Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Infection Removal Help


  • This topic is locked This topic is locked
4 replies to this topic

#1 zachwisor

zachwisor

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 17 April 2008 - 12:54 AM

I've been having a problem removing a vundo infection from my computer.
The vundo fixer program isn't able to detect it, but when I looked through my startup section of msconfig is shows a file "hegohqjx.dll" that is automatically started under the process name of "rundll.exe". I used an online file scanner and it showed the file was infected with vundo.

I ran DSS and Hijackthis. Here are the logs.

DSS:

Deckard's System Scanner v20071014.68
Run by Janet Brooks on 2008-04-17 01:33:02
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 12.41 GiB (less than 15%) free.


-- HijackThis (run as Janet Brooks.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:26 AM, on 4/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Common Files\AOL\1184650865\ee\aolsoftware.exe
C:\Users\Janet Brooks\Documents\My Downloads\dss.exe
C:\DOWNLO~1\Janet Brooks.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {266C970E-97F1-4C2C-BBF7-A0CD8E0D365A} - C:\Windows\system32\vTLcyYqq.dll (file missing)
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5F626C60-2BC1-435A-8C30-FE9FBDA57234} - C:\Windows\system32\byXPJDWm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ACBBD6CA-503C-4A00-B5CC-592B8AA23087} - C:\Windows\system32\mlJDSifG.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF148687-C614-4723-802B-7FF55E29E127} - C:\Windows\system32\eFWpQKEt.dll
O2 - BHO: (no name) - {B82F29E4-8368-4B14-9C00-5138C0D94034} - C:\Windows\system32\cbXRJATM.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: {ddcb9670-85bc-8e48-6d24-45b623af588f} - {f885fa32-6b54-42d6-84e8-cb580769bcdd} - C:\Windows\system32\lptsfwml.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [BM37f54598] Rundll32.exe "C:\Windows\system32\hegohqjx.dll",s
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} - http://www.ksolo.com/playerBase/kSoloIEHDSD.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 13024 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD5>

S1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
S3 BDSelfPr - \??\c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys
S3 MUSTechVIDCAP (ADS DVD XPRESS DX2) - c:\windows\system32\drivers\musgostrm.sys <Not Verified; Micronas Technologies; Micronas Technologies GO7007SB SDK>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-14 23:42:25 400 --a------ C:\Windows\Tasks\Uniblue SpyEraser.job
2008-04-13 21:34:06 284 --a------ C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-10-16 21:34:58 406 --a------ C:\Windows\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-03-17 and 2008-04-17 -----------------------------

2008-04-17 00:23:12 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-04-17 00:23:12 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-04-16 15:43:56 87616 --a------ C:\Windows\system32\txuworps.dll
2008-04-16 15:43:48 94272 --a------ C:\Windows\system32\lptsfwml.dll
2008-04-16 15:37:52 95808 --a------ C:\Windows\system32\hegohqjx.dll
2008-04-16 15:37:11 273695 --ahs---- C:\Windows\system32\tEKQpWFe.ini2
2008-04-16 15:37:04 273408 --a------ C:\Windows\system32\eFWpQKEt.dll
2008-04-16 15:08:18 92224 --a------ C:\Windows\system32\dybmprfv.dll
2008-04-16 14:54:04 2256 --a------ C:\Windows\current_settings.bin
2008-04-16 14:52:12 265600 --a------ C:\Windows\system32\drivers\wisgostrm.sys <Not Verified; WIS Technologies; GO7007SB SDK>
2008-04-16 14:52:12 65024 --a------ C:\Windows\system32\drivers\wisboard.dll <Not Verified; WIS Technologies; GO7007SB SDK>
2008-04-16 14:52:12 143540 --a------ C:\Windows\go7007sb.bin
2008-04-16 14:52:12 208 --a------ C:\Windows\go7007fw_pf.bin
2008-04-16 14:52:12 30800 --a------ C:\Windows\go7007fw.bin
2008-04-16 01:56:37 0 d-------- C:\Users\All Users\LightScribe
2008-04-16 01:54:21 0 d-------- C:\Program Files\Common Files\LightScribe
2008-04-15 14:18:59 273659 --ahs---- C:\Windows\system32\qqYycLTv.ini2
2008-04-15 11:49:15 0 d-------- C:\VundoFix Backups
2008-04-15 03:33:58 3648 --a------ C:\Windows\system32\ywcicpvm.dll
2008-04-15 02:54:10 413696 --a------ C:\Windows\system32\jsound.dll
2008-04-15 02:54:10 36864 --a------ C:\Windows\system32\jRegistryKey.dll
2008-04-15 02:54:10 184320 --a------ C:\Windows\system32\jmvh263.dll
2008-04-15 02:54:10 45056 --a------ C:\Windows\system32\jmvfw.dll
2008-04-15 02:54:10 0 d-------- C:\Program Files\Gcom
2008-04-15 02:54:09 36864 --a------ C:\Windows\system32\jmvcm.dll
2008-04-15 02:54:09 73728 --a------ C:\Windows\system32\jmutil.dll
2008-04-15 02:54:09 77824 --a------ C:\Windows\system32\jmmpegv.dll
2008-04-15 02:54:09 380928 --a------ C:\Windows\system32\jmmpa.dll
2008-04-15 02:54:09 28672 --a------ C:\Windows\system32\jmmci.dll
2008-04-15 02:54:09 143360 --a------ C:\Windows\system32\jmjpeg.dll
2008-04-15 02:54:09 110592 --a------ C:\Windows\system32\jmh263enc.dll
2008-04-15 02:54:09 282624 --a------ C:\Windows\system32\jmh261.dll
2008-04-15 02:54:09 57344 --a------ C:\Windows\system32\jmgsm.dll
2008-04-15 02:54:09 36864 --a------ C:\Windows\system32\jmgdi.dll
2008-04-15 02:54:09 98304 --a------ C:\Windows\system32\jmg723.dll
2008-04-15 02:54:09 32768 --a------ C:\Windows\system32\jmfjawt.dll
2008-04-15 02:54:09 32768 --a------ C:\Windows\system32\jmddraw.dll
2008-04-15 02:54:09 28672 --a------ C:\Windows\system32\jmdaudc.dll
2008-04-15 02:54:09 40960 --a------ C:\Windows\system32\jmdaud.dll
2008-04-15 02:54:09 49152 --a------ C:\Windows\system32\jmcvid.dll
2008-04-15 02:54:09 53248 --a------ C:\Windows\system32\jmam.dll
2008-04-15 02:54:09 49152 --a------ C:\Windows\system32\jmacm.dll
2008-04-15 02:53:55 0 d--h----- C:\Program Files\Zero G Registry
2008-04-15 02:39:18 0 d-------- C:\Program Files\ManyCam 2.2
2008-04-15 00:09:12 3648 --a------ C:\Windows\system32\vutmyjqr.dll
2008-04-15 00:06:11 265045 --ahs---- C:\Windows\system32\mWDJPXyb.ini2
2008-04-15 00:00:51 38400 --a------ C:\Windows\system32\cbXRJATM.dll
2008-04-14 22:53:38 0 d-------- C:\Program Files\BestOn
2008-04-14 22:52:49 0 d-------- C:\Windows\RegisteredPackages
2008-04-14 22:52:41 0 d-------- C:\Program Files\Windows Media Components
2008-04-14 22:41:19 162304 --a------ C:\Windows\system32\rsnpx64.dll <Not Verified; ; ResourceDLL>
2008-04-14 22:41:17 262144 --a------ C:\Windows\tsnpstd3.exe <Not Verified; SONIX; tsnp2std>
2008-04-14 22:41:17 94208 --a------ C:\Windows\amcap.exe <Not Verified; Microsoft Corporation; DirectX 8.1 Sample>
2008-04-14 22:41:17 0 d-------- C:\Program Files\Common Files\EZVGACam
2008-04-14 22:23:50 212480 --a------ C:\Windows\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-04-14 22:23:50 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-04-14 22:23:49 0 d-------- C:\Program Files\ArcSoft
2008-04-14 22:20:41 0 d-------- C:\Windows\ulead.dat
2008-04-14 22:19:26 252160 --a------ C:\Windows\system32\drivers\musgostrm.sys <Not Verified; Micronas Technologies; Micronas Technologies GO7007SB SDK>
2008-04-14 22:19:26 67072 --a------ C:\Windows\system32\drivers\musboard.dll <Not Verified; Micronas Technologies; Micronas Technologies GO7007SB SDK>
2008-04-14 22:18:38 0 d-------- C:\Program Files\Ulead Systems
2008-04-14 22:18:38 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-14 22:17:56 0 d-------- C:\Program Files\ADSTech DVD Xpress DX2
2008-04-14 22:15:56 0 d-------- C:\Program Files\ADSTech
2008-04-14 21:58:30 3648 --a------ C:\Windows\system32\rrkdssnj.dll
2008-04-14 21:56:17 96320 --a------ C:\Windows\system32\mbdhocoj.dll
2008-04-14 05:12:20 294 ---hs---- C:\Windows\system32\cpiyvwwe.ini2
2008-04-14 05:06:08 3648 --a------ C:\Windows\system32\iquyysej.dll
2008-04-14 05:03:09 96320 --a------ C:\Windows\system32\iavdrlfo.dll
2008-04-13 12:21:37 270957 --ahs---- C:\Windows\system32\GfiSDJlm.ini2
2008-04-13 12:17:45 0 d-------- C:\Program Files\TVUPlayer
2008-04-13 12:17:20 0 d-------- C:\Program Files\TVAnts
2008-04-13 12:16:58 0 d-------- C:\Program Files\Satellite TV for PC
2008-04-12 14:21:17 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-04-12 13:47:42 77824 --a------ C:\Windows\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2008-04-04 10:51:17 0 d-------- C:\Program Files\Hidden Administrator
2008-04-04 10:41:16 0 d-------- C:\Program Files\EMCO
2008-03-30 16:03:51 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-24 15:34:57 0 d-------- C:\Program Files\RealVNC
2008-03-24 14:44:10 0 d-------- C:\XtenDS
2008-03-24 13:37:43 0 d-------- C:\devkitPro
2008-03-24 00:41:49 0 d-------- C:\Program Files\NDSMovie_EN
2008-03-17 02:19:01 0 d-------- C:\Program Files\USPS


