Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fighting With Virtumonde, Vondo And Ieantivirus


  • This topic is locked This topic is locked
10 replies to this topic

#1 Dalrint

Dalrint

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 24 June 2008 - 12:06 PM

I've been infected for about a day, I've run the vondo removal tool and spybot and trend micro and ad-aware and my symantic antivirus, and I think I've gotten...most of it? But I want to be sure! If no one minds, anyway! Symptoms are the cmd.exe popping up when I reboot (but I think I got that), turning off my auto-update for windows, launching IE (I generally use firefox) to give me a popup, and general system slowdown/crashes (sometimes my task bar and start menu just vanish, or sometimes explorer crashes and I have to manually reboot.

I can't run dss.exe, it crashes when it tries to backup the registry, but I have the log file from hijack this, so here it is!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:52 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Games\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\AOL\1202166307\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14796A2E-6941-4220-B518-1B43F8C7819E} - C:\WINDOWS\system32\khfDwWnn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {CC455F4F-2F6D-44E5-BD8A-46DA7EE02DCE} - C:\Documents and Settings\John H. Fee\Temporary Internet Files\Content.IE5\IDFGHCZY\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {CEC68642-0886-456F-A966-9790C81E621F} - C:\WINDOWS\system32\khfDtUOf.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1202166307\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BM234befb3] Rundll32.exe "C:\WINDOWS\system32\hmekefxc.dll",s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - D:\Games\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10709 bytes

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:12 PM

Posted 25 June 2008 - 03:30 AM

Hi,

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Dalrint

Dalrint
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 25 June 2008 - 08:05 PM

Here's the log. It looks like I managed to get rid of everything I wwas trying to except IEantivirus (I'm still getting those image replacements in my browser) but I'm not sure...

