Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Monder and Mytob


  • This topic is locked This topic is locked
2 replies to this topic

#1 jmbstudios

jmbstudios

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 12 December 2008 - 12:03 PM

I ran Adware and it says I have a trojan and a worm infection. Monder and Mytob.
I have tried the cleaners for these and they did not work.

I would appreciate it if someone could help me out with this. Thank You.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-12-12 09:40:34
Microsoft Windows XP Professional Service Pack 3
System drive C: has 123 GB (84%) free of 146 GB
Total RAM: 2038 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:40 AM, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner.Kelley\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...TB&M=MX6931
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TB&M=MX6931
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6931
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {6cdb661a-d4b6-4334-ae24-fc86cf703ff0} - C:\WINDOWS\system32\nebiteda.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [yujozorihu] Rundll32.exe "C:\WINDOWS\system32\vodonuwe.dll",s
O4 - HKLM\..\Run: [CPM0ba4e073] Rundll32.exe "c:\windows\system32\tigegiju.dll",a
O4 - HKLM\..\Run: [0897d3ef] rundll32.exe "C:\WINDOWS\system32\jihawofo.dll",b
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [yujozorihu] Rundll32.exe "C:\WINDOWS\system32\vodonuwe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [yujozorihu] Rundll32.exe "C:\WINDOWS\system32\vodonuwe.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\fegufula.dll c:\windows\system32\tigegiju.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tigegiju.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tigegiju.dll
O23 - Service: IntelŪ PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlusŪ Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IntelŪ Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: IntelŪ PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: IntelŪ PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10148 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}]
McAfee Anti-Phishing Filter - c:\program files\mc [2008-12-01 45408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cdb661a-d4b6-4334-ae24-fc86cf703ff0}]
C:\WINDOWS\system32\nebiteda.dll [2008-09-10 62166]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\windows\system32\BAE.dll [2006-01-31 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mc [2008-12-01 45408]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-26 169984]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-05 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-05 688218]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-10-12 139264]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-12-27 413696]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-05-23 573440]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"VSOCheckTask"=C:\PROGRA~1\Mc [2008-12-01 45408]
"OASClnt"=C:\Program Files\Mc [2008-12-01 45408]
"MCAgentExe"=c:\PROGRA~1\mc [2008-12-01 45408]
"MCUpdateExe"=c:\PROGRA~1\mc [2008-12-01 45408]
"MSKAGENTEXE"=C:\PROGRA~1\Mc [2008-12-01 45408]
"MSKDetectorExe"=C:\PROGRA~1\Mc [2008-12-01 45408]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]
"VirusScan Online"=c:\PROGRA~1\mc [2008-12-01 45408]
"MPFExe"=C:\PROGRA~1\Mc [2008-12-01 45408]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-26 98304]
"yujozorihu"=C:\WINDOWS\system32\vodonuwe.dll [2008-09-10 62166]
"CPM0ba4e073"=c:\windows\system32\tigegiju.dll [2008-12-12 92846]
"0897d3ef"=C:\WINDOWS\system32\jihawofo.dll [2008-12-12 84599]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"=NA []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SVCHOST.EXE"=C:\WINDOWS\system32\drivers\svchost.exe []
"AdwareAlert"=C:\Program Files\AdwareAlert\AdwareAlert.exe [2008-12-04 9093120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe
Event Reminder.lnk - C:\Program Files\PrintMaster 16\pmremind.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\fegufula.dll c:\windows\system32\tigegiju.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tigegiju.dll [2008-12-12 92846]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tigegiju.dll [2008-12-12 92846]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\fegufula.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoWindowsUpdate"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1222454855\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1222454855\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:userinit"
"C:\Program Files\McAfee\SpamKiller\MSKAgent.exe"="C:\Program Files\McAfee\SpamKiller\MSKAgent.exe:*:Enabled:MskAgent"
"C:\Program Files\McAfee.com\VSO\mcvsshld.exe"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe:*:Enabled:mcvsshld"
"C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe"="C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe:*:Enabled:MpfTray"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\QuickTime\qttask.exe"="C:\Program Files\QuickTime\qttask.exe:*:Enabled:qttask"
"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe"="C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe:*:Enabled:ifrmewrk"
"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe"="C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe:*:Enabled:ZCfgSvc"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:msmsgs"
"C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe"="C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe:*:Enabled:MpfAgent"
"C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe:*:Enabled:MSKDetct"
"C:\WINDOWS\system32\hkcmd.exe"="C:\WINDOWS\system32\hkcmd.exe:*:Enabled:hkcmd"
"C:\Program Files\McAfee.com\VSO\McVSEscn.exe"="C:\Program Files\McAfee.com\VSO\McVSEscn.exe:*:Enabled:mcvsescn"
"C:\Program Files\AdwareAlert\AdwareAlert.exe"="C:\Program Files\AdwareAlert\AdwareAlert.exe:*:Enabled:AdwareAlert"
"C:\Program Files\McAfee.com\VSO\oasclnt.exe"="C:\Program Files\McAfee.com\VSO\oasclnt.exe:*:Enabled:oasclnt"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"
"C:\WINDOWS\stsystra.exe"="C:\WINDOWS\stsystra.exe:*:Enabled:stsystra"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe"="C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe:*:Enabled:MSKSrvr"