-- Find3M Report ---------------------------------------------------------------

2008-04-17 01:34:02 0 d-------- C:\Users\Janet Brooks\AppData\Roaming\Free Download Manager
2008-04-17 00:14:09 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 1
2008-04-16 16:30:51 5000 --a------ C:\Windows\bthservsdp.dat
2008-04-16 16:30:46 0 d-------- C:\Users\Janet Brooks\AppData\Roaming\Vidalia
2008-04-16 16:25:19 0 d-------- C:\Users\Janet Brooks\AppData\Roaming\OpenOffice.org2
2008-04-16 16:25:14 0 d-------- C:\Users\Janet Brooks\AppData\Roaming\tor
2008-04-16 01:54:21 0 d-------- C:\Program Files\Common Files
2008-04-15 12:20:41 0 d-------- C:\Program Files\Lx_cats
2008-04-15 12:00:04 0 d-------- C:\Program Files\PowerISO
2008-04-15 04:12:31 0 d-------- C:\Users\Janet Brooks\AppData\Roaming\uTorrent
2008-04-15 00:11:25 0 d-------- C:\Program Files\Free Download Manager
2008-04-14 22:57:22 0 d-------- C:\Users\Janet Brooks\AppData\Roaming\BestOn
2008-04-14 22:41:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-14 00:15:06 0 d-------- C:\Users\Janet Brooks\AppData\Roaming\Vso
2008-04-14 00:15:05 668 --a------ C:\Users\Janet Brooks\AppData\Roaming\vso_ts_preview.xml
2008-04-13 17:00:16 0 d-------- C:\Program Files\UltimateZip 2007
2008-04-13 12:22:02 0 d-------- C:\Users\Janet Brooks\AppData\Roaming\TVU Networks
2008-04-13 02:05:28 0 d-------- C:\Program Files\CamStudio
2008-04-12 15:00:49 0 d-------- C:\Program Files\iTunes
2008-04-12 14:59:32 0 d-------- C:\Program Files\Bonjour
2008-04-12 14:28:32 0 d-------- C:\Program Files\MSECACHE
2008-04-09 04:40:53 0 d-------- C:\Program Files\Turkojan
2008-04-09 01:21:40 0 d-------- C:\Program Files\Windows Mail
2008-04-08 16:36:05 0 d-------- C:\Program Files\PE Explorer
2008-04-04 10:41:25 0 d-------- C:\Users\Janet Brooks\AppData\Roaming\EMCO
2008-03-31 05:11:40 0 d-------- C:\Users\Janet Brooks\AppData\Roaming\LimeWire
2008-03-30 14:19:45 0 d-------- C:\Users\Janet Brooks\AppData\Roaming\dvdcss
2008-03-14 00:46:57 0 d-------- C:\Program Files\CamGrab-2Plus
2008-03-13 01:22:25 0 d-------- C:\Program Files\EphPod
2008-03-09 20:22:21 0 d-------- C:\Users\Janet Brooks\AppData\Roaming\VoipBuster
2008-03-09 20:05:02 0 d-------- C:\Program Files\VoipBuster.com
2008-03-05 18:42:37 0 d-------- C:\Program Files\No-IP
2008-03-03 08:41:00 104 --a------ C:\X.BIN
2008-03-03 08:38:56 0 d-------- C:\Program Files\AY Spy
2008-03-02 23:58:00 0 d-------- C:\Program Files\Fake Webcam
2008-03-01 12:33:13 0 d-------- C:\Program Files\Let Me Rule! v2.0
2008-03-01 12:18:32 0 d-------- C:\Program Files\Freshbind
2008-03-01 12:17:58 720896 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-27 09:56:17 0 d-------- C:\Program Files\DivX
2008-02-26 08:54:39 0 d-------- C:\Program Files\VSO
2008-02-25 09:48:13 0 d-------- C:\Program Files\iPod
2008-02-25 05:07:26 0 d-------- C:\Program Files\Advanced Invisible Keylogger
2008-02-25 04:30:53 0 d-------- C:\Program Files\Cain
2008-02-24 06:06:42 1 --a------ C:\Windows\system32\exp16sys.dll
2008-02-22 11:15:35 0 d-------- C:\Program Files\World of Warcraft
2008-02-20 22:05:44 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-02-20 22:04:16 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-20 22:04:16 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-20 22:04:04 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-20 22:04:04 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 22:04:04 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 22:04:04 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 22:03:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-02-19 16:26:31 0 d-------- C:\Program Files\Convar


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266C970E-97F1-4C2C-BBF7-A0CD8E0D365A}]
C:\Windows\system32\vTLcyYqq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F626C60-2BC1-435A-8C30-FE9FBDA57234}]
C:\Windows\system32\byXPJDWm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81A35F39-4850-474E-92C9-B4CF283207E0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACBBD6CA-503C-4A00-B5CC-592B8AA23087}]
C:\Windows\system32\mlJDSifG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF148687-C614-4723-802B-7FF55E29E127}]
04/16/2008 03:37 PM 273408 --a------ C:\Windows\system32\eFWpQKEt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B82F29E4-8368-4B14-9C00-5138C0D94034}]
04/13/2008 12:16 PM 38400 --a------ C:\Windows\system32\cbXRJATM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f885fa32-6b54-42d6-84e8-cb580769bcdd}]
04/16/2008 03:43 PM 94272 --a------ C:\Windows\system32\lptsfwml.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 04:15 PM]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [03/19/2007 08:58 AM]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [03/19/2007 08:59 AM]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [03/19/2007 08:58 AM]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [11/02/2007 12:04 AM]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [04/12/2008 01:49 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [01/02/2008 05:07 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [01/02/2008 05:06 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [01/02/2008 05:07 PM]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"tsnpstd3"="C:\Windows\tsnpstd3.exe" [11/29/2006 04:28 PM]
"snpstd3"="C:\Windows\vsnpstd3.exe" [09/18/2006 02:12 PM]
"BM37f54598"="C:\Windows\system32\hegohqjx.dll" [04/16/2008 03:37 PM]
"MSConfig"="C:\Windows\system32\msconfig.exe" [11/02/2006 05:45 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [08/26/2007 02:02 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 11:50 AM]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [08/16/2007 10:02 AM]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe" [08/16/2007 10:02 AM]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [01/08/2008 10:14 AM]
"@"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/06/2007 08:51 PM]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 05:19 AM]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [05/09/2006 08:24 PM]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [03/17/2008 05:59 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Updates"=svehost.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Users\Janet Brooks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [3/5/2008 6:42:34 PM]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2/2/2007 5:54:56 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/21/2006 2:12:42 PM]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [11/20/2006 10:30:54 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B82F29E4-8368-4B14-9C00-5138C0D94034}"= C:\Windows\system32\cbXRJATM.dll [04/13/2008 12:16 PM 38400]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\eFWpQKEt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=C:\Windows\pss\Picture Package Menu.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
backup=C:\Windows\pss\Picture Package VCD Maker.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\34c67604]
rundll32.exe "C:\Windows\system32\ewwvyipc.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM37f54598]
Rundll32.exe "C:\Windows\system32\hegohqjx.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1184650865\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc
bthsvcs BthServ
ipripsvc iprip
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac8f707d-61d4-11dc-ac5f-001921db601c}]
AutoRun\command- K:\cmd.bat

