Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with possible spyware/maleware


  • This topic is locked This topic is locked
12 replies to this topic

#1 Lagato445

Lagato445

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:05:47 PM

Posted 07 December 2008 - 09:46 PM

Hello my computer seems to have possible spyware/malware, their are random pop up's on my computer, and it seems to be slower. Multiple people in my family use this computer, it's been running fine till recently, any help will be very appreciated.
Here is the Hijack log:


Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2008-12-07 21:38:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 117 GB (64%) free of 185 GB
Total RAM: 895 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:36 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Network Monitor\netmon.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Documents and Settings\HP_Owner\Application Data\NI.GSCNS\IUpd721.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\HP_Owner\Application Data\gadcom\gadcom.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\mnnim.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xjumxgx.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: banners4u browser enhancer - {42A3AD7F-2944-2E2A-11B2-302FD360FDFB} - C:\WINDOWS\system32\anxyaujldnf.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtrPiIA.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7AE33B82-5811-4D0A-8D55-BC0F83BD3F15} - C:\WINDOWS\system32\nnnnKcAT.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: {52eeb424-4aa9-eea8-f2b4-3a2a6cbb722d} - {d227bbc6-a2a3-4b2f-8aee-9aa4424bee25} - C:\WINDOWS\system32\cfjeta.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Mirar - {59D4C90E-43E8-4BEE-A08F-AD5D1730881A} - C:\WINDOWS\system32\winob77.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [IUpd721] C:\Documents and Settings\HP_Owner\Application Data\NI.GSCNS\IUpd721.exe
O4 - HKLM\..\Run: [gszexeyskf] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\anxyaujldnf.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\HP_Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: cfjeta.dll
O20 - Winlogon Notify: awtrPiIA - C:\WINDOWS\SYSTEM32\awtrPiIA.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11586 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\rghzlzmi.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\WebReg 20051207180104.job
C:\WINDOWS\tasks\WebReg 20060423200410.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42A3AD7F-2944-2E2A-11B2-302FD360FDFB}]
banners4u browser enhancer - C:\WINDOWS\system32\anxyaujldnf.dll [2008-11-24 369664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\awtrPiIA.dll [2008-12-05 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AE33B82-5811-4D0A-8D55-BC0F83BD3F15}]
C:\WINDOWS\system32\nnnnKcAT.dll [2008-12-05 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-10-12 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-10 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d227bbc6-a2a3-4b2f-8aee-9aa4424bee25}]
C:\WINDOWS\system32\cfjeta.dll [2008-12-07 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Program Files\Norton AntiVirus\NavShExt.dll [2004-06-04 103552]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-12-18 817936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-10-12 2403392]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]
{59D4C90E-43E8-4BEE-A08F-AD5D1730881A} - Mirar - C:\WINDOWS\system32\winob77.dll [2008-11-21 401408]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-03 463872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HPHUPD06"=c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-07 49152]
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2004-06-07 659456]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2003-12-09 70776]
"NAV CfgWiz"=c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe [2004-01-20 124056]
"IS CfgWiz"=c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe [2004-01-20 124056]
"SSC_UserPrompt"=c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [2004-08-06 218240]
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2004-05-20 249856]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2005-04-12 49152]
"IUpd721"=C:\Documents and Settings\HP_Owner\Application Data\NI.GSCNS\IUpd721.exe [2008-12-05 403968]
"gszexeyskf"=C:\WINDOWS\System32\regsvr32.exe [2008-04-13 11776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-21 68856]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-13 50736]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"gadcom"=C:\Documents and Settings\HP_Owner\Application Data\gadcom\gadcom.exe [2008-12-05 56832]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-11-03 3522296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="cfjeta.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrPiIA]
C:\WINDOWS\system32\awtrPiIA.dll [2008-12-05 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-03 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\awtrPiIA.dll [2008-12-05 34816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\nnnnKcAT

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-07 21:37:19 ----D---- C:\Program Files\trend micro
2008-12-07 21:37:17 ----D---- C:\rsit
2008-12-07 21:07:55 ----D---- C:\Program Files\SpywareDetector
2008-12-07 02:00:34 ----A---- C:\WINDOWS\system32\tjxdyusq.exe
2008-12-07 01:57:36 ----SH---- C:\WINDOWS\system32\ofudgvtf.ini
2008-12-07 01:57:35 ----A---- C:\WINDOWS\system32\ftvgdufo.dll
2008-12-07 01:56:27 ----A---- C:\WINDOWS\system32\cfjeta.dll
2008-12-07 01:56:26 ----A---- C:\WINDOWS\system32\vclnntak.dll
2008-12-06 14:30:20 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-12-06 02:34:21 ----D---- C:\Program Files\Veoh Networks
2008-12-05 15:46:05 ----D---- C:\Documents and Settings\HP_Owner\Application Data\IUpd721
2008-12-05 15:42:33 ----SH---- C:\WINDOWS\system32\yyxkmwek.ini
2008-12-05 15:41:39 ----A---- C:\WINDOWS\system32\izmtis.dll
2008-12-05 15:41:37 ----A---- C:\WINDOWS\system32\khkrlrrf.dll
2008-12-05 15:40:56 ----D---- C:\Documents and Settings\HP_Owner\Application Data\NI.GSCNS
2008-12-05 15:40:54 ----A---- C:\WINDOWS\system32\efcBQIBu.dll
2008-12-05 15:40:52 ----A---- C:\WINDOWS\system32\bfdd87c3-.txt
2008-12-05 15:36:19 ----ASH---- C:\WINDOWS\system32\TAcKnnnn.ini2
2008-12-05 15:36:18 ----ASH---- C:\WINDOWS\system32\TAcKnnnn.ini
2008-12-05 15:36:12 ----A---- C:\WINDOWS\system32\nnnnKcAT.dll
2008-12-05 15:31:40 ----A---- C:\WINDOWS\system32\atmtd.dll._
2008-12-05 15:31:40 ----A---- C:\WINDOWS\system32\atmtd.dll
2008-12-05 15:31:25 ----D---- C:\Program Files\Network Monitor
2008-12-05 15:31:25 ----A---- C:\WINDOWS\uninstall_nmon.vbs
2008-12-05 15:31:24 ----A---- C:\WINDOWS\system32\ngghvbtcgfp.exe
2008-12-05 15:31:23 ----A---- C:\WINDOWS\system32\winob77.dll
2008-12-05 15:31:20 ----D---- C:\Documents and Settings\HP_Owner\Application Data\gadcom
2008-12-05 15:31:09 ----D---- C:\WINDOWS\system32\ta
2008-12-05 15:31:08 ----D---- C:\WINDOWS\system32\VC
2008-12-05 15:31:08 ----D---- C:\WINDOWS\system32\ki3
2008-12-05 15:31:08 ----D---- C:\WINDOWS\system32\din
2008-12-05 15:31:06 ----A---- C:\WINDOWS\system32\ssqpMdDV.dll
2008-12-05 15:30:55 ----A---- C:\WINDOWS\system32\awtrPiIA.dll
2008-12-04 00:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-04 00:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-03 14:11:17 ----D---- C:\WINDOWS\Prefetch
2008-12-03 14:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-03 14:04:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-03 14:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-03 14:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-03 14:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-03 14:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-03 13:55:16 ----D---- C:\WINDOWS\system32\scripting
2008-12-03 13:55:09 ----D---- C:\WINDOWS\system32\bits
2008-12-03 12:35:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-03 12:34:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-03 12:32:33 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-03 12:32:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-03 12:31:45 ----A---- C:\WINDOWS\system32\SiSPower.dll
2008-12-03 12:31:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-03 11:42:50 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-03 11:42:42 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-03 11:42:42 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-03 11:42:41 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-03 11:42:41 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-03 11:42:41 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-12-03 11:42:41 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-03 11:42:41 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-03 11:42:40 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-03 11:42:39 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-03 11:42:32 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-03 11:42:28 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-03 11:42:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-03 11:42:27 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-03 11:42:25 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-03 11:42:25 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-03 11:42:25 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-03 11:42:25 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-03 11:42:25 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-03 11:42:25 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-03 11:42:25 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-03 11:42:19 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-12-03 11:42:19 ----A---- C:\WINDOWS\005283_.tmp
2008-12-03 11:42:11 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-03 11:42:00 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-03 11:41:59 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-03 11:41:59 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-03 11:41:59 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-03 11:41:59 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-03 11:41:58 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-03 11:41:44 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-12-03 11:41:42 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-03 11:41:42 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-03 11:41:41 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-03 11:41:41 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-03 11:41:22 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-03 11:41:22 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-03 11:41:21 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-03 11:41:21 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-03 11:41:21 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-03 11:41:21 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-03 11:41:21 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-12-03 11:41:21 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-12-03 11:41:11 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-03 11:41:09 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-03 11:41:06 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-03 11:41:06 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-03 11:41:06 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-03 11:41:06 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-03 11:41:06 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-03 11:41:04 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-03 11:41:04 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-03 11:41:01 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-03 11:41:00 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-03 11:41:00 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-03 11:41:00 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-03 11:41:00 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-03 11:41:00 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-03 11:41:00 ----N---- C:\WINDOWS\slrundll.exe
2008-12-03 11:40:58 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-12-03 11:40:58 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-12-03 11:40:54 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-03 11:40:54 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-03 11:40:52 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-12-03 11:40:47 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-03 11:40:47 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-03 11:40:46 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-03 11:40:46 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-03 11:40:42 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-12-03 02:37:44 ----A---- C:\WINDOWS\system32\SET2A4.tmp
2008-12-03 02:32:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-03 02:32:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-03 02:31:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-02 16:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-02 16:24:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-02 03:17:10 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-02 00:19:14 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-26 01:41:03 ----D---- C:\Program Files\Maxis
2008-11-26 01:29:07 ----D---- C:\Program Files\DAEMON Tools Toolbar
2008-11-26 01:28:33 ----D---- C:\Program Files\DAEMON Tools Lite
2008-11-26 01:25:19 ----D---- C:\Documents and Settings\HP_Owner\Application Data\DAEMON Tools
2008-11-26 00:38:46 ----A---- C:\WINDOWS\system32\bitcometres.dll
2008-11-24 11:47:58 ----A---- C:\WINDOWS\system32\anxyaujldnf.dll
2008-11-23 16:57:03 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 16:09:59 ----D---- C:\Program Files\Safari

