Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Pop-ups And Possible Malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 kdods

kdods

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 20 May 2008 - 02:40 AM

Avira AntiVir Personal
Report file date: Saturday, May 17, 2008 23:25

Scanning for 1262699 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: UPSTAIRSPUTER

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 16:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 15:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 15:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 15:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 17:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 20:08:58
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 5/5/2008 20:39:04
ANTIVIR3.VDF : 7.0.4.27 146944 Bytes 5/12/2008 20:39:05
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 16:58:21
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 5/12/2008 20:39:18
AESCN.DLL : 8.1.0.16 119156 Bytes 5/12/2008 20:39:17
AERDL.DLL : 8.1.0.20 418165 Bytes 5/12/2008 20:39:16
AEPACK.DLL : 8.1.1.4 364918 Bytes 5/12/2008 20:39:15
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 5/12/2008 20:39:13
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 5/12/2008 20:39:11
AEHELP.DLL : 8.1.0.14 115063 Bytes 5/12/2008 20:39:09
AEGEN.DLL : 8.1.0.20 299380 Bytes 5/12/2008 20:39:09
AEEMU.DLL : 8.1.0.6 430451 Bytes 5/12/2008 20:39:08
AECORE.DLL : 8.1.0.28 168310 Bytes 5/12/2008 20:39:07
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 00:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 17:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 20:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 00:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 15:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 00:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 21:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 19:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Monday, May 12, 2008 23:25

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'RoxMediaDB9.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RoxLiveShare9.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'mssysmgr.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'RoxioUpnpService9.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hnm_svc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'savedump.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '17' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0089511.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0091318.exe
[DETECTION] Is the Trojan horse TR/Vapsup.evv
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0091319.dll
[DETECTION] Is the Trojan horse TR/Vapsup.evv.2
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0092292.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0092296.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!


End of the scan: Monday, May 19, 2008 16:35
Used time: 41:10:29 min

The scan has been canceled!

13953 Scanning directories
477969 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
477965 Files not concerned
4305 Archives were scanned
2 Warnings
4 Notes







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:47 AM, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\EAGAME~1\THESIM~1\TSBin\Sims2.exe
C:\DOCUME~1\Kacey\LOCALS~1\Temp\~e5.0001
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: mkrndofl - {091E4684-9A84-453B-A5AC-E82BCD2109E2} - C:\WINDOWS\mkrndofl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [fvjnorui] C:\WINDOWS\system32\jqbsfulg.exe
O4 - HKLM\..\Policies\Explorer\Run: [wA4xHCqJFD] C:\Documents and Settings\All Users\Application Data\nolwjwpg\xynsjads.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0327
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0314
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0320
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0312
O21 - SSODL: wetkadmr - {AE081E61-2237-4625-9866-F678204F7025} - C:\WINDOWS\wetkadmr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8387 bytes

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:09 AM

Posted 22 May 2008 - 06:43 AM

Hello Kdods and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 kdods

kdods
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 23 May 2008 - 07:07 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:36 AM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [fvjnorui] C:\WINDOWS\system32\jqbsfulg.exe
O4 - HKLM\..\Policies\Explorer\Run: [wA4xHCqJFD] C:\Documents and Settings\All Users\Application Data\nolwjwpg\xynsjads.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0327
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0314
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0320
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://access.memorial.org/vdesk/terminal/...,2007,0223,0312
O20 - Winlogon Notify: geBqQGaa - C:\WINDOWS\
O21 - SSODL: wetkadmr - {AE081E61-2237-4625-9866-F678204F7025} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8933 bytes
















Malwarebytes' Anti-Malware 1.12
Database version: 779

Scan type: Quick Scan
Objects scanned: 86564
Time elapsed: 31 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 60
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 16
Files Infected: 156

