Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spybot/mbam/adaware disbaled by spyware


  • This topic is locked This topic is locked
16 replies to this topic

#1 langefbd

langefbd

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 11 February 2009 - 03:15 PM

DDS.txt is at bottom of post

I have the following problems:


background replaced by active desktop warning or the following

"Warning
Dangerous spyware
many viruses were found on your computer such as : Trojan horse,
PassCapture, etc.
you personal information can fall into "third hands"
please check up the computer with a special software
thank"


taskbar icons such as wireless, sound, and battery indicators missing


a red x shows up in this same taskbar with a balloon coming out that says:

"Warning! Security report
Your computer is infected! It is recommended to start spyware cleaner tool"


receive "Invalid floating point operation" or program simply closes itself
when trying to open up legitimate spyware cleaners such as spybot adaware and malwarebytes


desktop icons replaced by icons with same image but that all link to <http://lsp-test-nax.ind.in/land/eurl/?code=15>


this page pops up randomly: <http://antivirusxp-pro2009.com/?code=0000049>


my documents opens by itself


a process call msmpeng.exe eats up alot of my processor


windows explorer keeps crashing


and finally...


every 4 hours or so a message shows up telling me that the generic host process for win32 is not working properly
and the computer forces shut down within a minute (unless i don't hit ok on the message window)



DDS (Ver_09-02-01.01) - NTFSx86
Run by langefbd at 15:02:53.17 on Wed 02/11/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1539 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\FUSE\bin\FuseSysTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\\?\globalroot\systemroot\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\langefbd\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rose-hulman.edu/
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\efcYroml.dll
BHO: {6E4DFB65-F0AE-4607-9AEC-5D3C58B3137E} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: {CDF521B3-07C4-42A4-8286-2CFE762379D8} - No File
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [FuseSysTray] c:\program files\fuse\bin\FuseSysTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Framework Windows] frmwrk32.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\docume~1\localmgr\locals~1\temp\ntdll64.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223484632890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
TCP: {03EBB9F9-B098-439C-9D3A-8FEE73C73500} = 137.112.4.196,137.112.5.28
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: byXPFvwx - byXPFvwx.dll
Notify: efcYroml - efcYroml.dll
Notify: MIT_KFW - c:\windows\system32\kfwlogon.dll
AppInit_DLLs: c:\windows\system32\zorirako.dll,c:\windows\system32\nazoduse.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\efcYroml.dll
LSA: Notification Packages = scecli c:\windows\system32\nazoduse.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\langefbd\applic~1\mozilla\firefox\profiles\6nezwuii.default\
FF - HiddenExtension: XUL Cache: {5EC37157-3D0F-4069-A90F-5BDCAB9BE994} - c:\windows\system32\config\systemprofile\local settings\application data\{5ec37157-3d0f-4069-a90f-5bdcab9be994}\
FF - HiddenExtension: XUL Cache: {FC4BB51D-5CC8-4483-8352-7DE30264A5FC} - c:\documents and settings\langefbd\local settings\application data\{FC4BB51D-5CC8-4483-8352-7DE30264A5FC}

============= SERVICES / DRIVERS ===============

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2007-10-16 31784]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-8-2 104000]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2007-10-16 54608]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2007-9-26 26137]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-8-1 87936]
S0 awklqfeo;awklqfeo;c:\windows\system32\drivers\wjbv.sys --> c:\windows\system32\drivers\wjbv.sys [?]
S2 bnone;BenOne General Purpose USB Driver (bnone.sys);c:\windows\system32\drivers\bnone.sys [2009-1-17 12205]
S2 bnoneLoad;BenOne Firmware Loader (bnoneldr.sys);c:\windows\system32\drivers\bnoneldr.sys [2009-1-17 11683]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 FUSE TCPIP;FUSE TCPIP Server;c:\program files\fuse\bin\server.exe [2004-12-21 65536]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2007-9-26 157648]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-10 38496]
S3 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2007-10-16 144704]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-8-2 72680]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-8-2 33960]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-8-2 171272]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]

============== File Associations ===============

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
vbefile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
vbsfile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
jsefile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1