ComboFix 08-06-20.4 - John H. Fee 2008-06-25 11:20:00.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1526 [GMT -4:00]
Running from: C:\Documents and Settings\John H. Fee\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM234befb3.xml
C:\WINDOWS\pskt.ini
.
---- Previous Run -------
.
C:\WINDOWS\BM234befb3.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\brndutnt.ini
C:\WINDOWS\system32\dtrjeavo.ini
C:\WINDOWS\system32\fOUtDfhk.ini
C:\WINDOWS\system32\fOUtDfhk.ini2
C:\WINDOWS\system32\FPsYFfhk.ini
C:\WINDOWS\system32\FPsYFfhk.ini2
C:\WINDOWS\system32\khfDwWnn.dll
C:\WINDOWS\system32\kpynmfek.ini
C:\WINDOWS\system32\kxigfimo.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlawtibg.ini
C:\WINDOWS\system32\njimmbjt.ini
C:\WINDOWS\system32\nnWwDfhk.ini
C:\WINDOWS\system32\nnWwDfhk.ini2
C:\WINDOWS\system32\qauohgbk.ini
C:\WINDOWS\system32\trvexlis.ini
C:\WINDOWS\system32\vjyqqidf.ini
C:\WINDOWS\system32\wvUmkjGX.dll
C:\WINDOWS\system32\yvcbtbxj.ini
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-25 10:51 . 2008-06-25 11:18 414 ---hs---- C:\WINDOWS\system32\brndutnt.ini
2008-06-25 10:35 . 2008-06-25 10:35 <DIR> d-------- C:\Documents and Settings\John H. Fee\Application Data\Viewpoint
2008-06-25 08:16 . 2008-06-25 08:16 91,136 --a------ C:\WINDOWS\system32\foqgogxl.dll
2008-06-25 08:16 . 2008-06-25 08:16 81,920 --a------ C:\WINDOWS\system32\tntudnrb.dll
2008-06-24 12:57 . 2008-06-24 12:57 <DIR> d-------- C:\Deckard
2008-06-24 11:58 . 2008-06-24 12:21 <DIR> d-------- C:\VundoFix Backups
2008-06-24 11:45 . 2008-06-24 11:39 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-24 11:38 . 2008-06-24 12:14 <DIR> d-------- C:\Documents and Settings\John H. Fee\.housecall6.6
2008-06-24 08:19 . 2008-06-24 08:19 81,920 --a------ C:\WINDOWS\system32\jxbtbcvy.dll
2008-06-24 08:14 . 2008-06-24 08:14 91,136 --a------ C:\WINDOWS\system32\hmekefxc.dll
2008-06-24 08:12 . 2008-06-24 12:27 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-06-24 07:38 . 2008-06-24 07:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-24 07:31 . 2008-06-24 07:31 91,136 --a------ C:\WINDOWS\system32\hyfsqedd.dll
2008-06-24 04:51 . 2008-06-24 04:51 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-24 04:51 . 2008-06-24 04:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 04:50 . 2008-06-24 04:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 12:26 . 2008-06-23 12:26 <DIR> d-------- C:\Documents and Settings\John H. Fee\Application Data\Media Player Classic
2008-06-20 20:57 . 2008-06-20 20:57 90,624 --a------ C:\WINDOWS\system32\jwjjcvck.dll
2008-06-16 17:48 . 2008-06-16 17:48 3,413 --a------ C:\WINDOWS\system32\bkntrbqs.dll
2008-06-16 17:45 . 2008-06-16 17:45 3,413 --a------ C:\WINDOWS\system32\djdetxfx.dll
2008-06-15 15:25 . 2008-06-15 15:25 <DIR> d---s---- C:\Documents and Settings\NetworkService\Temporary Internet Files
2008-06-15 15:25 . 2008-06-15 15:25 <DIR> d---s---- C:\Documents and Settings\NetworkService\History
2008-06-15 07:32 . 2008-06-15 07:32 <DIR> d---s---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-06-15 07:32 . 2008-06-15 07:32 <DIR> d---s---- C:\Documents and Settings\LocalService\History
2008-06-13 03:13 . 2008-06-13 03:56 <DIR> d-------- C:\Program Files\DC++
2008-06-13 02:03 . 2008-06-13 02:03 49,372 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-13 00:28 . 2008-06-24 13:40 <DIR> d-------- C:\Program Files\mIRC
2008-06-13 00:28 . 2008-06-25 10:35 <DIR> d-------- C:\Documents and Settings\John H. Fee\Application Data\mIRC
2008-06-12 14:40 . 2008-06-12 14:40 <DIR> d-------- C:\Program Files\AutoHotkey
2008-06-12 14:09 . 2008-06-12 14:09 <DIR> d-------- C:\Program Files\iMacros
2008-06-12 14:09 . 2008-05-07 01:09 367,992 --a------ C:\WINDOWS\system32\iimds.dll
2008-06-12 14:09 . 2008-05-07 01:09 232,824 --a------ C:\WINDOWS\system32\IMImage.dll
2008-06-12 14:09 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
2008-06-12 14:09 . 2007-10-06 01:27 152,848 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-06-12 14:09 . 2008-05-07 01:09 56,696 --a------ C:\WINDOWS\system32\imsys.dll
2008-06-12 07:54 . 2008-06-23 12:26 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-11 07:52 . 2008-06-11 07:55 <DIR> d-------- C:\Program Files\SpeedFan
2008-06-11 07:52 . 2008-06-11 07:52 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-06-11 03:18 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 03:18 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 21:43 . 2008-06-06 21:43 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-06-05 00:16 . 2008-06-25 05:13 <DIR> d-------- C:\Documents and Settings\John H. Fee\Application Data\Azureus
2008-06-05 00:16 . 2008-06-05 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-05 00:08 . 2008-06-21 10:25 <DIR> d-------- C:\Program Files\Azureus
2008-06-04 12:50 . 2008-06-04 12:50 <DIR> d-------- C:\Program Files\iTunes
2008-06-04 12:50 . 2008-06-04 12:50 <DIR> d-------- C:\Program Files\iPod
2008-06-04 12:50 . 2008-06-04 12:50 <DIR> d-------- C:\Program Files\Bonjour
2008-06-04 12:50 . 2008-06-04 12:50 <DIR> d-------- C:\Documents and Settings\John H. Fee\Application Data\Apple Computer
2008-06-04 12:49 . 2008-06-04 12:49 <DIR> d-------- C:\Program Files\QuickTime
2008-06-04 12:49 . 2008-06-04 12:49 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-04 12:49 . 2008-06-04 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-04 11:51 . 2008-06-22 00:02 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-04 11:39 . 2008-06-04 11:36 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-04 11:39 . 2008-06-04 11:39 2,548 --a------ C:\WINDOWS\unins000.dat
