Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search engine popups / symantec email proxy / (trojan.awax/vundo)


  • This topic is locked This topic is locked
7 replies to this topic

#1 wishiwassleeping

wishiwassleeping

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 16 February 2009 - 01:13 AM

I've been having issues regarding viruses and malaware. The most recent are continuous pop-ups whenever certain search engines are used (specifically Google and Yahoo). In addition, earlier today my screen was filled with boxes indicating that large amounts of emails were being sent from my computer and were being scanned. The title on the box was Symantec Email Proxy. I'm not sure where the emails were being sent from, as I was not in an email system at the time; it occurred continuously from the moment my computer connected to the internet.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 0:55:14.77 on Mon 02/16/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.117 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\winlognn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\3.0M SD DSC\Console\Watch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\q01csh.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twext.exe,
BHO: c:\windows\system32\hs78344kjkfd.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hs78344kjkfd.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Internet Speed Monitor: {17bfcf1a-b579-48a7-9849-719ddd11d340} - c:\program files\grandpack\GrandPack2.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [GetModule33] c:\program files\getmodule\GetModule33.exe
uRun: [GetPack27] "c:\program files\getpack\GetPack27.exe"
uRun: [GetModule36] c:\program files\getmodule\GetModule36.exe
uRun: [A00F68B95E.exe] c:\docume~1\owner\locals~1\temp\_A00F68B95E.exe
uRun: [jsf8uiw3jnjgffght] c:\docume~1\owner\locals~1\temp\winlognn.exe
uRun: [l68988d7648v] c:\docume~1\owner\locals~1\temp\dxgedu.exe
uRun: [u015xj2m4rog8xnd3exywod8h7yzrfawoonzf0s2jdh7c81] c:\docume~1\owner\locals~1\temp\fsfqx28m.exe
uRun: [ilxvgqzvzomfqvzbovugxbg9apk7kk8] c:\docume~1\owner\locals~1\temp\g5w2jm03.exe
uRun: [lb6zn7faa5l8d6re0m0q3upa49vilsx22sh] c:\docume~1\owner\locals~1\temp\tenqste65i.exe
uRun: [xr8flgkzt664ouzil8vw0ddkhdsw80uu0ihrx3y] c:\docume~1\owner\locals~1\temp\nm64t7w.exe
uRun: [x8h8hjbhobii1r67prs3lxnicw1su3mj1qe8m1lww1uige] c:\docume~1\owner\locals~1\temp\ugjmdjnvdp6gk.exe
uRun: [m12dpbdnln7isie30ab0fbsmtzk4g41lzz7zc] c:\docume~1\owner\locals~1\temp\n1wwjo7kav0u.exe
uRun: [o5bow57ix9kiezi8tm90qpirfanccxhp6e3xioajbgjwm2nybv] c:\docume~1\owner\locals~1\temp\abpnvyat9.exe
uRun: [lzpu3eueg] c:\docume~1\owner\locals~1\temp\vrtn40.exe
uRun: [g9nt5vjx861vv4a8itj0230m7a] c:\docume~1\owner\locals~1\temp\pjmw6n8.exe
uRun: [h8y7vdxwybxo2g] c:\docume~1\owner\locals~1\temp\dd1xfx.exe
uRun: [wv9eapa0fefy0rzjh8mued11gw0es1cv3fho09wxd] c:\docume~1\owner\locals~1\temp\z642zin4z.exe
