04-10 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-04-01 21:44 . 2008-04-01 21:44 <DIR> d-------- C:\Program Files\Windows Media Components
2008-04-01 21:43 . 2008-04-01 21:43 <DIR> d-------- C:\Program Files\Ulead Systems
2008-04-01 21:43 . 2008-04-02 00:39 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-01 21:43 . 2008-04-02 01:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-01 19:05 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-01 19:05 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-30 23:41 . 2008-03-30 23:43 <DIR> d-------- C:\Program Files\Windows Live
2008-03-30 23:41 . 2008-03-30 23:42 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-30 23:41 . 2008-03-30 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 12:33 46,728 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-04-14 22:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-09 16:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-01 21:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 21:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 23:52 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-16 23:43 --------- d-----w C:\Program Files\DivX
2008-03-07 19:54 --------- d-----w C:\Program Files\Amazon
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2005-04-19 17:25 53,323 ----a-w C:\Program Files\opera\program\plugins\PlugDef.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-04-15 01:05 53312 --a------ C:\WINDOWS\system32\cpbshrqn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-27 20:09 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-27 19:56 118784]
"PRONoMgr.exe"="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-19 13:49 86016]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 21:59 487424]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 16:32 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 04:43 83608]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 12:47 71328]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-11-28 01:38 100056]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 13:28 684032]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 18:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 09:05:26 29696]
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [2004-03-05 17:12:42 553021]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-26 19:37:44 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 06:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-11-27 00:54:37 118784]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\unzipped\DVDREG~1\DVDREG~1\DVDShell.dll [2004-10-09 16:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2004-01-13 16:17 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;C:\WINDOWS\system32\drivers\wA301b.sys [2003-10-27 21:42]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 13:11]
S3 DM9USB;AS268L USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2002-03-19 08:09]
S3 USB200M;Linksys USB 2.0 Network Adapter ver.2;C:\WINDOWS\system32\DRIVERS\USB200M2.sys [2005-04-21 09:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0107a751-0f86-11dc-a587-0010c64b72eb}]
\Shell\AutoRun\command - D:\fooool.exe
\Shell\explore\Command - D:\fooool.exe
\Shell\open\Command - D:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{869682f4-245a-11dc-a594-0010c64b72eb}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-05 05:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-11 17:00:17 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-21 10:35:58 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 13:36:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 3

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-04-21 13:47:09 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-04-21 10:47:03

Pre-Run: 7,521,939,456 bytes free
Post-Run: 7,554,199,552 bytes free

206 --- E O F --- 2008-04-10 13:00:50



thanks. a LOT :thumbsup: what's next?

-g
"Did you know that before Kevin was a novelist, he worked at a recycling center?" - J. Maroney

#7 ghady

ghady
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 21 April 2008 - 06:12 AM

oh i forgot to post the hijackthis log, here it is:


Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-21 14:09:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 7.05 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:38 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\cpbshrqn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164562421524
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164572235212
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O21 - SSODL: zip - {c1fc57f7-b388-4dd1-ba48-c28d8edf44b9} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 10461 bytes

-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 14:09:26 0 d-------- C:\Program Files\Trend Micro
2008-04-21 13:26:35 0 d-------- C:\cmdcons
2008-04-21 13:23:01 68096 --a------ C:\WINDOWS\zip.exe
2008-04-21 13:23:01 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-21 13:23:00 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-21 13:23:00 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-21 13:23:00 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-21 13:23:00 98816 --a------ C:\WINDOWS\sed.exe
2008-04-21 13:23:00 80412 --a------ C:\WINDOWS\grep.exe
2008-04-21 13:23:00 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-20 17:37:03 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-20 00:06:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2008-04-20 00:04:15 0 d-------- C:\Program Files\VideoLAN
2008-04-19 23:13:09 0 d-------- C:\WINDOWS\pss
2008-04-19 23:07:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-19 23:07:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 23:07:30 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-15 15:14:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-15 15:14:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-15 03:14:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-04-15 01:06:13 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-15 01:05:40 53312 --a------ C:\WINDOWS\system32\cpbshrqn.dll
2008-04-15 00:58:37 0 d-------- C:\Documents and Settings\All Users\Application Data\ctwjizgl
2008-04-15 00:58:22 155648 -----n--- C:\WINDOWS\sgoblxtm.dll
2008-04-15 00:58:22 212992 -----n--- C:\WINDOWS\nslbvxpgbrg.dll
2008-04-02 00:43:42 0 d-------- C:\WINDOWS\system32\windows media
2008-04-02 00:43:32 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-04-02 00:41:01 0 d-------- C:\Program Files\Common Files\SONY Digital Images
2008-04-01 21:52:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-04-01 21:49:54 0 d-------- C:\SmartSound Software
2008-04-01 21:48:34 0 d-------- C:\WINDOWS\system32\Quicktime
2008-04-01 21:48:34 0 d-------- C:\Program Files\SmartSound Software
2008-04-01 21:48:34 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-04-01 21:44:16 0 d-------- C:\Program Files\Windows Media Components
2008-04-01 21:43:59 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-01 21:43:58 0 d-------- C:\Program Files\Ulead Systems
2008-04-01 21:43:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-03-30 23:41:57 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-30 23:41:46 0 d-------- C:\Program Files\Windows Live
2008-03-30 23:41:24 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller


-- Find3M Report ---------------------------------------------------------------

2008-04-21 13:36:10 0 d-------- C:\Program Files\Common Files
2008-04-15 15:33:54 46728 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-04-15 01:10:02 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-09 19:09:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-02 00:40:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-02 00:39:20 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-17 02:52:14 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-03-17 02:43:40 0 d-------- C:\Program Files\DivX
2008-03-07 22:54:48 0 d-------- C:\Program Files\Amazon


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
04/15/2008 01:05 AM 53312 --a------ C:\WINDOWS\system32\cpbshrqn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/27/2003 08:09 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/27/2003 07:56 PM]
"PRONoMgr.exe"="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [12/19/2003 01:49 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/04/2004 09:59 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [02/02/2004 04:32 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 04:43 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/09/2006 12:47 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [11/28/2006 01:38 AM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 01:28 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [08/04/2003 06:28 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 09:38 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [08/15/2007 08:15 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 9:05:26 AM]
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [3/5/2004 5:12:42 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/26/2006 7:37:44 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 6:19:24 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [11/27/2006 12:54:37 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\unzipped\DVDREG~1\DVDREG~1\DVDShell.dll [10/09/2004 04:18 PM 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 01/13/2004 04:17 PM 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0107a751-0f86-11dc-a587-0010c64b72eb}]
AutoRun\command- D:\fooool.exe
explore\Command- D:\fooool.exe
open\Command- D:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{869682f4-245a-11dc-a594-0010c64b72eb}]
AutoRun\command- fooool.exe
explore\Command- fooool.exe
open\Command- fooool.exe




-- End of Deckard's System Scanner: finished at 2008-04-21 14:10:04 ------------

-g
"Did you know that before Kevin was a novelist, he worked at a recycling center?" - J. Maroney

#8 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 21 April 2008 - 02:58 PM

Hi

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\system32\kuquvmqv.ini
C:\WINDOWS\system32\cpbshrqn.dll
C:\WINDOWS\nslbvxpgbrg.dll
C:\WINDOWS\sgoblxtm.dll
C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe
C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe
C:\Documents and Settings\Administrator\My Documents\Misc\MSN Messenger Service 7.0.0816 - Loader.exe
C:\Documents and Settings\Administrator\My Documents\Misc\Opera 8[1].02.7668.zip

Folder::
C:\Documents and Settings\All Users\Application Data\ctwjizgl

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0107a751-0f86-11dc-a587-0010c64b72eb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{869682f4-245a-11dc-a594-0010c64b72eb}]


Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Then please run a new Kaspersky Online Scan & post the log ...

-
If that doesn't resolve your icon problem, then I have something that will :thumbsup:

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#9 ghady

ghady
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 21 April 2008 - 05:53 PM