=============== Created Last 30 ================

2009-02-11 14:44 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-02-11 14:35 <DIR> --d----- C:\VundoFix Backups
2009-02-11 14:35 35,328 a------- c:\windows\system32\cbXPhIYr.dll
2009-02-11 14:26 129,024 a------- c:\windows\system32\gbokwa.dll
2009-02-11 14:26 129,024 a------- c:\windows\system32\geBtSKAS.dll
2009-02-11 02:59 129,024 a------- c:\windows\system32\rqxdus.dll
2009-02-11 02:59 129,024 a------- c:\windows\system32\ljJBqrPh.dll
2009-02-11 01:34 129,024 a------- c:\windows\system32\gqwzoy.dll
2009-02-11 01:34 129,024 a------- c:\windows\system32\ddcAtrst.dll
2009-02-10 18:46 129,024 a------- c:\windows\system32\eckjwj.dll
2009-02-10 18:46 129,024 a------- c:\windows\system32\mlJBTkIx.dll
2009-02-10 17:26 <DIR> --d----- c:\program files\Trend Micro
2009-02-10 17:22 129,024 a------- c:\windows\system32\ffvkbf.dll
2009-02-10 17:22 129,024 a------- c:\windows\system32\urqpopNF.dll
2009-02-10 17:17 24,064 a------- c:\windows\system32\998.exe
2009-02-10 14:39 129,024 a------- c:\windows\system32\levldc.dll
2009-02-10 14:39 129,024 a------- c:\windows\system32\khfEVNDt.dll
2009-02-10 13:39 129,024 a------- c:\windows\system32\ajrwlz.dll
2009-02-10 13:39 129,024 a------- c:\windows\system32\nnnnNHAP.dll
2009-02-10 12:38 129,024 a------- c:\windows\system32\nhkkbk.dll
2009-02-10 12:38 129,024 a------- c:\windows\system32\geBuusRI.dll
2009-02-10 11:48 4,785 a------- c:\windows\system32\warning.gif
2009-02-10 11:48 1,347 a------- c:\windows\system32\ahtn.htm
2009-02-10 11:47 104,960 a------- c:\windows\system32\ntdll64.exe
2009-02-10 11:46 24,064 a------- c:\windows\system32\frmwrk32.exe
2009-02-10 11:25 129,024 a------- c:\windows\system32\rmlhgk.dll
2009-02-10 11:25 129,024 a------- c:\windows\system32\rqRJDspM.dll
2009-02-10 10:24 129,024 a------- c:\windows\system32\ujlllm.dll
2009-02-10 10:24 129,024 a------- c:\windows\system32\mlJAtRIb.dll
2009-02-10 02:51 129,024 a------- c:\windows\system32\iaqklx.dll
2009-02-10 02:51 129,024 a------- c:\windows\system32\ljJBqqRi.dll
2009-02-10 01:51 129,024 a------- c:\windows\system32\lbmqqz.dll
2009-02-10 01:50 129,024 a------- c:\windows\system32\yayxuRiF.dll
2009-02-10 00:44 129,024 a------- c:\windows\system32\yfweva.dll
2009-02-10 00:44 129,024 a------- c:\windows\system32\iIBrrQGy.dll
2009-02-10 00:10 <DIR> --d----- C:\seniorproj
2009-02-10 00:06 <DIR> --d----- C:\DocumentsandSettings
2009-02-09 23:43 129,024 a------- c:\windows\system32\ljzpdf.dll
2009-02-09 23:43 129,024 a------- c:\windows\system32\efcBrQGY.dll
2009-02-07 18:54 129,024 a------- c:\windows\system32\nsecee.dll
2009-02-07 18:54 129,024 a------- c:\windows\system32\awtqnkhe.dll
2009-02-07 17:43 129,024 a------- c:\windows\system32\oidruc.dll
2009-02-07 17:43 129,024 a------- c:\windows\system32\opnmLBst.dll
2009-02-07 16:33 129,024 a------- c:\windows\system32\azmuof.dll
2009-02-07 16:33 129,024 a------- c:\windows\system32\urqOEwuR.dll
2009-02-07 13:23 129,024 a------- c:\windows\system32\djycfs.dll
2009-02-07 13:23 129,024 a------- c:\windows\system32\cbXPjKCv.dll
2009-02-07 12:22 129,024 a------- c:\windows\system32\ucxemm.dll
2009-02-07 12:22 129,024 a------- c:\windows\system32\efcCrQHW.dll
2009-02-07 11:22 129,024 a------- c:\windows\system32\fqvpqg.dll
2009-02-07 11:21 129,024 a------- c:\windows\system32\vtUkheBq.dll
2009-02-07 10:20 129,024 a------- c:\windows\system32\yhgsjz.dll
2009-02-07 10:20 129,024 a------- c:\windows\system32\xxyxWNFx.dll
2009-02-07 09:20 129,024 a------- c:\windows\system32\qjjpcr.dll
2009-02-07 09:20 129,024 a------- c:\windows\system32\efcDWNeB.dll
2009-02-07 08:19 129,024 a------- c:\windows\system32\ntyazm.dll
2009-02-07 08:19 129,024 a------- c:\windows\system32\mlJDuvVM.dll
2009-02-07 07:19 129,024 a------- c:\windows\system32\jlblbi.dll
2009-02-07 07:19 129,024 a------- c:\windows\system32\tuvTMCRJ.dll
2009-02-07 06:19 129,024 a------- c:\windows\system32\dzcdfh.dll
2009-02-07 06:19 129,024 a------- c:\windows\system32\awtqpPgF.dll
2009-02-06 22:45 129,024 a------- c:\windows\system32\ioblho.dll
2009-02-06 22:44 129,024 a------- c:\windows\system32\mlJYSjIX.dll
2009-02-06 21:44 129,024 a------- c:\windows\system32\akbeiu.dll
2009-02-06 21:44 129,024 a------- c:\windows\system32\byXrrOIy.dll
2009-02-06 20:43 129,024 a------- c:\windows\system32\nsqihm.dll
2009-02-06 20:43 129,024 a------- c:\windows\system32\qoMGVmKc.dll
2009-02-06 19:43 129,024 a------- c:\windows\system32\uahvqq.dll
2009-02-06 19:43 129,024 a------- c:\windows\system32\mlJYsssQ.dll
2009-02-06 18:43 129,024 a------- c:\windows\system32\vmisis.dll
2009-02-06 18:43 129,024 a------- c:\windows\system32\yayaWNgD.dll
2009-02-06 17:43 129,024 a------- c:\windows\system32\crppum.dll
2009-02-06 17:43 129,024 a------- c:\windows\system32\khfETnoo.dll
2009-02-06 16:42 129,024 a------- c:\windows\system32\wcnvsy.dll
2009-02-06 16:42 129,024 a------- c:\windows\system32\khfDusSl.dll
2009-02-06 15:42 129,024 a------- c:\windows\system32\hkjjpe.dll
2009-02-06 15:42 129,024 a------- c:\windows\system32\urqqnlKC.dll
2009-02-06 14:42 129,024 a------- c:\windows\system32\eevhnj.dll
2009-02-06 14:42 129,024 a------- c:\windows\system32\yayxVpQh.dll
2009-02-06 13:43 129,024 a------- c:\windows\system32\lvnqpt.dll
2009-02-06 13:43 129,024 a------- c:\windows\system32\efcdCuUM.dll
2009-02-06 02:23 129,024 a------- c:\windows\system32\cqdduj.dll
2009-02-06 02:23 129,024 a------- c:\windows\system32\mlJDsRki.dll
2009-02-06 01:23 129,024 a------- c:\windows\system32\trqieg.dll
2009-02-06 01:23 129,024 a------- c:\windows\system32\hgGvuRkj.dll
2009-02-06 00:22 129,024 a------- c:\windows\system32\qcelpa.dll
2009-02-06 00:22 129,024 a------- c:\windows\system32\tuvTnoOg.dll
2009-02-05 23:22 129,024 a------- c:\windows\system32\qwmeea.dll
2009-02-05 23:22 129,024 a------- c:\windows\system32\jkkKcBtS.dll
2009-02-05 22:22 129,024 a------- c:\windows\system32\rligjw.dll
2009-02-05 22:22 129,024 a------- c:\windows\system32\ddcbBrOG.dll
2009-02-05 14:47 129,024 a------- c:\windows\system32\zwmgyb.dll
2009-02-05 14:47 129,024 a------- c:\windows\system32\opnOFYPh.dll
2009-02-05 13:50 129,024 a------- c:\windows\system32\hjelhq.dll
2009-02-05 13:50 129,024 a------- c:\windows\system32\ssqOIAsr.dll
2009-02-05 12:49 129,024 a------- c:\windows\system32\sinuhp.dll
2009-02-05 12:49 129,024 a------- c:\windows\system32\ddcCRKbY.dll
2009-02-05 11:47 129,024 a------- c:\windows\system32\nhwvth.dll
2009-02-05 11:47 129,024 a------- c:\windows\system32\iifFUmMd.dll
2009-02-05 10:47 129,024 a------- c:\windows\system32\usdcty.dll
2009-02-05 10:47 129,024 a------- c:\windows\system32\fccyyYoL.dll
2009-02-05 09:47 129,024 a------- c:\windows\system32\tkmdtq.dll
2009-02-05 09:47 129,024 a------- c:\windows\system32\yayvVpQJ.dll
2009-02-05 08:46 129,024 a------- c:\windows\system32\pzebsi.dll
2009-02-05 08:46 129,024 a------- c:\windows\system32\xxyyxxya.dll
2009-02-05 07:46 129,024 a------- c:\windows\system32\unpdtw.dll
2009-02-05 07:46 129,024 a------- c:\windows\system32\rqRlJCur.dll
2009-02-05 06:45 129,024 a------- c:\windows\system32\bisoja.dll
2009-02-05 06:45 129,024 a------- c:\windows\system32\awtuvSkj.dll
2009-02-05 05:45 129,024 a------- c:\windows\system32\liqzxt.dll
2009-02-05 05:45 129,024 a------- c:\windows\system32\tuvUMcby.dll
2009-02-05 04:45 129,024 a------- c:\windows\system32\fkjoyv.dll
2009-02-05 04:45 129,024 a------- c:\windows\system32\pmnLdATM.dll
2009-02-05 03:44 129,024 a------- c:\windows\system32\zyzimd.dll
2009-02-05 03:44 129,024 a------- c:\windows\system32\ssqpPjgH.dll
2009-02-05 02:18 129,024 a------- c:\windows\system32\qfsbkt.dll
2009-02-05 02:17 129,024 a------- c:\windows\system32\jkkLBtsS.dll
2009-02-05 00:16 129,024 a------- c:\windows\system32\pecmwe.dll
2009-02-05 00:16 129,024 a------- c:\windows\system32\nnnlmMcd.dll
2009-02-04 23:16 129,024 a------- c:\windows\system32\tkggim.dll
2009-02-04 23:16 129,024 a------- c:\windows\system32\byXOfcBu.dll