2008-06-03 15:38 . 2008-06-03 15:46 <DIR> d-------- C:\Documents and Settings\John H. Fee\Application Data\Ahead
2008-06-03 15:37 . 2008-06-03 15:37 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-03 15:37 . 2008-06-03 15:37 <DIR> d-------- C:\Program Files\Ahead
2008-06-03 15:37 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-06-03 15:37 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-06-03 15:37 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-06-03 15:37 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-03 15:37 . 2003-12-19 19:48 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-03 15:37 . 2003-12-23 15:40 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2008-06-03 15:37 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-05-27 10:52 . 2008-05-27 10:52 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-27 10:52 . 2005-10-14 22:42 46,592 --a------ C:\WINDOWS\system32\hpzll43a.dll
2008-05-27 10:51 . 2005-03-14 12:03 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-27 10:51 . 2005-03-14 12:05 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-27 10:51 . 2005-03-08 11:55 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-27 10:51 . 2005-03-14 12:05 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-27 10:51 . 2005-03-14 13:39 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-27 10:51 . 2005-03-08 11:55 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-27 10:41 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-27 10:41 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 15:19 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-25 09:12 --------- d-----w C:\Program Files\Viewpoint
2008-06-25 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-25 09:07 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-22 04:01 --------- d-----w C:\Program Files\SpywareBlaster
2008-06-21 09:37 --------- d-----w C:\Program Files\ABC Amber LIT Converter
2008-06-21 09:34 --------- d-----w C:\Program Files\Pidgin
2008-06-07 01:43 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-06-07 01:43 360,064 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-06-05 04:44 60,336 ----a-w C:\Documents and Settings\John H. Fee\Application Data\GDIPFONTCACHEV1.DAT
2008-06-04 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-04 15:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-03 19:14 --------- d-----w C:\Documents and Settings\John H. Fee\Application Data\ZoomBrowser EX
2008-06-03 19:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-05-27 14:51 --------- d-----w C:\Program Files\Hp
2008-05-25 03:56 --------- d-----w C:\Program Files\danny_kay1710
2008-05-25 02:23 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-25 02:23 --------- d-----w C:\Program Files\MSBuild
2008-05-25 02:19 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-21 02:46 --------- d-----w C:\Program Files\Java
2008-05-21 02:38 --------- d-----w C:\Documents and Settings\John H. Fee\Application Data\AdobeUM
2008-05-20 23:55 --------- d-----w C:\Documents and Settings\John H. Fee\Application Data\gtk-2.0
2008-05-20 23:55 --------- d-----w C:\Documents and Settings\John H. Fee\Application Data\.purple
2008-05-20 23:51 --------- d-----w C:\Program Files\Aspell
2008-05-20 23:49 --------- d-----w C:\Program Files\Common Files\GTK
2008-05-17 17:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-17 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 15:54 --------- d-----w C:\Program Files\Microsoft Reader
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-16 04:12 --------- d-----w C:\Program Files\Steam
2008-05-12 01:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-12 01:37 --------- d--h--r C:\Documents and Settings\John H. Fee\Application Data\SecuROM
2008-05-12 01:33 --------- d-----w C:\Documents and Settings\John H. Fee\Application Data\Command & Conquer 3 Tiberium Wars
2008-05-11 20:30 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-05-11 20:30 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-05-10 23:53 --------- d-----w C:\Program Files\WildTangent
2008-05-10 16:18 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-10 16:15 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2008-05-10 16:15 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2008-05-10 16:15 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2008-05-10 16:05 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-05-10 16:05 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-05-10 02:13 --------- d-----w C:\Program Files\Microids
2008-05-09 01:38 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-05-09 01:36 --------- d-----w C:\Program Files\AC3Filter
2008-05-09 01:35 --------- d-----w C:\Program Files\Haali
2008-05-09 01:32 --------- d-----w C:\Program Files\LD-Anime
2008-05-09 01:31 --------- d-----w C:\Documents and Settings\John H. Fee\Application Data\Nokia Multimedia Player
2008-05-08 21:06 --------- d-----w C:\Program Files\Western Digital Technologies
2008-05-08 21:05 364,544 ----a-w C:\WINDOWS\system32\WDBtnMgr.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-04 01:12 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-05-01 03:07 --------- d-----w C:\Program Files\Bulk Rename Utility
2008-05-01 03:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tarma Installer
2008-04-30 19:09 --------- d-----w C:\Program Files\CDisplay
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
.