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\geBrpnLC.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\gsihrbij.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\geBqQGaa.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\wetkadmr.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29c8bdc2-f194-47c0-8e18-1c8da48acc48} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{29c8bdc2-f194-47c0-8e18-1c8da48acc48} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\actvtalk.tchongabho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cf26fac0-7d4e-46d8-ae64-b277b11443ac} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf26fac0-7d4e-46d8-ae64-b277b11443ac} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\colorutility.colorutility (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\colorutility.colorutility.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebqqgaa (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vipantispyware_is1 (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IQSoftware (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ae081e61-2237-4625-9866-f678204f7025} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{40815a9a-bc7c-46d1-837d-a49ed3444f06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40815a9a-bc7c-46d1-837d-a49ed3444f06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{091e4684-9a84-453b-a5ac-e82bcd2109e2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mkrndofl.btqo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mkrndofl.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MSVPS.MSVPSApp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1cd17f19 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wetkadmr (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{091e4684-9a84-453b-a5ac-e82bcd2109e2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrpnlc -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrpnlc -> Delete on reboot.

Folders Infected:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\ColorUtility (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\vipantispyware (Rogue.VIPAantispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\virii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\geBrpnLC.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\CLnprBeg.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\CLnprBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gsihrbij.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jibrhisg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbesknib.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\binksebk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnNgfc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfgNnnmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfgNnnmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twbftmdh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hdmtfbwt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\actvtalk.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\ColorUtility\ColorUtility.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBqQGaa.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkIxYst.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwfynkdm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Local Settings\Temp\temp.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Local Settings\Temp\_addon.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Local Settings\Temporary Internet Files\Content.IE5\4QEFV3P4\setup_204_501_[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Local Settings\Temporary Internet Files\Content.IE5\8MZYAST5\setup[1].exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Local Settings\Temporary Internet Files\Content.IE5\AFIN9MQE\hctp[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\alarm.wav (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\click.wav (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\config.cfg (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dbinfo (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\success.wav (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\unins000.dat (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\unins000.exe (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\vipantispyware.exe (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\vipantispyware.url (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\def2.base (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\defbase0.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\defbase1.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\defbase2.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\defbase3.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\defbase4.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\defbase5.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\defbase6.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\defbase7.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\defbase8.db (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\immunization.pl (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\license (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\sig2.base (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\sigrules.rul (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Program Files\vipantispyware\dll\update.scr (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\ColorUtility\uninstall.dat (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\ColorUtility\Uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080518182352875.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\vipantispyware\Uninstall vipantispyware.lnk (Rogue.VIPAantispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\vipantispyware\vipantispyware on the Web.lnk (Rogue.VIPAantispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\vipantispyware\vipantispyware.lnk (Rogue.VIPAantispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\virii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\virii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\virii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\virii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\virii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Not selected for removal.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\winxplogon.sys (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\wetkadmr.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\svorbmke.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\qvlbodmnmle.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mkrndofl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1409OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\blackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\EditorFKWP1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\EditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\filemanagerclient.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\fkwp1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\fkwp2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\fwebd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\FWebdEditor.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\Trojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Application Data\Microsoft\Internet Explorer\Quick Launch\vipantispyware.lnk (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\vipantispyware.lnk (Rogue.VIPAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kacey\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kacey\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kacey\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kacey\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kacey\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kacey\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hunter\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.


















ComboFix 08-05-21.3 - Kacey 2008-05-23 6:39:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.506 [GMT -5:00]
Running from: C:\Documents and Settings\Kacey\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Angi\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Kacey\Start Menu\Programs\engagesidebar
C:\Documents and Settings\Kacey\Start Menu\Programs\engagesidebar\Uninstall.lnk
C:\Documents and Settings\Kalene\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\engagesidebar
C:\Program Files\engagesidebar\EffBar.dll
C:\Program Files\engagesidebar\magn.bmp
C:\Program Files\engagesidebar\style.css
C:\WINDOWS\cookies.ini
C:\WINDOWS\esbagent.jpg
C:\WINDOWS\esblogo.jpg
C:\WINDOWS\system32\caomfckh.ini
C:\WINDOWS\system32\CLnprBeg.ini
C:\WINDOWS\system32\ebjnltfk.ini
C:\WINDOWS\system32\ehrhfpfl.ini
C:\WINDOWS\system32\elvaqddo.ini
C:\WINDOWS\system32\geBrpnLC.dll
C:\WINDOWS\system32\jwgphqvw.ini
C:\WINDOWS\system32\ldresb
C:\WINDOWS\system32\ldresb\Ldresb.exe
C:\WINDOWS\system32\ldresb\setup.dat
C:\WINDOWS\system32\ldresb\update.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pdiebhki.ini
C:\WINDOWS\system32\piymvtxl.ini
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\shlesb.dll
C:\WINDOWS\system32\somardvk.ini
C:\WINDOWS\system32\xoxkpmev.ini
C:\WINDOWS\system32\xrnhrphw.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent


((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.

2008-05-22 21:52 . 2008-05-22 21:52 <DIR> d-------- C:\Documents and Settings\Kacey\Application Data\Malwarebytes
2008-05-22 21:50 . 2008-05-22 21:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 21:50 . 2008-05-22 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-22 21:50 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-22 21:50 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-12 20:42 . 2008-05-12 20:42 15 --a------ C:\WINDOWS\system32\1cd16d97
2008-05-12 15:35 . 2008-05-12 15:35 <DIR> d-------- C:\Program Files\Avira
2008-05-12 15:35 . 2008-05-12 15:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-08 16:58 . 2008-05-08 16:58 <DIR> d-------- C:\Documents and Settings\Kacey\Application Data\Leadertech
2008-05-07 15:53 . 2008-05-07 15:54 <DIR> d-------- C:\Documents and Settings\Kacey\Application Data\NCH Swift Sound
2008-05-07 15:53 . 2008-04-28 23:36 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-05-05 19:51 . 2008-05-05 19:51 <DIR> d-------- C:\Documents and Settings\Hunter\Application Data\TmpRecentIcons
2008-05-05 18:32 . 2008-05-22 21:45 <DIR> d-------- C:\Documents and Settings\Kacey\Application Data\TmpRecentIcons
2008-05-05 13:17 . 2008-05-12 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nolwjwpg
2008-04-28 23:51 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-27 11:43 . 2008-04-27 11:44 <DIR> d-------- C:\Program Files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Long slow road itch
2008-05-12 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-08 22:03 --------- d-----w C:\Documents and Settings\Kacey\Application Data\Nero
2008-05-08 21:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-07 20:54 --------- d-----w C:\Program Files\NCH Swift Sound
2008-05-04 23:45 --------- d-----w C:\Program Files\Java
2008-05-02 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-30 03:40 --------- d-----w C:\Program Files\FrostWire
2008-04-29 04:36 --------- d-----w C:\Program Files\LimeWire
2008-04-29 04:29 --------- d-----w C:\Documents and Settings\Kacey\Application Data\FrostWire
2008-04-27 16:52 --------- d-----w C:\Program Files\iTunes
2008-04-27 16:51 --------- d-----w C:\Program Files\iPod
2008-04-27 16:49 --------- d-----w C:\Program Files\QuickTime
2008-04-22 23:12 --------- d-----w C:\Program Files\Apple Software Update
2008-04-15 02:21 --------- d-----w C:\Program Files\Rhapsody
2008-04-15 02:21 --------- d-----w C:\Program Files\Real
2008-04-14 02:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Musicnotes
2008-04-06 20:56 --------- d-----w C:\Program Files\World of Warcraft
2008-04-01 00:02 --------- d-----w C:\Documents and Settings\Kacey\Application Data\Roxio
2008-03-31 22:41 --------- d-----w C:\Program Files\MIDI Maestro MM4
2008-03-30 05:09 --------- d-----w C:\Program Files\Trend Micro
2008-03-30 03:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-30 03:30 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-03-30 03:30 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-03-30 03:30 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-03-28 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-28 20:47 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-28 07:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-28 07:36 --------- d-----w C:\Program Files\Bonjour
2008-03-28 07:27 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-28 05:22 --------- d-----w C:\Program Files\Poster Forge
2008-03-28 04:58 --------- d-----w C:\Program Files\IE Motivational Poster Maker