2009-02-04 22:15 129,024 a------- c:\windows\system32\xqulaz.dll
2009-02-04 22:15 129,024 a------- c:\windows\system32\qoMgggDs.dll
2009-02-04 20:10 129,024 a------- c:\windows\system32\tbqzua.dll
2009-02-04 20:10 129,024 a------- c:\windows\system32\efcARhIy.dll
2009-02-04 19:09 129,024 a------- c:\windows\system32\fenvbl.dll
2009-02-04 19:09 129,024 a------- c:\windows\system32\opnlKabx.dll
2009-02-04 18:09 129,024 a------- c:\windows\system32\mjrpnl.dll
2009-02-04 18:09 129,024 a------- c:\windows\system32\efcCuRhg.dll
2009-02-04 17:09 129,024 a------- c:\windows\system32\dvbsef.dll
2009-02-04 17:09 129,024 a------- c:\windows\system32\awtrRLFx.dll
2009-02-04 16:08 129,024 a------- c:\windows\system32\fnqole.dll
2009-02-04 16:08 129,024 a------- c:\windows\system32\khfGwWOF.dll
2009-02-04 15:04 129,024 a------- c:\windows\system32\etuonk.dll
2009-02-04 15:03 129,024 a------- c:\windows\system32\rqRLbyyA.dll
2009-02-04 14:03 129,024 a------- c:\windows\system32\zmynfn.dll
2009-02-04 14:03 129,024 a------- c:\windows\system32\ddcCUoNd.dll
2009-02-04 13:03 129,024 a------- c:\windows\system32\qiegkx.dll
2009-02-04 13:03 129,024 a------- c:\windows\system32\tuvWnnMd.dll
2009-02-04 12:02 129,024 a------- c:\windows\system32\kpurss.dll
2009-02-04 12:02 129,024 a------- c:\windows\system32\cbXRHxWp.dll
2009-02-04 11:01 129,024 a------- c:\windows\system32\khevpo.dll
2009-02-04 11:01 129,024 a------- c:\windows\system32\vtUnolMC.dll
2009-02-04 10:01 129,024 a------- c:\windows\system32\pdjgkg.dll
2009-02-04 10:01 129,024 a------- c:\windows\system32\nnnoPJCr.dll
2009-02-04 09:00 129,024 a------- c:\windows\system32\cgrplc.dll
2009-02-04 09:00 129,024 a------- c:\windows\system32\ssqOHbYR.dll
2009-02-04 08:00 129,024 a------- c:\windows\system32\xvqzgz.dll
2009-02-04 08:00 129,024 a------- c:\windows\system32\geBsrSLD.dll
2009-02-04 06:59 129,024 a------- c:\windows\system32\wtivxn.dll
2009-02-04 06:59 129,024 a------- c:\windows\system32\khfFyXpM.dll
2009-02-04 05:59 129,024 a------- c:\windows\system32\jaubql.dll
2009-02-04 05:59 129,024 a------- c:\windows\system32\ddcAssro.dll
2009-02-04 04:58 129,024 a------- c:\windows\system32\hoxheu.dll
2009-02-04 04:58 129,024 a------- c:\windows\system32\pmnooMdC.dll
2009-02-04 03:57 129,024 a------- c:\windows\system32\yvjrni.dll
2009-02-04 03:57 129,024 a------- c:\windows\system32\pmnkLfde.dll
2009-02-04 02:57 129,024 a------- c:\windows\system32\omszwq.dll
2009-02-04 02:57 129,024 a------- c:\windows\system32\opnmJDWP.dll
2009-02-04 01:56 129,024 a------- c:\windows\system32\ymsxjv.dll
2009-02-04 01:56 129,024 a------- c:\windows\system32\fccbBSkh.dll
2009-02-04 00:56 129,024 a------- c:\windows\system32\jxpsel.dll
2009-02-04 00:56 129,024 a------- c:\windows\system32\yayaYqQh.dll
2009-02-03 23:56 129,024 a------- c:\windows\system32\etrxzx.dll
2009-02-03 23:56 129,024 a------- c:\windows\system32\cbXOFvTM.dll
2009-02-03 22:55 129,024 a------- c:\windows\system32\gfswnn.dll
2009-02-03 22:55 129,024 a------- c:\windows\system32\yayaXNHa.dll
2009-02-03 21:55 129,024 a------- c:\windows\system32\qjuwim.dll
2009-02-03 21:55 129,024 a------- c:\windows\system32\khfETjiF.dll
2009-02-03 20:55 129,024 a------- c:\windows\system32\ewlnql.dll
2009-02-03 20:54 129,024 a------- c:\windows\system32\pmnmmJdc.dll
2009-02-03 19:54 129,024 a------- c:\windows\system32\vmfqqc.dll
2009-02-03 19:54 129,024 a------- c:\windows\system32\byXPiHxx.dll
2009-02-03 18:54 129,024 a------- c:\windows\system32\fuukkd.dll
2009-02-03 18:54 129,024 a------- c:\windows\system32\khfeFXpp.dll
2009-02-03 17:54 129,024 a------- c:\windows\system32\japden.dll
2009-02-03 17:54 129,024 a------- c:\windows\system32\jkkHXpom.dll
2009-02-03 16:53 129,024 a------- c:\windows\system32\dvtpxe.dll
2009-02-03 16:53 129,024 a------- c:\windows\system32\ssqRjICr.dll
2009-02-03 16:48 35,328 a------- c:\windows\system32\efcYroml.dll
2009-02-03 16:48 46,080 -------- c:\windows\system32\clickfile.exe
2009-01-31 03:25 <DIR> --d----- C:\New Folder
2009-01-17 16:48 12,205 a----r-- c:\windows\system32\drivers\bnone.sys
2009-01-17 16:48 11,683 a----r-- c:\windows\system32\drivers\bnoneldr.sys
2009-01-17 15:42 <DIR> --d----- C:\Tcl
2009-01-17 15:42 737,280 a------- c:\windows\iun6002.exe
2009-01-17 15:41 <DIR> --d----- c:\program files\FUSE
2009-01-16 16:33 129,024 a------- c:\windows\system32\tzugju.dll
2009-01-16 16:33 129,024 a------- c:\windows\system32\mLecywXq.dll
2009-01-16 15:33 129,024 a------- c:\windows\system32\xfkule.dll
2009-01-16 14:33 129,024 a------- c:\windows\system32\pzteae.dll
2009-01-16 13:32 129,024 a------- c:\windows\system32\gwlall.dll
2009-01-16 11:43 129,024 a------- c:\windows\system32\ofcndp.dll
2009-01-16 10:43 129,024 a------- c:\windows\system32\qjzslr.dll
2009-01-16 09:42 124,928 a------- c:\windows\system32\kfejfw.dll
2009-01-16 07:47 41,984 a------- c:\windows\Tdajevamikum.dll
2009-01-16 07:47 41,984 a------- c:\windows\system32\chert5-998.exe
2009-01-16 07:12 124,928 a------- c:\windows\system32\gkixoq.dll
2009-01-16 06:12 124,928 a------- c:\windows\system32\rwejxo.dll
2009-01-16 03:10 124,928 a------- c:\windows\system32\gpfjzs.dll
2009-01-16 00:09 124,928 a------- c:\windows\system32\nfivxz.dll
2009-01-15 23:09 124,928 a------- c:\windows\system32\jarvcp.dll
2009-01-15 22:09 124,928 a------- c:\windows\system32\bizhmx.dll
2009-01-15 21:08 124,928 a------- c:\windows\system32\swfbur.dll
2009-01-15 20:08 124,928 a------- c:\windows\system32\mdbcjk.dll
2009-01-15 19:07 124,928 a------- c:\windows\system32\crtfya.dll
2009-01-15 18:07 124,928 a------- c:\windows\system32\ahmqgr.dll
2009-01-15 17:06 124,928 a------- c:\windows\system32\wdnjdr.dll
2009-01-15 16:06 124,928 a------- c:\windows\system32\xyfrmv.dll
2009-01-15 15:05 124,928 a------- c:\windows\system32\snagck.dll
2009-01-15 14:04 124,928 a------- c:\windows\system32\qfozsy.dll
2009-01-15 13:04 124,928 a------- c:\windows\system32\eoufpf.dll
2009-01-15 12:04 124,928 a------- c:\windows\system32\whxkrl.dll
2009-01-15 11:03 124,928 a------- c:\windows\system32\qwxdjr.dll
2009-01-15 10:02 124,928 a------- c:\windows\system32\drtrws.dll
2009-01-15 09:02 124,928 a------- c:\windows\system32\zjmzhu.dll
2009-01-15 08:01 124,928 a------- c:\windows\system32\izqgtb.dll
2009-01-15 07:01 124,928 a------- c:\windows\system32\vspfal.dll
2009-01-15 06:00 124,928 a------- c:\windows\system32\tbnwxt.dll
2009-01-15 04:59 124,928 a------- c:\windows\system32\jidlqr.dll
2009-01-15 03:58 124,928 a------- c:\windows\system32\qsfatf.dll
2009-01-15 02:58 124,928 a------- c:\windows\system32\jpakll.dll
2009-01-15 01:57 124,928 a------- c:\windows\system32\yvzudv.dll
2009-01-15 00:56 124,928 a------- c:\windows\system32\jlhyai.dll
2009-01-14 23:55 124,928 a------- c:\windows\system32\mtclky.dll
2009-01-14 22:55 124,928 a------- c:\windows\system32\nxzdoa.dll
2009-01-14 21:55 124,928 a------- c:\windows\system32\fxrldt.dll
2009-01-14 20:54 124,928 a------- c:\windows\system32\mmslxs.dll
2009-01-14 19:54 124,928 a------- c:\windows\system32\ikjagh.dll
2009-01-14 18:54 124,928 a------- c:\windows\system32\ktsqto.dll
2009-01-14 17:54 124,928 a------- c:\windows\system32\orjgce.dll
2009-01-14 16:53 124,928 a------- c:\windows\system32\vfnovx.dll
2009-01-14 15:53 124,928 a------- c:\windows\system32\awvnvc.dll
2009-01-14 14:53 124,928 a------- c:\windows\system32\ouwusx.dll
2009-01-14 13:52 124,928 a------- c:\windows\system32\fjzlhq.dll
2009-01-14 12:52 124,928 a------- c:\windows\system32\hgudsz.dll
2009-01-14 11:52 124,928 a------- c:\windows\system32\emdajk.dll
2009-01-14 11:47 45,568 -------- c:\windows\system32\log.exe
2009-01-13 03:06 491 a------- c:\windows\system32\win32hlp.cnf
2009-01-13 03:05 111,616 ac------ c:\windows\system32\dllcache\userinit.exe
2009-01-13 03:05 1 a------- c:\windows\system32\uniq.tll
2009-01-13 03:05 1 a------- c:\windows\system32\test.ttt
2009-01-13 03:05 31,232 a------- c:\windows\system32\pcload.exe