------- Sigcheck -------

2005-05-26 06:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-14 04:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-05 00:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-26 06:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 13:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-06-06 21:43 360064 bfe14c32d1702d4d2a2f39731d22c71f C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-06-06 21:43 360064 bfe14c32d1702d4d2a2f39731d22c71f C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC455F4F-2F6D-44E5-BD8A-46DA7EE02DCE}]
C:\Documents and Settings\John H. Fee\Temporary Internet Files\Content.IE5\IDFGHCZY\3077ahntdksr[1].dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEC68642-0886-456F-A966-9790C81E621F}]
C:\WINDOWS\system32\khfDtUOf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 05:49 454656]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-15 21:26 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-15 21:26 86016]
"nwiz"="nwiz.exe" [2006-04-15 21:26 1519616 C:\WINDOWS\system32\nwiz.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 08:46 761948]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-12 01:54 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11 49152]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 20:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 17:38 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 12:03 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 14:23 1187840]
"HostManager"="C:\Program Files\Common Files\AOL\1202166307\ee\AOLSoftware.exe" [2007-05-25 13:16 42032]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 22:02 67184]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 18:19 120640]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"2078dc2f"="C:\WINDOWS\system32\tntudnrb.dll" [2008-06-25 08:16 81920]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-05 00:00 158208]
"BM234befb3"="C:\WINDOWS\system32\foqgogxl.dll" [2008-06-25 08:16 91136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 05:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^John H. Fee^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\John H. Fee\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2078dc2f]
--a------ 2008-06-24 08:19 81920 C:\WINDOWS\system32\jxbtbcvy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 19:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2008-01-23 06:15 50528 C:\Program Files\AOL 9.1\AOL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM234befb3]
--a------ 2008-06-24 08:14 91136 C:\WINDOWS\system32\hmekefxc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
C:\PROGRA~1\AIM\\DeadAIM.ocm,ExportedCheckODLs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-04-18 14:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 03:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--------- 2006-02-09 13:52 643072 C:\Windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-31 16:58 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
--a------ 2008-05-08 17:05 364544 C:\WINDOWS\system32\WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wise-FTP Scheduler]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1202166307\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"D:\\Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"D:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AceBIT\\WISE-FTP\\wise_ftp.exe"=
"D:\\Games\\DS Ripping\\SavReceiver_0.1b\\SavReceiver01b.exe"=
"D:\\Games\\Warcraft III\\Warcraft III.exe"=
"D:\\Games\\Alice\\Alice.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=

R2 npkcmsvc;npkcmsvc;D:\Games\Mabinogi\npkcmsvc.exe [2007-08-02 12:33]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 11:23:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????Q??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-25 11:25:06
ComboFix-quarantined-files.txt 2008-06-25 15:24:59

Pre-Run: 15,961,006,080 bytes free
Post-Run: 15,948,091,392 bytes free

319 --- E O F --- 2008-06-24 16:49:02

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:12 PM

Posted 26 June 2008 - 12:24 AM

Hi,

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

The first step required before you run it is to install the Recovery Console.
Read here how to do this with Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

The reason why Recovery Console is recommended is because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged. Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

Then, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\hmekefxc.dll
C:\WINDOWS\system32\jxbtbcvy.dll
C:\WINDOWS\system32\foqgogxl.dll
C:\WINDOWS\system32\tntudnrb.dll
C:\WINDOWS\system32\brndutnt.ini
C:\WINDOWS\system32\hyfsqedd.dll
C:\WINDOWS\system32\jwjjcvck.dll
C:\WINDOWS\system32\bkntrbqs.dll
C:\WINDOWS\system32\djdetxfx.dll
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC455F4F-2F6D-44E5-BD8A-46DA7EE02DCE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEC68642-0886-456F-A966-9790C81E621F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2078dc2f"=-
"BM234befb3"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2078dc2f]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM234befb3]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Dalrint

Dalrint
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 26 June 2008 - 01:56 AM

Okay, recovery console installed and Combofix log to follow. Combofix changes my default browser away from firefox. Is that normal?