*Newly Created Service* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-17 01:35:54 ------------


HIJACKTHIS:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:51 AM, on 4/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Common Files\AOL\1184650865\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {266C970E-97F1-4C2C-BBF7-A0CD8E0D365A} - C:\Windows\system32\vTLcyYqq.dll (file missing)
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5F626C60-2BC1-435A-8C30-FE9FBDA57234} - C:\Windows\system32\byXPJDWm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ACBBD6CA-503C-4A00-B5CC-592B8AA23087} - C:\Windows\system32\mlJDSifG.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF148687-C614-4723-802B-7FF55E29E127} - C:\Windows\system32\eFWpQKEt.dll
O2 - BHO: (no name) - {B82F29E4-8368-4B14-9C00-5138C0D94034} - C:\Windows\system32\cbXRJATM.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: {ddcb9670-85bc-8e48-6d24-45b623af588f} - {f885fa32-6b54-42d6-84e8-cb580769bcdd} - C:\Windows\system32\lptsfwml.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [BM37f54598] Rundll32.exe "C:\Windows\system32\hegohqjx.dll",s
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} - http://www.ksolo.com/playerBase/kSoloIEHDSD.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 13069 bytes






Any help you can provide in removing this infection would be greatly appreciated.

Edited by zachwisor, 17 April 2008 - 12:58 AM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:09 AM

Posted 18 April 2008 - 03:59 AM

Hello Zachwisor and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 zachwisor

zachwisor
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 19 April 2008 - 01:34 PM

Here is the log from my first run of Malwarebytes:

Malwarebytes' Anti-Malware 1.11
Database version: 652

Scan type: Quick Scan
Objects scanned: 31387
Time elapsed: 9 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 18
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\eFWpQKEt.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\cbXRJATM.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\klxttbdp.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ceb29c8-186a-4066-a6ff-b4ff0717773b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5ceb29c8-186a-4066-a6ff-b4ff0717773b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b82f29e4-8368-4b14-9c00-5138c0d94034} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b82f29e4-8368-4b14-9c00-5138c0d94034} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1c59bdcc-a3d7-4e6f-9a9a-27a1aaf23930} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c59bdcc-a3d7-4e6f-9a9a-27a1aaf23930} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\34c67604 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b82f29e4-8368-4b14-9c00-5138c0d94034} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efwpqket -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\cqajpcje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ejcpjaqc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\eFWpQKEt.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\tEKQpWFe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tEKQpWFe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fqbnkdat.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tadknbqf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\txuworps.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\sprowuxt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cbXRJATM.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\iquyysej.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Windows\System32\klxttbdp.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\osbnibmw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rrkdssnj.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Windows\System32\vutmyjqr.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Windows\System32\ywcicpvm.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.




Here is the log from my second run of malwarebytes:

Malwarebytes' Anti-Malware 1.11
Database version: 652

Scan type: Quick Scan
Objects scanned: 30976
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here is the log file from combofix:


ComboFix 08-04-18.3 - Janet Brooks 2008-04-19 13:11:43.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1186 [GMT -4:00]
Running from: C:\Users\Janet Brooks\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\cpiyvwwe.ini
C:\Windows\System32\cpiyvwwe.ini2
C:\Windows\System32\cpiyvwwe.tmp
C:\Windows\System32\eneakqdv.ini
C:\Windows\System32\GfiSDJlm.ini
C:\Windows\System32\GfiSDJlm.ini2
C:\Windows\System32\mWDJPXyb.ini
C:\Windows\System32\mWDJPXyb.ini2
C:\Windows\System32\qqYycLTv.ini
C:\Windows\System32\qqYycLTv.ini2
.
---- Previous Run -------
.
C:\Users\Janet Brooks\AppData\Roaming\inst.exe
C:\Windows\system32\dybmprfv.dll
C:\Windows\system32\exp16sys.dll
C:\Windows\system32\iavdrlfo.dll
C:\Windows\system32\lptsfwml.dll
C:\Windows\system32\mbdhocoj.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\pskill.exe
C:\Windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_iprip


((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))
.

