Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Antivirus 2009 and Other Adware


  • This topic is locked This topic is locked
10 replies to this topic

#1 cardmagi

cardmagi

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 30 December 2008 - 06:32 PM

Hi Guys,

I was infected with ANtivirus 2009 but I cleaned it up using Malwarebytes software. The only problem is, it did not catch other spyware still on my computer allowing internet explorer popups. I am hoping someone here can help me remove it.

Here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:12 PM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Sound Devices\USBPre\Services\jjtAutoLaunch.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\DOCUME~1\Yousif\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vidalia\vidalia.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Privoxy\privoxy.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Vongo\Tray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Tor\tor.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070118
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1700389
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\3vPc8L81.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: Vongo Tray.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206831430031
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {EFFF96BF-7DA7-4646-BE34-9624B0C1475E} (Zeus Learning::. Complex Application Distribution System Control (CADS)) - http://keyboarding.emcp.com/Resources/Component/cads.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jjtAutoLaunch - Sound Devices, LLC - C:\Program Files\Sound Devices\USBPre\Services\jjtAutoLaunch.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 17811 bytes

BC AdBot (Login to Remove)

 


#2 cardmagi

cardmagi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 03 January 2009 - 09:27 PM

If someone could please help me?

Thanks.

#3 cardmagi

cardmagi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 08 January 2009 - 09:23 AM

Its been almost a week and I haven't recieved help. I would really appreciate it if someone could guide me in removing this stuff.

#4 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:05:16 AM

Posted 09 January 2009 - 08:15 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

This may seem repetitive, but we need to see the current status of your system, please.
Please Hold on it may take us a day or so to get back with you.

Regards,
Lusitano
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#5 cardmagi

cardmagi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 12 January 2009 - 11:04 PM

Thank you very much for replying. My computer is really frustrating me!

Before anything, I want to ask something. I know this test is supposed to run with the internet disconnected, but once the internet is connected, a program called 6tNa2J24.exe is running as a process. I believe this program is running alot of the spyware on my computer, because when I open up task manager and close this process, nothing much happens. Once I stop it from running, I deleted it from the Windows system 32 folder. But the problem is, it keeps on coming back! I dont know how.

Anyway,

Here is the DDS.txt file:


DDS (Ver_09-01-07.01) - NTFSx86
Run by Yousif at 23:00:27.87 on Mon 01/12/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1454 [GMT -5:00]

FW: PC-cillin Internet Security - Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Sound Devices\USBPre\Services\jjtAutoLaunch.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\DOCUME~1\Yousif\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vidalia\vidalia.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Privoxy\privoxy.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Vongo\Tray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tor\tor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\6tNa2J24.exe
C:\WINDOWS\system32\K0073Jyf.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Yousif\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070118
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070118
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\tbIsoB.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\tbIsoB.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: solution Class: {99c6d1bb-7555-474c-91da-d8fb62a9cc75} - c:\windows\system32\3vPc8L81.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\tbIsoB.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Aim6]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Vidalia] "c:\program files\vidalia\vidalia.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\yousif\startm~1\programs\startup\palmon~1.lnk - c:\program files\palmone\register.exe
StartupFolder: c:\docume~1\yousif\startm~1\programs\startup\vongot~1.lnk - c:\docume~1\yousif\applic~1\microsoft\installer\{8c3ae2d1-854d-4650-a73d-c7cc7ee36b80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~2.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\privoxy.lnk - c:\program files\privoxy\privoxy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\yousif\applic~1\mozilla\firefox\profiles\nqxw04aq.default\
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

============= SERVICES / DRIVERS ===============

R4 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R4 jjtAutoLaunch;jjtAutoLaunch;c:\program files\sound devices\usbpre\services\jjtAutoLaunch.exe [2002-1-22 114688]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-25 24652]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 I2C_Filt;Upper filter for I2C communications;c:\windows\system32\drivers\I2C_Filt.sys [2007-4-22 14110]
S3 Low_Filt;Lower filter for PIC communications;c:\windows\system32\drivers\Low_Filt.sys [2007-4-22 16222]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\tm_cfw.sys --> c:\windows\system32\drivers\TM_CFW.sys [?]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\tmpfw.exe --> c:\progra~1\trendm~1\intern~1\TmPfw.exe [?]