ComboFix 08-06-20.4 - John H. Fee 2008-06-26 2:50:11.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1538 [GMT -4:00]
Running from: C:\Documents and Settings\John H. Fee\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\John H. Fee\Desktop\cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\VundoFix Backups
C:\VundoFix Backups\wvUmkjGX.dll.bad
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bkntrbqs.dll
C:\WINDOWS\system32\brndutnt.ini
C:\WINDOWS\system32\djdetxfx.dll
C:\WINDOWS\system32\foqgogxl.dll
C:\WINDOWS\system32\hmekefxc.dll
C:\WINDOWS\system32\hyfsqedd.dll
C:\WINDOWS\system32\jwjjcvck.dll
C:\WINDOWS\system32\jxbtbcvy.dll
C:\WINDOWS\system32\tntudnrb.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-25 11:31 . 2008-06-25 11:31 0 --a------ C:\WINDOWS\BM234befb3.xml
2008-06-25 10:35 . 2008-06-25 10:35 <DIR> d-------- C:\Documents and Settings\John H. Fee\Application Data\Viewpoint
2008-06-24 12:57 . 2008-06-24 12:57 <DIR> d-------- C:\Deckard
2008-06-24 11:45 . 2008-06-24 11:39 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-24 11:38 . 2008-06-24 12:14 <DIR> d-------- C:\Documents and Settings\John H. Fee\.housecall6.6
2008-06-24 08:12 . 2008-06-24 12:27 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-06-24 07:38 . 2008-06-24 07:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-24 04:51 . 2008-06-24 04:51 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-24 04:51 . 2008-06-24 04:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 04:50 . 2008-06-24 04:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 12:26 . 2008-06-23 12:26 <DIR> d-------- C:\Documents and Settings\John H. Fee\Application Data\Media Player Classic
2008-06-15 15:25 . 2008-06-15 15:25 <DIR> d---s---- C:\Documents and Settings\NetworkService\Temporary Internet Files
2008-06-15 15:25 . 2008-06-15 15:25 <DIR> d---s---- C:\Documents and Settings\NetworkService\History
2008-06-15 07:32 . 2008-06-15 07:32 <DIR> d---s---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-06-15 07:32 . 2008-06-15 07:32 <DIR> d---s---- C:\Documents and Settings\LocalService\History
2008-06-13 03:13 . 2008-06-13 03:56 <DIR> d-------- C:\Program Files\DC++
2008-06-13 02:03 . 2008-06-13 02:03 49,372 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-13 00:28 . 2008-06-25 23:14 <DIR> d-------- C:\Program Files\mIRC
2008-06-13 00:28 . 2008-06-26 02:04 <DIR> d-------- C:\Documents and Settings\John H. Fee\Application Data\mIRC
2008-06-12 14:40 . 2008-06-12 14:40 <DIR> d-------- C:\Program Files\AutoHotkey
2008-06-12 14:09 . 2008-06-12 14:09 <DIR> d-------- C:\Program Files\iMacros
2008-06-12 14:09 . 2008-05-07 01:09 367,992 --a------ C:\WINDOWS\system32\iimds.dll
2008-06-12 14:09 . 2008-05-07 01:09 232,824 --a------ C:\WINDOWS\system32\IMImage.dll
2008-06-12 14:09 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
2008-06-12 14:09 . 2007-10-06 01:27 152,848 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-06-12 14:09 . 2008-05-07 01:09 56,696 --a------ C:\WINDOWS\system32\imsys.dll
2008-06-12 07:54 . 2008-06-23 12:26 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-11 07:52 . 2008-06-11 07:55 <DIR> d-------- C:\Program Files\SpeedFan
2008-06-11 07:52 . 2008-06-11 07:52 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-06-11 03:18 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 03:18 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 21:43 . 2008-06-06 21:43 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-06-05 00:16 . 2008-06-25 05:13 <DIR> d-------- C:\Documents and Settings\John H. Fee\Application Data\Azureus
2008-06-05 00:16 . 2008-06-05 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-05 00:08 . 2008-06-21 10:25 <DIR> d-------- C:\Program Files\Azureus
2008-06-04 12:50 . 2008-06-04 12:50 <DIR> d-------- C:\Program Files\iTunes
2008-06-04 12:50 . 2008-06-04 12:50 <DIR> d-------- C:\Program Files\iPod
2008-06-04 12:50 . 2008-06-04 12:50 <DIR> d-------- C:\Program Files\Bonjour
2008-06-04 12:50 . 2008-06-04 12:50 <DIR> d-------- C:\Documents and Settings\John H. Fee\Application Data\Apple Computer
2008-06-04 12:49 . 2008-06-04 12:49 <DIR> d-------- C:\Program Files\QuickTime
2008-06-04 12:49 . 2008-06-04 12:49 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-04 12:49 . 2008-06-04 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-04 11:51 . 2008-06-22 00:02 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-04 11:39 . 2008-06-04 11:36 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-04 11:39 . 2008-06-04 11:39 2,548 --a------ C:\WINDOWS\unins000.dat
2008-06-03 15:38 . 2008-06-03 15:46 <DIR> d-------- C:\Documents and Settings\John H. Fee\Application Data\Ahead
2008-06-03 15:37 . 2008-06-03 15:37 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-03 15:37 . 2008-06-03 15:37 <DIR> d-------- C:\Program Files\Ahead