2008-04-19 06:33 . 2008-04-19 06:33 <DIR> d-------- C:\Users\Janet Brooks\AppData\Roaming\Malwarebytes
2008-04-19 06:33 . 2008-04-19 06:33 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-19 06:33 . 2008-04-19 06:33 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-19 06:33 . 2008-04-19 06:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-17 01:32 . 2008-04-17 01:32 <DIR> d-------- C:\Deckard
2008-04-17 00:23 . 2008-04-17 00:23 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-17 00:23 . 2008-04-17 00:23 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-17 00:23 . 2008-04-17 00:23 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-16 15:17 . 2008-04-16 15:17 230,710,334 --a------ C:\Windows\MEMORY.DMP
2008-04-16 15:08 . 2008-04-16 15:40 1,524,364 ---hs---- C:\Windows\System32\qxdjdxoa.ini
2008-04-16 14:54 . 2008-04-16 15:53 2,256 --a------ C:\Windows\current_settings.bin
2008-04-16 01:56 . 2008-04-16 01:56 <DIR> d-------- C:\Users\All Users\LightScribe
2008-04-16 01:56 . 2008-04-16 01:56 <DIR> d-------- C:\ProgramData\LightScribe
2008-04-16 01:54 . 2008-04-16 01:54 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-04-15 11:49 . 2008-04-15 12:04 <DIR> d-------- C:\VundoFix Backups
2008-04-15 02:54 . 2008-04-15 02:54 <DIR> d-------- C:\Program Files\Gcom
2008-04-15 02:53 . 2008-04-15 03:00 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-04-15 02:39 . 2008-04-15 02:40 <DIR> d-------- C:\Program Files\ManyCam 2.2
2008-04-14 22:57 . 2008-04-14 22:57 <DIR> d-------- C:\Users\Janet Brooks\AppData\Roaming\BestOn
2008-04-14 22:53 . 2008-04-14 22:53 <DIR> d-------- C:\Program Files\BestOn
2008-04-14 22:52 . 2008-04-14 22:52 <DIR> d-------- C:\Program Files\Windows Media Components
2008-04-14 22:48 . 2008-04-15 13:23 230,424 --a------ C:\img2-001.raw
2008-04-14 22:41 . 2008-04-14 22:41 <DIR> d-------- C:\Program Files\Common Files\EZVGACam
2008-04-14 22:41 . 2007-01-02 15:14 10,180,096 --a------ C:\Windows\System32\drivers\snpstd3.sys
2008-04-14 22:41 . 2006-09-18 14:12 843,776 --a------ C:\Windows\vsnpstd3.exe
2008-04-14 22:41 . 2006-11-29 16:28 262,144 --a------ C:\Windows\tsnpstd3.exe
2008-04-14 22:41 . 2006-12-19 17:19 162,304 --a------ C:\Windows\System32\rsnpx64.dll
2008-04-14 22:41 . 2004-11-08 13:41 94,208 --a------ C:\Windows\amcap.exe
2008-04-14 22:41 . 2006-10-05 09:50 61,440 --a------ C:\Windows\System32\vsnpstd3.dll
2008-04-14 22:41 . 2005-11-23 13:55 53,248 --a------ C:\Windows\System32\csnpstd3.dll
2008-04-14 22:41 . 2004-02-27 17:36 15,498 --a------ C:\Windows\snpstd3.ini
2008-04-14 22:41 . 2004-02-27 17:36 13,023 --a------ C:\Windows\snpstd3.src
2008-04-14 22:25 . 2006-11-10 15:05 18,688 --a------ C:\Windows\System32\drivers\afc.sys
2008-04-14 22:23 . 2008-04-14 22:23 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-04-14 22:23 . 2008-04-14 22:23 <DIR> d-------- C:\Program Files\ArcSoft
2008-04-14 22:23 . 2006-01-24 10:20 1,645,320 --a------ C:\Windows\System32\GdiPlus.dll
2008-04-14 22:23 . 2003-03-18 22:14 499,712 -ra------ C:\Windows\System32\msvcp71.dll
2008-04-14 22:23 . 1995-08-01 04:44 212,480 --a------ C:\Windows\PCDLIB32.DLL
2008-04-14 22:20 . 2008-04-18 21:52 <DIR> d-------- C:\Windows\ulead.dat
2008-04-14 22:20 . 2008-04-18 21:52 196 --a------ C:\Windows\ulead32.ini
2008-04-14 22:19 . 2007-02-16 14:12 252,160 --a------ C:\Windows\System32\drivers\musgostrm.sys
2008-04-14 22:19 . 2007-02-16 15:28 118,784 --a------ C:\Windows\System32\musproxy.ax
2008-04-14 22:19 . 2007-02-16 14:12 67,072 --a------ C:\Windows\System32\drivers\musboard.dll
2008-04-14 22:18 . 2008-04-14 22:18 <DIR> d-------- C:\Program Files\Ulead Systems
2008-04-14 22:18 . 2008-04-14 22:18 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-14 22:17 . 2008-04-16 15:34 <DIR> d-------- C:\Program Files\ADSTech DVD Xpress DX2
2008-04-14 22:15 . 2008-04-14 22:21 <DIR> d-------- C:\Program Files\ADSTech
2008-04-13 12:17 . 2008-04-13 12:22 <DIR> d-------- C:\Users\Janet Brooks\AppData\Roaming\TVU Networks
2008-04-13 12:17 . 2008-04-13 12:22 <DIR> d-------- C:\Program Files\TVUPlayer
2008-04-13 12:17 . 2008-04-13 12:17 <DIR> d-------- C:\Program Files\TVAnts
2008-04-13 12:16 . 2008-04-13 12:18 <DIR> d-------- C:\Program Files\Satellite TV for PC
2008-04-13 01:17 . 2008-04-19 13:03 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-13 01:17 . 2008-04-13 01:17 1,409 --a------ C:\Windows\QTFont.for
2008-04-12 14:21 . 2008-04-12 14:21 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-04-12 13:47 . 2008-04-12 13:47 77,824 --a------ C:\Windows\System32\xcomm.dll
2008-04-04 10:51 . 2008-04-04 10:51 <DIR> d-------- C:\Program Files\Hidden Administrator
2008-04-04 10:43 . 2008-04-04 10:43 227 --a------ C:\Windows\Remote Installer 3.xml
2008-04-04 10:41 . 2008-04-04 10:41 <DIR> d-------- C:\Users\Janet Brooks\AppData\Roaming\EMCO
2008-04-04 10:41 . 2008-04-04 10:41 <DIR> d-------- C:\Program Files\EMCO
2008-03-30 16:37 . 2008-01-02 16:33 172,032 --a------ C:\Windows\System32\igfxres.dll
2008-03-30 16:03 . 2008-03-30 16:03 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-30 16:00 . 2007-12-16 18:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-30 16:00 . 2007-12-16 05:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-03-24 15:34 . 2008-03-24 15:34 <DIR> d-------- C:\Program Files\RealVNC
2008-03-24 14:44 . 2008-03-24 14:52 <DIR> d-------- C:\XtenDS
2008-03-24 13:37 . 2008-03-24 14:03 <DIR> d-------- C:\devkitPro
2008-03-24 01:43 . 2008-03-24 01:44 130,551,460 --a------ C:\[AHQ] .hack Liminality - Vol 1.dsm
2008-03-24 00:41 . 2008-03-25 11:56 <DIR> d-------- C:\Program Files\NDSMovie_EN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 17:05 --------- d-----w C:\Users\Janet Brooks\AppData\Roaming\Vidalia
2008-04-19 17:05 --------- d-----w C:\Users\Janet Brooks\AppData\Roaming\tor
2008-04-19 17:05 --------- d-----w C:\Users\Janet Brooks\AppData\Roaming\OpenOffice.org2
2008-04-19 10:34 --------- d-----w C:\Users\Janet Brooks\AppData\Roaming\Free Download Manager
2008-04-19 01:34 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 1
2008-04-18 15:04 --------- d-----w C:\Program Files\Lx_cats
2008-04-18 05:10 --------- d-----w C:\Users\Janet Brooks\AppData\Roaming\dvdcss
2008-04-18 04:30 --------- d-----w C:\Program Files\UltimateZip 2007
2008-04-18 03:54 --------- d-----w C:\Program Files\CamStudio
2008-04-15 16:00 --------- d-----w C:\Program Files\PowerISO
2008-04-15 08:12 --------- d-----w C:\Users\Janet Brooks\AppData\Roaming\uTorrent
2008-04-15 04:11 --------- d-----w C:\Program Files\Free Download Manager
2008-04-15 02:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 04:15 --------- d-----w C:\Users\Janet Brooks\AppData\Roaming\Vso
2008-04-13 16:16 --------- d---a-w C:\ProgramData\TEMP
2008-04-12 19:00 --------- d-----w C:\Program Files\iTunes
2008-04-12 18:59 --------- d-----w C:\Program Files\Bonjour
2008-04-12 18:28 --------- d-----w C:\Program Files\MSECACHE
2008-04-09 08:40 --------- d-----w C:\Program Files\Turkojan
2008-04-09 05:21 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 20:36 --------- d-----w C:\Program Files\PE Explorer
2008-03-31 09:11 --------- d-----w C:\Users\Janet Brooks\AppData\Roaming\LimeWire
2008-03-17 06:19 --------- d-----w C:\Program Files\USPS
2008-03-14 04:46 --------- d-----w C:\Program Files\CamGrab-2Plus
2008-03-13 05:22 --------- d-----w C:\Program Files\EphPod
2008-03-10 22:16 --------- d-----w C:\ProgramData\Viewpoint
2008-03-10 00:22 --------- d-----w C:\Users\Janet Brooks\AppData\Roaming\VoipBuster
2008-03-10 00:05 --------- d-----w C:\Program Files\VoipBuster.com
2008-03-05 22:42 --------- d-----w C:\Program Files\No-IP
2008-03-03 12:41 104 ----a-w C:\X.BIN
2008-03-03 12:38 --------- d-----w C:\Program Files\AY Spy
2008-03-03 03:58 --------- d-----w C:\Program Files\Fake Webcam
2008-03-01 16:33 --------- d-----w C:\Program Files\Let Me Rule! v2.0
2008-03-01 16:18 --------- d-----w C:\Program Files\Freshbind
2008-03-01 16:17 720,896 ----a-w C:\Windows\iun6002.exe
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-27 13:56 --------- d-----w C:\Program Files\DivX
2008-02-26 12:54 --------- d-----w C:\Program Files\VSO
2008-02-25 13:48 --------- d-----w C:\Program Files\iPod
2008-02-25 09:07 --------- d-----w C:\Program Files\Advanced Invisible Keylogger
2008-02-25 08:30 --------- d-----w C:\Program Files\Cain
2008-02-24 10:06 --------- d-----w C:\ProgramData\a32w
2008-02-22 15:15 --------- d-----w C:\Program Files\World of Warcraft
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-02-19 20:26 --------- d-----w C:\Program Files\Convar
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-13 08:19 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 08:11 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 08:11 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 08:10 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 08:10 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 08:10 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 08:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 08:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 08:09 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 08:09 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 08:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 08:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 08:09 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-01 07:21 245,408 ----a-w C:\Windows\System32\unicows.dll
2008-01-29 16:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
2007-10-11 16:42 47,360 ----a-w C:\Users\Janet Brooks\AppData\Roaming\pcouffin.sys
2007-08-30 07:11 174 --sha-w C:\Program Files\desktop.ini
2003-11-03 21:07 499,712 ----a-w C:\Program Files\msvcp71.dll
2003-11-03 21:07 348,160 ----a-w C:\Program Files\msvcr71.dll
2003-05-30 13:22 344,064 ----a-r C:\Program Files\msvcr70.dll
2002-01-05 07:40 487,424 ----a-w C:\Program Files\msvcp70.dll
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266C970E-97F1-4C2C-BBF7-A0CD8E0D365A}]
C:\Windows\system32\vTLcyYqq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F626C60-2BC1-435A-8C30-FE9FBDA57234}]
C:\Windows\system32\byXPJDWm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACBBD6CA-503C-4A00-B5CC-592B8AA23087}]
C:\Windows\system32\mlJDSifG.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 02:02 11852288]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2007-08-16 10:02 99608]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe" [2007-08-16 10:02 202008]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 10:14 1260296]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-11-06 20:51 3810544]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 05:19 1232896]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 17:59 2289664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 08:58 291760]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 08:59 304048]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 08:58 82864]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-11-02 00:04 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-04-12 13:49 360448]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"tsnpstd3"="C:\Windows\tsnpstd3.exe" [2006-11-29 16:28 262144]
"snpstd3"="C:\Windows\vsnpstd3.exe" [2006-09-18 14:12 843776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Updates"="svehost.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