======List of files/folders modified in the last 1 months======

2008-12-07 21:37:19 ----RD---- C:\Program Files
2008-12-07 21:19:31 ----D---- C:\Program Files\Mozilla Firefox
2008-12-07 21:18:36 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-07 21:17:39 ----D---- C:\WINDOWS
2008-12-07 21:17:22 ----D---- C:\WINDOWS\Temp
2008-12-07 21:15:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-07 21:13:41 ----D---- C:\WINDOWS\system32
2008-12-07 21:08:43 ----D---- C:\WINDOWS\system
2008-12-07 20:53:16 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-06 14:40:26 ----D---- C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2008-12-05 15:31:28 ----D---- C:\temp
2008-12-05 15:31:25 ----SHD---- C:\WINDOWS\IA
2008-12-05 15:31:16 ----D---- C:\WINDOWS\system32\drivers
2008-12-05 15:31:09 ----SD---- C:\WINDOWS\Tasks
2008-12-04 02:15:57 ----HD---- C:\Config.Msi
2008-12-04 00:56:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-04 00:56:24 ----HD---- C:\WINDOWS\inf
2008-12-04 00:56:23 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-04 00:54:23 ----SHD---- C:\WINDOWS\Installer
2008-12-04 00:53:12 ----A---- C:\WINDOWS\imsins.BAK
2008-12-03 22:42:21 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-03 14:13:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-03 14:11:52 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-03 14:11:19 ----A---- C:\WINDOWS\setuplog.txt
2008-12-03 14:10:46 ----D---- C:\WINDOWS\system32\wbem
2008-12-03 14:10:46 ----D---- C:\WINDOWS\system32\Setup
2008-12-03 14:10:46 ----D---- C:\WINDOWS\ime
2008-12-03 14:10:46 ----D---- C:\WINDOWS\AppPatch
2008-12-03 14:10:44 ----RSD---- C:\WINDOWS\Fonts
2008-12-03 14:10:10 ----D---- C:\WINDOWS\security
2008-12-03 14:03:15 ----D---- C:\Program Files\Messenger
2008-12-03 13:56:08 ----D---- C:\WINDOWS\WinSxS
2008-12-03 13:55:49 ----D---- C:\WINDOWS\network diagnostic
2008-12-03 13:55:47 ----D---- C:\WINDOWS\Help
2008-12-03 13:55:19 ----D---- C:\WINDOWS\system32\usmt
2008-12-03 13:55:19 ----D---- C:\WINDOWS\system32\en-US
2008-12-03 13:55:16 ----D---- C:\WINDOWS\l2schemas
2008-12-03 13:55:12 ----AD---- C:\WINDOWS\system32\en
2008-12-03 13:55:09 ----D---- C:\WINDOWS\PeerNet
2008-12-03 13:55:08 ----D---- C:\Program Files\Movie Maker
2008-12-03 13:48:49 ----D---- C:\WINDOWS\system32\Restore
2008-12-03 13:48:49 ----D---- C:\WINDOWS\system32\npp
2008-12-03 13:48:44 ----D---- C:\WINDOWS\msagent
2008-12-03 13:48:41 ----D---- C:\WINDOWS\srchasst
2008-12-03 13:48:39 ----D---- C:\Program Files\NetMeeting
2008-12-03 13:48:36 ----D---- C:\WINDOWS\system32\Com
2008-12-03 13:48:31 ----D---- C:\Program Files\Windows Media Player
2008-12-03 13:48:24 ----D---- C:\Program Files\Windows NT
2008-12-03 13:48:24 ----D---- C:\Program Files\Outlook Express
2008-12-03 13:48:17 ----D---- C:\Program Files\Common Files\System
2008-12-03 13:47:44 ----D---- C:\WINDOWS\system32\oobe
2008-12-03 13:37:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-03 13:29:43 ----D---- C:\WINDOWS\EHome
2008-12-03 12:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-03 12:35:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-03 12:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-12-03 12:34:53 ----D---- C:\Program Files\Internet Explorer
2008-12-03 12:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-03 12:31:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-12-03 12:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-03 12:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-03 12:29:40 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-03 11:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-12-03 11:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-03 11:15:03 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-03 02:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-03 02:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-12-03 02:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-12-03 02:34:52 ----D---- C:\WINDOWS\Registration
2008-12-02 16:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-02 05:28:42 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-12-02 03:16:41 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-02 00:19:22 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-26 00:39:00 ----D---- C:\Downloads
2008-11-24 22:54:20 ----A---- C:\WINDOWS\win.ini
2008-11-23 17:00:51 ----D---- C:\Program Files\iTunes
2008-11-23 16:58:07 ----D---- C:\Program Files\iPod
2008-11-23 16:57:49 ----D---- C:\Program Files\Common Files\Apple
2008-11-23 16:46:07 ----D---- C:\Program Files\QuickTime
2008-11-23 16:20:26 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 atapii;atapii; C:\WINDOWS\System32\drivers\atapii.sys [2008-12-05 86272]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-04-12 11904]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2003-12-04 263296]
R2 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040625.019\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040625.019\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 SAVRT;SAVRT; \??\c:\Program Files\Norton AntiVirus\SAVRT.SYS []
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-04-12 247296]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-12 32768]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2003-12-04 16288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 alz6hl88;alz6hl88; C:\WINDOWS\system32\drivers\alz6hl88.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-03 730653]
S3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-05-05 142976]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2003-12-09 255096]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2003-12-09 218232]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2003-12-09 234616]
R2 cmdService;Command Service; C:\WINDOWS\IA\command.exe [2005-08-02 293888]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 navapsvc;Norton AntiVirus Auto Protect Service; c:\Program Files\Norton AntiVirus\navapsvc.exe [2004-06-04 174208]
R2 Network Monitor;Network Monitor; C:\Program Files\Network Monitor\netmon.exe [2006-01-04 94208]
R2 SymWSC;SymWMI Service; c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-08-06 308352]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2003-12-04 197856]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-12-09 87160]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-12 138168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; c:\Program Files\Norton AntiVirus\SAVScan.exe [2003-11-07 193816]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:47 AM

Posted 10 December 2008 - 05:13 AM

Hello Lagato445 and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Lagato445

Lagato445
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:05:47 PM

Posted 10 December 2008 - 10:57 PM

Thnx for your help Thunder those two programs worked very well. I think my computer is fixed now :thumbsup:

Here is the Malewarebytes report and Combo fix:

Malwarebytes' Anti-Malware 1.31
Database version: 1483
Windows 5.1.2600 Service Pack 3

12/10/2008 10:29:12 PM
mbam-log-2008-12-10 (22-29-12).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 166792
Time elapsed: 1 hour(s), 57 minute(s), 21 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 6
Registry Keys Infected: 34
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 44

Memory Processes Infected:
C:\WINDOWS\IA\command.exe (Adware.CommAd) -> Failed to unload process.
C:\Program Files\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Unloaded process successfully.
C:\Documents and Settings\HP_Owner\Application Data\NI.GSCNS\IUpd721.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\HP_Owner\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\lmixomcs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nnnnKcAT.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\IA\asappsrv.dll (Adware.CommAd) -> Delete on reboot.
C:\WINDOWS\system32\awtrPiIA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cwfilx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\winob77.dll (Adware.Mirar) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3eb264be-9777-404e-a32a-b17b08d790c8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3eb264be-9777-404e-a32a-b17b08d790c8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrpiia (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a698dd78-5a57-4eb0-a3fa-d361e8182a55} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a698dd78-5a57-4eb0-a3fa-d361e8182a55} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3eb264be-9777-404e-a32a-b17b08d790c8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a698dd78-5a57-4eb0-a3fa-d361e8182a55} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (Adware.CommAd) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdservice (Adware.CommAd) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (Adware.CommAd) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{59d4c90e-43e8-4bee-a08f-ad5d1730881a} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{59d4c90e-43e8-4bee-a08f-ad5d1730881a} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59d4c90e-43e8-4bee-a08f-ad5d1730881a} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapii (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapii (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapii (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42a3ad7f-2944-2e2a-11b2-302fd360fdfb} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{42a3ad7f-2944-2e2a-11b2-302fd360fdfb} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b4fe43bd (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iupd721 (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{59d4c90e-43e8-4bee-a08f-ad5d1730881a} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{59d4c90e-43e8-4bee-a08f-ad5d1730881a} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gszexeyskf (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnnkcat -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnnkcat -> Delete on reboot.

Folders Infected:
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\NI.GSCNS (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\cwfilx.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\awtrPiIA.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nnnnKcAT.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\TAcKnnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TAcKnnnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ftvgdufo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ofudgvtf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmixomcs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\scmoximl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\atapii.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\IA\asappsrv.dll (Adware.CommAd) -> Delete on reboot.
C:\WINDOWS\IA\command.exe (Adware.CommAd) -> Delete on reboot.
C:\Program Files\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\NI.GSCNS\IUpd721.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winob77.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP71\A0013076.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP71\A0013132.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfjeta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cydxoigm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcBQIBu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\izmtis.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khkrlrrf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqpMdDV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vclnntak.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ki3\RI2ES6i.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VC\MTK63G.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\snapsnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\mirasnet.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\winvsnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\NI.GSCNS\dl.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\NI.GSCNS\settings.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anxyaujldnf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\Dxcknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\AntiVirusPro.exe.log (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Delete on reboot.



ComboFix Log:

ComboFix 08-12-09.03 - HP_Owner 2008-12-10 22:44:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.535 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Start Menu\Live Safety Center.lnk
c:\documents and settings\HP_Owner\Application Data\ASEMBL~1
c:\documents and settings\HP_Owner\Application Data\ASKS~1
c:\documents and settings\HP_Owner\Application Data\Dxccwrd.dll
c:\documents and settings\HP_Owner\Application Data\Dxcuknwrd.dll
c:\documents and settings\HP_Owner\Application Data\FNTS~1
c:\documents and settings\HP_Owner\Application Data\IUpd721
c:\documents and settings\HP_Owner\Application Data\IUpd721\Logs\scns.log
c:\documents and settings\HP_Owner\Application Data\RACLE~1
c:\documents and settings\HP_Owner\Application Data\RACLE~1\?racle\
c:\documents and settings\HP_Owner\Application Data\STEM32~1
c:\documents and settings\HP_Owner\Application Data\TSKS~1
c:\documents and settings\HP_Owner\Application Data\WNSXS~1
c:\documents and settings\HP_Owner\Application Data\YSTEM~1
c:\documents and settings\HP_Owner\Application Data\YSTEM3~1
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\HP_Owner\My Documents\MCROSO~1.NET
c:\program files\Common Files\{34FE4~1
c:\program files\Common Files\{34FE4~2
c:\program files\Common Files\{B4FE4~1
c:\program files\Common Files\{B4FE4~2
c:\program files\Common Files\{B4FE4~3
c:\program files\Common Files\asks~1
c:\program files\Common Files\crosof~1.net
c:\program files\Common Files\download
c:\program files\Common Files\download\adult2.mpg
c:\program files\Common Files\fnts~1
c:\program files\Common Files\fnts~2
c:\program files\Common Files\inetget2
c:\program files\Common Files\mbols~1
c:\program files\Common Files\pppatc~1
c:\program files\Common Files\ssembl~1
c:\program files\Common Files\sstem3~1
c:\program files\Common Files\stem~1
c:\program files\Common Files\System\msmgr32.dll
c:\program files\Common Files\wnsxs~1
c:\program files\mcroso~1.net
c:\program files\mcroso~1.net\s?chost.exe
c:\program files\pppatc~1
c:\program files\scurit~1
c:\program files\sembly~1
c:\program files\sks~1
c:\program files\wnsxs~1
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\temp\tn3
c:\windows\111uninst.exe
c:\windows\acfghk.ini
c:\windows\appatc~1
c:\windows\asguojrj.exe
c:\windows\cs_cache.ini
c:\windows\ddcffe.ini
c:\windows\ecurit~1
c:\windows\ecurit~1\r?ndll.exe
c:\windows\fnts~1
c:\windows\IA
c:\windows\IA\KE.vbs
c:\windows\IE4 Error Log.txt
c:\windows\inst.exe
c:\windows\lfbgikdk.exe
c:\windows\mantec~1
c:\windows\mantec~1\bak\fast.exe
c:\windows\mantec~1\fast.exe
c:\windows\mcroso~1
c:\windows\NDNuninstall6_38-1.exe
c:\windows\NDNuninstall6_38-2.exe
c:\windows\NDNuninstall6_38-3.exe
c:\windows\noqqpo.ini
c:\windows\notedad.exe
c:\windows\pp.exe
c:\windows\racle~1
c:\windows\ruutvw.ini
c:\windows\sstem~1
c:\windows\stat
c:\windows\stuvyb.ini
c:\windows\stvwwa.ini
c:\windows\system\svchctrl.exe
c:\windows\system32\bitcometres.dll
c:\windows\system32\ki3
c:\windows\system32\VC
c:\windows\system32\yyxkmwek.ini
c:\windows\Tasks\rghzlzmi.job
c:\windows\Temp\tmp3.tmp
c:\windows\tuxbay.ini
c:\windows\tvxyxx.ini
c:\windows\uninst1014.exe
c:\windows\vxyyxx.ini
c:\windows\wpgskpjg.exe
c:\windows\yabdeg.ini
c:\windows\yglmayow.exe
c:\windows\yyybeg.ini
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))
.