2008-06-03 15:37 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-06-03 15:37 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-06-03 15:37 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-06-03 15:37 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-03 15:37 . 2003-12-19 19:48 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-03 15:37 . 2003-12-23 15:40 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2008-06-03 15:37 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-05-27 10:52 . 2008-05-27 10:52 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-27 10:52 . 2005-10-14 22:42 46,592 --a------ C:\WINDOWS\system32\hpzll43a.dll
2008-05-27 10:51 . 2005-03-14 12:03 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-27 10:51 . 2005-03-14 12:05 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-27 10:51 . 2005-03-08 11:55 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-27 10:51 . 2005-03-14 12:05 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-27 10:51 . 2005-03-14 13:39 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-27 10:51 . 2005-03-08 11:55 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-27 10:41 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-27 10:41 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 06:41 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-26 05:51 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-25 09:12 --------- d-----w C:\Program Files\Viewpoint
2008-06-25 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-22 04:01 --------- d-----w C:\Program Files\SpywareBlaster
2008-06-21 09:37 --------- d-----w C:\Program Files\ABC Amber LIT Converter
2008-06-21 09:34 --------- d-----w C:\Program Files\Pidgin
2008-06-07 01:43 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-06-07 01:43 360,064 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-06-05 04:44 60,336 ----a-w C:\Documents and Settings\John H. Fee\Application Data\GDIPFONTCACHEV1.DAT
2008-06-04 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-04 15:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-03 19:14 --------- d-----w C:\Documents and Settings\John H. Fee\Application Data\ZoomBrowser EX
2008-06-03 19:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-05-27 14:51 --------- d-----w C:\Program Files\Hp
2008-05-25 03:56 --------- d-----w C:\Program Files\danny_kay1710
2008-05-25 02:23 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-25 02:23 --------- d-----w C:\Program Files\MSBuild
2008-05-25 02:19 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-21 02:46 --------- d-----w C:\Program Files\Java
2008-05-21 02:38 --------- d-----w C:\Documents and Settings\John H. Fee\Application Data\AdobeUM
2008-05-20 23:55 --------- d-----w C:\Documents and Settings\John H. Fee\Application Data\gtk-2.0
2008-05-20 23:55 --------- d-----w C:\Documents and Settings\John H. Fee\Application Data\.purple
2008-05-20 23:51 --------- d-----w C:\Program Files\Aspell
2008-05-20 23:49 --------- d-----w C:\Program Files\Common Files\GTK
2008-05-17 17:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-17 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 15:54 --------- d-----w C:\Program Files\Microsoft Reader
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-16 04:12 --------- d-----w C:\Program Files\Steam
2008-05-12 01:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-12 01:37 --------- d--h--r C:\Documents and Settings\John H. Fee\Application Data\SecuROM
2008-05-12 01:33 --------- d-----w C:\Documents and Settings\John H. Fee\Application Data\Command & Conquer 3 Tiberium Wars
2008-05-11 20:30 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-05-11 20:30 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-05-10 23:53 --------- d-----w C:\Program Files\WildTangent
2008-05-10 16:18 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-10 16:15 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2008-05-10 16:15 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2008-05-10 16:15 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2008-05-10 16:05 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-05-10 16:05 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-05-10 02:13 --------- d-----w C:\Program Files\Microids
2008-05-09 01:38 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-05-09 01:36 --------- d-----w C:\Program Files\AC3Filter
2008-05-09 01:35 --------- d-----w C:\Program Files\Haali
2008-05-09 01:32 --------- d-----w C:\Program Files\LD-Anime
2008-05-09 01:31 --------- d-----w C:\Documents and Settings\John H. Fee\Application Data\Nokia Multimedia Player
2008-05-08 21:06 --------- d-----w C:\Program Files\Western Digital Technologies
2008-05-08 21:05 364,544 ----a-w C:\WINDOWS\system32\WDBtnMgr.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-04 01:12 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-05-01 03:07 --------- d-----w C:\Program Files\Bulk Rename Utility
2008-05-01 03:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tarma Installer
2008-04-30 19:09 --------- d-----w C:\Program Files\CDisplay
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
.