=============== Created Last 30 ================

2009-01-12 19:14 41,474 a------- c:\windows\system32\6tNa2J24.exe
2009-01-07 20:32 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-07 20:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-07 16:11 <DIR> --d----- c:\program files\SpywareBlaster
2009-01-07 14:19 31,232 a------- c:\windows\system32\3vPc8L81.dll
2009-01-03 21:01 0 a------- c:\windows\system32\6tNa2J24.exe.a_a
2008-12-25 22:08 <DIR> --d----- c:\docume~1\yousif\applic~1\Malwarebytes
2008-12-25 22:08 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-25 22:08 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-25 22:08 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-25 22:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-25 03:41 31,744 a------- c:\windows\system32\K0073Jyf.exe
2008-12-18 15:59 <DIR> --d----- c:\program files\Fotosizer

==================== Find3M ====================

2009-01-12 22:58 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-01-10 00:56 62,857 a------- c:\windows\system32\nvModes.dat
2008-11-30 18:08 39,032 ac------ c:\docume~1\yousif\applic~1\GDIPFONTCACHEV1.DAT
2008-11-12 14:55 3,235 a------- c:\docume~1\yousif\applic~1\SAS7_000.DAT
2008-05-12 04:16 82 a------- c:\docume~1\alluse~1\applic~1\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
2008-04-04 01:09 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 23:01:02.90 ===============





Also, attatched is the attach.txt file in zip file, as said by the program.

Thank you so much!!

Attached Files


Edited by cardmagi, 12 January 2009 - 11:07 PM.


#6 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:05:16 AM

Posted 13 January 2009 - 07:40 AM

I see you have the Viewpoint products. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest that you remove the Viewpoint products; however, decide for yourself. Please let me know about your decision on your next reply!

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :thumbsup:
Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#7 cardmagi

cardmagi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 13 January 2009 - 12:39 PM

Thanks for your fast reply. Here is the Combofix log:

ComboFix 09-01-12.04 - Yousif 2009-01-13 12:03:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.950 [GMT -5:00]
Running from: c:\documents and settings\Yousif\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Yousif\Desktop\ComboFix.exe
FW: PC-cillin Internet Security - Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Yousif\Start Menu\Programs\Uninstall.lnk
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\3vPc8L81.dll
c:\windows\system32\6tNa2J24.exe
c:\windows\system32\6tNa2J24.exe.a_a
c:\windows\system32\6tNa2J24.exe_
c:\windows\system32\MabryObj.dll
c:\windows\Tasks\At100.job
c:\windows\Tasks\At101.job