==================== Find3M ====================

2009-02-11 14:22 57,082 a------- c:\windows\system32\nvModes.dat
2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-13 03:05 111,616 a------- c:\windows\system32\userinit.exe
2009-01-06 12:10 50,176 a------- c:\windows\system32\iifeEXnK.dll
2009-01-06 12:04 50,176 a------- c:\windows\system32\fccaWPJc.dll
2009-01-06 12:02 137,728 a------- c:\windows\system32\hlyaiwko.dll
2009-01-06 12:02 137,728 a------- c:\windows\system32\dzaycf.dll
2008-12-13 20:29 52,224 a------- c:\windows\ipuninst.exe
2008-12-13 19:38 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-12-10 13:52 88,728 -------- c:\windows\system32\lasozodi.dll
2008-12-10 01:32 94,881 -------- c:\windows\system32\lebenesa.dll
2008-12-01 19:07 268,435,456 a--sh--- C:\WinPEpge.sys
2008-11-21 16:47 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-21 16:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-21 16:47 129,784 -------- c:\windows\system32\pxafs.dll
2008-11-21 16:47 120,056 -------- c:\windows\system32\pxcpyi64.exe
2008-11-21 16:47 118,520 -------- c:\windows\system32\pxinsi64.exe
2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 16:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2006-03-22 05:21 696,867 a--sh--- c:\windows\system32\OnUFLTAy.ini2
2008-08-19 12:45 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat
2006-03-20 00:01 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2006-03-20 00:01 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2006-03-20 00:01 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 15:04:44.31 ===============

Thanks

Attached Files


Edited by Orange Blossom, 11 February 2009 - 08:05 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:26 PM

Posted 13 February 2009 - 10:57 PM

Hello langefbd,

Sorry for the delay. We have many logs backed up.

If you still need help then proceed.


Have you been playing with Registry Cleaners? Because Registry Cleaners can break Windows. :thumbup2:


The following is referring to Eusing Free Registry Cleaner .
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 12.
    You want the 32-bit version, not the 64 bit version :!:
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 12".
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language, then press Continue Selecting Windows give you the 32 bit version.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u12-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll



Download Security Check by screen317 from here or here and save it to your Desktop.
Unzip SecurityCheck.zip and a folder named Security Check should appear.
Open the Security Check folder and double-click Security Check.bat
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Edited by SifuMike, 13 February 2009 - 11:08 PM.
spelling and grammar

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 langefbd

langefbd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 15 February 2009 - 05:52 PM

First of all, thank you so much for taking the time to take a look at this for me. I know this is done on a volunteer basis and I completely
understand if it takes a little time to respond.

Regarding the registry cleaner:

I've read many warnings about not doing anything to your registry unless you absolutely know what you are doing, and so I've made sure to not
let any program or myself edit it (except one command I use to re-enable my task manager when the malware deletes it:
"REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f").
I got the registry cleaner just to take a look at some of the stuff in the scan so I could learn about it, not to edit it.
(I never even ended up doing this after I installed the program).