2008-03-27 03:00 --------- d-----w C:\Program Files\ConquerCam
2008-03-27 02:33 --------- d-----w C:\Documents and Settings\Kacey\Application Data\Uniblue
2008-03-25 00:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-03-24 23:09 166,777 ----a-w C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2008-03-24 23:09 --------- d-----w C:\Program Files\River Past
2008-03-24 23:09 --------- d-----w C:\Program Files\Common Files\River Past
2008-03-24 23:09 --------- d-----w C:\Documents and Settings\Kacey\Application Data\River Past G5
2008-03-24 23:01 --------- d-----w C:\Program Files\Microsoft GIF Animator
2008-03-24 22:40 --------- d-----w C:\Program Files\Speedcube Timer
2008-03-24 22:12 --------- d-----w C:\Program Files\Microsoft Visual Studio .NET 2003
2008-03-24 22:12 --------- d-----w C:\Program Files\Common Files\Crystal Decisions
2008-02-27 02:36 33,019 ----a-w C:\WINDOWS\system32\CoreAAC-uninstall.exe
2006-10-12 02:56 88 --sh--r C:\WINDOWS\system32\18B0BD4B20.sys
2006-09-09 21:21 56 --sh--r C:\WINDOWS\system32\204BBDB018.sys
2006-10-12 02:56 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2004-08-04 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-08-12 07:59 359808 ba57942c0029b0878afba052a3e33689 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BC0DC4F-043B-4D73-90D0-A0D54F961488}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40815A9A-BC7C-46D1-837D-A49ED3444F06}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE86878F-D099-4FFC-A4DC-E51D192063B1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF26FAC0-7D4E-46D8-AE64-B277B11443AC}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2008-02-12 10:02 353544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"fvjnorui"="C:\WINDOWS\system32\jqbsfulg.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"@"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-08-17 10:14:08 1447184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wA4xHCqJFD"= C:\Documents and Settings\All Users\Application Data\nolwjwpg\xynsjads.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBqQGaa]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.XVID"= xvid.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 22:57 395776 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 05:40 218032 c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 05:40 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
c:\progra~1\mcafee.com\agent\mcregwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 17:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUpnpService9.exe"=
"C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxLiveShare9.exe"=
"C:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\ConquerCam\\ConquerCam.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.3.7799-to-2.4.0.8089-enUS-downloader.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"42971:TCP"= 42971:TCP:PORT_42971
"11088:TCP"= 11088:TCP:PORT_11088
"6112:TCP"= 6112:TCP:Blizzard Downloader
"33240:TCP"= 33240:TCP:PORT_33240
"32991:TCP"= 32991:TCP:PORT_32991
"49048:TCP"= 49048:TCP:PORT_49048
"5147:TCP"= 5147:TCP:PORT_5147
"46639:TCP"= 46639:TCP:PORT_46639
"59749:TCP"= 59749:TCP:PORT_59749
"44347:TCP"= 44347:TCP:PORT_44347
"18408:TCP"= 18408:TCP:PORT_18408
"10026:TCP"= 10026:TCP:PORT_10026
"26843:TCP"= 26843:TCP:PORT_26843
"38319:TCP"= 38319:TCP:PORT_38319
"41095:TCP"= 41095:TCP:PORT_41095
"47621:TCP"= 47621:TCP:PORT_47621
"42005:TCP"= 42005:TCP:PORT_42005
"54198:TCP"= 54198:TCP:PORT_54198
"60841:TCP"= 60841:TCP:PORT_60841
"60705:TCP"= 60705:TCP:PORT_60705