.
((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-07 20:32 . 2009-01-07 22:07 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-07 20:32 . 2009-01-07 22:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-07 16:11 . 2009-01-07 16:12 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-25 22:08 . 2008-12-25 22:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-25 22:08 . 2008-12-25 22:08 <DIR> d-------- c:\documents and settings\Yousif\Application Data\Malwarebytes
2008-12-25 22:08 . 2008-12-25 22:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-25 22:08 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-25 22:08 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-25 03:41 . 2008-12-25 03:40 31,744 --a------ c:\windows\system32\K0073Jyf.exe
2008-12-18 15:59 . 2008-12-18 15:59 <DIR> d-------- c:\program files\Fotosizer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 17:11 --------- d-----w c:\documents and settings\Yousif\Application Data\Tor
2009-01-13 17:09 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-01-12 08:22 --------- d-----w c:\documents and settings\Yousif\Application Data\Vidalia
2009-01-10 03:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-06 22:32 --------- d-----w c:\program files\CD-DA X-Tractor
2009-01-06 22:32 --------- d-----w c:\program files\BitLord
2009-01-06 22:31 --------- d-----w c:\program files\EA GAMES
2009-01-06 22:30 --------- d-----w c:\program files\Anewsoft MP3 Recorder
2009-01-01 00:03 --------- d-----w c:\program files\Full Tilt Poker
2008-12-30 23:32 --------- d-----w c:\program files\Trend Micro
2008-12-30 01:39 --------- d-----w c:\documents and settings\Yousif\Application Data\Move Networks
2008-12-12 03:50 --------- d-----w c:\program files\Audacity
2008-12-02 02:48 --------- d-----w c:\documents and settings\Yousif\Application Data\FileZilla
2008-11-30 23:08 39,032 -c--a-w c:\documents and settings\Yousif\Application Data\GDIPFONTCACHEV1.DAT
2008-11-28 06:00 --------- d-----w c:\program files\LimeWire
2008-11-28 01:37 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-28 01:36 --------- d-----w c:\program files\Common Files\Adobe
2008-11-27 21:22 --------- d-----w c:\documents and settings\Yousif\Application Data\Apple Computer
2008-11-27 21:14 --------- d-----w c:\program files\iTunes
2008-11-27 21:14 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-27 21:13 --------- d-----w c:\program files\iPod
2008-11-27 21:13 --------- d-----w c:\program files\Common Files\Apple
2008-11-27 21:12 --------- d-----w c:\program files\QuickTime
2008-11-27 21:12 --------- d-----w c:\program files\Bonjour
2008-11-27 21:10 --------- d-----w c:\program files\Apple Software Update
2008-11-25 06:16 --------- d-----w c:\program files\Vstplugins
2008-11-25 06:16 --------- d-----w c:\program files\Image-Line
2008-11-25 06:15 --------- d-----w c:\program files\Outsim
2008-11-12 19:55 3,235 ----a-w c:\documents and settings\Yousif\Application Data\SAS7_000.DAT
2008-05-12 09:16 82 ----a-w c:\documents and settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
2008-04-04 06:09 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-12-21 05:17 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-21 05:17 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-21 05:17 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-21 05:17 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-21 05:17 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-07-27 1606680]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2008-07-27 21:11 1606680 --a------ c:\program files\IsoBuster\tbIsoB.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-07-27 1606680]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-07-27 1606680]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"Vidalia"="c:\program files\Vidalia\vidalia.exe" [2007-02-07 11891712]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-05-04 237568]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2006-05-04 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2006-05-04 09:32 73728]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2006-03-21 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-21 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-06-29 c:\windows\system32\CTMBHA.DLL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Yousif\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-09-19 2367488]
Vongo Tray.lnk - c:\documents and settings\Yousif\Application Data\Microsoft\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-02-21 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-24 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-01-18 24576]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Privoxy.lnk - c:\program files\Privoxy\privoxy.exe [2006-11-20 250368]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2007-06-15 114688]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Yousif^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=c:\documents and settings\Yousif\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=c:\windows\pss\palmOne Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Yousif^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=c:\documents and settings\Yousif\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a--c--- 2007-01-18 19:33 169984 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 13:49 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"ERSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"SharedAccess"=2 (0x2)
"McrdSvc"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\PROGRA~1\\ExamSoft\\SofTest\\SoftLnch.exe"=
"c:\\PROGRA~1\\ExamSoft\\SofTest\\softest.exe"= c:\\PROGRA~1\\ExamSoft\\SofTest\\SofTest.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R4 jjtAutoLaunch;jjtAutoLaunch;c:\program files\Sound Devices\USBPre\Services\jjtAutoLaunch.exe [2002-01-22 114688]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-25 24652]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 I2C_Filt;Upper filter for I2C communications;c:\windows\system32\drivers\I2C_Filt.sys [2007-04-22 14110]
S3 Low_Filt;Lower filter for PIC communications;c:\windows\system32\drivers\Low_Filt.sys [2007-04-22 16222]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys --> c:\windows\system32\DRIVERS\TM_CFW.sys [?]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe --> c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-13 c:\windows\Tasks\At1.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At10.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At102.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At103.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At104.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At105.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At106.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At107.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At108.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At109.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At11.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-11 c:\windows\Tasks\At110.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At111.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At112.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At113.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At114.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At115.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At116.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At117.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At118.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At119.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At12.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At120.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At121.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At122.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At123.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At124.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At125.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At126.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At127.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At128.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At129.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At13.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At130.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At131.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At132.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At133.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At134.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At135.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At136.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At137.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At138.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At139.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At14.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At140.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At141.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At142.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At143.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At144.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At145.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At146.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At147.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At148.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At149.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At15.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At150.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At151.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At152.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At153.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At154.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At155.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At156.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At157.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At158.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At159.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At16.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-11 c:\windows\Tasks\At160.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At161.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At162.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At163.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At164.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At165.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At166.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At167.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At168.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At169.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At17.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At170.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At171.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At172.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At173.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At174.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At175.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At176.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At177.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At178.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At179.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At18.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At180.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At181.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At182.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At183.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At184.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At185.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At186.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At187.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At188.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At189.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At19.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At190.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At191.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At192.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At193.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At194.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At195.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At196.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At197.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At198.