2008-12-10 20:06 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 20:06 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 20:05 . 2008-12-10 20:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 21:37 . 2008-12-07 21:37 <DIR> d-------- C:\rsit
2008-12-07 21:37 . 2008-12-07 21:38 <DIR> d-------- c:\program files\trend micro
2008-12-07 21:08 . 2008-12-07 21:08 63 --a------ c:\windows\system\SysSD.dll
2008-12-07 21:07 . 2008-12-07 21:13 <DIR> d-------- c:\program files\SpywareDetector
2008-12-07 03:27 . 2008-12-07 03:27 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Yahoo!
2008-12-07 02:00 . 2008-12-07 02:00 158,208 --a------ c:\windows\system32\tjxdyusq.exe
2008-12-06 02:34 . 2008-12-06 02:34 <DIR> d-------- c:\program files\Veoh Networks
2008-12-05 15:31 . 2008-12-05 15:31 <DIR> d-------- c:\windows\system32\ta
2008-12-05 15:31 . 2008-12-05 15:31 <DIR> d-------- c:\windows\system32\din
2008-12-05 15:31 . 2008-12-05 15:31 47,598 --a------ c:\windows\system32\ngghvbtcgfp.exe
2008-12-03 13:55 . 2008-12-03 13:55 <DIR> d-------- c:\windows\system32\scripting
2008-12-03 13:55 . 2008-12-03 13:55 <DIR> d-------- c:\windows\system32\bits
2008-12-03 12:31 . 2005-04-12 11:31 49,152 --a------ c:\windows\system32\SiSPower.dll
2008-12-03 11:41 . 2008-04-13 19:12 1,737,856 --------- c:\windows\system32\mtxparhd.dll
2008-12-03 11:40 . 2008-04-13 19:12 712,704 --------- c:\windows\system32\windowscodecs.dll
2008-12-03 11:31 . 2004-08-03 22:41 1,309,184 --------- c:\windows\system32\drivers\mtlstrm.sys
2008-12-03 02:37 . 2008-12-03 02:37 18,694,144 --a------ c:\windows\system32\SET2A4.tmp
2008-12-02 16:24 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-02 16:23 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-02 16:23 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-02 16:23 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-02 16:23 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-02 16:23 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-02 16:23 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-02 16:23 . 2008-06-13 06:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-12-02 16:22 . 2008-08-14 05:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-02 13:08 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-26 01:41 . 2008-11-26 01:41 <DIR> d-------- c:\program files\Maxis
2008-11-26 01:29 . 2008-11-26 01:29 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-11-26 01:28 . 2008-11-26 01:29 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-11-26 01:25 . 2008-11-26 01:25 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\DAEMON Tools
2008-11-26 01:25 . 2008-11-26 01:25 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-23 16:57 . 2008-11-23 17:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 16:09 . 2008-11-23 16:12 <DIR> d-------- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 03:34 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-06 19:40 --------- d-----w c:\documents and settings\HP_Owner\Application Data\LimeWire
2008-12-03 18:59 77,824 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\FDIWrapper.dll
2008-11-23 22:00 --------- d-----w c:\program files\iTunes
2008-11-23 21:58 --------- d-----w c:\program files\iPod
2008-11-23 21:57 --------- d-----w c:\program files\Common Files\Apple
2008-11-23 21:46 --------- d-----w c:\program files\QuickTime
2008-11-23 21:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Apple Computer
2008-11-01 02:29 --------- d-----w c:\program files\Java
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 04:13 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-10-16 03:36 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-13 01:07 --------- d-----w c:\program files\Google
2008-10-11 03:54 --------- d-----w c:\program files\Yahoo!
2008-10-11 03:37 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-11 03:36 --------- d-----w c:\program files\DivX
2008-10-11 03:19 --------- d-----w c:\program files\Common Files\Real
2008-10-11 01:26 --------- d-----w c:\program files\SiS VGA Utilities V3.59e
2008-10-10 22:35 51,712 ----a-w c:\windows\system32\dlweejj.dll
2008-10-10 22:35 28,672 ----a-w c:\windows\system32\mnnim.exe
2008-10-10 22:35 23,552 ----a-w c:\windows\system32\xjumxgx.exe
2008-10-10 22:35 127,488 ----a-w c:\windows\system32\wewemb.exe
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:14 129,784 ------w c:\windows\system32\pxafs.dll
2008-09-16 00:14 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-09-16 00:14 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-03-18 08:35 17,481 -c--a-w c:\program files\Common Files\isoqa.ban
2008-03-18 08:35 16,242 -c--a-w c:\documents and settings\All Users\Application Data\ebolyduke.dat
2008-03-18 08:35 12,865 -c--a-w c:\documents and settings\All Users\Application Data\evyv.pif
2008-03-18 02:41 15,992 -c--a-w c:\program files\Common Files\vuketyb.bin
2008-03-18 02:41 15,587 -c--a-w c:\documents and settings\All Users\Application Data\anoduxuti.vbs
2008-03-18 02:41 13,044 -c--a-w c:\program files\Common Files\rygedoryx.ban
2008-03-18 02:41 10,358 -c--a-w c:\documents and settings\All Users\Application Data\izodigukac.bat
2008-03-15 21:44 19,893 -c--a-w c:\documents and settings\All Users\Application Data\ijot.sys
2008-03-15 21:44 18,230 -c--a-w c:\documents and settings\HP_Owner\Application Data\agyci.scr
2008-03-15 21:44 17,058 -c--a-w c:\program files\Common Files\qiruwelehy.exe
2008-03-15 21:44 16,638 -c--a-w c:\program files\Common Files\tege.bat
2008-03-15 21:44 15,048 -c--a-w c:\documents and settings\HP_Owner\Application Data\itevipig.exe
2008-03-15 21:44 14,930 -c--a-w c:\documents and settings\All Users\Application Data\zebehovaju.dll
2008-03-15 21:44 14,408 -c--a-w c:\documents and settings\HP_Owner\Application Data\agarime.pif
2008-03-15 21:44 11,567 -c--a-w c:\program files\Common Files\ilenumasak.com
2008-03-14 21:26 19,841 -c--a-w c:\program files\Common Files\usepofa.dl
2008-03-14 21:26 12,662 -c--a-w c:\documents and settings\HP_Owner\Application Data\ebikococ.vbs
2008-03-14 21:26 11,748 -c--a-w c:\program files\Common Files\ulisadyr.ban
2008-03-14 11:23 17,481 -c--a-w c:\program files\Common Files\ryzexe.ban
2008-03-14 11:23 16,671 -c--a-w c:\documents and settings\HP_Owner\Application Data\raje.com
2008-03-14 11:23 16,210 -c--a-w c:\program files\Common Files\fedapajuf.sys
2008-03-14 11:23 15,378 -c--a-w c:\documents and settings\All Users\Application Data\kocobobeli.sys
2008-03-14 11:23 12,353 -c--a-w c:\documents and settings\HP_Owner\Application Data\mocefy.dll
2008-03-14 11:23 11,821 -c--a-w c:\program files\Common Files\niwyg.vbs
2008-03-14 11:23 10,883 -c--a-w c:\program files\Common Files\hynebor.vbs
2008-03-14 03:13 19,794 -c--a-w c:\documents and settings\HP_Owner\Application Data\mubas.sys
2008-03-14 03:13 19,087 -c--a-w c:\program files\Common Files\zepawiqaq.reg
2008-03-14 03:13 18,554 -c--a-w c:\documents and settings\HP_Owner\Application Data\ywuqadixa.bat
2008-03-14 03:13 18,467 -c--a-w c:\documents and settings\All Users\Application Data\qorypecomo.dat
2008-03-14 03:13 17,102 -c--a-w c:\documents and settings\All Users\Application Data\ypuva.vbs
2008-03-14 01:17 19,342 -c--a-w c:\documents and settings\HP_Owner\Application Data\kowovik.pif
2008-03-14 01:17 18,198 -c--a-w c:\documents and settings\All Users\Application Data\ygajafezun.vbs
2008-03-14 01:17 17,822 -c--a-w c:\documents and settings\All Users\Application Data\tymapy.vbs
2008-03-14 01:17 17,485 -c--a-w c:\documents and settings\All Users\Application Data\juburapo.exe
2008-03-14 01:17 16,638 -c--a-w c:\documents and settings\HP_Owner\Application Data\aqeq.com
2008-03-14 01:17 16,483 -c--a-w c:\documents and settings\All Users\Application Data\ihadadym.com
2008-03-14 01:17 14,907 -c--a-w c:\program files\Common Files\ibuvutym.dll
2008-03-14 01:17 13,270 -c--a-w c:\documents and settings\HP_Owner\Application Data\ijomyhe.vbs
2008-03-14 01:17 11,195 -c--a-w c:\documents and settings\HP_Owner\Application Data\olibepo.reg
2008-03-13 21:03 18,384 -c--a-w c:\documents and settings\HP_Owner\Application Data\uvojenywi.sys
2008-03-13 21:03 17,663 -c--a-w c:\program files\Common Files\asuculynim.bat
2008-03-13 21:03 13,930 -c--a-w c:\program files\Common Files\gagodofon.dll
2008-03-11 06:02 17,220 -c--a-w c:\documents and settings\All Users\Application Data\ohimoha.com
2008-03-11 06:02 15,434 -c--a-w c:\documents and settings\All Users\Application Data\meqyjuw.dll
2008-03-11 06:02 12,296 -c--a-w c:\documents and settings\All Users\Application Data\otolitic.vbs
2008-03-11 06:02 11,408 -c--a-w c:\program files\Common Files\apykazu.dat
2005-04-21 16:45 25,621 -csha-w c:\windows\Cursors\litucod.bak1
2005-10-18 16:10 335,908 -csh--w c:\windows\Cursors\litucod.bak2
2005-10-18 19:50 519,712 -csh--w c:\windows\Cursors\litucod.ini2
2007-06-19 22:49 19,456 -csh--r c:\windows\system\svchctrl.dll
2007-06-19 22:49 23,552 -csh--r c:\windows\system\svchostw.dll
.
Files Infected - Patched
c:\windows\system32\wewemb.exe
c:\windows\system32\wewemb.exe
c:\program files\AIM6\aim6.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 61,440 2003-02-12 03:02:48 c:\hp\KBD\bak\KBD.EXE
----a-w 61,440 2003-02-12 03:02:48 c:\hp\KBD\kbd.exe

-c--a-w 67,160 2005-08-05 20:08:26 c:\program files\AIM\bak\aim.exe

----a-w 50,736 2007-03-23 21:18:22 c:\program files\AIM6\bak\aim6.exe
----a-w 50,736 2008-01-13 21:40:10 c:\program files\AIM6\aim6.exe

-c--a-w 50,792 2005-11-03 03:01:14 c:\program files\Common Files\AOL\1146453806\ee\bak\AOLSoftware.exe
-c--a-w 50,760 2006-05-10 00:24:16 c:\program files\Common Files\AOL\1146453806\ee\AOLSoftware.exe

-c--a-w 180,269 2004-08-07 21:03:31 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 120,320 2006-03-19 01:00:08 c:\program files\Google\Google Desktop Search\bak\GoogleDesktop.exe

-c--a-w 171,448 2007-02-16 01:46:06 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe

-c--a-w 49,152 2004-06-08 01:53:26 c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe
----a-w 49,152 2004-06-08 01:53:26 c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

----a-w 286,720 2004-04-22 01:28:18 c:\program files\iTunes\bak\iTunesHelper.exe
----a-w 290,088 2008-11-20 18:20:54 c:\program files\iTunes\iTunesHelper.exe

-c--a-w 32,881 2004-08-07 19:36:59 c:\program files\Java\j2re1.4.2_03\bin\bak\jusched.exe
----a-w 32,881 2004-08-07 19:36:59 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

-c--a-w 98,304 2004-08-07 21:20:54 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-11-04 15:30:50 c:\program files\QuickTime\QTTask.exe

-c--a-w 1,757,184 2006-05-19 14:27:16 c:\program files\support.com\bin\bak\tgcmd.exe
-c--a-w 21,504 2006-09-15 16:20:49 c:\program files\support.com\bin\tgcmd.exe

-c--a-w 70,144 2007-02-04 00:39:08 c:\qoobox\Quarantine\C\WINDOWS\MANTEC~1\bak\fast.exe.vir
-c--a-w 23,564 2007-02-16 03:03:14 c:\qoobox\Quarantine\C\WINDOWS\MANTEC~1\fast.exe.vir

-c--a-w 118,784 2003-12-18 06:31:42 c:\windows\CREATOR\bak\Remind_XP.exe
----a-w 118,784 2003-12-18 06:31:42 c:\windows\CREATOR\Remind_XP.exe

-c--a-w 233,472 2004-04-15 03:43:46 c:\windows\SMINST\bak\RECGUARD.EXE
----a-w 233,472 2004-04-15 03:43:46 c:\windows\SMINST\Recguard.exe

-c--a-w 52,736 1998-05-07 23:04:38 c:\windows\system\bak\hpsysdrv.exe
----a-w 52,736 1998-05-07 23:04:38 c:\windows\system\hpsysdrv.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-13 50736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
"ssixo"="c:\windows\system32\wewemb.exe" [2008-10-10 127488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-12-09 70776]
"NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2004-01-20 124056]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\cfgwiz.exe" [2004-01-20 124056]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-06 218240]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-05-20 249856]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"vvbvmy"="c:\windows\system32\wewemb.exe" [2008-10-10 127488]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"SiSPower"="SiSPower.dll" [2005-04-12 c:\windows\system32\SiSPower.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
omjft.exe [2008-03-09 127488]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-07 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe, c:\\WINDOWS\\system32\\mnnim.exe"
"Userinit"="c:\\WINDOWS\\system32\\userinit.exe,xjumxgx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=cwfilx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8944:TCP"= 8944:TCP:BitComet 8944 TCP
"8944:UDP"= 8944:UDP:BitComet 8944 UDP


*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]

2004-08-08 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-14 03:38]

2008-12-07 c:\windows\Tasks\WebReg 20051207180104.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-29 07:47]

2008-12-11 c:\windows\Tasks\WebReg 20060423200410.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-29 07:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h0z90mbs.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF -: plugin - c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 22:49:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-10 22:51:02
ComboFix-quarantined-files.txt 2008-12-11 03:50:09

Pre-Run: 122,912,169,984 bytes free
Post-Run: 122,989,043,712 bytes free

399 --- E O F --- 2008-12-04 05:56:25

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:47 AM

Posted 11 December 2008 - 03:17 AM

Hello Lagato,

That looks better, but we're not quite there yet.