Right after I installed the new version of java, the antivirus xp pro website I mentioned in my first post came up, along with the addon manager, telling me
a new addon called "Java Quick Starter 1.0" had been installed. I've disabled it from the addon manager but I thought it would be a good thing to mention.


I had tried many times in the past to uninstall and reinstall malwarebytes but I kept getting the same error I mentioned in the topic of my post. I finally
got it to run by installing to a different directory than I had tried before. Here's the log:


Malwarebytes' Anti-Malware 1.34
Database version: 1762
Windows 5.1.2600 Service Pack 3

2/14/2009 10:26:16 PM
mbam-log-2009-02-14 (22-26-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 352837
Time elapsed: 2 hour(s), 18 minute(s), 0 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 462

Memory Processes Infected:
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\efcYroml.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBroljg.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcyroml (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\efcYroml.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\geBroljg.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\langefbd\Local Settings\Temp\senekab700.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\per[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCA2BTCRO (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCA4DQ975 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCA4FCF2G (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCA61CHKK (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCA7A18VJ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\per[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\per[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\per[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\per[5] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\per[6] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\per[7] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\per[8] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\per[9] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCA99TNEQ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCAA9KUWR (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCAAZGVEL (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCADFOEG8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCAE9DT8N (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCAELYVO5 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCAFTPKGA (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCAI7XC7X (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCAIRZ9I4 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCAN1H6W8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCAN1J7NN (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCAR4XPP1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCASOZKY8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCASTWSWJ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCAVDRFW4 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCAVH5FI2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\perCAY87MJF (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\per[10] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\444ZX65X\per[11] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\per[5] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\per[6] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\per[7] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\per[8] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\per[9] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCA1NH9F3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCA3AQEBS (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCA64OH0A (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCAB2LK6V (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCAF4LL76 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCAFDFVU7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCAGLPJFS (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCAGR085W (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCAM4SQ75 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCAM68W92 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCAOEVQYO (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCAS0X3UA (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCAX1QVB7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCAXCP5WA (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCAXF3YID (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\per[10] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\per[11] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\per[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\per[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\per[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\perCAJMQH3A (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\9RH2ZCMN\per[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\F7WOAAIT\perCA4Q63T5 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\F7WOAAIT\perCAK0R9XC (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\F7WOAAIT\per[11] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\perCA3KTH4U (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\perCA5A17SY (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\perCA65LHFH (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\perCAD0O2DE (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\perCALP4GMP (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\perCAQV4RER (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\perCAR08GM7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\perCAR62HZF (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\perCAU90RIK (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\perCAXVK1LV (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\perCAZOE0F7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\per[10] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\per[11] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\per[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\per[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\per[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\per[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\per[5] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\per[6] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\per[7] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\per[8] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\JYYVCW8H\per[9] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\T3MNK1A9\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\T3MNK1A9\per[11] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCA23YEC7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCA43P26E (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCA9XTA3A (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAA6JO6P (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAB634E8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCABF8IFW (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAG019XX (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAHCO1SC (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAI90FZE (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAKMQFLM (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAMMW4BV (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAMYINGC (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\per[10] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\per[11] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\per[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\per[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\per[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\per[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\per[5] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\per[6] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\per[7] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\per[8] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\per[9] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAOP65RS (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCARK8HER (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCASN1QGO (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCASR2M72 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAUNY7AE (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAV8A3XE (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAVJ3X6F (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAWK87JG (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAWRRHWJ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAYD9LUT (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\TWJC99JP\perCAZ42U30 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\V6RN33Y0\12[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\V6RN33Y0\perCA1BWA33 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\V6RN33Y0\lsp[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\ZRDOYCZC\per[11] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\langefbd\Local Settings\Temporary Internet Files\Content.IE5\ZRDOYCZC\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\localmgr\Local Settings\Temporary Internet Files\Content.IE5\I2XJT666\per[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\localmgr\Local Settings\Temporary Internet Files\Content.IE5\I2XJT666\per[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\localmgr\Local Settings\Temporary Internet Files\Content.IE5\I2XJT666\per[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\localmgr\Local Settings\Temporary Internet Files\Content.IE5\I2XJT666\per[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\localmgr\Local Settings\Temporary Internet Files\Content.IE5\I2XJT666\per[5] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\localmgr\Local Settings\Temporary Internet Files\Content.IE5\OWCQW4JC\per[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\localmgr\Local Settings\Temporary Internet Files\Content.IE5\W1Y98MBB\per[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\localmgr\Local Settings\Temporary Internet Files\Content.IE5\W1Y98MBB\per[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\localmgr\Local Settings\Temporary Internet Files\Content.IE5\W1Y98MBB\per[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Tdajevamikum.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajrwlz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akbeiu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akzfou.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bisoja.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bldapn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXOfcBu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXPiHxx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXQHaWP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXrrOIy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckefvq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cqdduj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cqhduvcr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crppum.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etrxzx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etuonk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ewlnql.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\falhqrwb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fuukkd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gbokwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBqPGXp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBsrSLD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBsssSI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBtSKAS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBuusRI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfswnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\htmcpx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iaqklx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ioblho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khevpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfDtSiI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfDtUMf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfDusSl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfeFXpp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfETjiF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfETnoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEVNDt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfFWmLD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfFyXpM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfGwWOF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kpurss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsecee.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsqihm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntyazm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\omszwq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rligjw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rmdbzy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rmlhgk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trqieg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvTMCRJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvTnoOg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvUMcby.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvWnnMd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\usdcty.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uvfdhk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wcnvsy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNGaAt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXOFvTM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXPiIYp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXPjKCv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXRHxWp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csobkc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cxpufv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcAssro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcAtrst.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcbBrOG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcBUmNh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCRKbY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCUoNd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcDvsQh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcDvutT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcYqnND.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcYqrrS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dtjbeq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dvbsef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dvtpxe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dzaycf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dzcdfh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccaWPJc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbBSkh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbCsrS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccyyYoL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fenvbl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ffkuz.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fftbph.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ffvkbf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gqvmlz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gqwzoy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gtkhua.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gwlall.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gwtkgy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGvuRkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hjelhq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hkjjpe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hlyaiwko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkHXpom.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkKcBtS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLBtsS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jlblbi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jpqimx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jxpsel.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\liqzxt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJARjgd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJBqqRi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJBqrPh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJBuVLd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJDSJbB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljzpdf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\log.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mjrpnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mLecywXq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJAsPfc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJAtRIb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJBQKEu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJBTkIx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJDsRki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJDuvVM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJYSjIX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJYsssQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nhkkbk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nhwvth.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnliJab.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnlmMcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnMeDUm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnNHAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnoPJCr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pdjgkg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pecmwe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnkJdaB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnkLfde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnLdATM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnmmJdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnMcBt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnoNDsP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnooMdC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pzebsi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pzteae.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qcelpa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sinuhp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\skgmdfub.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqOHbYR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqOIAsr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqpPjgH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqRjICr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqRLFvV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tbqzua.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tkggim.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tkmdtq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tlpnij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpqgtjvg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tzugju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uahvqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ucvesm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ucxemm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\udnndk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ujlllm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umscji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wtivxn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eckjwj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eevhnj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcAPGvv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcARhIy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcBrQGY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCrQHW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCuRhg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcdCuUM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcDWNeB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtqnkhe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtqpPgF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtrRLFx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtuvSkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azmuof.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdjcvn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bhgcyg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bignyhls.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bihazk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkfwhc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vmfqqc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vmisis.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vqvvak.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUkheBq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUlIbBq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUmKBQH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUnolMC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vyarlb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iIBrrQGy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifeEXnK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifFUmMd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifgEuvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifgFXNG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mzqbci.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUlkkhE.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wydcyn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qfsbkt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qiegkx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qjjpcr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qjuwim.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qjzslr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qmtahb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMeeBTK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMfdaWN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMgggDs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMghgDs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMGVmKc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qpdcak.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qwmeea.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wfaftk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaqrmppqla.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekawblthemx.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\hoxheu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fkjoyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xqulaz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xvqzgz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyaawwX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyawtUK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xfkule.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ofcndp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ogvqot.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oidruc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lvjlox.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lvnqpt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lyhano.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnlJyVn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnlKabx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnlLBQG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmJDWP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmLBst.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnOFYPh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnooMfC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ozjjvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kxbcde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lbmqqz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\levldc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fnqole.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fqvpqg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cgrplc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\chert5-998.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\djycfs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqcili.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRHaWMd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRJDspM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRLbyyA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRlJCur.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqxdus.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyxWNFx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyyxxya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayaWNgD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayaXNHa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayaYqQh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayvVpQJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayvWpmK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxuRiF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxVpQh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yfweva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yhgsjz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yjpnum.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ymsxjv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yoeeut.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yucovh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yvjrni.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ywbvxr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zbzeom.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zdzohk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zmynfn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zofhot.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zwmgyb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zyzimd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unpdtw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uqpjwo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqOEwuR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqpopNF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqqnlKC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smprvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\japden.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jaubql.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jaurnt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\userinit.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekaorumdbsr.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\aazalirt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dkekkrkska.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dkewiizkjdks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iddqdops.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ienotas.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iqmcnoeqz.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\irprokwks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\jikglond.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\jiklagka.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\jrjakdsd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\jungertab.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\kitiiwhaas.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\kkwknrbsggeg.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\klopnidret.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\krkdkdkee.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\krkmahejdk.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\krtawefg.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\krujmmwlrra.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ktknamwerr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\kuruhccdsdd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ooorjaas.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\oranerkka.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\oropbbsee.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\otnnbektre.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\otowjdseww.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\otpeppggq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rkaskssd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ronitfst.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\salrtybek.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\seeukluba.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\skaaanret.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\tobmygers.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\tobykke.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zibaglertz.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXPhIYr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmNHAt.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\byXQKDvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\localmgr\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\localmgr\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekavgoejntd.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Results of screen317's Security Check version 0.97.9
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
McAfee VirusScan Enterprise
Antivirus out of date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Windows Defender
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Eusing Free Registry Cleaner
Java™ 6 Update 12
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