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At199.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At2.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At20.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At200.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At201.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At202.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At203.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At204.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At205.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At206.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At207.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At208.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At209.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At21.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-12 c:\windows\Tasks\At210.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At211.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At212.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At213.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At214.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At215.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At216.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At217.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At218.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At219.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At22.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At220.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At221.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At222.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At223.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At224.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At225.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At226.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At227.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At228.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At229.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At23.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-11 c:\windows\Tasks\At230.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At231.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At232.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At233.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At234.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At235.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At236.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At237.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At238.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At239.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At24.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At240.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At241.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At242.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At243.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At244.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At245.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At246.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At247.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At248.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At249.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At25.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At250.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At251.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At252.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At253.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At254.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At255.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At256.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At257.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At258.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At259.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At26.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At260.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At261.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At262.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At263.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At264.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At265.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At266.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At267.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At268.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At269.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At27.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At270.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At271.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At272.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At273.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At274.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At275.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At276.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At277.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At278.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At279.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At28.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At280.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At281.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At282.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At283.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At284.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At285.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At286.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At287.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At288.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At289.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At29.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At290.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At291.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At292.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At293.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At294.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At295.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At296.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At297.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At298.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At299.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At3.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At30.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At300.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At301.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At302.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At303.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At304.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At305.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At306.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At307.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At308.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At309.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At31.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At310.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At311.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At312.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At313.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At314.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At315.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At316.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At317.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At318.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At319.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At32.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At320.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At321.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At322.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At323.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At324.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At325.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At326.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At327.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At328.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At329.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At33.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At330.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At331.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At332.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At333.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At334.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At335.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At336.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At34.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At35.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At36.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At37.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At38.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At39.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At4.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-11 c:\windows\Tasks\At40.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At41.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At42.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At43.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At44.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At45.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At46.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At47.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At48.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At49.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At5.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At50.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At51.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At52.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At53.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At54.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At55.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At56.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At57.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At58.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At59.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At6.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At60.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At61.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At62.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At63.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At64.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At65.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At66.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At67.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At68.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At69.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At7.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At70.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At71.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At72.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At73.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At74.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At75.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At76.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At77.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At78.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At79.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At8.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-13 c:\windows\Tasks\At80.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At81.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At82.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At83.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At84.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At85.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At86.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At87.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-11 c:\windows\Tasks\At88.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-10 c:\windows\Tasks\At89.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At9.job
- c:\windows\system32\K0073Jyf.exe [2008-12-25 03:40]