C:\Users\Janet Brooks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2008-03-05 18:42:34 1172992]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-21 14:12:42 719664]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 10:30:54 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=C:\Windows\pss\Picture Package Menu.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
backup=C:\Windows\pss\Picture Package VCD Maker.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\34c67604]
C:\Windows\system32\ewwvyipc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM37f54598]
C:\Windows\system32\hegohqjx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 20:24 50760 C:\Program Files\Common Files\AOL\1184650865\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 12:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-04-09 08:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 14:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-06-08 10:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3EAA3992-49A3-4496-84CB-5D44F16F0EA6}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{07802A5E-6570-4580-B6DF-54C935EDC68A}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9A49078B-AB96-4EB1-AC62-FD546CB6B5D1}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E1F305CD-A122-45B8-910E-C3B27E9822CD}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{1DC72554-2AD1-4455-B0B4-F761980ECF9E}C:\\users\\janet brooks\\desktop\\utorrent.exe"= UDP:C:\users\janet brooks\desktop\utorrent.exe:utorrent.exe
"UDP Query User{96A2430B-78D2-4FE6-B559-6A543485A97E}C:\\users\\janet brooks\\desktop\\utorrent.exe"= TCP:C:\users\janet brooks\desktop\utorrent.exe:utorrent.exe
"TCP Query User{996E47FC-26E2-450B-AC4B-42CA81FB1370}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{FB378B55-8391-4F66-A96D-8FCBE957EBF1}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{89C12D95-D1E9-433A-AC2A-CE4F9F415335}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{5B084900-3018-43AD-9A15-E2DB7163CD25}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime
"{43EB1E64-D9CD-45AE-A46F-9445E835540B}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{347127EC-A267-4204-8A44-2B757627974B}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BD99441F-C123-419B-85B1-A0EEFE899B0A}"= UDP:C:\Program Files\Common Files\AOL\1184650865\ee\aolsoftware.exe:AOL Services
"{FBBED88E-4B4C-4651-85CC-3C891E440623}"= TCP:C:\Program Files\Common Files\AOL\1184650865\ee\aolsoftware.exe:AOL Services
"{C844773E-9265-4922-AEC3-94CC819579A9}"= UDP:C:\Program Files\Common Files\AOL\1184650865\ee\aim6.exe:AIM
"{E3195149-BAA1-4E8F-B488-F820B4C78EB3}"= TCP:C:\Program Files\Common Files\AOL\1184650865\ee\aim6.exe:AIM
"TCP Query User{965359B4-F055-4C91-B638-8A09C5DB1B88}C:\\program files\\k-lite codec pack\\media player classic\\mplayerc.exe"= UDP:C:\program files\k-lite codec pack\media player classic\mplayerc.exe:Media Player Classic
"UDP Query User{7612FC8B-8DA9-425E-ACB1-4D27202D8D2C}C:\\program files\\k-lite codec pack\\media player classic\\mplayerc.exe"= TCP:C:\program files\k-lite codec pack\media player classic\mplayerc.exe:Media Player Classic
"TCP Query User{D4062E9C-AB1F-4D11-8BBA-2E965CF3A9B5}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8D824B87-6855-4CBC-A9F4-EB4B3C55A4F7}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A0E6E6C9-DA59-49F4-AF8F-76BB84DC928C}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{726222B4-574E-48FF-B67A-4361975B4919}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{50C7A99F-A997-43AC-A0C2-BF317D761AFF}C:\\program files\\portabletor\\tor\\tor.exe"= UDP:C:\program files\portabletor\tor\tor.exe:tor
"UDP Query User{E6D456C2-FB94-4C77-949F-7B1885B52497}C:\\program files\\portabletor\\tor\\tor.exe"= TCP:C:\program files\portabletor\tor\tor.exe:tor
"TCP Query User{25923E1A-5B27-42C6-9B6D-6D168674A942}C:\\program files\\vidalia bundle\\tor\\tor.exe"= UDP:C:\program files\vidalia bundle\tor\tor.exe:tor
"UDP Query User{F1595880-1EAA-482A-84F2-CCCE7AC5AB16}C:\\program files\\vidalia bundle\\tor\\tor.exe"= TCP:C:\program files\vidalia bundle\tor\tor.exe:tor
"TCP Query User{87ABDD12-AC3F-4619-92E8-8EFC5F2494A1}C:\\savant\\savant.exe"= UDP:C:\savant\savant.exe:Savant Web Server
"UDP Query User{9D576B8E-9CFA-4F26-BA54-C7C4C7DF75AD}C:\\savant\\savant.exe"= TCP:C:\savant\savant.exe:Savant Web Server
"TCP Query User{C892F3DF-897F-4D9C-BB01-26C2259EB5CE}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{D3C253F8-C2D7-474F-AFCE-12C222294E75}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{E0ACB66F-5909-4820-BEAA-77A704918C1E}C:\\abyss web server\\abyssws.exe"= UDP:C:\abyss web server\abyssws.exe:Abyss Web Server X1
"UDP Query User{222F3832-A004-4909-A94A-FDE85604987F}C:\\abyss web server\\abyssws.exe"= TCP:C:\abyss web server\abyssws.exe:Abyss Web Server X1
"TCP Query User{AB5A94D9-973E-4BFD-B2FA-7C673922F1E1}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{44629347-C5F7-40BD-A972-43CB76C25162}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{C6C48C15-F51A-4D88-A9D5-0FE662164E18}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{991CE1F0-E9BF-4F22-9BEE-30C6E9F17949}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B27E3464-2038-448A-8181-2ED55731F5F4}K:\\security\\portableapps\\firefoxportable\\app\\firefox\\firefox.exe"= UDP:K:\security\portableapps\firefoxportable\app\firefox\firefox.exe:Firefox
"UDP Query User{423061C0-1CE8-4239-81FF-52E965A8A337}K:\\security\\portableapps\\firefoxportable\\app\\firefox\\firefox.exe"= TCP:K:\security\portableapps\firefoxportable\app\firefox\firefox.exe:Firefox
"TCP Query User{87A34F0E-B52C-47C4-8F46-003CC6B5778D}C:\\program files\\coffeecup software\\coffeecup free ftp\\freeftp.exe"= UDP:C:\program files\coffeecup software\coffeecup free ftp\freeftp.exe:FreeFTP
"UDP Query User{E1BBB0C2-0F0A-448A-8279-701AE0674A40}C:\\program files\\coffeecup software\\coffeecup free ftp\\freeftp.exe"= TCP:C:\program files\coffeecup software\coffeecup free ftp\freeftp.exe:FreeFTP
"TCP Query User{4BA08A35-8057-4146-9AF8-E1A82342F67A}C:\\program files\\icechat7\\icechat7.exe"= UDP:C:\program files\icechat7\icechat7.exe:Internet Relay Chat Client
"UDP Query User{7949CD6D-D3D8-498F-B736-ED0812226418}C:\\program files\\icechat7\\icechat7.exe"= TCP:C:\program files\icechat7\icechat7.exe:Internet Relay Chat Client
"TCP Query User{D7DA36E4-2A6A-4392-864B-1EAAD5CE0BF4}J:\\portableapps\\winscpportable\\app\\winscp\\winscp.exe"= UDP:J:\portableapps\winscpportable\app\winscp\winscp.exe:Windows SFTP, FTP and SCP client
"UDP Query User{927355A2-4FDA-4995-AFB9-548748B0EC70}J:\\portableapps\\winscpportable\\app\\winscp\\winscp.exe"= TCP:J:\portableapps\winscpportable\app\winscp\winscp.exe:Windows SFTP, FTP and SCP client