McAfee VirusScan Enterprise vstskmgr.exe
Malwarebytes' Anti-Malware2 mbam.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 174 seconds.
`````````End of Log```````````


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:20 PM, on 2/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FUSE\bin\FuseSysTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rose-hulman.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {6E4DFB65-F0AE-4607-9AEC-5D3C58B3137E} - (no file)
O2 - BHO: (no name) - {CDF521B3-07C4-42A4-8286-2CFE762379D8} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FuseSysTray] C:\Program Files\FUSE\bin\FuseSysTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223484632890
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rose-hulman.edu
O17 - HKLM\Software\..\Telephony: DomainName = rose-hulman.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{03EBB9F9-B098-439C-9D3A-8FEE73C73500}: NameServer = 137.112.4.196,137.112.5.28
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rose-hulman.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rose-hulman.edu,dhcp.rose-hulman.edu
O17 - HKLM\System\CS1\Services\Tcpip\..\{03EBB9F9-B098-439C-9D3A-8FEE73C73500}: NameServer = 137.112.4.196,137.112.5.28
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rose-hulman.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = rose-hulman.edu,dhcp.rose-hulman.edu
O17 - HKLM\System\CS2\Services\Tcpip\..\{03EBB9F9-B098-439C-9D3A-8FEE73C73500}: NameServer = 137.112.4.196,137.112.5.28
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rose-hulman.edu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = rose-hulman.edu,dhcp.rose-hulman.edu
O17 - HKLM\System\CS3\Services\Tcpip\..\{03EBB9F9-B098-439C-9D3A-8FEE73C73500}: NameServer = 137.112.4.196,137.112.5.28
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rose-hulman.edu,dhcp.rose-hulman.edu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: c:\windows\system32\zorirako.dll,C:\WINDOWS\system32\nazoduse.dll
O20 - Winlogon Notify: byXPFvwx - byXPFvwx.dll (file missing)
O20 - Winlogon Notify: MIT_KFW - C:\WINDOWS\system32\kfwlogon.dll
O23 - Service: FUSE TCPIP Server (FUSE TCPIP) - Unknown owner - C:\Program Files\FUSE\bin\server.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: OpenAFS Client Service (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe

--
End of file - 8194 bytes

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:26 PM

Posted 15 February 2009 - 07:12 PM

Hi langefbd,

Is this a school computer?

You are still infected so we will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your McAfee VirusScan Enterprise Antivirus, Teatimer and Windows Defender before running ComboFix, as they will prevent it from running.

To disable McAfee Virusscan:
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right-click it -> chose "Exit."
  • a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
You succesfully disabled the McAfee Guard.


To disable Spybot's Teatimer:
Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts



To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.


Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

When following the instructions install the Windows XP Recovery Console if you are using XP. <== IMPORTANT
It is a simple procedure that will only take a few moments of your time. It is our safety net.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.

Edited by SifuMike, 15 February 2009 - 07:17 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 langefbd

langefbd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 15 February 2009 - 10:42 PM

I own the computer personally, but it is set up by my university.

For some reason I never saw the option for the windows recovery console come up, but it did give me the screen saying it was backing up my registry with the blue and maroon task bars. I definitely did not mean for it to run without the recovery console installed.

log

ComboFix 09-02-15.01 - langefbd 2009-02-15 21:51:25.1 - NTFSx86
Running from: c:\documents and settings\langefbd\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\998.exe
c:\windows\system32\ahmqgr.dll
c:\windows\system32\awvnvc.dll
c:\windows\system32\bizhmx.dll
c:\windows\system32\crtfya.dll
c:\windows\system32\drtrws.dll
c:\windows\system32\emdajk.dll
c:\windows\system32\eoufpf.dll
c:\windows\system32\fjzlhq.dll
c:\windows\system32\fxrldt.dll
c:\windows\system32\gkixoq.dll
c:\windows\system32\gpfjzs.dll
c:\windows\system32\hgudsz.dll
c:\windows\system32\ikjagh.dll
c:\windows\system32\init32.exe
c:\windows\system32\izqgtb.dll
c:\windows\system32\jarvcp.dll
c:\windows\system32\jidlqr.dll
c:\windows\system32\jlhyai.dll
c:\windows\system32\jpakll.dll
c:\windows\system32\kfejfw.dll
c:\windows\system32\ktsqto.dll
c:\windows\system32\mcwfuj.dll
c:\windows\system32\mdbcjk.dll
c:\windows\system32\mmslxs.dll
c:\windows\system32\mtclky.dll
c:\windows\system32\nfivxz.dll
c:\windows\system32\nxzdoa.dll
c:\windows\system32\OnUFLTAy.ini2
c:\windows\system32\orjgce.dll
c:\windows\system32\ouwusx.dll
c:\windows\system32\qfozsy.dll
c:\windows\system32\qsfatf.dll
c:\windows\system32\qwxdjr.dll
c:\windows\system32\rwejxo.dll
c:\windows\system32\snagck.dll
c:\windows\system32\swfbur.dll
c:\windows\system32\tbnwxt.dll
c:\windows\system32\test.ttt
c:\windows\system32\uniq.tll
c:\windows\system32\vfnovx.dll
c:\windows\system32\vspfal.dll
c:\windows\system32\wdnjdr.dll
c:\windows\system32\whxkrl.dll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\xyfrmv.dll
c:\windows\system32\yvzudv.dll
c:\windows\system32\zjmzhu.dll
c:\windows\Tasks\gejrezgr.job

----- BITS: Possible infected sites -----

hxxp://SMS:80
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.

2009-02-14 19:50 . 2009-02-14 19:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2
2009-02-14 19:50 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 19:50 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-14 19:05 . 2009-02-14 19:05 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-14 19:05 . 2009-02-14 19:05 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-14 19:04 . 2009-02-14 19:04 <DIR> d-------- c:\program files\Java
2009-02-11 14:44 . 2009-02-11 14:44 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-11 14:35 . 2009-02-11 14:35 <DIR> d-------- C:\VundoFix Backups
2009-02-10 17:26 . 2009-02-10 17:26 <DIR> d-------- c:\program files\Trend Micro
2009-02-10 03:03 . 2009-02-10 03:03 <DIR> d-------- c:\documents and settings\localmgr\Application Data\Media Player Classic
2009-02-10 02:59 . 2009-02-10 02:59 <DIR> d-------- c:\documents and settings\localmgr\Application Data\Malwarebytes
2009-02-10 02:59 . 2009-02-10 02:59 <DIR> d-------- c:\documents and settings\localmgr\Application Data\DivX
2009-02-10 00:10 . 2009-02-10 00:10 <DIR> d-------- C:\seniorproj
2009-02-10 00:06 . 2009-02-10 00:06 <DIR> d-------- C:\DocumentsandSettings
2009-02-09 23:48 . 2009-02-09 23:48 <DIR> d-------- c:\documents and settings\localmgr\Application Data\Xilinx
2009-02-09 23:38 . 2009-02-09 23:38 <DIR> d-------- c:\documents and settings\localmgr\Application Data\MathWorks
2009-02-03 16:48 . 2009-02-11 22:52 46,080 --------- c:\windows\system32\clickfile.exe
2009-01-31 03:25 . 2009-01-31 03:25 <DIR> d-------- C:\New Folder
2009-01-25 10:13 . 2009-01-25 10:13 <DIR> d-------- c:\documents and settings\langefbd\Application Data\dvdcss
2009-01-17 16:48 . 2002-04-10 06:50 12,205 -ra------ c:\windows\system32\drivers\bnone.sys
2009-01-17 16:48 . 2002-04-10 06:57 11,683 -ra------ c:\windows\system32\drivers\bnoneldr.sys
2009-01-17 15:42 . 2009-01-17 17:28 <DIR> d-------- C:\Tcl
2009-01-17 15:42 . 2009-01-17 17:34 737,280 --a------ c:\windows\iun6002.exe
2009-01-17 15:41 . 2009-01-17 17:35 <DIR> d-------- c:\program files\FUSE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 02:26 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 08:18 --------- d-----w c:\program files\Eusing Free Registry Cleaner
2009-01-16 19:54 --------- d-----w c:\documents and settings\langefbd\Application Data\Xilinx
2009-01-15 14:41 --------- d-----w c:\documents and settings\langefbd\Application Data\CyberLink
2009-01-13 14:28 --------- d-----w c:\program files\7-Zip
2009-01-13 08:05 31,232 ----a-w c:\windows\system32\pcload.exe
2009-01-13 08:05 111,616 ----a-w c:\windows\system32\userinit.exe
2009-01-10 18:26 --------- d-----w c:\program files\Auslogics
2009-01-10 18:26 --------- d-----w c:\documents and settings\langefbd\Application Data\Auslogics
2009-01-10 17:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-10 17:06 --------- d-----w c:\program files\Bethesda Softworks
2009-01-10 17:06 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-12-14 01:29 52,224 ----a-w c:\windows\ipuninst.exe
2008-12-10 18:52 88,728 ------w c:\windows\system32\lasozodi.dll
2008-12-10 06:32 94,881 ------w c:\windows\system32\lebenesa.dll
2008-12-02 00:07 268,435,456 --sha-w C:\WinPEpge.sys
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll
2008-11-21 21:47 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-08-19 17:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

------- Sigcheck -------

2004-08-04 07:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2009-01-13 03:05 111616 be9f5da369dddc22224c053bbb27c64e c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-12-03 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-22 7561216]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"FuseSysTray"="c:\program files\FUSE\bin\FuseSysTray.exe" [2004-01-23 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-14 148888]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-03-22 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-03-22 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MIT_KFW]
2007-05-02 22:59 23040 c:\windows\system32\kfwlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nortel\\Nortel VPN Client\\Extranet.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2007-09-26 26137]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-08-01 87936]
S0 awklqfeo;awklqfeo;c:\windows\system32\drivers\wjbv.sys --> c:\windows\system32\drivers\wjbv.sys [?]
S2 bnone;BenOne General Purpose USB Driver (bnone.sys);c:\windows\system32\drivers\bnone.sys [2009-01-17 12205]
S2 bnoneLoad;BenOne Firmware Loader (bnoneldr.sys);c:\windows\system32\drivers\bnoneldr.sys [2009-01-17 11683]
S3 FUSE TCPIP;FUSE TCPIP Server;c:\program files\FUSE\bin\server.exe [2004-12-21 65536]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2007-09-26 157648]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-02-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6E4DFB65-F0AE-4607-9AEC-5D3C58B3137E} - (no file)
BHO-{CDF521B3-07C4-42A4-8286-2CFE762379D8} - (no file)
Notify-byXPFvwx - byXPFvwx.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rose-hulman.edu/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\langefbd\Application Data\Mozilla\Firefox\Profiles\6nezwuii.default\
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
vbefile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
vbsfile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
jsefile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 22:18:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\kfwlogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Apoint\hidfind.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2009-02-15 22:30:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-16 03:30:27

Pre-Run: 6,227,623,936 bytes free
Post-Run: 6,678,343,680 bytes free

234 --- E O F --- 2008-12-09 01:15:07

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:26 PM

Posted 16 February 2009 - 06:12 AM

Hi langefbd,

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Posted Image


Download the file & save it as it's originally named.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image

  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

Edited by SifuMike, 16 February 2009 - 06:19 AM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 langefbd

langefbd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 16 February 2009 - 06:43 PM

ComboFix 09-02-15.01 - langefbd 2009-02-16 17:46:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1548 [GMT -5:00]
Running from: C:\Documents and Settings\langefbd\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\langefbd\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of C:\WINDOWS\system32\userinit.exe was found and disinfected
Restored copy from - C:\WINDOWS\$NtServicePackUninstall$\userinit.exe


.
((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.

2009-02-15 23:10 . 2009-02-15 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-15 23:09 . 2009-02-15 23:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2009-02-15 23:09 . 2009-02-15 23:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-15 23:09 . 2009-02-15 23:09 <DIR> d-------- C:\Documents and Settings\langefbd\Application Data\SUPERAntiSpyware.com
2009-02-14 19:50 . 2009-02-14 19:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware2
2009-02-14 19:50 . 2009-02-11 10:19 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-14 19:50 . 2009-02-11 10:19 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-02-14 19:05 . 2009-02-14 19:05 410,984 --a------ C:\WINDOWS\system32\deploytk.dll
2009-02-14 19:05 . 2009-02-14 19:05 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2009-02-14 19:04 . 2009-02-14 19:04 <DIR> d-------- C:\Program Files\Java
2009-02-11 14:44 . 2009-02-11 14:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2009-02-11 14:35 . 2009-02-11 14:35 <DIR> d-------- C:\VundoFix Backups
2009-02-10 17:26 . 2009-02-10 17:26 <DIR> d-------- C:\Program Files\Trend Micro
2009-02-10 03:03 . 2009-02-10 03:03 <DIR> d-------- C:\Documents and Settings\localmgr\Application Data\Media Player Classic
2009-02-10 02:59 . 2009-02-10 02:59 <DIR> d-------- C:\Documents and Settings\localmgr\Application Data\Malwarebytes
2009-02-10 02:59 . 2009-02-10 02:59 <DIR> d-------- C:\Documents and Settings\localmgr\Application Data\DivX
2009-02-10 00:10 . 2009-02-10 00:10 <DIR> d-------- C:\seniorproj
2009-02-10 00:06 . 2009-02-10 00:06 <DIR> d-------- C:\DocumentsandSettings
2009-02-09 23:48 . 2009-02-09 23:48 <DIR> d-------- C:\Documents and Settings\localmgr\Application Data\Xilinx
2009-02-09 23:38 . 2009-02-09 23:38 <DIR> d-------- C:\Documents and Settings\localmgr\Application Data\MathWorks
2009-02-03 16:48 . 2009-02-11 22:52 46,080 --------- C:\WINDOWS\system32\clickfile.exe
2009-01-31 03:25 . 2009-01-31 03:25 <DIR> d-------- C:\New Folder
2009-01-25 10:13 . 2009-01-25 10:13 <DIR> d-------- C:\Documents and Settings\langefbd\Application Data\dvdcss
2009-01-17 16:48 . 2002-04-10 06:50 12,205 -ra------ C:\WINDOWS\system32\drivers\bnone.sys
2009-01-17 16:48 . 2002-04-10 06:57 11,683 -ra------ C:\WINDOWS\system32\drivers\bnoneldr.sys
2009-01-17 15:42 . 2009-01-17 17:28 <DIR> d-------- C:\Tcl
2009-01-17 15:42 . 2009-01-17 17:34 737,280 --a------ C:\WINDOWS\iun6002.exe
2009-01-17 15:41 . 2009-01-17 17:35 <DIR> d-------- C:\Program Files\FUSE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 08:18 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2009-01-16 19:54 --------- d-----w C:\Documents and Settings\langefbd\Application Data\Xilinx