2009-01-12 c:\windows\Tasks\At90.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-12 c:\windows\Tasks\At91.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At92.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At93.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At94.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At95.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At96.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At97.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At98.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\At99.job
- c:\windows\system32\6tNa2J24.exe []

2009-01-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-Aim6 - (no file)
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070118
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

c:\windows\system32\DTCore.dll - c:\windows\Downloaded Program Files\cads.ocx
O16 -: {EFFF96BF-7DA7-4646-BE34-9624B0C1475E}
hxxp://keyboarding.emcp.com/Resources/Component/cads.CAB
c:\windows\Downloaded Program Files\cads.inf
FF - ProfilePath - c:\documents and settings\Yousif\Application Data\Mozilla\Firefox\Profiles\nqxw04aq.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 12:10:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1040)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(6980)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\stacsv.exe
c:\windows\system32\Tablet.exe
c:\program files\Vongo\VongoService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\docume~1\Yousif\LOCALS~1\Temp\clclean.0001
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Vongo\Tray.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Tor\tor.exe
.
**************************************************************************
.
Completion time: 2009-01-13 12:27:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-13 17:26:53

Pre-Run: 12,245,585,920 bytes free
Post-Run: 12,735,557,632 bytes free

956

#8 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:05:16 AM

Posted 13 January 2009 - 02:16 PM

Hello,


1. Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.

Full Tilt Poker




2. Please go to the following url: http://www.bleepingcomputer.com/submit-malware.php?channel=4
  • "Link to topic where this file was requested:" - please insert the link to this topic in the text box
  • "Browse to the file you want to submit:" - please click on browse and navigate to:
    c:\windows\system32\K0073Jyf.exe
  • "Leave any comments, further information about this file, or contact information:" - please mention in the text box that Lusitano requested you to submit the file
  • Click Submit

3. Go to Start Run type: Notepad OK.
Copy (Ctrl+C) and paste (Ctrl+V) the following text inside the code box below to Notepad. (Be sure to use Notepad, not Wordpad, otherwise it won't work).
@ECHO OFF
DEL /A/F/Q c:\windows\Tasks\At*.job
delete fixjob.bat
exit
  • Click File at the top and then choose Save As.
  • Change Save As Type to All Files.
  • Name it fixjob.bat and save it on your desktop.
  • It should look like this: Posted Image
  • Double click fixjob.bat. A window will open and close. This is normal.
4. Now, close any open browsers.
  • Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\K0073Jyf.exe
Folder::
c:\program files\Full Tilt Poker
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Post them along with a new HijackThis log.
Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please let me know about your decision on the Viewpoint Manager software.

Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#9 cardmagi

cardmagi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 13 January 2009 - 03:08 PM

Thanks for the quick reply. I have deleted Full Tilt Poker and Viewpoint manager from my computer. I also uploaded the file as you requested, ran the fixjob.bat as well, and ran the new combofix.

When I ran combo fix earlier (not the new one you told me to run right now), I noticed that the program 6tNa2J24.exe was still somehow installing itself on my computer again, even after combofix deleted it. I am hoping after these new things you told me to do, it can now not install itself again. As said before, I used task manager to close the .exe program, because it seems to be promoting IE popups.

Here are my new logs:

ComboFix 09-01-12.04 - Yousif 2009-01-13 15:01:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1453 [GMT -5:00]
Running from: c:\documents and settings\Yousif\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Yousif\Desktop\CFScript.txt
FW: PC-cillin Internet Security - Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\K0073Jyf.exe
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Full Tilt Poker
c:\program files\Full Tilt Poker\application.prefs
c:\program files\Full Tilt Poker\Cache\42D4EB830001.dc
c:\program files\Full Tilt Poker\Cache\FFFFFFFF0001.dc
c:\program files\Full Tilt Poker\Cache\my-promotions.png
c:\program files\Full Tilt Poker\Cache\PPA-centerframe_04.png
c:\program files\Full Tilt Poker\Cache\ppa-freeroll-dcs.jpg
c:\program files\Full Tilt Poker\KingSpadez.dat
c:\program files\Full Tilt Poker\KingSpadez.xml
c:\windows\system32\3vPc8L81.dll
c:\windows\system32\6tNa2J24.exe
c:\windows\system32\6tNa2J24.exe.a_a
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\K0073Jyf.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-07 20:32 . 2009-01-07 22:07 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-07 20:32 . 2009-01-07 22:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-07 16:11 . 2009-01-07 16:12 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-25 22:08 . 2008-12-25 22:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-25 22:08 . 2008-12-25 22:08 <DIR> d-------- c:\documents and settings\Yousif\Application Data\Malwarebytes
2008-12-25 22:08 . 2008-12-25 22:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-25 22:08 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-25 22:08 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-18 15:59 . 2008-12-18 15:59 <DIR> d-------- c:\program files\Fotosizer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 19:57 --------- d-----w c:\program files\Viewpoint
2009-01-13 19:57 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-13 19:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-13 19:43 --------- d-----w c:\documents and settings\Yousif\Application Data\Tor
2009-01-13 17:37 --------- d-----w c:\program files\Vongo
2009-01-13 17:23 --------- d-----w c:\documents and settings\Yousif\Application Data\Vidalia
2009-01-10 03:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-06 22:32 --------- d-----w c:\program files\CD-DA X-Tractor
2009-01-06 22:32 --------- d-----w c:\program files\BitLord
2009-01-06 22:31 --------- d-----w c:\program files\EA GAMES
2009-01-06 22:30 --------- d-----w c:\program files\Anewsoft MP3 Recorder
2008-12-30 23:32 --------- d-----w c:\program files\Trend Micro
2008-12-30 01:39 --------- d-----w c:\documents and settings\Yousif\Application Data\Move Networks
2008-12-12 03:50 --------- d-----w c:\program files\Audacity
2008-12-02 02:48 --------- d-----w c:\documents and settings\Yousif\Application Data\FileZilla
2008-11-30 23:08 39,032 -c--a-w c:\documents and settings\Yousif\Application Data\GDIPFONTCACHEV1.DAT
2008-11-28 06:00 --------- d-----w c:\program files\LimeWire
2008-11-28 01:37 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-28 01:36 --------- d-----w c:\program files\Common Files\Adobe
2008-11-27 21:22 --------- d-----w c:\documents and settings\Yousif\Application Data\Apple Computer
2008-11-27 21:14 --------- d-----w c:\program files\iTunes
2008-11-27 21:14 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-27 21:13 --------- d-----w c:\program files\iPod
2008-11-27 21:13 --------- d-----w c:\program files\Common Files\Apple
2008-11-27 21:12 --------- d-----w c:\program files\QuickTime
2008-11-27 21:12 --------- d-----w c:\program files\Bonjour
2008-11-27 21:10 --------- d-----w c:\program files\Apple Software Update
2008-11-25 06:16 --------- d-----w c:\program files\Vstplugins
2008-11-25 06:16 --------- d-----w c:\program files\Image-Line
2008-11-25 06:15 --------- d-----w c:\program files\Outsim
2008-11-12 19:55 3,235 ----a-w c:\documents and settings\Yousif\Application Data\SAS7_000.DAT
2008-05-12 09:16 82 ----a-w c:\documents and settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
2008-04-04 06:09 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-12-21 05:17 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-21 05:17 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-21 05:17 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-21 05:17 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-21 05:17 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-13_12.13.26.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-10 19:05:40 80,066 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-13 17:17:02 80,066 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-10 19:05:40 461,364 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-13 17:17:02 461,364 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-13 17:44:07 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_808.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-07-27 1606680]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2008-07-27 21:11 1606680 --a------ c:\program files\IsoBuster\tbIsoB.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-07-27 1606680]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-07-27 1606680]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"Vidalia"="c:\program files\Vidalia\vidalia.exe" [2007-02-07 11891712]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-05-04 237568]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2006-05-04 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2006-05-04 09:32 73728]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2006-03-21 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-21 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2006-06-29 c:\windows\system32\CTMBHA.DLL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Yousif\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-09-19 2367488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-24 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-01-18 24576]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Privoxy.lnk - c:\program files\Privoxy\privoxy.exe [2006-11-20 250368]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2007-06-15 114688]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Yousif^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=c:\documents and settings\Yousif\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=c:\windows\pss\palmOne Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Yousif^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=c:\documents and settings\Yousif\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a--c--- 2007-01-18 19:33 169984 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 13:49 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"ERSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"SharedAccess"=2 (0x2)
"McrdSvc"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\PROGRA~1\\ExamSoft\\SofTest\\SoftLnch.exe"=
"c:\\PROGRA~1\\ExamSoft\\SofTest\\softest.exe"= c:\\PROGRA~1\\ExamSoft\\SofTest\\SofTest.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R4 jjtAutoLaunch;jjtAutoLaunch;c:\program files\Sound Devices\USBPre\Services\jjtAutoLaunch.exe [2002-01-22 114688]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 I2C_Filt;Upper filter for I2C communications;c:\windows\system32\drivers\I2C_Filt.sys [2007-04-22 14110]
S3 Low_Filt;Lower filter for PIC communications;c:\windows\system32\drivers\Low_Filt.sys [2007-04-22 16222]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys --> c:\windows\system32\DRIVERS\TM_CFW.sys [?]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe --> c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070118
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