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/184927/infected-with-possible-spywaremaleware/
Collect::[9]
c:\windows\system32\tjxdyusq.exe
c:\windows\system32\ngghvbtcgfp.exe
c:\windows\system32\dlweejj.dll
c:\windows\system32\mnnim.exe
c:\windows\system32\xjumxgx.exe
c:\windows\system32\wewemb.exe
File::
c:\program files\Common Files\isoqa.ban
c:\documents and settings\All Users\Application Data\ebolyduke.dat
c:\documents and settings\All Users\Application Data\evyv.pif
c:\program files\Common Files\vuketyb.bin
c:\documents and settings\All Users\Application Data\anoduxuti.vbs
c:\program files\Common Files\rygedoryx.ban
c:\documents and settings\All Users\Application Data\izodigukac.bat
c:\documents and settings\All Users\Application Data\ijot.sys
c:\documents and settings\HP_Owner\Application Data\agyci.scr
c:\program files\Common Files\qiruwelehy.exe
c:\program files\Common Files\tege.bat
c:\documents and settings\HP_Owner\Application Data\itevipig.exe
c:\documents and settings\All Users\Application Data\zebehovaju.dll
c:\documents and settings\HP_Owner\Application Data\agarime.pif
c:\program files\Common Files\ilenumasak.com
c:\program files\Common Files\usepofa.dl
c:\documents and settings\HP_Owner\Application Data\ebikococ.vbs
c:\program files\Common Files\ulisadyr.ban
c:\program files\Common Files\ryzexe.ban
c:\documents and settings\HP_Owner\Application Data\raje.com
c:\program files\Common Files\fedapajuf.sys
c:\documents and settings\All Users\Application Data\kocobobeli.sys
c:\documents and settings\HP_Owner\Application Data\mocefy.dll
c:\program files\Common Files\niwyg.vbs
c:\program files\Common Files\hynebor.vbs
c:\documents and settings\HP_Owner\Application Data\mubas.sys
c:\program files\Common Files\zepawiqaq.reg
c:\documents and settings\HP_Owner\Application Data\ywuqadixa.bat
c:\documents and settings\All Users\Application Data\qorypecomo.dat
c:\documents and settings\All Users\Application Data\ypuva.vbs
c:\documents and settings\HP_Owner\Application Data\kowovik.pif
c:\documents and settings\All Users\Application Data\ygajafezun.vbs
c:\documents and settings\All Users\Application Data\tymapy.vbs
c:\documents and settings\All Users\Application Data\juburapo.exe
c:\documents and settings\HP_Owner\Application Data\aqeq.com
c:\documents and settings\All Users\Application Data\ihadadym.com
c:\program files\Common Files\ibuvutym.dll
c:\documents and settings\HP_Owner\Application Data\ijomyhe.vbs
c:\documents and settings\HP_Owner\Application Data\olibepo.reg
c:\documents and settings\HP_Owner\Application Data\uvojenywi.sys
c:\program files\Common Files\asuculynim.bat
c:\program files\Common Files\gagodofon.dll
c:\documents and settings\All Users\Application Data\ohimoha.com
c:\documents and settings\All Users\Application Data\meqyjuw.dll
c:\documents and settings\All Users\Application Data\otolitic.vbs
c:\program files\Common Files\apykazu.dat
Folder::
c:\windows\system32\ta
c:\windows\system32\din
AWF::
c:\program files\Common Files\AOL\1146453806\ee\bak\AOLSoftware.exe
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\qttask.exe
c:\program files\support.com\bin\bak\tgcmd.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ssixo"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vvbvmy"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe"
"Userinit"="c:\\WINDOWS\\system32\\userinit.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

When CF finishes running, the ComboFix log will open along with a message box, --do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open.
Simply follow the instructions to copy/paste/send the requested file [9]-Submit_Date_Time.zip.

Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Lagato445

Lagato445
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:05:47 PM

Posted 11 December 2008 - 09:56 PM

:thumbsup: Hey Thunder i ran the comboFix notepad log but after it finished it froze, so i dunno if it recorded what it fixed. The computer is running so much better now, i really appreciate all this help.
Here is the new hijack log i ran:


Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2008-12-11 09:50:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 117 GB (63%) free of 185 GB
Total RAM: 895 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:50, on 2008-12-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\mnnim.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xjumxgx.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9550 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\WebReg 20051207180104.job
C:\WINDOWS\tasks\WebReg 20060423200410.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-10-12 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-10 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Program Files\Norton AntiVirus\NavShExt.dll [2004-06-04 103552]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-12-18 817936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-10-12 2403392]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-03 463872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HPHUPD06"=c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-07 49152]
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2004-06-07 659456]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2003-12-09 70776]
"NAV CfgWiz"=c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe [2004-01-20 124056]
"IS CfgWiz"=c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe [2004-01-20 124056]
"SSC_UserPrompt"=c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [2004-08-06 218240]
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2004-05-20 249856]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-08-07 98304]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-04-21 286720]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2005-04-12 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-21 68856]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-13 50736]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-11-03 3522296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-03 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-11 21:23:15 ----D---- C:\WINDOWS\temp
2008-12-11 21:23:10 ----A---- C:\WINDOWS\PSEXESVC.EXE
2008-12-11 21:17:43 ----D---- C:\ComboFix
2008-12-11 21:17:43 ----A---- C:\WINDOWS\system32\CF31550.exe
2008-12-11 21:16:55 ----A---- C:\WINDOWS\system32\CF31394.exe
2008-12-11 21:16:55 ----A---- C:\WINDOWS\system32\CF31387.exe
2008-12-11 21:16:55 ----A---- C:\WINDOWS\system32\CF31384.exe
2008-12-11 18:32:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 18:31:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 04:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 04:31:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 22:58:50 ----SHD---- C:\RECYCLER
2008-12-10 22:43:21 ----A---- C:\WINDOWS\zip.exe
2008-12-10 22:43:21 ----A---- C:\WINDOWS\VFIND.exe
2008-12-10 22:43:21 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-10 22:43:21 ----A---- C:\WINDOWS\SWSC.exe
2008-12-10 22:43:21 ----A---- C:\WINDOWS\SWREG.exe
2008-12-10 22:43:21 ----A---- C:\WINDOWS\sed.exe
2008-12-10 22:43:21 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-10 22:43:21 ----A---- C:\WINDOWS\grep.exe
2008-12-10 22:43:21 ----A---- C:\WINDOWS\fdsv.exe
2008-12-10 22:43:14 ----D---- C:\WINDOWS\ERDNT
2008-12-10 22:43:14 ----AD---- C:\Qoobox
2008-12-10 20:05:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-07 21:37:19 ----D---- C:\Program Files\trend micro
2008-12-07 21:37:17 ----D---- C:\rsit
2008-12-07 21:07:55 ----D---- C:\Program Files\SpywareDetector
2008-12-06 02:34:21 ----D---- C:\Program Files\Veoh Networks
2008-12-05 15:40:52 ----A---- C:\WINDOWS\system32\bfdd87c3-.txt
2008-12-04 00:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-04 00:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-03 14:11:17 ----D---- C:\WINDOWS\Prefetch
2008-12-03 14:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-03 14:04:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-03 14:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-03 14:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-03 14:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-03 14:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-03 13:55:16 ----D---- C:\WINDOWS\system32\scripting
2008-12-03 13:55:09 ----D---- C:\WINDOWS\system32\bits
2008-12-03 12:35:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-03 12:34:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-03 12:32:33 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-03 12:32:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-03 12:31:45 ----A---- C:\WINDOWS\system32\SiSPower.dll
2008-12-03 12:31:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-03 11:42:50 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-03 11:42:42 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-03 11:42:42 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-03 11:42:41 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-03 11:42:41 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-03 11:42:41 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-12-03 11:42:41 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-03 11:42:41 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-03 11:42:40 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-03 11:42:39 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-03 11:42:32 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-03 11:42:28 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-03 11:42:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-03 11:42:27 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-03 11:42:25 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-03 11:42:25 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-03 11:42:25 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-03 11:42:25 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-03 11:42:25 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-03 11:42:25 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-03 11:42:25 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-03 11:42:21 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-03 11:42:19 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-12-03 11:42:19 ----A---- C:\WINDOWS\005283_.tmp
2008-12-03 11:42:11 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-03 11:42:00 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-03 11:41:59 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-03 11:41:59 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-03 11:41:59 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-03 11:41:59 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-03 11:41:58 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-03 11:41:44 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-12-03 11:41:42 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-03 11:41:42 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-03 11:41:41 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-03 11:41:41 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-03 11:41:22 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-03 11:41:22 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-03 11:41:21 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-03 11:41:21 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-03 11:41:21 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-03 11:41:21 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-03 11:41:21 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-12-03 11:41:21 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-12-03 11:41:11 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-03 11:41:09 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-03 11:41:06 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-03 11:41:06 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-03 11:41:06 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-03 11:41:06 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-03 11:41:06 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-03 11:41:04 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-03 11:41:04 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-03 11:41:01 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-03 11:41:00 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-03 11:41:00 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-03 11:41:00 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-03 11:41:00 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-03 11:41:00 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-03 11:41:00 ----N---- C:\WINDOWS\slrundll.exe
2008-12-03 11:40:58 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-12-03 11:40:58 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-12-03 11:40:54 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-03 11:40:54 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-03 11:40:52 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-12-03 11:40:47 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-03 11:40:47 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-03 11:40:46 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-03 11:40:46 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-03 11:40:42 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-12-03 02:37:44 ----A---- C:\WINDOWS\system32\SET2A4.tmp
2008-12-03 02:32:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-03 02:32:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-03 02:31:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-02 16:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-02 16:24:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-02 03:17:10 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-02 00:19:14 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-26 01:41:03 ----D---- C:\Program Files\Maxis
2008-11-26 01:29:07 ----D---- C:\Program Files\DAEMON Tools Toolbar
2008-11-26 01:28:33 ----D---- C:\Program Files\DAEMON Tools Lite
2008-11-26 01:25:19 ----D---- C:\Documents and Settings\HP_Owner\Application Data\DAEMON Tools
2008-11-23 16:57:03 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 16:09:59 ----D---- C:\Program Files\Safari