"{C16001CE-5B3C-41AB-9395-96BCE018AD31}"= UDP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{30CBB95D-8595-4B18-BD27-79972CE90248}"= TCP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{372957B2-FAB2-4B21-8344-8F2910CE04CD}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{67F1B96F-FC7B-455C-8D48-9C13B0330C86}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{825D6886-E7B0-4216-BA92-C94770669AE4}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{C3A5655D-1975-415D-9AFF-65BAF5E0E5DD}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{A111475E-C129-44E8-B8BD-07DF2109F513}C:\\users\\janet brooks\\desktop\\ip grabber\\antidote-187's ip grabber\\antidote-187's ip grabber.exe"= UDP:C:\users\janet brooks\desktop\ip grabber\antidote-187's ip grabber\antidote-187's ip grabber.exe:antidote-187's ip grabber.exe
"UDP Query User{E19F0BCB-D99C-4C57-8C0D-92E1BA3CC10F}C:\\users\\janet brooks\\desktop\\ip grabber\\antidote-187's ip grabber\\antidote-187's ip grabber.exe"= TCP:C:\users\janet brooks\desktop\ip grabber\antidote-187's ip grabber\antidote-187's ip grabber.exe:antidote-187's ip grabber.exe
"TCP Query User{37D41B3A-D1F7-45FF-AB27-D80DE8EA85C4}C:\\users\\janet brooks\\desktop\\haxors\\profile ip spy\\profile ip spy.exe"= UDP:C:\users\janet brooks\desktop\haxors\profile ip spy\profile ip spy.exe:profile ip spy.exe
"UDP Query User{C409234D-43C0-4A67-AE65-77E248870F2C}C:\\users\\janet brooks\\desktop\\haxors\\profile ip spy\\profile ip spy.exe"= TCP:C:\users\janet brooks\desktop\haxors\profile ip spy\profile ip spy.exe:profile ip spy.exe
"TCP Query User{A252F6E4-75DA-4F3B-9044-B8D0619B846F}C:\\users\\janet brooks\\desktop\\haxors\\ipgrabber\\ipgrabber\\antidote-187's ip grabber.exe"= UDP:C:\users\janet brooks\desktop\haxors\ipgrabber\ipgrabber\antidote-187's ip grabber.exe:antidote-187's ip grabber.exe
"UDP Query User{89C06167-6AF1-41A5-A853-1B7255CD0C51}C:\\users\\janet brooks\\desktop\\haxors\\ipgrabber\\ipgrabber\\antidote-187's ip grabber.exe"= TCP:C:\users\janet brooks\desktop\haxors\ipgrabber\ipgrabber\antidote-187's ip grabber.exe:antidote-187's ip grabber.exe
"{2E1A195F-F732-42F6-9A69-C6521BD65D7C}"= Disabled:UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{1E473B3D-7407-425B-A225-91B60B196082}"= Disabled:TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"TCP Query User{17A6DA86-3095-48AA-AD8C-D67D3065DD01}C:\\program files\\dothack\\area server\\area server.exe"= UDP:C:\program files\dothack\area server\area server.exe:AREA SERVER ?????????
"UDP Query User{CBE9BAD1-F740-41AA-A79E-EBF09ED00E90}C:\\program files\\dothack\\area server\\area server.exe"= TCP:C:\program files\dothack\area server\area server.exe:AREA SERVER ?????????
"TCP Query User{A1896159-8C0A-48B7-B456-31599C28E8EF}I:\\portableapps\\winscpportable\\app\\winscp\\winscp.exe"= UDP:I:\portableapps\winscpportable\app\winscp\winscp.exe:Windows SFTP, FTP and SCP client
"UDP Query User{84B8D619-71A1-4BA0-A0C2-F9D2BD289C7D}I:\\portableapps\\winscpportable\\app\\winscp\\winscp.exe"= TCP:I:\portableapps\winscpportable\app\winscp\winscp.exe:Windows SFTP, FTP and SCP client
"TCP Query User{886314D1-421F-457D-AD83-61CE0A0DBF65}C:\\program files\\bandai corporation\\area server\\hack area server\\area server\\area server.exe"= UDP:C:\program files\bandai corporation\area server\hack area server\area server\area server.exe:AREA SERVER ?????????
"UDP Query User{289A0EAC-DECE-4F4C-A82A-376182FE75F3}C:\\program files\\bandai corporation\\area server\\hack area server\\area server\\area server.exe"= TCP:C:\program files\bandai corporation\area server\hack area server\area server\area server.exe:AREA SERVER ?????????
"TCP Query User{CA7AC691-2BCF-4216-8207-F5CD0AB9F086}C:\\program files\\maxivista mirrorpro server\\maxivistaa.exe"= UDP:C:\program files\maxivista mirrorpro server\maxivistaa.exe:MaxiVista
"UDP Query User{47F33D22-3B08-401E-84FA-EBFE696A1A8A}C:\\program files\\maxivista mirrorpro server\\maxivistaa.exe"= TCP:C:\program files\maxivista mirrorpro server\maxivistaa.exe:MaxiVista
"{CA6F562D-9B61-4643-8EB1-6532C7E2F4BE}"= UDP:C:\Program Files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{1B2E133F-3AF9-4D71-B379-0E8247BBC9FD}"= TCP:C:\Program Files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{7651017C-0B36-4179-992C-02FDE4B46F08}"= UDP:C:\Program Files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{66DBD286-F346-4B2D-AD69-3AC7A88FF8A2}"= TCP:C:\Program Files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{657EA9C5-0667-40B9-8D99-43CED1F68F01}"= UDP:C:\Windows\System32\lxctcoms.exe:Lexmark Communications System
"{399560D9-BB6D-4875-AF48-86A0E847B39C}"= TCP:C:\Windows\System32\lxctcoms.exe:Lexmark Communications System
"{20D25D01-CE39-4645-94C2-2F4ADEBA2364}"= Disabled:UDP:135:TCP Port 135
"{92E57823-ECA2-4766-9F46-3DD22F1D15BE}"= Disabled:UDP:5000:TCP Port 5000
"{E3C75C65-BC9F-4EFA-9576-C125D5C35C79}"= Disabled:UDP:5001:TCP Port 5001
"{F799C467-3A82-441B-8A17-B197FB564C0C}"= Disabled:UDP:5002:TCP Port 5002
"{C0154AFB-D5F0-4B3D-9941-CF72214082FE}"= Disabled:UDP:5003:TCP Port 5003
"{8BBD4E84-408D-4794-A285-C9EE5D887469}"= Disabled:UDP:5004:TCP Port 5004
"{1CEE6FF6-EF65-42C8-AEDF-1918A15B8AE6}"= Disabled:UDP:5005:TCP Port 5005
"{D830D8B7-47A0-4831-AD33-E77CB79FE622}"= Disabled:UDP:5006:TCP Port 5006
"{63EB9EAE-451E-4292-9577-0EF3995F0044}"= Disabled:UDP:5007:TCP Port 5007
"{F6B4833A-3A16-4288-95F2-6038D5AADFE0}"= Disabled:UDP:5008:TCP Port 5008
"{2322EF91-6B35-450A-985B-B85512A853F4}"= Disabled:UDP:5009:TCP Port 5009
"{B9FEFC56-E0FD-4BC0-8110-30E20D90E49D}"= Disabled:UDP:5010:TCP Port 5010
"{D869555B-720F-4B5F-BAE5-34F0FD2E6F95}"= Disabled:UDP:5011:TCP Port 5011
"{CDBE5772-DA78-4A18-8131-BAEC0D19AA1A}"= Disabled:UDP:5012:TCP Port 5012
"{145A5BA3-79EC-4D8F-B95A-49FD524EB75E}"= Disabled:UDP:5013:TCP Port 5013
"{F5574082-3D80-49FA-9CC8-60F4BFD7B4CC}"= Disabled:UDP:5014:TCP Port 5014
"{892B3BF3-EA1E-4A92-B56F-F3922B51E130}"= Disabled:UDP:5015:TCP Port 5015
"{3E3196BD-F8B2-42C8-8F67-4AF30455E35E}"= Disabled:UDP:5016:TCP Port 5016
"{815282B6-DB39-4235-B733-364D8F99EED0}"= Disabled:UDP:5017:TCP Port 5017
"{CBA6FB85-A1CD-4B8F-B7E8-1365D93B28F0}"= Disabled:UDP:5018:TCP Port 5018
"{CBD13051-6E52-4D7A-81C6-69847E77ECF4}"= Disabled:UDP:5019:TCP Port 5019
"{E4CE98D7-1A19-49FB-98C2-68A39BD2AE56}"= Disabled:UDP:5020:TCP Port 5020
"{87079044-0C4D-49DF-BA88-D54B824F7804}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{E1DF59CB-A275-4F62-B05F-311E29AFD108}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{B0121260-2A2A-43F9-8263-5B5224E6438E}K:\\portableapps\\winscpportable\\app\\winscp\\winscp.exe"= UDP:K:\portableapps\winscpportable\app\winscp\winscp.exe:Windows SFTP, FTP and SCP client
"UDP Query User{F033A8AB-A444-448E-A8BF-B1CBE5638B81}K:\\portableapps\\winscpportable\\app\\winscp\\winscp.exe"= TCP:K:\portableapps\winscpportable\app\winscp\winscp.exe:Windows SFTP, FTP and SCP client