uRun: [evbwj44yn44ouf7rbu4xnr] c:\docume~1\owner\locals~1\temp\aoa14hje1v1.exe
uRun: [qjkqs2z53n2stgz4gql4] c:\docume~1\owner\locals~1\temp\pttncnc.exe
uRun: [eihk6dqrxjho2g8o568rpsl25u1twei1knss] c:\docume~1\owner\locals~1\temp\iu2wnw51vma.exe
uRun: [dfipjaja0oq56czg6se4nx27b68854vfm] c:\docume~1\owner\locals~1\temp\yrcg911.exe
uRun: [e5cnyfwgdn4x7szzc2fjow4jpzryhgt2x1u0o3857miepzvc] c:\docume~1\owner\locals~1\temp\bgi3o9woyeo.exe
uRun: [f2osypj0qkl6cr03z] c:\docume~1\owner\locals~1\temp\j24p9ik.exe
uRun: [uokycxdeenbhml0blix2tqckzvvjj9ehsori] c:\docume~1\owner\locals~1\temp\wluq3c3ybdd.exe
uRun: [qusw7yn0anjgxjmv40sos1bcs] c:\docume~1\owner\locals~1\temp\wa4lv669emt4.exe
uRun: [m50kyr4yf8oe7tw5ncdv8aqkalj5106u] c:\docume~1\owner\locals~1\temp\g2chryo84ro8.exe
uRun: [pz5pir2vr6sc7] c:\docume~1\owner\locals~1\temp\ycimo3r.exe
uRun: [rucngqpjvtpzvar] c:\docume~1\owner\locals~1\temp\v37qfrv.exe
uRun: [mgl6ftptzmma53p1dono75n7yh9ompywb3pa52q11q] c:\docume~1\owner\locals~1\temp\x4hme8z87.exe
uRun: [kcrwe3v0zjymu2z7hr7u07p6dc5] c:\docume~1\owner\locals~1\temp\hzmzvvwncf0.exe
uRun: [k1056j0odzhcvudd5oowo3vvs6oqjfllxv] c:\docume~1\owner\locals~1\temp\viblwj702loi8.exe
uRun: [hf06ge58ncemnhtezagycd5z6da5o0] c:\docume~1\owner\locals~1\temp\jwuwj7ywlm.exe
uRun: [h2b8yg1jm] c:\docume~1\owner\locals~1\temp\lqc6532x.exe
uRun: [jrkpo0tjq2taju87u6iseiq7ilj8nh5d2n0voi44] c:\docume~1\owner\locals~1\temp\vgfzdsuhqdd.exe
uRun: [wjk1iqxsopytcg39] c:\docume~1\owner\locals~1\temp\e71kre.exe
uRun: [lpkusgijcba34j] c:\docume~1\owner\locals~1\temp\be337ew.exe
uRun: [nkeomfv6yxa5zyrxjgvriz4tq1lvv4ewd4jbtba3imb] c:\docume~1\owner\locals~1\temp\p6t5adsnhm0.exe
uRun: [uw5cr0p7kmksjux] c:\docume~1\owner\locals~1\temp\u84wbhjdhjknn.exe
uRun: [qfjdps8rv4ii] c:\docume~1\owner\locals~1\temp\b7bhutdpgvj.exe
uRun: [stbe3941c12dgwbo6q5zym0r78mjwhpk0o3wkfrsw2] c:\docume~1\owner\locals~1\temp\yzl3gu8.exe
uRun: [r5nmlgp5mb7h6uu] c:\docume~1\owner\locals~1\temp\pzh2jxdf64.exe
uRun: [e4dbe0pbi53klvo2q8tjetcug4c6sl6j54] c:\docume~1\owner\locals~1\temp\t64enomo2r.exe
uRun: [j4ltxc4dy1urjinfb] c:\docume~1\owner\locals~1\temp\c53ebd.exe
uRun: [rrvhqsmgszfibn2htryr6h31aj96oqt] c:\docume~1\owner\locals~1\temp\fd6papld00pp8.exe
uRun: [ibinns00alnz] c:\docume~1\owner\locals~1\temp\jf9hr4t24.exe
uRun: [elbnno97tdpg4ov783au0ud2ng25obrgmpgp6] c:\docume~1\owner\locals~1\temp\w2z31q.exe
uRun: [t6pyrkf1xvyea7ufhd440dzvpmycxl2h34ccut9twrev6it] c:\docume~1\owner\locals~1\temp\czs9x15es.exe
uRun: [rk4mxx6cddpejqlku2bhd] c:\docume~1\owner\locals~1\temp\wop73po.exe
uRun: [p4pjct9l3ffw1qwyhot2ve4anfec382k2ga] c:\docume~1\owner\locals~1\temp\xrdnv3wck4ph.exe
uRun: [agotbf03xt5iiowy1sumcp1y8qav3yj] c:\docume~1\owner\locals~1\temp\kvqckt.exe
uRun: [qvhefptjmuk1ab4rk7w5drt6blzq9ivdgg] c:\docume~1\owner\locals~1\temp\vq3rwmsqig.exe
uRun: [v18mksy8gl01708njdewspaczsch0] c:\docume~1\owner\locals~1\temp\d2g6pf.exe
uRun: [o3muejam2fo] c:\docume~1\owner\locals~1\temp\mvs4sap.exe