======List of files/folders modified in the last 1 months======

2008-12-11 21:35:27 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-11 21:34:50 ----D---- C:\WINDOWS\system32
2008-12-11 21:23:15 ----D---- C:\WINDOWS
2008-12-11 21:22:31 ----D---- C:\WINDOWS\system32\drivers
2008-12-11 21:22:31 ----D---- C:\Program Files\Common Files
2008-12-11 21:22:30 ----D---- C:\WINDOWS\AppPatch
2008-12-11 21:19:22 ----D---- C:\Program Files\QuickTime
2008-12-11 21:19:20 ----D---- C:\Program Files\iTunes
2008-12-11 21:18:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-11 21:10:19 ----D---- C:\Program Files\Mozilla Firefox
2008-12-11 19:19:47 ----D---- C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2008-12-11 19:02:37 ----D---- C:\WINDOWS\Help
2008-12-11 18:32:43 ----HD---- C:\WINDOWS\inf
2008-12-11 18:32:16 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 18:31:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-11 18:31:09 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-11 04:34:53 ----D---- C:\Program Files\Internet Explorer
2008-12-11 04:34:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-11 01:49:32 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-10 22:49:10 ----A---- C:\WINDOWS\system.ini
2008-12-10 22:46:58 ----SD---- C:\WINDOWS\Tasks
2008-12-10 22:45:15 ----RD---- C:\Program Files
2008-12-10 22:45:15 ----D---- C:\temp
2008-12-10 22:45:11 ----D---- C:\WINDOWS\system
2008-12-10 22:45:01 ----D---- C:\Program Files\Common Files\System
2008-12-09 13:24:37 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2008-12-07 18:00:39 ----D---- C:\WINDOWS\Minidump
2008-12-04 02:15:57 ----HD---- C:\Config.Msi
2008-12-04 00:54:23 ----SHD---- C:\WINDOWS\Installer
2008-12-03 14:13:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-03 14:11:52 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-03 14:11:19 ----A---- C:\WINDOWS\setuplog.txt
2008-12-03 14:10:46 ----D---- C:\WINDOWS\system32\wbem
2008-12-03 14:10:46 ----D---- C:\WINDOWS\system32\Setup
2008-12-03 14:10:46 ----D---- C:\WINDOWS\ime
2008-12-03 14:10:44 ----RSD---- C:\WINDOWS\Fonts
2008-12-03 14:10:10 ----D---- C:\WINDOWS\security
2008-12-03 14:03:15 ----D---- C:\Program Files\Messenger
2008-12-03 13:56:08 ----D---- C:\WINDOWS\WinSxS
2008-12-03 13:55:49 ----D---- C:\WINDOWS\network diagnostic
2008-12-03 13:55:19 ----D---- C:\WINDOWS\system32\usmt
2008-12-03 13:55:19 ----D---- C:\WINDOWS\system32\en-US
2008-12-03 13:55:16 ----D---- C:\WINDOWS\l2schemas
2008-12-03 13:55:12 ----AD---- C:\WINDOWS\system32\en
2008-12-03 13:55:09 ----D---- C:\WINDOWS\PeerNet
2008-12-03 13:55:08 ----D---- C:\Program Files\Movie Maker
2008-12-03 13:48:49 ----D---- C:\WINDOWS\system32\Restore
2008-12-03 13:48:49 ----D---- C:\WINDOWS\system32\npp
2008-12-03 13:48:44 ----D---- C:\WINDOWS\msagent
2008-12-03 13:48:41 ----D---- C:\WINDOWS\srchasst
2008-12-03 13:48:39 ----D---- C:\Program Files\NetMeeting
2008-12-03 13:48:36 ----D---- C:\WINDOWS\system32\Com
2008-12-03 13:48:31 ----D---- C:\Program Files\Windows Media Player
2008-12-03 13:48:24 ----D---- C:\Program Files\Windows NT
2008-12-03 13:48:24 ----D---- C:\Program Files\Outlook Express
2008-12-03 13:47:44 ----D---- C:\WINDOWS\system32\oobe
2008-12-03 13:37:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-03 13:29:43 ----D---- C:\WINDOWS\EHome
2008-12-03 12:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-03 12:35:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-03 12:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-12-03 12:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-03 12:31:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-12-03 12:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-03 12:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-03 12:29:40 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-03 11:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-12-03 11:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-03 11:15:03 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-03 02:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-03 02:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-12-03 02:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-12-03 02:34:52 ----D---- C:\WINDOWS\Registration
2008-12-02 16:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-02 05:28:42 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-12-02 03:16:41 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-02 00:19:22 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-26 00:39:00 ----D---- C:\Downloads
2008-11-24 22:54:20 ----A---- C:\WINDOWS\win.ini
2008-11-23 16:58:07 ----D---- C:\Program Files\iPod
2008-11-23 16:57:49 ----D---- C:\Program Files\Common Files\Apple
2008-11-23 16:20:26 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-04-12 11904]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2003-12-04 263296]
R2 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040625.019\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040625.019\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 SAVRT;SAVRT; \??\c:\Program Files\Norton AntiVirus\SAVRT.SYS []
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-04-12 247296]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-12 32768]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2003-12-04 16288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 asxn2p3q;asxn2p3q; C:\WINDOWS\system32\drivers\asxn2p3q.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-03 730653]
S3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-05-05 142976]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2003-12-09 255096]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2003-12-09 218232]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2003-12-09 234616]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 navapsvc;Norton AntiVirus Auto Protect Service; c:\Program Files\Norton AntiVirus\navapsvc.exe [2004-06-04 174208]
R2 SymWSC;SymWMI Service; c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-08-06 308352]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2003-12-04 197856]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-12-09 87160]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-12 138168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; c:\Program Files\Norton AntiVirus\SAVScan.exe [2003-11-07 193816]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:47 AM

Posted 12 December 2008 - 05:23 PM

Hello Lagato,

Could you upload that [9]-Submit_Date_Time.zip file please, to :

http://www.bleepingcomputer.com/submit-malware.php?channel=9

How ? : 1. In the first window (Link to topic where this file was requested:) copy and past this link :http://www.bleepingcomputer.com/forums/t/184927/infected-with-possible-spywaremaleware/
2. In the second window (Browse to the file you want to submit: ) browse to the C:\QooBox\Quarantine folder and select the [9]-Submit_Date_Time.zip file for upload.

3. Click the Send file button :thumbsup:
[/list]
Then please post the last ComboFix log to find out where we stand.
It can be found as C:\ComboFix.txt :)

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update11.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windowsi586-p.exe to install the newest version.
Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 Lagato445

Lagato445
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:05:47 PM

Posted 12 December 2008 - 10:11 PM

Ok i think this is the latest combofix txt im not too sure though :thumbsup:


ComboFix 08-12-11.04 - HP_Owner 2008-12-11 21:19:26.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.436 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\All Users\Application Data\anoduxuti.vbs
c:\documents and settings\All Users\Application Data\ebolyduke.dat
c:\documents and settings\All Users\Application Data\evyv.pif
c:\documents and settings\All Users\Application Data\ihadadym.com
c:\documents and settings\All Users\Application Data\ijot.sys
c:\documents and settings\All Users\Application Data\izodigukac.bat
c:\documents and settings\All Users\Application Data\juburapo.exe
c:\documents and settings\All Users\Application Data\kocobobeli.sys
c:\documents and settings\All Users\Application Data\meqyjuw.dll
c:\documents and settings\All Users\Application Data\ohimoha.com
c:\documents and settings\All Users\Application Data\otolitic.vbs
c:\documents and settings\All Users\Application Data\qorypecomo.dat
c:\documents and settings\All Users\Application Data\tymapy.vbs
c:\documents and settings\All Users\Application Data\ygajafezun.vbs
c:\documents and settings\All Users\Application Data\ypuva.vbs
c:\documents and settings\All Users\Application Data\zebehovaju.dll
c:\documents and settings\HP_Owner\Application Data\agarime.pif
c:\documents and settings\HP_Owner\Application Data\agyci.scr
c:\documents and settings\HP_Owner\Application Data\aqeq.com
c:\documents and settings\HP_Owner\Application Data\ebikococ.vbs
c:\documents and settings\HP_Owner\Application Data\ijomyhe.vbs
c:\documents and settings\HP_Owner\Application Data\itevipig.exe
c:\documents and settings\HP_Owner\Application Data\kowovik.pif
c:\documents and settings\HP_Owner\Application Data\mocefy.dll
c:\documents and settings\HP_Owner\Application Data\mubas.sys
c:\documents and settings\HP_Owner\Application Data\olibepo.reg
c:\documents and settings\HP_Owner\Application Data\raje.com
c:\documents and settings\HP_Owner\Application Data\uvojenywi.sys
c:\documents and settings\HP_Owner\Application Data\ywuqadixa.bat
c:\program files\Common Files\apykazu.dat
c:\program files\Common Files\asuculynim.bat
c:\program files\Common Files\fedapajuf.sys
c:\program files\Common Files\gagodofon.dll
c:\program files\Common Files\hynebor.vbs
c:\program files\Common Files\ibuvutym.dll
c:\program files\Common Files\ilenumasak.com
c:\program files\Common Files\isoqa.ban
c:\program files\Common Files\niwyg.vbs
c:\program files\Common Files\qiruwelehy.exe
c:\program files\Common Files\rygedoryx.ban
c:\program files\Common Files\ryzexe.ban
c:\program files\Common Files\tege.bat
c:\program files\Common Files\ulisadyr.ban
c:\program files\Common Files\usepofa.dl
c:\program files\Common Files\vuketyb.bin
c:\program files\Common Files\zepawiqaq.reg
.

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:47 AM

Posted 14 December 2008 - 07:34 AM

Hello Lagato,

Since ComboFix obviously didn't run to the end,
we might try a run in safe mode first :

Boot into Safe Mode:
Restart your computer and tap F8 before WinXP starts to load and choose Safe Mode.
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter.

Then run the CFScript again and see if it can complete the cleanup. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 Lagato445

Lagato445
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:05:47 PM

Posted 14 December 2008 - 11:17 PM

:thumbsup: Kool! it didn't freeze up this time, i think this is the whole report

ComboFix 08-12-11.04 - HP_Owner 2008-12-14 22:44:10.3 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.716 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt

FILE ::
c:\documents and settings\All Users\Application Data\anoduxuti.vbs
c:\documents and settings\All Users\Application Data\ebolyduke.dat
c:\documents and settings\All Users\Application Data\evyv.pif
c:\documents and settings\All Users\Application Data\ihadadym.com
c:\documents and settings\All Users\Application Data\ijot.sys
c:\documents and settings\All Users\Application Data\izodigukac.bat
c:\documents and settings\All Users\Application Data\juburapo.exe
c:\documents and settings\All Users\Application Data\kocobobeli.sys
c:\documents and settings\All Users\Application Data\meqyjuw.dll
c:\documents and settings\All Users\Application Data\ohimoha.com
c:\documents and settings\All Users\Application Data\otolitic.vbs
c:\documents and settings\All Users\Application Data\qorypecomo.dat
c:\documents and settings\All Users\Application Data\tymapy.vbs
c:\documents and settings\All Users\Application Data\ygajafezun.vbs
c:\documents and settings\All Users\Application Data\ypuva.vbs
c:\documents and settings\All Users\Application Data\zebehovaju.dll
c:\documents and settings\HP_Owner\Application Data\agarime.pif
c:\documents and settings\HP_Owner\Application Data\agyci.scr
c:\documents and settings\HP_Owner\Application Data\aqeq.com
c:\documents and settings\HP_Owner\Application Data\ebikococ.vbs
c:\documents and settings\HP_Owner\Application Data\ijomyhe.vbs
c:\documents and settings\HP_Owner\Application Data\itevipig.exe
c:\documents and settings\HP_Owner\Application Data\kowovik.pif
c:\documents and settings\HP_Owner\Application Data\mocefy.dll
c:\documents and settings\HP_Owner\Application Data\mubas.sys
c:\documents and settings\HP_Owner\Application Data\olibepo.reg
c:\documents and settings\HP_Owner\Application Data\raje.com
c:\documents and settings\HP_Owner\Application Data\uvojenywi.sys
c:\documents and settings\HP_Owner\Application Data\ywuqadixa.bat
c:\program files\Common Files\apykazu.dat
c:\program files\Common Files\asuculynim.bat
c:\program files\Common Files\fedapajuf.sys
c:\program files\Common Files\gagodofon.dll
c:\program files\Common Files\hynebor.vbs
c:\program files\Common Files\ibuvutym.dll
c:\program files\Common Files\ilenumasak.com
c:\program files\Common Files\isoqa.ban
c:\program files\Common Files\niwyg.vbs
c:\program files\Common Files\qiruwelehy.exe
c:\program files\Common Files\rygedoryx.ban
c:\program files\Common Files\ryzexe.ban
c:\program files\Common Files\tege.bat
c:\program files\Common Files\ulisadyr.ban
c:\program files\Common Files\usepofa.dl
c:\program files\Common Files\vuketyb.bin
c:\program files\Common Files\zepawiqaq.reg
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bitcometres.dll
c:\windows\system32\dlweejj.dll
c:\windows\system32\mnnim.exe
c:\windows\system32\wewemb.exe
c:\windows\system32\xjumxgx.exe
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\anoduxuti.vbs
c:\documents and settings\All Users\Application Data\ebolyduke.dat
c:\documents and settings\All Users\Application Data\evyv.pif
c:\documents and settings\All Users\Application Data\ihadadym.com
c:\documents and settings\All Users\Application Data\ijot.sys
c:\documents and settings\All Users\Application Data\izodigukac.bat
c:\documents and settings\All Users\Application Data\juburapo.exe
c:\documents and settings\All Users\Application Data\kocobobeli.sys
c:\documents and settings\All Users\Application Data\meqyjuw.dll
c:\documents and settings\All Users\Application Data\ohimoha.com
c:\documents and settings\All Users\Application Data\otolitic.vbs
c:\documents and settings\All Users\Application Data\qorypecomo.dat
c:\documents and settings\All Users\Application Data\tymapy.vbs
c:\documents and settings\All Users\Application Data\ygajafezun.vbs
c:\documents and settings\All Users\Application Data\ypuva.vbs
c:\documents and settings\All Users\Application Data\zebehovaju.dll
c:\documents and settings\HP_Owner\Application Data\agarime.pif
c:\documents and settings\HP_Owner\Application Data\agyci.scr
c:\documents and settings\HP_Owner\Application Data\aqeq.com
c:\documents and settings\HP_Owner\Application Data\ebikococ.vbs
c:\documents and settings\HP_Owner\Application Data\ijomyhe.vbs
c:\documents and settings\HP_Owner\Application Data\itevipig.exe
c:\documents and settings\HP_Owner\Application Data\kowovik.pif
c:\documents and settings\HP_Owner\Application Data\mocefy.dll
c:\documents and settings\HP_Owner\Application Data\mubas.sys
c:\documents and settings\HP_Owner\Application Data\olibepo.reg
c:\documents and settings\HP_Owner\Application Data\raje.com
c:\documents and settings\HP_Owner\Application Data\uvojenywi.sys
c:\documents and settings\HP_Owner\Application Data\ywuqadixa.bat
c:\program files\Common Files\apykazu.dat
c:\program files\Common Files\asuculynim.bat
c:\program files\Common Files\fedapajuf.sys
c:\program files\Common Files\gagodofon.dll
c:\program files\Common Files\hynebor.vbs
c:\program files\Common Files\ibuvutym.dll
c:\program files\Common Files\ilenumasak.com
c:\program files\Common Files\isoqa.ban
c:\program files\Common Files\niwyg.vbs
c:\program files\Common Files\qiruwelehy.exe
c:\program files\Common Files\rygedoryx.ban
c:\program files\Common Files\ryzexe.ban
c:\program files\Common Files\tege.bat
c:\program files\Common Files\ulisadyr.ban
c:\program files\Common Files\usepofa.dl
c:\program files\Common Files\vuketyb.bin
c:\program files\Common Files\zepawiqaq.reg
c:\windows\system32\din
c:\windows\system32\dlweejj.dll
c:\windows\system32\mnnim.exe
c:\windows\system32\ngghvbtcgfp.exe
c:\windows\system32\ta
c:\windows\system32\ta\HXEdv47.exe
c:\windows\system32\tjxdyusq.exe
c:\windows\system32\wewemb.exe
c:\windows\system32\xjumxgx.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

2008-12-12 21:56 . 2008-12-12 21:55 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 21:56 . 2008-12-12 21:55 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-10 20:06 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 20:06 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 20:05 . 2008-12-10 20:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-10 15:01 . 2008-12-10 15:01 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2008-12-07 21:37 . 2008-12-07 21:37 <DIR> d-------- C:\rsit
2008-12-07 21:37 . 2008-12-11 09:50 <DIR> d-------- c:\program files\trend micro
2008-12-07 21:08 . 2008-12-07 21:08 63 --a------ c:\windows\system\SysSD.dll
2008-12-07 21:07 . 2008-12-07 21:13 <DIR> d-------- c:\program files\SpywareDetector
2008-12-06 02:34 . 2008-12-06 02:34 <DIR> d-------- c:\program files\Veoh Networks
2008-12-03 13:55 . 2008-12-03 13:55 <DIR> d-------- c:\windows\system32\scripting
2008-12-03 13:55 . 2008-12-03 13:55 <DIR> d-------- c:\windows\system32\bits
2008-12-03 12:31 . 2005-04-12 11:31 49,152 --a------ c:\windows\system32\SiSPower.dll
2008-12-03 11:41 . 2008-04-13 19:12 1,737,856 --------- c:\windows\system32\mtxparhd.dll
2008-12-03 11:40 . 2008-04-13 19:12 712,704 --------- c:\windows\system32\windowscodecs.dll
2008-12-03 11:31 . 2004-08-03 22:41 1,309,184 --------- c:\windows\system32\drivers\mtlstrm.sys
2008-12-03 02:37 . 2008-12-03 02:37 18,694,144 --a------ c:\windows\system32\SET2A4.tmp
2008-12-02 16:24 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-02 16:23 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-02 16:23 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-02 16:23 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-02 16:23 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-02 16:23 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-02 16:23 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-02 16:23 . 2008-06-13 06:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-12-02 16:22 . 2008-08-14 05:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-02 13:08 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-26 01:41 . 2008-11-26 01:41 <DIR> d-------- c:\program files\Maxis
2008-11-26 01:29 . 2008-11-26 01:29 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-11-26 01:28 . 2008-11-26 01:29 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-11-26 01:25 . 2008-11-26 01:25 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\DAEMON Tools
2008-11-26 01:25 . 2008-11-26 01:25 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-23 16:57 . 2008-11-23 17:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 16:09 . 2008-11-23 16:12 <DIR> d-------- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 03:49 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-15 03:48 --------- d-----w c:\program files\QuickTime
2008-12-15 03:48 --------- d-----w c:\program files\iTunes
2008-12-15 00:29 --------- d-----w c:\documents and settings\HP_Owner\Application Data\LimeWire
2008-12-13 02:55 --------- d-----w c:\program files\Java
2008-11-23 21:58 --------- d-----w c:\program files\iPod
2008-11-23 21:57 --------- d-----w c:\program files\Common Files\Apple
2008-11-23 21:20 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Apple Computer
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 04:13 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-10-16 03:36 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-03-11 05:59 19,438 -c--a-w c:\documents and settings\HP_Owner\Application Data\requson.vbs
2008-03-11 05:59 17,200 -c--a-w c:\documents and settings\HP_Owner\Application Data\judobonoq.dat
2008-03-11 05:59 17,177 -c--a-w c:\documents and settings\HP_Owner\Application Data\vivy.bin
2008-03-11 05:59 15,347 -c--a-w c:\documents and settings\HP_Owner\Application Data\exihynozi.vbs
2008-03-11 05:59 11,163 -c--a-w c:\documents and settings\All Users\Application Data\mebuw.pif
2008-03-09 12:00 18,935 -c--a-w c:\program files\Common Files\qilaq.exe
2008-03-09 12:00 16,987 -c--a-w c:\program files\Common Files\debuj.scr
2008-03-09 12:00 15,148 -c--a-w c:\documents and settings\HP_Owner\Application Data\udezizy.reg
2008-03-09 12:00 14,225 -c--a-w c:\program files\Common Files\lejixu.vbs
2008-03-09 12:00 13,184 -c--a-w c:\documents and settings\All Users\Application Data\cahixu.exe
2008-03-09 12:00 13,028 -c--a-w c:\documents and settings\All Users\Application Data\ninefa.dat
2008-03-09 12:00 12,371 -c--a-w c:\documents and settings\All Users\Application Data\ucaliwily.reg
2008-03-09 12:00 12,283 -c--a-w c:\documents and settings\HP_Owner\Application Data\yhawegabim.bin
2008-03-09 12:00 10,861 -c--a-w c:\documents and settings\All Users\Application Data\iwoj.bin
2008-03-09 12:00 10,024 -c--a-w c:\program files\Common Files\talejil.db
2008-03-07 22:06 17,083 -c--a-w c:\program files\Common Files\muhuvotyf.bin
2008-03-07 22:06 13,954 -c--a-w c:\documents and settings\HP_Owner\Application Data\utohy.pif
2008-03-07 22:06 11,406 -c--a-w c:\documents and settings\All Users\Application Data\ulydonilu.reg
2008-03-07 22:05 18,689 -c--a-w c:\documents and settings\All Users\Application Data\cumepyvyw.pif
2008-03-07 22:05 12,212 -c--a-w c:\program files\Common Files\oqijefen.com
2008-03-07 20:17 19,521 -c--a-w c:\documents and settings\All Users\Application Data\asovabiq.dat
2008-03-07 20:17 19,450 -c--a-w c:\documents and settings\HP_Owner\Application Data\rolema.reg
2008-03-07 20:17 13,884 -c--a-w c:\documents and settings\HP_Owner\Application Data\qihuh.com
2008-03-07 20:17 12,763 -c--a-w c:\program files\Common Files\wimybifum.bat
2008-03-07 20:17 11,326 -c--a-w c:\documents and settings\All Users\Application Data\sorigyb.reg
2008-03-07 20:17 11,079 -c--a-w c:\program files\Common Files\uxef.reg
2008-03-07 18:11 19,328 -c--a-w c:\program files\Common Files\cyqypaxi.dll
2008-03-07 18:11 19,103 -c--a-w c:\program files\Common Files\pivak.exe
2008-03-07 18:11 16,077 -c--a-w c:\documents and settings\HP_Owner\Application Data\ijykaruj.reg
2008-03-07 18:11 12,926 -c--a-w c:\documents and settings\HP_Owner\Application Data\hemah.scr
2008-03-07 18:11 11,449 -c--a-w c:\program files\Common Files\uqewacimuw.dat
2008-03-07 18:11 11,155 -c--a-w c:\program files\Common Files\aryduwateq.vbs
2008-03-07 16:53 19,344 -c--a-w c:\documents and settings\HP_Owner\Application Data\awyba.pif
2008-03-07 16:53 18,933 -c--a-w c:\program files\Common Files\ogizylym.db
2008-03-07 16:53 17,233 -c--a-w c:\documents and settings\HP_Owner\Application Data\hebyqe.dat
2008-03-07 16:53 10,994 -c--a-w c:\documents and settings\All Users\Application Data\afylivateb.sys
2008-03-07 07:32 14,188 -c--a-w c:\documents and settings\HP_Owner\Application Data\esyd.com
2008-03-07 07:32 13,807 -c--a-w c:\program files\Common Files\homijam.bin
2008-03-07 07:32 11,864 -c--a-w c:\program files\Common Files\ynud._dl
2008-03-06 00:02 19,566 -c--a-w c:\program files\Common Files\ajefeb.dat
2008-03-06 00:02 19,556 -c--a-w c:\program files\Common Files\ifyzefuj.dat
2008-03-06 00:02 18,844 -c--a-w c:\documents and settings\All Users\Application Data\uzeqojilen.bat
2008-03-06 00:02 18,330 -c--a-w c:\documents and settings\All Users\Application Data\uwiholeg.dat
2008-03-06 00:02 18,029 -c--a-w c:\documents and settings\HP_Owner\Application Data\zovawu.exe
2008-03-06 00:02 13,825 -c--a-w c:\documents and settings\HP_Owner\Application Data\hucareqyn.dat
2008-03-06 00:02 11,104 -c--a-w c:\documents and settings\All Users\Application Data\iqijimuv.dat
2007-12-12 01:05 26,414 -c--a-w c:\documents and settings\HP_Owner\Application Data\info.dat
2006-05-10 21:49 905,728 -c--a-w c:\program files\iview398.exe
2005-12-06 05:18 1,254,790 ----a-w c:\documents and settings\HP_Owner\m4rk.exe
2005-11-19 16:47 3,089,860 ----a-w c:\documents and settings\HP_Owner\klk1r.exe
2005-04-21 16:45 25,621 -csha-w c:\windows\Cursors\litucod.bak1
2005-10-18 16:10 335,908 -csh--w c:\windows\Cursors\litucod.bak2
2005-10-18 19:50 519,712 -csh--w c:\windows\Cursors\litucod.ini2
2007-06-19 22:49 19,456 -csh--r c:\windows\system\svchctrl.dll
2007-06-19 22:49 23,552 -csh--r c:\windows\system\svchostw.dll
.
Files Infected - Patched
c:\windows\system32\wewemb.exe
c:\program files\AIM6\aim6.exe
c:\windows\system32\wewemb.exe
.