"TCP Query User{F45BFFD3-F146-46E5-ADCB-5D454D067397}C:\\users\\janet brooks\\desktop\\bluetoothremotecontrol\\remotepc2\\remotepcserver.exe"= UDP:C:\users\janet brooks\desktop\bluetoothremotecontrol\remotepc2\remotepcserver.exe:remotepcserver.exe
"UDP Query User{66ACC2CD-6469-47BF-9978-19B98EED9692}C:\\users\\janet brooks\\desktop\\bluetoothremotecontrol\\remotepc2\\remotepcserver.exe"= TCP:C:\users\janet brooks\desktop\bluetoothremotecontrol\remotepc2\remotepcserver.exe:remotepcserver.exe
"{188DFE9C-F2DF-474B-A28C-3010298A7DE9}"= UDP:4458:Application Sharing
"{1C590A73-1D8E-4948-B92E-6E1A138D4270}"= UDP:4457:Application Sharing
"{9005BBC1-154E-40E7-BDD5-04460D4F433E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{63849EE8-5A6F-43FF-BA77-7CB574FD0834}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{99DD87F7-079C-4DC0-BCF1-F276D84468F7}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"TCP Query User{835AB939-27CC-45EE-AAFD-DB47815292A2}C:\\program files\\dsnet corp\\atube catcher 1.0\\smh.exe"= UDP:C:\program files\dsnet corp\atube catcher 1.0\smh.exe:Smart Media Hunter 0.7
"UDP Query User{309DDF33-759E-4FBE-9820-3AC7BD0F8F3A}C:\\program files\\dsnet corp\\atube catcher 1.0\\smh.exe"= TCP:C:\program files\dsnet corp\atube catcher 1.0\smh.exe:Smart Media Hunter 0.7
"{B0C7195F-55F4-4326-92B8-0E178F4381F4}"= Disabled:UDP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{EAF02FB2-7E61-451A-91DB-AE580AE5E1F7}"= Disabled:TCP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"TCP Query User{1AAAEE3B-F8E5-4699-985E-A09153E7B821}C:\\downloads\\wow-burningcrusade-enus-installer-downloader.exe"= UDP:C:\downloads\wow-burningcrusade-enus-installer-downloader.exe:Blizzard Downloader
"UDP Query User{8FCC255A-D559-4800-8F0A-8FCD2FCF7FDA}C:\\downloads\\wow-burningcrusade-enus-installer-downloader.exe"= TCP:C:\downloads\wow-burningcrusade-enus-installer-downloader.exe:Blizzard Downloader
"TCP Query User{B0540184-2F2B-4C08-8FA4-CF9A9D8ACEC4}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{5FD88BA3-3731-4953-9859-19DD89866FE8}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"TCP Query User{E51C0B0C-5A58-48F0-99A7-AFE5C4585E87}C:\\users\\janet brooks\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:C:\users\janet brooks\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{9A273463-FEA4-4D34-BD78-055E6C3E42FF}C:\\users\\janet brooks\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:C:\users\janet brooks\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"TCP Query User{01E0EE88-3A96-4668-9ED8-58D03450A23C}C:\\users\\janet brooks\\desktop\\bo2k\\bo2k_1_1_6(1)\\bo2k_1_1_6\\bo2kgui.exe"= UDP:C:\users\janet brooks\desktop\bo2k\bo2k_1_1_6(1)\bo2k_1_1_6\bo2kgui.exe:bo2kgui.exe
"UDP Query User{9F00FA7F-4CB7-466F-A5DE-954969FE644F}C:\\users\\janet brooks\\desktop\\bo2k\\bo2k_1_1_6(1)\\bo2k_1_1_6\\bo2kgui.exe"= TCP:C:\users\janet brooks\desktop\bo2k\bo2k_1_1_6(1)\bo2k_1_1_6\bo2kgui.exe:bo2kgui.exe
"TCP Query User{D705A78D-DC91-442C-AB9C-803056169895}C:\\program files\\tftputil\\tftputil gui.exe"= UDP:C:\program files\tftputil\tftputil gui.exe:TFTPUtil GUI
"UDP Query User{A5CA0F50-CA50-4554-9A7A-F88A1EA83F43}C:\\program files\\tftputil\\tftputil gui.exe"= TCP:C:\program files\tftputil\tftputil gui.exe:TFTPUtil GUI
"TCP Query User{EE7061FF-5D28-41E1-85AF-12C8FE91E318}C:\\users\\janet brooks\\documents\\downloads\\turkojaneng3_amar\\turkojaneng3\\client.exe"= UDP:C:\users\janet brooks\documents\downloads\turkojaneng3_amar\turkojaneng3\client.exe:client.exe
"UDP Query User{4B7C451F-9AC5-4B91-B24C-F2AF0EE92A45}C:\\users\\janet brooks\\documents\\downloads\\turkojaneng3_amar\\turkojaneng3\\client.exe"= TCP:C:\users\janet brooks\documents\downloads\turkojaneng3_amar\turkojaneng3\client.exe:client.exe
"TCP Query User{0813D0A9-8BF6-4383-BD6D-90A4F47E971F}C:\\program files\\turkojan\\client.exe"= UDP:C:\program files\turkojan\client.exe:Client
"UDP Query User{DED001B7-49FF-4F88-90A7-4277BE710251}C:\\program files\\turkojan\\client.exe"= TCP:C:\program files\turkojan\client.exe:Client
"{13A533B8-F88B-488B-BFFD-AD833C8CEB31}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{94361DBC-84DE-4AAE-8BD9-EE6F0A63DFBD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{D30DEBD1-FDBC-482E-9878-40B28205C2DE}C:\\users\\janet brooks\\desktop\\unused torrents\\finished torrents\\hackers pack\\trojans\\letmerule!v2[1].0beta3\\let me rule! v2.0.exe"= UDP:C:\users\janet brooks\desktop\unused torrents\finished torrents\hackers pack\trojans\letmerule!v2[1].0beta3\let me rule! v2.0.exe:let me rule! v2.0.exe
"UDP Query User{52C81FE3-0D03-402E-A649-910667D862BC}C:\\users\\janet brooks\\desktop\\unused torrents\\finished torrents\\hackers pack\\trojans\\letmerule!v2[1].0beta3\\let me rule! v2.0.exe"= TCP:C:\users\janet brooks\desktop\unused torrents\finished torrents\hackers pack\trojans\letmerule!v2[1].0beta3\let me rule! v2.0.exe:let me rule! v2.0.exe
"TCP Query User{DAC11D63-D6F7-4E89-8307-13715D44B03C}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{868EA291-0529-4A8D-AC0A-4AA00EFADB60}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{4E0D3A81-1CB5-432E-90F3-01B1524AC959}"= UDP:C:\Users\Janet Brooks\Desktop\utorrent.exe:µTorrent
"{8C62DAD1-AA8C-4A90-9049-A387CE4D3179}"= TCP:C:\Users\Janet Brooks\Desktop\utorrent.exe:µTorrent
"TCP Query User{6A67F712-A9F3-4BA3-89D8-AEB0F3675857}C:\\program files\\common files\\aol\\1184650865\\ee\\aim6.exe"= UDP:C:\program files\common files\aol\1184650865\ee\aim6.exe:AIM
"UDP Query User{88773D3D-1629-4BAB-9631-55C9F2DC8E48}C:\\program files\\common files\\aol\\1184650865\\ee\\aim6.exe"= TCP:C:\program files\common files\aol\1184650865\ee\aim6.exe:AIM
"TCP Query User{794666BC-5F11-49F2-AF3D-D448E997CEEC}C:\\program files\\turkojan\\client.exe"= UDP:C:\program files\turkojan\client.exe:Client
"UDP Query User{B1DB4E70-67A6-4A8E-BA10-36FF4582A836}C:\\program files\\turkojan\\client.exe"= TCP:C:\program files\turkojan\client.exe:Client
"{68C0D3F8-8C1F-44E6-AD51-88FF53B18C3A}"= UDP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"{81D9F886-4401-402E-8C55-DCE0042195AA}"= TCP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"TCP Query User{73A2D9A8-EA78-44CE-A292-1E65207FF8DC}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8FDCAFF4-AAFC-421D-9CA2-2F4C41FCF675}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{710CD606-785C-41C4-9837-CE9963856C54}C:\\users\\janet brooks\\documents\\my downloads\\superscan4\\superscan4.exe"= UDP:C:\users\janet brooks\documents\my downloads\superscan4\superscan4.exe:superscan4.exe
"UDP Query User{9F049CCE-14E9-4A45-A77C-C1347CE19890}C:\\users\\janet brooks\\documents\\my downloads\\superscan4\\superscan4.exe"= TCP:C:\users\janet brooks\documents\my downloads\superscan4\superscan4.exe:superscan4.exe
"TCP Query User{09B39B53-E291-4E60-9BEA-402CD902F6D9}C:7\\portableapps\\winscpportable\\app\\winscp\\winscp.exe"= UDP:C:7\portableapps\winscpportable\app\winscp\winscp.exe:winscp.exe