c:\windows\system32\DTCore.dll - c:\windows\Downloaded Program Files\cads.ocx
O16 -: {EFFF96BF-7DA7-4646-BE34-9624B0C1475E}
hxxp://keyboarding.emcp.com/Resources/Component/cads.CAB
c:\windows\Downloaded Program Files\cads.inf
FF - ProfilePath - c:\documents and settings\Yousif\Application Data\Mozilla\Firefox\Profiles\nqxw04aq.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 15:02:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1032)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-01-13 15:04:11
ComboFix-quarantined-files.txt 2009-01-13 20:03:35
ComboFix2.txt 2009-01-13 17:27:42

Pre-Run: 12,640,149,504 bytes free
Post-Run: 12,630,441,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

269













Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:45 PM, on 1/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Sound Devices\USBPre\Services\jjtAutoLaunch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vidalia\vidalia.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\stacsv.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Privoxy\privoxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Tor\tor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206831430031
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {EFFF96BF-7DA7-4646-BE34-9624B0C1475E} (Zeus Learning::. Complex Application Distribution System Control (CADS)) - http://keyboarding.emcp.com/Resources/Component/cads.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jjtAutoLaunch - Sound Devices, LLC - C:\Program Files\Sound Devices\USBPre\Services\jjtAutoLaunch.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 16093 bytes

Edited by cardmagi, 13 January 2009 - 03:09 PM.


#10 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:05:16 AM

Posted 14 January 2009 - 08:04 AM

Hello,

I noticed that the program 6tNa2J24.exe was still somehow installing itself on my computer again, even after combofix deleted it. I am hoping after these new things you told me to do, it can now not install itself again.

I dont see the 6tNa2J24.exe on the logs now.

As said before, I used task manager to close the .exe program, because it seems to be promoting IE popups.

Very strange, we need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.


Now, close any open browsers.
  • Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\program files\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Post them along with a new HijackThis log.
Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#11 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:05:16 AM

Posted 21 January 2009 - 04:54 AM

Due to inactivity this thread has been closed to prevent others with similar problems posting to it.
If you need it re-opened please PM a member of the moderating team with a link to your thread.

Thanks
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users