ok! so here's the combox log:
ComboFix 08-04-20.2 - Administrator 2008-04-21 23:03:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.134 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe
C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe
C:\Documents and Settings\Administrator\My Documents\Misc\MSN Messenger Service 7.0.0816 - Loader.exe
C:\Documents and Settings\Administrator\My Documents\Misc\Opera 8[1].02.7668.zip
C:\WINDOWS\nslbvxpgbrg.dll
C:\WINDOWS\sgoblxtm.dll
C:\WINDOWS\system32\cpbshrqn.dll
C:\WINDOWS\system32\kuquvmqv.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe
C:\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe
C:\Documents and Settings\Administrator\My Documents\Misc\MSN Messenger Service 7.0.0816 - Loader.exe
C:\Documents and Settings\Administrator\My Documents\Misc\Opera 8[1].02.7668.zip
C:\Documents and Settings\All Users\Application Data\ctwjizgl
C:\WINDOWS\nslbvxpgbrg.dll
C:\WINDOWS\sgoblxtm.dll
C:\WINDOWS\system32\cpbshrqn.dll
C:\WINDOWS\system32\kuquvmqv.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2008-04-21 14:09 . 2008-04-21 14:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-20 00:06 . 2008-04-20 00:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2008-04-20 00:04 . 2008-04-20 00:04 <DIR> d-------- C:\Program Files\VideoLAN
2008-04-19 23:07 . 2008-04-19 23:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-19 23:07 . 2008-04-19 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 23:07 . 2008-04-19 23:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-15 15:27 . 2008-04-15 15:27 <DIR> d-------- C:\Deckard
2008-04-15 15:14 . 2008-04-15 15:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-15 15:14 . 2008-04-15 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-15 03:14 . 2008-04-15 03:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-04-15 01:06 . 2008-04-15 01:06 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-07 20:25 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-04-07 20:25 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-04-07 20:25 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-04-07 20:25 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-04-07 20:25 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2008-04-07 20:25 . 2004-08-03 23:10 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2008-04-02 00:43 . 2008-04-02 00:43 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-04-02 00:43 . 2008-04-02 00:43 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-02 00:41 . 2008-04-02 00:41 <DIR> d-------- C:\Program Files\Common Files\SONY Digital Images
2008-04-01 21:52 . 2008-04-01 21:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-04-01 21:49 . 2008-04-01 21:49 <DIR> d-------- C:\SmartSound Software
2008-04-01 21:48 . 2008-04-01 21:48 <DIR> d-------- C:\WINDOWS\system32\Quicktime
2008-04-01 21:48 . 2008-04-01 21:48 <DIR> d-------- C:\Program Files\SmartSound Software
2008-04-01 21:48 . 2008-04-10 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-04-01 21:44 . 2008-04-01 21:44 <DIR> d-------- C:\Program Files\Windows Media Components
2008-04-01 21:43 . 2008-04-01 21:43 <DIR> d-------- C:\Program Files\Ulead Systems
2008-04-01 21:43 . 2008-04-02 00:39 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-01 21:43 . 2008-04-02 01:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-01 19:05 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-01 19:05 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-30 23:41 . 2008-03-30 23:43 <DIR> d-------- C:\Program Files\Windows Live
2008-03-30 23:41 . 2008-03-30 23:42 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-30 23:41 . 2008-03-30 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 12:33 46,728 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-04-14 22:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-09 16:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-01 21:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 21:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 23:52 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-16 23:43 --------- d-----w C:\Program Files\DivX
2008-03-07 19:54 --------- d-----w C:\Program Files\Amazon
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2005-04-19 17:25 53,323 ----a-w C:\Program Files\opera\program\plugins\PlugDef.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-27 20:09 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-27 19:56 118784]
"PRONoMgr.exe"="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-19 13:49 86016]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 21:59 487424]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 16:32 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 04:43 83608]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 12:47 71328]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-11-28 01:38 100056]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 13:28 684032]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 18:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 09:05:26 29696]
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [2004-03-05 17:12:42 553021]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-26 19:37:44 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 06:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-11-27 00:54:37 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\unzipped\DVDREG~1\DVDREG~1\DVDShell.dll [2004-10-09 16:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2004-01-13 16:17 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;C:\WINDOWS\system32\drivers\wA301b.sys [2003-10-27 21:42]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 13:11]
S3 DM9USB;AS268L USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2002-03-19 08:09]
S3 USB200M;Linksys USB 2.0 Network Adapter ver.2;C:\WINDOWS\system32\DRIVERS\USB200M2.sys [2005-04-21 09:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-11-05 05:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-11 17:00:17 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-21 17:05:31 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 23:06:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-21 23:08:50
ComboFix-quarantined-files.txt 2008-04-21 20:07:54
ComboFix2.txt 2008-04-21 10:47:10

Pre-Run: 7,330,902,016 bytes free
Post-Run: 7,338,754,048 bytes free

166 --- E O F --- 2008-04-10 13:00:50




and...here's the kaspersky log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 22, 2008 1:49:07 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/04/2008
Kaspersky Anti-Virus database records: 719519
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
E:\

Scan Statistics:
Total number of scanned objects: 80896
Number of viruses found: 25
Number of infected objects: 71
Number of suspicious objects: 0
Duration of the scan process: 02:01:55