((((((((((((((((((((((((((((( snapshot@2008-12-10_22.49.24.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-08-26 07:24:28 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 03:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 06:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-17 07:08:40 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 04:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 04:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-04-14 00:11:54 285,184 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-06-10 08:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-13 02:55:46 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-10 08:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-13 02:55:46 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 09:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-13 02:55:46 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 03:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-11-03 21:10:26 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-17 07:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 00:12:07 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-04-14 00:12:38 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-19 04:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 04:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-12-15 03:48:33 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7d4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 61,440 2003-02-12 03:02:48 c:\hp\KBD\bak\KBD.EXE
----a-w 61,440 2003-02-12 03:02:48 c:\hp\KBD\kbd.exe

-c--a-w 67,160 2005-08-05 20:08:26 c:\program files\AIM\bak\aim.exe

----a-w 50,736 2007-03-23 21:18:22 c:\program files\AIM6\bak\aim6.exe
----a-w 50,736 2008-01-13 21:40:10 c:\program files\AIM6\aim6.exe

-c--a-w 180,269 2004-08-07 21:03:31 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 120,320 2006-03-19 01:00:08 c:\program files\Google\Google Desktop Search\bak\GoogleDesktop.exe

-c--a-w 171,448 2007-02-16 01:46:06 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe

-c--a-w 49,152 2004-06-08 01:53:26 c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe
----a-w 49,152 2004-06-08 01:53:26 c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

-c--a-w 32,881 2004-08-07 19:36:59 c:\program files\Java\j2re1.4.2_03\bin\bak\jusched.exe

-c--a-w 70,144 2007-02-04 00:39:08 c:\qoobox\Quarantine\C\WINDOWS\MANTEC~1\bak\fast.exe.vir
-c--a-w 23,564 2007-02-16 03:03:14 c:\qoobox\Quarantine\C\WINDOWS\MANTEC~1\fast.exe.vir

-c--a-w 118,784 2003-12-18 06:31:42 c:\windows\CREATOR\bak\Remind_XP.exe
----a-w 118,784 2003-12-18 06:31:42 c:\windows\CREATOR\Remind_XP.exe

-c--a-w 233,472 2004-04-15 03:43:46 c:\windows\SMINST\bak\RECGUARD.EXE
----a-w 233,472 2004-04-15 03:43:46 c:\windows\SMINST\Recguard.exe

-c--a-w 52,736 1998-05-07 23:04:38 c:\windows\system\bak\hpsysdrv.exe
----a-w 52,736 1998-05-07 23:04:38 c:\windows\system\hpsysdrv.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-13 50736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
"ssixo"="c:\windows\system32\wewemb.exe" [2008-12-14 127488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-12-09 70776]
"NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2004-01-20 124056]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\cfgwiz.exe" [2004-01-20 124056]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-06 218240]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-05-20 249856]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-07 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-04-21 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"vvbvmy"="c:\windows\system32\wewemb.exe" [2008-12-14 127488]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"SiSPower"="SiSPower.dll" [2005-04-12 c:\windows\system32\SiSPower.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
omjft.exe [2008-03-09 127488]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-07 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe, c:\\WINDOWS\\system32\\mnnim.exe"
"Userinit"="c:\\WINDOWS\\system32\\userinit.exe,xjumxgx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8944:TCP"= 8944:TCP:BitComet 8944 TCP
"8944:UDP"= 8944:UDP:BitComet 8944 UDP

.
Contents of the 'Scheduled Tasks' folder

2008-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]

2004-08-08 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-14 03:38]

2008-12-13 c:\windows\Tasks\WebReg 20051207180104.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-29 07:47]

2008-12-15 c:\windows\Tasks\WebReg 20060423200410.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-29 07:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h0z90mbs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 22:48:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\mnnim.exe 28672 bytes executable
c:\windows\system32\wewemb.exe 127488 bytes executable
c:\windows\system32\xjumxgx.exe 23552 bytes executable
c:\windows\system32\dlweejj.dll 51712 bytes executable

scan completed successfully
hidden files: 4

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\iPod\bin\iPodService.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\omjft.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\mnnim.exe
c:\windows\system32\mnnim.exe
c:\windows\system32\mnnim.exe
.
**************************************************************************
.
Completion time: 2008-12-14 22:55:30 - machine was rebooted [HP_Owner]
ComboFix-quarantined-files.txt 2008-12-15 03:55:02
ComboFix2.txt 2008-12-11 03:51:04

Pre-Run: 124,029,161,472 bytes free
Post-Run: 123,076,771,840 bytes free

567 --- E O F --- 2008-12-11 23:32:44

#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:47 AM

Posted 16 December 2008 - 10:22 AM

Hello Lagato,

You've got quite a lot of old crap there :thumbsup:

First, go to Start > Control Panel > Software > Add/remove programs and uninstall AOL Instant Messenger, since it appears to be infected.
You can reinstall it once your system is cleaned.

Reboot your PC.

Then, make this new CFScript :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
c:\program files\AIM6\aim6.exe
c:\windows\system32\wewemb.exe
c:\WINDOWS\system32\mnnim.exe
c:\windows\system32\xjumxgx.exe
c:\windows\system32\dlweejj.dll
c:\documents and settings\All Users\Start Menu\Programs\Startup\omjft.exe
c:\documents and settings\HP_Owner\Application Data\requson.vbs
c:\documents and settings\HP_Owner\Application Data\judobonoq.dat
c:\documents and settings\HP_Owner\Application Data\vivy.bin
c:\documents and settings\HP_Owner\Application Data\exihynozi.vbs
c:\documents and settings\All Users\Application Data\mebuw.pif
c:\program files\Common Files\qilaq.exe
c:\program files\Common Files\debuj.scr
c:\documents and settings\HP_Owner\Application Data\udezizy.reg
c:\program files\Common Files\lejixu.vbs
c:\documents and settings\All Users\Application Data\cahixu.exe
c:\documents and settings\All Users\Application Data\ninefa.dat
c:\documents and settings\All Users\Application Data\ucaliwily.reg
c:\documents and settings\HP_Owner\Application Data\yhawegabim.bin
c:\documents and settings\All Users\Application Data\iwoj.bin
c:\program files\Common Files\talejil.db
c:\program files\Common Files\muhuvotyf.bin
c:\documents and settings\HP_Owner\Application Data\utohy.pif
c:\documents and settings\All Users\Application Data\ulydonilu.reg
c:\documents and settings\All Users\Application Data\cumepyvyw.pif
c:\program files\Common Files\oqijefen.com
c:\documents and settings\All Users\Application Data\asovabiq.dat
c:\documents and settings\HP_Owner\Application Data\rolema.reg
c:\documents and settings\HP_Owner\Application Data\qihuh.com
c:\program files\Common Files\wimybifum.bat
c:\documents and settings\All Users\Application Data\sorigyb.reg
c:\program files\Common Files\uxef.reg
c:\program files\Common Files\cyqypaxi.dll
c:\program files\Common Files\pivak.exe
c:\documents and settings\HP_Owner\Application Data\ijykaruj.reg
c:\documents and settings\HP_Owner\Application Data\hemah.scr
c:\program files\Common Files\uqewacimuw.dat
c:\program files\Common Files\aryduwateq.vbs
c:\documents and settings\HP_Owner\Application Data\awyba.pif
c:\program files\Common Files\ogizylym.db
c:\documents and settings\HP_Owner\Application Data\hebyqe.dat
c:\documents and settings\All Users\Application Data\afylivateb.sys
c:\documents and settings\HP_Owner\Application Data\esyd.com
c:\program files\Common Files\homijam.bin
c:\program files\Common Files\ynud._dl
c:\program files\Common Files\ajefeb.dat
c:\program files\Common Files\ifyzefuj.dat
c:\documents and settings\All Users\Application Data\uzeqojilen.bat
c:\documents and settings\All Users\Application Data\uwiholeg.dat
c:\documents and settings\HP_Owner\Application Data\zovawu.exe
c:\documents and settings\HP_Owner\Application Data\hucareqyn.dat
c:\documents and settings\All Users\Application Data\iqijimuv.dat
c:\documents and settings\HP_Owner\m4rk.exe
c:\documents and settings\HP_Owner\klk1r.exe
c:\windows\Cursors\litucod.bak1
c:\windows\Cursors\litucod.bak2
c:\windows\Cursors\litucod.ini2
c:\windows\system\svchctrl.dll
c:\windows\system\svchostw.dll
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ssixo"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vvbvmy"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe"
"Userinit"="c:\\WINDOWS\\system32\\userinit.exe

Save this as txtfile CFScript

Reboot in safe mode again,
then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#11 Lagato445

Lagato445
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:05:47 PM

Posted 17 December 2008 - 10:05 PM

:) Thunder my computer crashed all of a sudden and kept freezing every time i turned it on so i had to do a whole system recovery. I've been having to install all the updates again and i ran a new hijack log. I wanted to know if it looks better then before. :thumbsup:

Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Owner at 2008-12-17 22:00:06
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 122 GB (66%) free of 185 GB
Total RAM: 895 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:38 PM, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\NDP1.1sp1-KB867460-X86.exe
C:\DOCUME~1\HP_OWN~1.YOU\LOCALS~1\Temp\SL18F.tmp
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\HP_Owner.YOUR-AE066C3A9B\Desktop\RSIT.exe
C:\Program Files\trend micro\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\mnnim.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xjumxgx.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [regcmdcons] c:\windows\regedit.exe /s c:\hp\bin\cmdcons2.reg
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.1.4322] "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 0 v1.1.4322 GAC + NI NID
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9118 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\WebReg 20051207180104.job
C:\WINDOWS\tasks\WebReg 20060423200410.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
CNisExtBho Class - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2003-12-11 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - c:\Program Files\Norton AntiVirus\NavShExt.dll [2004-06-04 103552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-17 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Program Files\Norton AntiVirus\NavShExt.dll [2004-06-04 103552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-17 136600]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HPHUPD06"=c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-07 49152]
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2004-06-07 659456]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-08-07 180269]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"VTTimer"=VTTimer.exe []
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2003-12-08 70776]
"NAV CfgWiz"=c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe [2004-01-20 124056]
"IS CfgWiz"=c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe [2004-01-20 124056]
"SSC_UserPrompt"=c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [2004-08-05 218240]
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2004-05-20 249856]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2003-04-04 50176]
"Reminder"=C:\Windows\Creator\Remind_XP.exe [2003-12-17 118784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"regcmdcons"=c:\windows\regedit.exe [2004-08-04 146432]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]
"NetFxUpdate_v1.1.4322"=C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [2007-01-15 73728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-03 344064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-17 21:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-12-17 21:40:26 ----D---- C:\Documents and Settings\HP_Owner.YOUR-AE066C3A9B\Application Data\Malwarebytes
2008-12-17 21:34:14 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-17 21:32:44 ----A---- C:\WINDOWS\system32\SET188.tmp
2008-12-17 21:32:41 ----A---- C:\WINDOWS\system32\SET185.tmp
2008-12-17 21:31:14 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-17 21:31:14 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-17 21:15:32 ----D---- C:\Documents and Settings\HP_Owner.YOUR-AE066C3A9B\Application Data\Adobe
2008-12-17 21:11:53 ----D---- C:\Documents and Settings\HP_Owner.YOUR-AE066C3A9B\Application Data\Mozilla
2008-12-17 21:10:13 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-17 21:10:13 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-17 21:10:13 ----A---- C:\WINDOWS\system32\java.exe
2008-12-17 21:10:13 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-17 19:56:15 ----D---- C:\Documents and Settings\HP_Owner.YOUR-AE066C3A9B\Application Data\Netscape
2008-12-17 19:50:00 ----D---- C:\WINDOWS\LastGood
2008-12-17 19:49:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-17 19:47:02 ----SHD---- C:\WINDOWS\ftpcache
2008-12-17 18:15:00 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-17 18:14:45 ----N---- C:\WINDOWS\system32\TVMode.dll
2008-12-17 18:14:45 ----N---- C:\WINDOWS\system32\SiSApCom.dll
2008-12-17 18:14:29 ----A---- C:\WINDOWS\system32\Keyhook.exe
2008-12-17 18:14:27 ----D---- C:\WINDOWS\system32\trayres
2008-12-17 18:14:27 ----A---- C:\WINDOWS\system32\sistray.exe
2008-12-17 17:52:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-17 16:38:11 ----D---- C:\Documents and Settings\HP_Owner.YOUR-AE066C3A9B\Application Data\Macromedia
2008-12-17 16:38:01 ----SHD---- C:\RECYCLER
2008-12-17 16:24:16 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-17 16:23:46 ----ASH---- C:\Documents and Settings\HP_Owner.YOUR-AE066C3A9B\Application Data\desktop.ini
2008-12-17 16:23:42 ----SD---- C:\Documents and Settings\HP_Owner.YOUR-AE066C3A9B\Application Data\Microsoft
2008-12-17 16:23:42 ----D---- C:\Documents and Settings\HP_Owner.YOUR-AE066C3A9B\Application Data\Symantec
2008-12-17 16:23:42 ----D---- C:\Documents and Settings\HP_Owner.YOUR-AE066C3A9B\Application Data\Sun
2008-12-17 16:23:42 ----D---- C:\Documents and Settings\HP_Owner.YOUR-AE066C3A9B\Application Data\SampleView
2008-12-17 16:23:42 ----D---- C:\Documents and Settings\HP_Owner.YOUR-AE066C3A9B\Application Data\Real
2008-12-17 16:23:42 ----D---- C:\Documents and Settings\HP_Owner.YOUR-AE066C3A9B\Application Data\Identities
2008-12-17 16:23:42 ----D---- C:\Documents and Settings\HP_Owner.YOUR-AE066C3A9B\Application Data\Apple Computer
2008-12-17 16:21:52 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-17 16:19:44 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2008-12-17 16:19:44 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2008-12-17 16:19:44 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2008-12-17 16:19:44 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2008-12-17 16:19:44 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2008-12-17 16:19:44 ----A---- C:\WINDOWS\system32\IVIresize.dll
2008-12-17 16:18:55 ----A---- C:\WINDOWS\system32\uninst_disp_silently.txt
2008-12-17 16:18:24 ----A---- C:\WINDOWS\system32\uninst_nrm_silently.txt
2008-12-17 16:18:21 ----A---- C:\WINDOWS\system32\uninst_net_silently.txt
2008-12-17 16:18:12 ----A---- C:\WINDOWS\system32\uninst_smb_silently.txt
2008-12-17 16:17:29 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-17 15:18:00 ----SHD---- C:\WINDOWS\IA
2008-12-14 19:55:33 ----A---- C:\ComboFix.txt
2008-12-11 15:32:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 15:31:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 01:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 01:31:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 19:43:21 ----A---- C:\WINDOWS\zip.exe
2008-12-10 19:43:21 ----A---- C:\WINDOWS\VFIND.exe
2008-12-10 19:43:21 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-10 19:43:21 ----A---- C:\WINDOWS\SWSC.exe
2008-12-10 19:43:21 ----A---- C:\WINDOWS\SWREG.exe
2008-12-10 19:43:21 ----A---- C:\WINDOWS\sed.exe
2008-12-10 19:43:21 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-10 19:43:21 ----A---- C:\WINDOWS\grep.exe
2008-12-10 19:43:21 ----A---- C:\WINDOWS\fdsv.exe
2008-12-10 19:43:14 ----D---- C:\WINDOWS\ERDNT
2008-12-10 19:43:14 ----AD---- C:\Qoobox
2008-12-10 17:05:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-07 18:37:19 ----D---- C:\Program Files\trend micro
2008-12-07 18:37:17 ----D---- C:\rsit
2008-12-07 18:07:55 ----D---- C:\Program Files\SpywareDetector
2008-12-05 23:34:21 ----D---- C:\Program Files\Veoh Networks
2008-12-03 21:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-03 21:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-03 11:11:17 ----D---- C:\WINDOWS\Prefetch
2008-12-03 11:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-03 11:04:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-03 11:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-03 11:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-03 11:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-03 11:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-03 09:35:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-03 09:34:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-03 09:32:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-03 09:31:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-03 08:42:19 ----A---- C:\WINDOWS\005283_.tmp
2008-12-03 08:41:00 ----N---- C:\WINDOWS\slrundll.exe
2008-12-02 23:32:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-02 23:32:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-02 23:31:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-02 13:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-02 13:24:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-25 22:41:03 ----D---- C:\Program Files\Maxis
2008-11-25 22:29:07 ----D---- C:\Program Files\DAEMON Tools Toolbar
2008-11-25 22:28:33 ----D---- C:\Program Files\DAEMON Tools Lite
2008-11-23 13:57:03 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 13:09:59 ----D---- C:\Program Files\Safari

======List of files/folders modified in the last 1 months======

2008-12-17 22:00:41 ----D---- C:\WINDOWS
2008-12-17 22:00:39 ----SHD---- C:\WINDOWS\Installer
2008-12-17 22:00:12 ----D---- C:\WINDOWS\Registration
2008-12-17 22:00:03 ----D---- C:\WINDOWS\system32
2008-12-17 22:00:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-17 21:59:07 ----HD---- C:\Config.Msi
2008-12-17 21:58:58 ----D---- C:\Program Files\Internet Explorer
2008-12-17 21:58:57 ----RD---- C:\Program Files
2008-12-17 21:56:20 ----HD---- C:\WINDOWS\inf
2008-12-17 21:56:00 ----A---- C:\WINDOWS\imsins.BAK
2008-12-17 21:53:42 ----D---- C:\WINDOWS\WinSxS
2008-12-17 21:44:13 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-17 21:44:13 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-17 21:40:22 ----D---- C:\WINDOWS\system32\drivers
2008-12-17 21:33:16 ----D---- C:\Program Files\Mozilla Firefox
2008-12-17 21:32:16 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 21:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-17 21:10:15 ----D---- C:\WINDOWS\temp
2008-12-17 19:58:43 ----D---- C:\Program Files\Hewlett-Packard
2008-12-17 19:58:40 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-17 19:58:01 ----SD---- C:\WINDOWS\Tasks
2008-12-17 19:58:01 ----D---- C:\Program Files\Easy Internet signup
2008-12-17 19:52:04 ----D---- C:\Program Files\iTunes
2008-12-17 19:51:07 ----D---- C:\Program Files\QuickTime
2008-12-17 18:16:59 ----D---- C:\WINDOWS\security
2008-12-17 18:16:00 ----A---- C:\WINDOWS\system.ini
2008-12-17 18:14:56 ----A---- C:\WINDOWS\system32\VGAunistlog.ini
2008-12-17 18:14:55 ----D---- C:\Program Files\SiS VGA Utilities V3.59e
2008-12-17 18:08:09 ----HD---- C:\hp
2008-12-17 18:05:48 ----D---- C:\Program Files\Windows NT
2008-12-17 18:05:44 ----D---- C:\Program Files\Windows Media Player
2008-12-17 18:05:44 ----D---- C:\Program Files\Outlook Express
2008-12-17 18:05:44 ----D---- C:\Program Files\NetMeeting
2008-12-17 18:05:37 ----D---- C:\Program Files\Common Files\Services
2008-12-17 18:05:34 ----D---- C:\WINDOWS\system32\wbem
2008-12-17 18:05:28 ----D---- C:\WINDOWS\system32\ras
2008-12-17 18:05:28 ----D---- C:\WINDOWS\system32\oobe
2008-12-17 18:05:17 ----D---- C:\WINDOWS\system32\icsxml
2008-12-17 18:05:17 ----D---- C:\WINDOWS\system32\ias
2008-12-17 18:04:44 ----D---- C:\WINDOWS\system32\Setup
2008-12-17 18:04:44 ----D---- C:\WINDOWS\system32\Restore
2008-12-17 18:04:42 ----D---- C:\WINDOWS\system32\Com
2008-12-17 18:04:40 ----D---- C:\WINDOWS\srchasst
2008-12-17 18:04:39 ----RD---- C:\WINDOWS\Web
2008-12-17 18:04:39 ----D---- C:\WINDOWS\addins
2008-12-17 18:04:38 ----D---- C:\WINDOWS\Media
2008-12-17 18:04:25 ----D---- C:\WINDOWS\Cursors
2008-12-17 18:04:19 ----RHD---- C:\MSOCache
2008-12-17 18:04:06 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-17 18:04:04 ----RSD---- C:\WINDOWS\assembly
2008-12-17 16:24:54 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-17 16:24:18 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-17 16:23:41 ----D---- C:\Documents and Settings
2008-12-17 16:22:36 ----A---- C:\WINDOWS\setuplog.txt
2008-12-17 16:22:34 ----SHD---- C:\System Volume Information
2008-12-17 16:22:03 ----D---- C:\sysprep
2008-12-17 16:21:40 ----RASH---- C:\boot.ini
2008-12-17 16:21:20 ----RSD---- C:\WINDOWS\Fonts
2008-12-17 16:21:19 ----A---- C:\AUTOEXEC.BAT
2008-12-17 16:19:05 ----D---- C:\WINDOWS\system
2008-12-17 16:19:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-17 16:18:34 ----D---- C:\WINDOWS\Help
2008-12-17 16:17:52 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-17 15:45:58 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-12-17 15:17:41 ----D---- C:\temp
2008-12-13 22:08:12 ----D---- C:\Downloads
2008-12-09 10:24:37 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2008-12-07 15:00:39 ----D---- C:\WINDOWS\Minidump
2008-12-03 10:55:49 ----D---- C:\WINDOWS\network diagnostic
2008-12-03 10:55:16 ----D---- C:\WINDOWS\l2schemas
2008-12-03 10:37:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-03 10:29:43 ----D---- C:\WINDOWS\EHome
2008-12-03 09:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-03 09:35:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-03 09:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-12-03 09:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-03 09:31:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-12-03 09:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-03 09:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-03 08:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-12-03 08:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-03 08:15:03 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-02 23:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-02 23:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-12-02 23:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-12-02 13:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-02 02:28:42 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-11-23 13:57:49 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-07-17 12160]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2003-12-04 263296]
R2 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-15 626220]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040625.019\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040625.019\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 SAVRT;SAVRT; \??\c:\Program Files\Norton AntiVirus\SAVRT.SYS []
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-07-19 218112]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-11 32768]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2003-12-04 16288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-03 730653]
S3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-05-05 142976]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2003-12-08 255096]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2003-12-08 218232]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2003-12-08 234616]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-17 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 navapsvc;Norton AntiVirus Auto Protect Service; c:\Program Files\Norton AntiVirus\navapsvc.exe [2004-06-04 174208]
R2 SymWSC;SymWMI Service; c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-08-05 308352]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-12-08 87160]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; c:\Program Files\Norton AntiVirus\SAVScan.exe [2003-11-07 193816]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2003-12-04 197856]

-----------------EOF-----------------

#12 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:47 AM

Posted 18 December 2008 - 03:16 PM

Hello Lagato,

That log does indeed look a lot better. :thumbsup:

The HijackThis log still shows some traces of malware though :
Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following, if still present :F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\mnnim.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xjumxgx.exe,

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Reboot your system, download and run ComboFix again and post the fresh log in your next reply please.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#13 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:47 AM

Posted 14 January 2009 - 10:28 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users