"C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe"="C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe:*:Enabled:RegSrvc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-12 09:40:35 ----D---- C:\Program Files\trend micro
2008-12-12 09:40:34 ----D---- C:\rsit
2008-12-12 01:18:18 ----SH---- C:\WINDOWS\system32\ofowahij.ini
2008-12-11 04:14:32 ----SH---- C:\WINDOWS\system32\ikalejak.ini
2008-12-10 16:14:07 ----SH---- C:\WINDOWS\system32\ahavobiw.ini
2008-12-10 15:13:47 ----SH---- C:\WINDOWS\system32\ugadujur.ini
2008-12-09 15:41:15 ----SH---- C:\WINDOWS\system32\izowuden.ini
2008-12-09 10:04:19 ----D---- C:\Program Files\AdwareAlert
2008-12-09 09:52:39 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-09 09:26:36 ----D---- C:\Documents and Settings\Owner.Kelley\Application Data\AdwareAlert
2008-12-09 08:42:21 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-09 03:41:09 ----SH---- C:\WINDOWS\system32\atoyetit.ini
2008-11-27 02:44:56 ----A---- C:\WINDOWS\system32\oestore.dll
2008-11-27 02:44:55 ----D---- C:\Program Files\Acesoft
2008-11-24 18:32:32 ----D---- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
2008-11-24 18:02:21 ----D---- C:\Program Files\Riverdeep
2008-11-24 18:01:54 ----A---- C:\WINDOWS\wplog.txt
2008-11-24 18:01:48 ----D---- C:\Program Files\Web Publish
2008-11-24 18:01:44 ----A---- C:\WINDOWS\system32\cdintf210.dll
2008-11-24 17:56:53 ----D---- C:\Program Files\Common Files\Broderbund
2008-11-24 17:56:40 ----D---- C:\Program Files\PrintMaster 16
2008-11-24 17:56:40 ----D---- C:\Documents and Settings\All Users\Application Data\Broderbund Software
2008-11-13 03:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-12 09:40:35 ----D---- C:\Program Files
2008-12-12 09:37:05 ----D---- C:\WINDOWS\system32
2008-12-12 09:07:56 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt
2008-12-12 09:07:46 ----A---- C:\WINDOWS\win.ini
2008-12-12 09:07:37 ----D---- C:\WINDOWS
2008-12-12 09:07:36 ----D---- C:\WINDOWS\Temp
2008-12-12 09:07:23 ----D---- C:\WINDOWS\Registration
2008-12-12 03:40:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-12 03:40:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-12 01:18:18 ----ASH---- C:\WINDOWS\system32\tigegiju.dll
2008-12-12 01:18:17 ----ASH---- C:\WINDOWS\system32\jihawofo.dll
2008-12-11 13:37:32 ----D---- C:\WINDOWS\Prefetch
2008-12-11 04:14:30 ----N---- C:\WINDOWS\system32\kajelaki.dll
2008-12-11 04:14:30 ----ASH---- C:\WINDOWS\system32\buhedina.dll
2008-12-10 16:14:07 ----ASH---- C:\WINDOWS\system32\vakumene.dll
2008-12-10 16:14:05 ----N---- C:\WINDOWS\system32\wibovaha.dll
2008-12-10 15:13:45 ----N---- C:\WINDOWS\system32\rujudagu.dll
2008-12-10 15:13:45 ----ASH---- C:\WINDOWS\system32\bimefili.dll
2008-12-10 15:13:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-09 15:41:15 ----N---- C:\WINDOWS\system32\neduwozi.dll
2008-12-09 15:41:15 ----ASH---- C:\WINDOWS\system32\zewobihu.dll
2008-12-09 10:04:19 ----SHD---- C:\WINDOWS\Installer
2008-12-09 09:52:39 ----D---- C:\Program Files\Common Files
2008-12-09 09:52:36 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 09:34:07 ----HD---- C:\WINDOWS\inf
2008-12-09 09:34:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-09 09:26:36 ----SD---- C:\WINDOWS\Tasks
2008-12-09 09:21:53 ----D---- C:\Program Files\Gateway Games
2008-12-09 09:19:25 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-09 09:19:25 ----D---- C:\Documents and Settings\All Users\Application Data\Napster
2008-12-09 09:17:17 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-09 03:41:07 ----N---- C:\WINDOWS\system32\titeyota.dll
2008-12-09 03:41:07 ----ASH---- C:\WINDOWS\system32\biyedepu.dll
2008-11-24 18:32:24 ----D---- C:\WINDOWS\WinSxS
2008-11-24 18:30:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-24 18:02:02 ----D---- C:\WINDOWS\system32\Macromed
2008-11-24 18:01:53 ----D---- C:\WINDOWS\Help
2008-11-24 17:57:12 ----RSD---- C:\WINDOWS\Fonts
2008-11-22 04:35:18 ----D---- C:\Documents and Settings
2008-11-14 08:56:43 ----D---- C:\WINDOWS\network diagnostic
2008-11-13 03:01:22 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:01:20 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-11-10 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-11-10 24832]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-08-16 80640]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-26 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-09-26 8552]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-05-23 893952]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-06-15 1179784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-05 185824]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-21 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]`
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;IntelŪ PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-01-22 244480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-04-10 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;IntelŪ PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 IAANTMon;IntelŪ Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-10-12 86140]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mc [2008-12-01 45408]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mc [2008-12-01 45408]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mc [2008-12-01 45408]
R2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\Mc [2008-12-01 45408]
R2 MskService;McAfee SpamKiller Server; C:\PROGRA~1\Mc [2008-12-01 45408]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2008-09-26 172032]
R2 RegSrvc;IntelŪ PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;IntelŪ PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 getPlusŪ Helper;getPlusŪ Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-26 138168]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\Mc [2008-12-01 45408]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]

-----------------EOF-----------------

Edited by jmbstudios, 12 December 2008 - 12:54 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,806 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:20 PM

Posted 20 December 2008 - 12:11 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,806 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:20 PM

Posted 26 December 2008 - 09:41 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please Start a new topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users