"17475:TCP"= 17475:TCP:PORT_17475
"8137:TCP"= 8137:TCP:PORT_8137
"18026:TCP"= 18026:TCP:PORT_18026
"10687:TCP"= 10687:TCP:PORT_10687
"60395:TCP"= 60395:TCP:PORT_60395
"23651:TCP"= 23651:TCP:PORT_23651
"22525:TCP"= 22525:TCP:PORT_22525
"27007:TCP"= 27007:TCP:PORT_27007
"64665:TCP"= 64665:TCP:PORT_64665
"51705:TCP"= 51705:TCP:PORT_51705
"24651:TCP"= 24651:TCP:PORT_24651
"61168:TCP"= 61168:TCP:PORT_61168
"28245:TCP"= 28245:TCP:PORT_28245
"52846:TCP"= 52846:TCP:PORT_52846
"46836:TCP"= 46836:TCP:PORT_46836
"19775:TCP"= 19775:TCP:PORT_19775
"31988:TCP"= 31988:TCP:PORT_31988
"50674:TCP"= 50674:TCP:PORT_50674
"58386:TCP"= 58386:TCP:PORT_58386
"64553:TCP"= 64553:TCP:PORT_64553
"61257:TCP"= 61257:TCP:PORT_61257
"37394:TCP"= 37394:TCP:PORT_37394
"38924:TCP"= 38924:TCP:PORT_38924
"21424:TCP"= 21424:TCP:PORT_21424
"49339:TCP"= 49339:TCP:PORT_49339
"49928:TCP"= 49928:TCP:PORT_49928
"20224:TCP"= 20224:TCP:PORT_20224
"7825:TCP"= 7825:TCP:PORT_7825
"19310:TCP"= 19310:TCP:PORT_19310
"54166:TCP"= 54166:TCP:PORT_54166
"18465:TCP"= 18465:TCP:PORT_18465
"22243:TCP"= 22243:TCP:PORT_22243
"63198:TCP"= 63198:TCP:PORT_63198
"20211:TCP"= 20211:TCP:PORT_20211
"7726:TCP"= 7726:TCP:PORT_7726
"8321:TCP"= 8321:TCP:PORT_8321
"8266:TCP"= 8266:TCP:PORT_8266
"27054:TCP"= 27054:TCP:PORT_27054
"7081:TCP"= 7081:TCP:PORT_7081
"29915:TCP"= 29915:TCP:PORT_29915
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"62882:TCP"= 62882:TCP:PORT_62882
"56591:TCP"= 56591:TCP:PORT_56591
"19850:TCP"= 19850:TCP:PORT_19850
"38623:TCP"= 38623:TCP:PORT_38623
"7878:TCP"= 7878:TCP:PORT_7878
"48977:TCP"= 48977:TCP:PORT_48977
"51160:TCP"= 51160:TCP:PORT_51160
"31701:TCP"= 31701:TCP:PORT_31701
"24195:TCP"= 24195:TCP:PORT_24195
"34096:TCP"= 34096:TCP:PORT_34096
"16386:TCP"= 16386:TCP:PORT_16386
"58035:TCP"= 58035:TCP:PORT_58035
"52987:TCP"= 52987:TCP:PORT_52987
"39639:TCP"= 39639:TCP:PORT_39639
"9024:TCP"= 9024:TCP:PORT_9024
"60273:TCP"= 60273:TCP:PORT_60273
"39248:TCP"= 39248:TCP:PORT_39248
"35112:TCP"= 35112:TCP:PORT_35112
"29783:TCP"= 29783:TCP:PORT_29783
"52050:TCP"= 52050:TCP:PORT_52050
"53529:TCP"= 53529:TCP:PORT_53529
"23882:TCP"= 23882:TCP:PORT_23882
"41116:TCP"= 41116:TCP:PORT_41116
"38062:TCP"= 38062:TCP:PORT_38062
"59571:TCP"= 59571:TCP:PORT_59571
"43787:TCP"= 43787:TCP:PORT_43787
"64851:TCP"= 64851:TCP:PORT_64851
"30941:TCP"= 30941:TCP:PORT_30941
"58546:TCP"= 58546:TCP:PORT_58546
"49070:TCP"= 49070:TCP:PORT_49070
"19370:TCP"= 19370:TCP:PORT_19370
"62633:TCP"= 62633:TCP:PORT_62633
"44258:TCP"= 44258:TCP:PORT_44258
"46281:TCP"= 46281:TCP:PORT_46281
"11163:TCP"= 11163:TCP:PORT_11163
"22365:TCP"= 22365:TCP:PORT_22365
"31278:TCP"= 31278:TCP:PORT_31278
"17495:TCP"= 17495:TCP:PORT_17495
"29244:TCP"= 29244:TCP:PORT_29244
"53401:TCP"= 53401:TCP:PORT_53401
"49416:TCP"= 49416:TCP:PORT_49416
"35213:TCP"= 35213:TCP:PORT_35213
"18823:TCP"= 18823:TCP:PORT_18823
"10355:TCP"= 10355:TCP:PORT_10355
"65288:TCP"= 65288:TCP:PORT_65288
"43150:TCP"= 43150:TCP:PORT_43150
"55288:TCP"= 55288:TCP:PORT_55288
"52224:TCP"= 52224:TCP:PORT_52224
"12893:TCP"= 12893:TCP:PORT_12893
"60263:TCP"= 60263:TCP:PORT_60263
"56629:TCP"= 56629:TCP:PORT_56629
"54960:TCP"= 54960:TCP:PORT_54960
"52883:TCP"= 52883:TCP:PORT_52883
"12870:TCP"= 12870:TCP:PORT_12870
"21701:TCP"= 21701:TCP:PORT_21701
"51060:TCP"= 51060:TCP:PORT_51060
"62396:TCP"= 62396:TCP:PORT_62396
"27773:TCP"= 27773:TCP:PORT_27773
"63280:TCP"= 63280:TCP:PORT_63280
"22375:TCP"= 22375:TCP:PORT_22375
"38664:TCP"= 38664:TCP:PORT_38664
"14106:TCP"= 14106:TCP:PORT_14106
"63624:TCP"= 63624:TCP:PORT_63624
"41378:TCP"= 41378:TCP:PORT_41378