------- Sigcheck -------

2005-05-26 06:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-14 04:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-05 00:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-26 06:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 13:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-06-06 21:43 360064 bfe14c32d1702d4d2a2f39731d22c71f C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-06-06 21:43 360064 bfe14c32d1702d4d2a2f39731d22c71f C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-06-25_11.24.47.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 15:18:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 06:41:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 19:35 67112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 05:49 454656]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-15 21:26 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-15 21:26 86016]
"nwiz"="nwiz.exe" [2006-04-15 21:26 1519616 C:\WINDOWS\system32\nwiz.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 08:46 761948]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-12 01:54 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11 49152]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 20:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 17:38 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 12:03 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 14:23 1187840]
"HostManager"="C:\Program Files\Common Files\AOL\1202166307\ee\AOLSoftware.exe" [2007-05-25 13:16 42032]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 22:02 67184]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 18:19 120640]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm,ExportedCheckODLs" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 05:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^John H. Fee^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\John H. Fee\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-04-18 14:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 03:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--------- 2006-02-09 13:52 643072 C:\Windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-31 16:58 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
--a------ 2008-05-08 17:05 364544 C:\WINDOWS\system32\WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wise-FTP Scheduler]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1202166307\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"D:\\Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"D:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AceBIT\\WISE-FTP\\wise_ftp.exe"=
"D:\\Games\\DS Ripping\\SavReceiver_0.1b\\SavReceiver01b.exe"=
"D:\\Games\\Warcraft III\\Warcraft III.exe"=
"D:\\Games\\Alice\\Alice.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=

R2 npkcmsvc;npkcmsvc;D:\Games\Mabinogi\npkcmsvc.exe [2007-08-02 12:33]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 02:53:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????Q??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 2:54:54
ComboFix-quarantined-files.txt 2008-06-26 06:54:35
ComboFix2.txt 2008-06-25 15:25:06

Pre-Run: 15,886,897,152 bytes free
Post-Run: 15,889,399,808 bytes free

291 --- E O F --- 2008-06-24 16:49:02

Edited by Dalrint, 26 June 2008 - 01:57 AM.


#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:12 PM

Posted 26 June 2008 - 06:25 AM

Hi,

Please navigate to and delete the following file:

C:\WINDOWS\BM234befb3.xml

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Then, post a new HijackThislog in your next reply, because you forgot to perform that step previously.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Dalrint

Dalrint
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 26 June 2008 - 06:49 AM

Oh, woops. sorry about that. Combofix is uninstalled, that file is erased...I did switch my hidden files and folders back to visible and my file extensions to visible, I prefer my computers that way.

Here's the hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:45 AM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Games\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\AOL\1202166307\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1202166307\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - D:\Games\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9972 bytes

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:12 PM

Posted 26 June 2008 - 07:04 AM

Hi,

This looks Ok again.

How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Dalrint

Dalrint
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 26 June 2008 - 09:40 AM

I am not noticing anything anymore, so...I think it's fixed!

Thank you very much.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:12 PM

Posted 26 June 2008 - 09:42 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:12 PM

Posted 28 June 2008 - 10:25 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users