"UDP Query User{765ADDBA-9EB6-4F41-A2AE-FEC1ACFB0742}C:7\\portableapps\\winscpportable\\app\\winscp\\winscp.exe"= TCP:C:7\portableapps\winscpportable\app\winscp\winscp.exe:winscp.exe
"TCP Query User{4025AACB-0131-4380-B6B0-CD86EAB89FC4}C:\\program files\\myspace\\im\\myspaceim.exe"= Disabled:UDP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{B83EFA42-5A75-48B9-B99E-D8167AE293A8}C:\\program files\\myspace\\im\\myspaceim.exe"= Disabled:TCP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"TCP Query User{51D1B4C2-A5CB-448D-B9CA-DFFAFA837F04}C:\\program files\\hidden administrator\\ha_client\\ha_client.exe"= UDP:C:\program files\hidden administrator\ha_client\ha_client.exe:Hidden Administrator Client
"UDP Query User{92AAE494-2907-49CE-8DE9-B228737AF436}C:\\program files\\hidden administrator\\ha_client\\ha_client.exe"= TCP:C:\program files\hidden administrator\ha_client\ha_client.exe:Hidden Administrator Client
"TCP Query User{5427A349-B818-4506-BFE4-FAF1F4B51809}C:\\users\\janet brooks\\desktop\\unused torrents\\finished torrents\\hackers pack\\trojans\\letmerule!v2[1].0beta3\\let me rule! v2.0.exe"= UDP:C:\users\janet brooks\desktop\unused torrents\finished torrents\hackers pack\trojans\letmerule!v2[1].0beta3\let me rule! v2.0.exe:let me rule! v2.0.exe
"UDP Query User{5E64C113-97DB-4AA7-B526-CE3CE9326F20}C:\\users\\janet brooks\\desktop\\unused torrents\\finished torrents\\hackers pack\\trojans\\letmerule!v2[1].0beta3\\let me rule! v2.0.exe"= TCP:C:\users\janet brooks\desktop\unused torrents\finished torrents\hackers pack\trojans\letmerule!v2[1].0beta3\let me rule! v2.0.exe:let me rule! v2.0.exe
"TCP Query User{3EF667DE-3413-4E82-AF64-B8511C9166AC}C:\\users\\janet brooks\\desktop\\unused torrents\\finished torrents\\hackers pack\\trojans\\char0n\\charon.exe"= UDP:C:\users\janet brooks\desktop\unused torrents\finished torrents\hackers pack\trojans\char0n\charon.exe:charon.exe
"UDP Query User{80B0831C-9BAA-43C1-A3F7-211BB1B31CF0}C:\\users\\janet brooks\\desktop\\unused torrents\\finished torrents\\hackers pack\\trojans\\char0n\\charon.exe"= TCP:C:\users\janet brooks\desktop\unused torrents\finished torrents\hackers pack\trojans\char0n\charon.exe:charon.exe
"TCP Query User{18081F59-510D-4C12-80CA-011039D4F007}C:\\program files\\realvnc\\vnc4\\winvnc4.exe"= UDP:C:\program files\realvnc\vnc4\winvnc4.exe:VNC Server Free Edition for Win32
"UDP Query User{4656D367-6219-4B51-9BEC-011EB4324B12}C:\\program files\\realvnc\\vnc4\\winvnc4.exe"= TCP:C:\program files\realvnc\vnc4\winvnc4.exe:VNC Server Free Edition for Win32
"{743BCC3F-EFAE-4A68-82D9-A79CAFB6213A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F37DA2C8-1CAB-448B-90E7-00505D2DAEE4}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A28DDB3B-E05B-4286-93EC-E0A7CF1534AC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9CC1FE5E-1A4E-4779-B1F2-BC31E2AC62F6}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{FE5DBD5C-9B28-4CFE-BB2F-C4DE6AABE6C8}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{92508D50-2B65-4F69-AC8C-E3A56C871C24}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{BB3CB579-5E1B-4ABE-8396-FD29E7B53C43}C:\\program files\\beston\\webcam suite 2.0\\webcamsuite2.exe"= UDP:C:\program files\beston\webcam suite 2.0\webcamsuite2.exe:WebCam Suite 2.0
"UDP Query User{8C1200BD-2C99-49D1-A32E-363EAA1D244F}C:\\program files\\beston\\webcam suite 2.0\\webcamsuite2.exe"= TCP:C:\program files\beston\webcam suite 2.0\webcamsuite2.exe:WebCam Suite 2.0
"TCP Query User{520B5783-2C20-4D5B-A2F4-DC7A4CB128E2}C:\\program files\\beston\\webcam suite 2.0\\webcamsuite2.exe"= UDP:C:\program files\beston\webcam suite 2.0\webcamsuite2.exe:WebCam Suite 2.0
"UDP Query User{2A11FC3A-D501-4E10-9527-0BFF9293D495}C:\\program files\\beston\\webcam suite 2.0\\webcamsuite2.exe"= TCP:C:\program files\beston\webcam suite 2.0\webcamsuite2.exe:WebCam Suite 2.0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-29 09:11]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-19 21:59]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-19 21:59]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-19 21:59]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 06:06]
R3 MUSTechVIDCAP;ADS DVD XPRESS DX2;C:\Windows\system32\drivers\musgostrm.sys [2007-02-16 14:12]
R3 n558;N558 Bluetooth USB Filter Driver;C:\Windows\system32\Drivers\n558.sys [2007-08-15 07:27]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 10:00]
S2 MaxiAcom;MaxiAcom;C:\Windows\system32\Drivers\MaxiAcom.SYS [2007-06-19 11:45]
S2 MaxiMcom;MaxiMcom;C:\Windows\system32\Drivers\MaxiMcom.SYS [2007-06-19 11:45]
S3 maximir;maximir;C:\Windows\system32\DRIVERS\maximir.sys [2007-06-19 11:45]
S3 maxivista;Maxi_Vista_DriverA;C:\Windows\system32\DRIVERS\maxivista.sys [2007-06-19 11:45]
S3 NPF;WinPcap Packet Driver (NPF);C:\Windows\system32\drivers\NPF.sys [2007-10-11 05:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
ipripsvc REG_MULTI_SZ iprip
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac8f707d-61d4-11dc-ac5f-001921db601c}]
\shell\AutoRun\command - K:\cmd.bat


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-04-14 01:34:06 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-17 01:34:58 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-15 03:42:25 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 13:15:12
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-19 13:16:35
ComboFix-quarantined-files.txt 2008-04-19 17:16:25

Pre-Run: 18,094,489,600 bytes free
Post-Run: 18,078,187,520 bytes free

493 --- E O F --- 2008-04-13 05:18:38


-------------------------------------------------------------------------------------------------------------------------------



It seems to be running really well at the moment. Thanks for your help.
If there is anything else I need to do, though, please let me know.

Zach

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:09 AM

Posted 20 April 2008 - 03:59 PM

Well done, Zach :thumbsup:
Looks like you got most of them.

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
C:\Windows\System32\qxdjdxoa.ini
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266C970E-97F1-4C2C-BBF7-A0CD8E0D365A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F626C60-2BC1-435A-8C30-FE9FBDA57234}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACBBD6CA-503C-4A00-B5CC-592B8AA23087}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Updates"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\34c67604]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM37f54598]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

Are you still having problems ?
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:09 AM

Posted 19 May 2008 - 07:35 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users