2009-01-15 14:41 --------- d-----w C:\Documents and Settings\langefbd\Application Data\CyberLink
2009-01-13 14:28 --------- d-----w C:\Program Files\7-Zip
2009-01-10 18:26 --------- d-----w C:\Program Files\Auslogics
2009-01-10 18:26 --------- d-----w C:\Documents and Settings\langefbd\Application Data\Auslogics
2009-01-10 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-01-10 17:06 --------- d-----w C:\Program Files\Bethesda Softworks
2009-01-10 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fallout3
2008-12-14 01:29 52,224 ----a-w C:\WINDOWS\ipuninst.exe
2008-12-10 18:52 88,728 ------w C:\WINDOWS\system32\lasozodi.dll
2008-12-10 06:32 94,881 ------w C:\WINDOWS\system32\lebenesa.dll
2008-12-02 00:07 268,435,456 --sha-w C:\WinPEpge.sys
2008-11-21 21:47 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 21:47 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-11-21 21:47 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-11-21 21:47 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-11-21 21:46 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-08-19 17:45 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-15_22.23.12.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-16 04:10:10 34,304 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2004-08-04 12:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\userinit.exe
- 2009-02-15 08:40:29 57,082 ----a-w C:\WINDOWS\system32\nvModes.dat
+ 2009-02-16 22:17:39 57,082 ----a-w C:\WINDOWS\system32\nvModes.dat
- 2009-01-13 08:05:41 111,616 ----a-w C:\WINDOWS\system32\userinit.exe
+ 2004-08-04 12:00:00 24,576 ----a-w C:\WINDOWS\system32\userinit.exe
+ 2009-02-16 23:01:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_600.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-12-10 04:02 216520]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-12-03 15:30 2356088]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 16:17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-22 22:32 7561216]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13 176128]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 07:04 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 00:05 122939]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
"FuseSysTray"="C:\Program Files\FUSE\bin\FuseSysTray.exe" [2004-01-23 07:46 61440]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-02-14 19:05 148888]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 19:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-03-22 22:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-03-22 22:32 86016 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 02:18 437160]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 09:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MIT_KFW]
2007-05-02 22:59 23040 C:\WINDOWS\system32\kfwlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nortel\\Nortel VPN Client\\Extranet.exe"=
"C:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 16:17:40 8944]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 16:17:38 55024]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\drivers\eacfilt.sys [2007-09-26 14:14:18 26137]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\drivers\gtipci21.sys [2007-08-01 14:35:13 87936]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 16:17:42 7408]
S0 awklqfeo;awklqfeo;C:\WINDOWS\system32\drivers\wjbv.sys --> C:\WINDOWS\system32\drivers\wjbv.sys [?]
S2 bnone;BenOne General Purpose USB Driver (bnone.sys);C:\WINDOWS\system32\drivers\bnone.sys [2009-01-17 16:48:22 12205]
S2 bnoneLoad;BenOne Firmware Loader (bnoneldr.sys);C:\WINDOWS\system32\drivers\bnoneldr.sys [2009-01-17 16:48:22 11683]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\drivers\ipsecw2k.sys [2007-09-26 14:14:18 157648]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 12:31:34 42000]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - BthServ
*Deregistered* - CcmExec
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - helpsvc
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - McAfeeFramework
*Deregistered* - McTaskManager
*Deregistered* - MDM
*Deregistered* - MSIServer
*Deregistered* - Net Driver HPZ12
*Deregistered* - Netlogon
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - Pml Driver HPZ12
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCardSvr
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-02-16 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rose-hulman.edu/
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - C:\Documents and Settings\langefbd\Application Data\Mozilla\Firefox\Profiles\6nezwuii.default\
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
vbefile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
vbsfile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
jsefile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
.

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:26 PM

Posted 16 February 2009 - 07:15 PM

Hi langefbd,

The following is referring to Eusing Free Registry Cleaner.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
    After all, a broken registry is a broken Windows.

    I would uninstall it unless you are a registry expert.


    You need to disable your McAfee VirusScan Enterprise Antivirus, Teatimer and Windows Defender before running ComboFix, as they will prevent it from running.

    To disable McAfee Virusscan:
    Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.[list]
  • right-click it -> chose "Exit."
  • a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
You succesfully disabled the McAfee Guard.


To disable Spybot's Teatimer:
Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts



To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.


Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

File:: 
c:\windows\system32\drivers\wjbv.sys 
c:\windows\system32\lasozodi.dll
c:\windows\system32\lebenesa.dll

Folder:: 
C:\VundoFix Backups

Registry:: 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000

Driver:: 
awklqfeo


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Edited by SifuMike, 16 February 2009 - 07:16 PM.
typo and spelling

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 langefbd

langefbd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 17 February 2009 - 09:20 AM

ComboFix 09-02-15.01 - langefbd 2009-02-16 21:26:56.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1520 [GMT -5:00]
Running from: c:\documents and settings\langefbd\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\langefbd\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated)

FILE ::
c:\windows\system32\drivers\wjbv.sys
c:\windows\system32\lasozodi.dll
c:\windows\system32\lebenesa.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\VundoFix Backups
c:\windows\system32\lasozodi.dll
c:\windows\system32\lebenesa.dll

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_awklqfeo


((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 )))))))))))))))))))))))))))))))
.

2009-02-17 03:19 . 2009-02-17 03:19 <DIR> d-------- c:\windows\LastGood
2009-02-15 23:10 . 2009-02-15 23:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-15 23:09 . 2009-02-15 23:10 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-15 23:09 . 2009-02-15 23:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-15 23:09 . 2009-02-15 23:09 <DIR> d-------- c:\documents and settings\langefbd\Application Data\SUPERAntiSpyware.com
2009-02-14 19:50 . 2009-02-14 19:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2
2009-02-14 19:50 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 19:50 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-14 19:05 . 2009-02-14 19:05 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-14 19:05 . 2009-02-14 19:05 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-14 19:04 . 2009-02-14 19:04 <DIR> d-------- c:\program files\Java
2009-02-11 14:44 . 2009-02-11 14:44 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-10 17:26 . 2009-02-10 17:26 <DIR> d-------- c:\program files\Trend Micro
2009-02-10 03:03 . 2009-02-10 03:03 <DIR> d-------- c:\documents and settings\localmgr\Application Data\Media Player Classic
2009-02-10 02:59 . 2009-02-10 02:59 <DIR> d-------- c:\documents and settings\localmgr\Application Data\Malwarebytes
2009-02-10 02:59 . 2009-02-10 02:59 <DIR> d-------- c:\documents and settings\localmgr\Application Data\DivX
2009-02-10 00:10 . 2009-02-10 00:10 <DIR> d-------- C:\seniorproj
2009-02-10 00:06 . 2009-02-10 00:06 <DIR> d-------- C:\DocumentsandSettings
2009-02-09 23:48 . 2009-02-09 23:48 <DIR> d-------- c:\documents and settings\localmgr\Application Data\Xilinx
2009-02-09 23:38 . 2009-02-09 23:38 <DIR> d-------- c:\documents and settings\localmgr\Application Data\MathWorks
2009-02-03 16:48 . 2009-02-11 22:52 46,080 --------- c:\windows\system32\clickfile.exe
2009-01-31 03:25 . 2009-01-31 03:25 <DIR> d-------- C:\New Folder
2009-01-25 10:13 . 2009-01-25 10:13 <DIR> d-------- c:\documents and settings\langefbd\Application Data\dvdcss
2009-01-17 16:48 . 2002-04-10 06:50 12,205 -ra------ c:\windows\system32\drivers\bnone.sys
2009-01-17 16:48 . 2002-04-10 06:57 11,683 -ra------ c:\windows\system32\drivers\bnoneldr.sys
2009-01-17 15:42 . 2009-01-17 17:28 <DIR> d-------- C:\Tcl
2009-01-17 15:42 . 2009-01-17 17:34 737,280 --a------ c:\windows\iun6002.exe
2009-01-17 15:41 . 2009-01-17 17:35 <DIR> d-------- c:\program files\FUSE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 09:31 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-16 02:26 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 08:18 --------- d-----w c:\program files\Eusing Free Registry Cleaner
2009-01-16 19:54 --------- d-----w c:\documents and settings\langefbd\Application Data\Xilinx
2009-01-15 14:41 --------- d-----w c:\documents and settings\langefbd\Application Data\CyberLink
2009-01-13 14:28 --------- d-----w c:\program files\7-Zip
2009-01-10 18:26 --------- d-----w c:\program files\Auslogics
2009-01-10 18:26 --------- d-----w c:\documents and settings\langefbd\Application Data\Auslogics
2009-01-10 17:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-10 17:06 --------- d-----w c:\program files\Bethesda Softworks
2009-01-10 17:06 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-14 01:29 52,224 ----a-w c:\windows\ipuninst.exe
2008-12-02 00:07 268,435,456 --sha-w C:\WinPEpge.sys
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll
2008-11-21 21:47 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-08-19 17:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-15_22.23.12.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
- 2008-11-12 20:01:50 20,240 ----a-r c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-17 08:18:35 20,240 ----a-r c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-12 20:01:50 217,864 ----a-r c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-17 08:18:36 217,864 ----a-r c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-12 20:01:50 18,704 ----a-r c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-17 08:18:35 18,704 ----a-r c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-12 20:01:50 35,088 ----a-r c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-17 08:18:36 35,088 ----a-r c:\windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-12 20:04:24 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-17 09:32:01 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-11-12 20:04:24 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-17 09:32:03 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-12 20:04:24 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-17 09:32:02 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-11-12 20:04:24 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-17 09:32:02 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-11-12 20:04:24 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-17 09:32:03 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-12 20:04:24 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-17 09:32:04 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-12 20:04:24 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-17 09:32:04 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-12 20:04:24 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-17 09:32:03 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-11-12 20:04:24 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-17 09:32:03 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-12 20:04:24 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-17 09:32:03 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-12 20:04:24 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-17 09:32:04 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-12 20:04:24 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-17 09:32:02 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-16 04:10:10 34,304 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-08-26 07:24:28 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 -c--a-w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 23:15:13 63,488 -c--a-w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 -c--a-w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 -c--a-w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 -c--a-w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 23:15:22 267,776 -c--a-w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c--a-w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 -c--a-w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 00:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 06:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 -c--a-w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 -c--a-w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-17 02:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-09-08 10:41:42 333,824 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00:00 24,576 -c--a-w c:\windows\system32\dllcache\userinit.exe
- 2008-08-26 07:24:31 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 01:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-09-08 10:41:42 333,824 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 10:57:09 333,952 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-04-14 00:11:54 285,184 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2009-02-12 01:56:18 21,244,872 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-17 02:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll
- 2009-02-15 08:40:29 57,082 ----a-w c:\windows\system32\nvModes.dat
+ 2009-02-16 22:17:39 57,082 ----a-w c:\windows\system32\nvModes.dat
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 11:18:51 17,272 ----a-w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 00:12:07 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-11 12:42:28 62,976 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2009-01-13 08:05:41 111,616 ----a-w c:\windows\system32\userinit.exe
+ 2004-08-04 12:00:00 24,576 ----a-w c:\windows\system32\userinit.exe
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2009-02-17 09:35:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5fc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-12-03 2356088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-22 7561216]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"FuseSysTray"="c:\program files\FUSE\bin\FuseSysTray.exe" [2004-01-23 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-14 148888]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-03-22 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-03-22 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MIT_KFW]