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.32236 Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008042120080422\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\39394B75.exe Infected: Worm.Win32.Small.i skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0008/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0008 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0012 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0018/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0018 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0019/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0019 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0022/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0023/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0023 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0026/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0027/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0027 Infected: Trojan.Win32.Krepper.y skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0029/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0029/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\KazaaUpdate151.exe.vir Inno: infected - 22 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0008/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0008/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0008 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0009/data0002 Infected: not-a-virus:AdWare.Win32.CommonName.g skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0009 Infected: not-a-virus:AdWare.Win32.CommonName.g skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0011/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0014 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0015 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0021/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0021 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0022/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0025/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0025 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0026/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0029/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0030/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0030 Infected: Trojan.Win32.Krepper.y skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0032/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0032/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir/data0032 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\kmd15_en.exe.vir Inno: infected - 28 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\MSN Messenger Service 7.0.0816 - Loader.exe.vir Infected: Trojan-Downloader.Win32.Small.huo skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\Opera 8[1].02.7668.zip.vir/crack.exe/ist1.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\Opera 8[1].02.7668.zip.vir/crack.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\My Documents\Misc\Opera 8[1].02.7668.zip.vir ZIP: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\Installer\{c1fc57f7-b388-4dd1-ba48-c28d8edf44b9}\zip.dll.vir Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cpbshrqn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP242\A0037638.exe/crack.exe Infected: Trojan-Downloader.Win32.Zlob.lfl skipped
C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP242\A0037638.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP243\A0037640.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP243\A0037724.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nvf skipped
C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP244\A0037783.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP244\A0037784.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP244\A0037785.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP244\A0037786.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP244\A0037798.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pik skipped
C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP246\A0037992.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP247\A0038068.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP247\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.




oh, erm the blue stuff's still there. oh and also, every two or three hours or so, like a million explorer windows open up at the same time (which is sucky)

thanks! and what's next?
-g
"Did you know that before Kevin was a novelist, he worked at a recycling center?" - J. Maroney

#10 ghady

ghady
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 22 April 2008 - 04:03 AM

the blue color's gone! :D
"Did you know that before Kevin was a novelist, he worked at a recycling center?" - J. Maroney

#11 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 23 April 2008 - 01:40 PM

HI

Glad to hear the color's gone, it just needed an extra reboot after we remove the reg key which was causing it.

every two or three hours or so, like a million explorer windows open up at the same time (which is sucky)


What's in the windows ?

-
Next ...

1. Open the Malwarebytes program, click the quarantine tab & Delete All

2. Empty your Norton AntiVirus\Quarantine

3. This will clear all your infected restore points...

Turn off (Disable) System Restore in XP :-

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

Then...

Turn on (enable) System Restore :-

Follow the same procedure, but this time uncheck Turn off System Restore

if you have any problem with this... here's a link to instructions :-


Disabling or enabling Windows XP System Restore >

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

4. remove Combofix ...

Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK

Posted Image

5. Then please run a new Kaspersky Online Scan & post the log ...

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#12 ghady

ghady
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 23 April 2008 - 11:28 PM

oriite. i did everything you asked, and here's the kaspersky log (i also scanned my external hard-drive, just in case):

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, April 24, 2008 7:25:08 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/04/2008
Kaspersky Anti-Virus database records: 723267
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 76981
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:45:25

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008042320080424\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2DAB46AA-9673-4612-8F0B-5979108DF604}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


it says i'm no longer infected. is this it? am i clean?

hey quick question, what kind of antivirus software should i use? cuz norton seems to suck compared to other stuff.

thanks!

-g
"Did you know that before Kevin was a novelist, he worked at a recycling center?" - J. Maroney

#13 ghady

ghady
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 24 April 2008 - 08:31 AM

oh and about the windows that used to pop up. they're internet explorer windows with some website about "free spyware removal" and whatnot. but it's all good now.
"Did you know that before Kevin was a novelist, he worked at a recycling center?" - J. Maroney

#14 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 24 April 2008 - 01:21 PM

HI

Yes ... your logs are clean now ...

I would recommend to anyone to dump Norton when your subscription is up ... uninstall it & install AVG FREE anti-virus, it perfectly sufficient for the average home user ... Norton is bloated, resource intensive & expensive ... whereas AVG is none of these & best of all FREE.

http://free.grisoft.com/ww.download-avg-an...us-free-edition

If you have no further problems or questions, then I wish you ... Happy surfing...

Please Have a look here at ways to keep your computer safe :-

Simple steps to keep your computer secure! By Grinler > http://www.bleepingcomputer.com/forums/t/1628/simple-steps-to-keep-your-computer-secure/

& here :-

So how did I get infected in the first place? By TonyKlein > http://forums.spybot.info/showthread.php?t=279

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#15 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 20 May 2008 - 04:02 PM

As this thread is resolved, it is now locked.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users