R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2007-10-11 09:45]
R3 urvpndrv;F5 Networks VPN Adapter;C:\WINDOWS\system32\DRIVERS\urvpndrv.sys [2007-02-22 22:29]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S3 f5ipfw;F5 Networks StoneWall Filter;C:\WINDOWS\system32\drivers\urfltw2k.sys [2005-12-15 02:41]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 16:10]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 11:24]
S3 SIWIO;SIWIO;C:\WINDOWS\TEMP\SiwIo.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 00:21:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-16 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (HOMEPC-Michael).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2006-10-30 13:02:04 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-05-21 23:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-05-23 11:49:02 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-22 08:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-16 02:31:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-26 21:41:03 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 06:49:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-05-23 6:59:58 - machine was rebooted [Kacey]
ComboFix-quarantined-files.txt 2008-05-23 11:59:22

Pre-Run: 100,530,892,800 bytes free
Post-Run: 101,895,356,416 bytes free

388 --- E O F --- 2007-12-20 04:51:53

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:09 AM

Posted 23 May 2008 - 06:12 PM

Quite a collection you had there, Kdods :thumbsup:

Please pay attention to this :

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

Install the Recovery Console before proceeding !!

Then, let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:Folder::
C:\WINDOWS\system32\1cd16d97
C:\Documents and Settings\All Users\Application Data\nolwjwpg
C:\Documents and Settings\All Users\Application Data\Long slow road itch
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BC0DC4F-043B-4D73-90D0-A0D54F961488}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40815A9A-BC7C-46D1-837D-A49ED3444F06}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE86878F-D099-4FFC-A4DC-E51D192063B1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF26FAC0-7D4E-46D8-AE64-B277B11443AC}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fvjnorui"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wA4xHCqJFD"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBqQGaa]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

Are you still having problems ?

Greetingd,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:09 AM

Posted 21 June 2008 - 05:28 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users