2007-05-02 22:59 23040 c:\windows\system32\kfwlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nortel\\Nortel VPN Client\\Extranet.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2007-09-26 26137]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-08-01 87936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S2 bnone;BenOne General Purpose USB Driver (bnone.sys);c:\windows\system32\drivers\bnone.sys [2009-01-17 12205]
S2 bnoneLoad;BenOne Firmware Loader (bnoneldr.sys);c:\windows\system32\drivers\bnoneldr.sys [2009-01-17 11683]
S3 FUSE TCPIP;FUSE TCPIP Server;c:\program files\FUSE\bin\server.exe [2004-12-21 65536]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2007-09-26 157648]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]

--- Other Services/Drivers In Memory ---

*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCardSvr
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-02-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rose-hulman.edu/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\langefbd\Application Data\Mozilla\Firefox\Profiles\6nezwuii.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 08:59:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1140)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\kfwlogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\windows\system32\scardsvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Apoint\hidfind.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2009-02-17 9:12:46 - machine was rebooted [langefbd]
ComboFix-quarantined-files.txt 2009-02-17 14:12:16
ComboFix2.txt 2009-02-16 03:31:08

Pre-Run: 6,502,658,048 bytes free
Post-Run: 6,201,057,280 bytes free

434 --- E O F --- 2009-02-17 09:32:23

#10 langefbd

langefbd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 17 February 2009 - 09:42 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:37 AM, on 2/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SUPERAntiSpyware\dad394ab-5fdc-47f1-a45a-d1bc0c19ff96.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Documents and Settings\langefbd\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rose-hulman.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FuseSysTray] C:\Program Files\FUSE\bin\FuseSysTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223484632890
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rose-hulman.edu
O17 - HKLM\Software\..\Telephony: DomainName = rose-hulman.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rose-hulman.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rose-hulman.edu,dhcp.rose-hulman.edu
O17 - HKLM\System\CS1\Services\Tcpip\..\{03EBB9F9-B098-439C-9D3A-8FEE73C73500}: NameServer = 137.112.4.196,137.112.5.28
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rose-hulman.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = rose-hulman.edu,dhcp.rose-hulman.edu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rose-hulman.edu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = rose-hulman.edu,dhcp.rose-hulman.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rose-hulman.edu,dhcp.rose-hulman.edu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: MIT_KFW - C:\WINDOWS\system32\kfwlogon.dll
O23 - Service: FUSE TCPIP Server (FUSE TCPIP) - Unknown owner - C:\Program Files\FUSE\bin\server.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: OpenAFS Client Service (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe

--
End of file - 7236 bytes

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:26 PM

Posted 17 February 2009 - 01:29 PM

Hi langefbd,


You need to disable your McAfee VirusScan Enterprise Antivirus, Teatimer and Windows Defender before running ComboFix, as they will prevent it from running.

To disable McAfee Virusscan:
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right-click it -> chose "Exit."
  • a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
You succesfully disabled the McAfee Guard.


To disable Spybot's Teatimer:
Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts



To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.


Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

File:: 
c:\windows\system32\clickfile.exe


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 langefbd

langefbd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 17 February 2009 - 04:02 PM

ComboFix 09-02-15.01 - langefbd 2009-02-17 15:16:27.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1640 [GMT -5:00]
Running from: c:\documents and settings\langefbd\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\langefbd\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\clickfile.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\clickfile.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 )))))))))))))))))))))))))))))))
.

2009-02-15 23:10 . 2009-02-15 23:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-15 23:09 . 2009-02-17 09:13 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-15 23:09 . 2009-02-15 23:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-15 23:09 . 2009-02-15 23:09 <DIR> d-------- c:\documents and settings\langefbd\Application Data\SUPERAntiSpyware.com
2009-02-14 19:50 . 2009-02-14 19:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2
2009-02-14 19:50 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 19:50 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-14 19:05 . 2009-02-14 19:05 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-14 19:05 . 2009-02-14 19:05 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-14 19:04 . 2009-02-14 19:04 <DIR> d-------- c:\program files\Java
2009-02-11 14:44 . 2009-02-11 14:44 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-10 17:26 . 2009-02-10 17:26 <DIR> d-------- c:\program files\Trend Micro
2009-02-10 03:03 . 2009-02-10 03:03 <DIR> d-------- c:\documents and settings\localmgr\Application Data\Media Player Classic
2009-02-10 02:59 . 2009-02-10 02:59 <DIR> d-------- c:\documents and settings\localmgr\Application Data\Malwarebytes
2009-02-10 02:59 . 2009-02-10 02:59 <DIR> d-------- c:\documents and settings\localmgr\Application Data\DivX
2009-02-10 00:10 . 2009-02-10 00:10 <DIR> d-------- C:\seniorproj
2009-02-10 00:06 . 2009-02-10 00:06 <DIR> d-------- C:\DocumentsandSettings
2009-02-09 23:48 . 2009-02-09 23:48 <DIR> d-------- c:\documents and settings\localmgr\Application Data\Xilinx
2009-02-09 23:38 . 2009-02-09 23:38 <DIR> d-------- c:\documents and settings\localmgr\Application Data\MathWorks
2009-01-31 03:25 . 2009-01-31 03:25 <DIR> d-------- C:\New Folder
2009-01-25 10:13 . 2009-01-25 10:13 <DIR> d-------- c:\documents and settings\langefbd\Application Data\dvdcss
2009-01-17 16:48 . 2002-04-10 06:50 12,205 -ra------ c:\windows\system32\drivers\bnone.sys
2009-01-17 16:48 . 2002-04-10 06:57 11,683 -ra------ c:\windows\system32\drivers\bnoneldr.sys
2009-01-17 15:42 . 2009-01-17 17:28 <DIR> d-------- C:\Tcl
2009-01-17 15:42 . 2009-01-17 17:34 737,280 --a------ c:\windows\iun6002.exe
2009-01-17 15:41 . 2009-01-17 17:35 <DIR> d-------- c:\program files\FUSE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 09:31 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-16 02:26 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 08:18 --------- d-----w c:\program files\Eusing Free Registry Cleaner
2009-01-16 19:54 --------- d-----w c:\documents and settings\langefbd\Application Data\Xilinx
2009-01-15 14:41 --------- d-----w c:\documents and settings\langefbd\Application Data\CyberLink
2009-01-13 14:28 --------- d-----w c:\program files\7-Zip
2009-01-10 18:26 --------- d-----w c:\program files\Auslogics
2009-01-10 18:26 --------- d-----w c:\documents and settings\langefbd\Application Data\Auslogics
2009-01-10 17:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-10 17:06 --------- d-----w c:\program files\Bethesda Softworks
2009-01-10 17:06 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-14 01:29 52,224 ----a-w c:\windows\ipuninst.exe
2008-12-02 00:07 268,435,456 --sha-w C:\WinPEpge.sys
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll
2008-11-21 21:47 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-08-19 17:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-02-17_ 9.05.37.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-17 20:10:01 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_62c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-12-03 2356088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-22 7561216]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"FuseSysTray"="c:\program files\FUSE\bin\FuseSysTray.exe" [2004-01-23 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-14 148888]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-03-22 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-03-22 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MIT_KFW]
2007-05-02 22:59 23040 c:\windows\system32\kfwlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nortel\\Nortel VPN Client\\Extranet.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 bnone;BenOne General Purpose USB Driver (bnone.sys);c:\windows\system32\Drivers\bnone.sys [2002-04-10 12205]
R2 bnoneLoad;BenOne Firmware Loader (bnoneldr.sys);c:\windows\system32\Drivers\bnoneldr.sys [2002-04-10 11683]
R3 FUSE TCPIP;FUSE TCPIP Server;c:\program files\FUSE\bin\server.exe [2002-11-29 65536]
R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2007-09-26 157648]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-15 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2007-09-26 26137]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]


--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - BthServ
*Deregistered* - CcmExec
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - helpsvc
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - McAfeeFramework
*Deregistered* - McTaskManager
*Deregistered* - MDM
*Deregistered* - MSIServer
*Deregistered* - Net Driver HPZ12
*Deregistered* - Netlogon
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - PCIIde
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SASDIFSV
*Deregistered* - SASENUM
*Deregistered* - SASKUTIL
*Deregistered* - SCardSvr
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - ssrtln
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - tfsnboio
*Deregistered* - tfsncofs
*Deregistered* - tfsndrct
*Deregistered* - tfsndres
*Deregistered* - tfsnifs
*Deregistered* - tfsnopio
*Deregistered* - tfsnpool
*Deregistered* - tfsnudf
*Deregistered* - tfsnudfa
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - WinDefend
*Deregistered* - WinDriver6
*Deregistered* - winmgmt
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
*Deregistered* - XilinxPC4Driver

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-02-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rose-hulman.edu/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\langefbd\Application Data\Mozilla\Firefox\Profiles\6nezwuii.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 15:18:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1128)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\kfwlogon.dll
.
Completion time: 2009-02-17 15:28:15
ComboFix-quarantined-files.txt 2009-02-17 20:27:41
ComboFix2.txt 2009-02-17 14:13:00
ComboFix3.txt 2009-02-16 03:31:08

Pre-Run: 6,090,788,864 bytes free
Post-Run: 6,137,597,952 bytes free

251 --- E O F --- 2009-02-17 09:32:23

#13 langefbd

langefbd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 17 February 2009 - 04:04 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:25 PM, on 2/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rose-hulman.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FuseSysTray] C:\Program Files\FUSE\bin\FuseSysTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223484632890
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rose-hulman.edu
O17 - HKLM\Software\..\Telephony: DomainName = rose-hulman.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rose-hulman.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rose-hulman.edu,dhcp.rose-hulman.edu
O17 - HKLM\System\CS1\Services\Tcpip\..\{03EBB9F9-B098-439C-9D3A-8FEE73C73500}: NameServer = 137.112.4.196,137.112.5.28
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rose-hulman.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = rose-hulman.edu,dhcp.rose-hulman.edu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rose-hulman.edu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = rose-hulman.edu,dhcp.rose-hulman.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rose-hulman.edu,dhcp.rose-hulman.edu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: MIT_KFW - C:\WINDOWS\system32\kfwlogon.dll
O23 - Service: FUSE TCPIP Server (FUSE TCPIP) - Unknown owner - C:\Program Files\FUSE\bin\server.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: OpenAFS Client Service (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe

--
End of file - 7216 bytes

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:26 PM

Posted 17 February 2009 - 05:07 PM

Hi langefbd,

How is the computer running?

Do you know what this is?
C:\Program Files\FUSE\bin\FuseSysTray.exe Did you install it?


Please disable any running anti-virus program before running Kaspersky Online Scanner.
If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Close any open browsers

Please do a scan with Kaspersky Online Scanner

You can refer to this animation by sundavis.


Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
This scanner will only scan. It does not remove any malware it finds.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 langefbd

langefbd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 17 February 2009 - 08:32 PM

Fuse is a program that I installed for schoolwork. It is software that lets me work with an fpga programmable logic board that I'm using for a project.

My computer is definitely running better than when I first came here, but a few problems persist:

-firefox is running a little slowly(still functional for the most part)
-when i try to run any video, whether its off of my hard drive or being streamed over the internet, the audio plays at the correct speed but the video lags behind and skips
-my system tray icons are missing - makes it hard to tell whether my computer is running necessary programs such as mcafee or anti-spyware tools. also, more annyoing than anything, I can't easily check the status of my battery, sound, wireless network, etc.

none of these symptoms were present before the infection

The online scanner found no malware

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, February 17, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, February 17, 2009 22:48:44
Records in database: 1809779
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
E:\
Scan statistics
Files scanned 265753
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 00:11:27

No malware has been detected. The scan area is clean.
The selected area was scanned.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users