uRun: [wrcca706qzwkswpnncfbz5rnsn] c:\docume~1\owner\locals~1\temp\igfxak9yrz3.exe
uRun: [xnmb66v07m2f03yy893n] c:\docume~1\owner\locals~1\temp\x184xmafgz025.exe
uRun: [qy39o2di15bqd58bdkmiodrwwewu8] c:\docume~1\owner\locals~1\temp\m0boi8.exe
uRun: [xsz3yiyqfyjaecn5u0l] c:\docume~1\owner\locals~1\temp\nd1ipkhmt.exe
uRun: [thh1443prx18ikqn84n2g2sa4ina266jumc6dd] c:\docume~1\owner\locals~1\temp\hb7i11oxr.exe
uRun: [le3lwk6g59zgu0povnprwcyttkp8g0lv1dbs] c:\docume~1\owner\locals~1\temp\s0wcv5y7wmfzr.exe
uRun: [nbz5qso380vsto4xojh] c:\docume~1\owner\locals~1\temp\g1mxejkw8fd9.exe
uRun: [ilw30z7ptxj2vdy9sso3hwj2ki9ckl5] c:\docume~1\owner\locals~1\temp\iwz1qogt.exe
uRun: [vvbzcq98vw2z46nvimph] c:\docume~1\owner\locals~1\temp\bruvuzssjtyen.exe
uRun: [rcsqf6hca1k7k] c:\docume~1\owner\locals~1\temp\myje0pmsjae.exe
uRun: [gin4fkxey74lfeyuqkkk49rq] c:\docume~1\owner\locals~1\temp\kaepzb7o.exe
uRun: [nl1gww1494e7uzyyhrbnr8prwcriey1hiy] c:\docume~1\owner\locals~1\temp\m2eqvvnymbinw.exe
uRun: [m31u7cpfs1gp5qijp] c:\docume~1\owner\locals~1\temp\k60u7ra2mhkbf.exe
uRun: [mj9hk38vd169ntgja3not6b3r3inws932ymxuraicgxku39] c:\docume~1\owner\locals~1\temp\e6daabyz.exe
uRun: [x253qwboe6mqllbow4op5uv7x7zc1s1wlck8mt5bhtws] c:\docume~1\owner\locals~1\temp\kxmykkz0.exe
uRun: [vgyrlx2srcp5c6x4] c:\docume~1\owner\locals~1\temp\iwpzpghqx.exe
uRun: [df0a103kumzaf5] c:\docume~1\owner\locals~1\temp\dh5qqyuc.exe
uRun: [bhdp51enibhqm3n9y893gi9m3bambk2exot1z4fpoc1k2tn] c:\docume~1\owner\locals~1\temp\brbcofv3kpl.exe
uRun: [t42pbzd08fkvq98byctfri] c:\docume~1\owner\locals~1\temp\ezlog9fenyiy.exe
uRun: [id0j7kdkzhxduu] c:\docume~1\owner\locals~1\temp\x5a38rcs.exe
uRun: [y16nqx19jvge] c:\docume~1\owner\locals~1\temp\sdhwotdcm56g.exe
uRun: [ah24fzlwygiabcfq8p67nx2i4ichsfe6wwhdixouqze7ada1o] c:\docume~1\owner\locals~1\temp\d87rli1976r.exe
uRun: [g9oz2ozw68wmu1usd5hzx6n4byp6s6jdqc38gq41n] c:\docume~1\owner\locals~1\temp\c09ucdrfz7b2i.exe
uRun: [afzraxg2pyfqb24mucs033ezc6f4669esdgarlacg] c:\docume~1\owner\locals~1\temp\igjhpo63.exe
uRun: [hzjtn1341] c:\docume~1\owner\locals~1\temp\j4cwp2c00d2fi.exe
uRun: [k1eujxdb954zfyau74bjq0kz80idssq4tr1] c:\docume~1\owner\locals~1\temp\za8va2jpc8y.exe
uRun: [rsqkrdur6j8r3e0q38x40k8jyiix9ltbmr92jlz093n5prlakw] c:\docume~1\owner\locals~1\temp\hrbx5b2z.exe
uRun: [xjqrwks09revcu76x1lg9xmchsx2rchqxjd0mwbgptybtv3l9] c:\docume~1\owner\locals~1\temp\ftr5ptf.exe
uRun: [z3xhy1g12jpwmqqz7wmhfdn3o47deis6irnz64nhb0d6jeyi] c:\docume~1\owner\locals~1\temp\r9ks3xsoy0.exe
uRun: [eb9ymt0dqjd9c22rkhovzgg8d] c:\docume~1\owner\locals~1\temp\usxpoae0juo03.exe
uRun: [nozha6j3kc7wy] c:\docume~1\owner\locals~1\temp\uxtpi45.exe
uRun: [spd4z4t9252o3jaw] c:\docume~1\owner\locals~1\temp\zr4fu1xzxon.exe
uRun: [tye8k1z3g] c:\docume~1\owner\locals~1\temp\a4htxhy07he.exe
uRun: [q91c4f89gpho57xxy3jb13b3xz44780zspjpyjek27lhmhccq] c:\docume~1\owner\locals~1\temp\izbr9a0.exe
uRun: [tdtpu43avgy9vkr7tx9hyb] c:\docume~1\owner\locals~1\temp\s6r76l1l0.exe
uRun: [f1uzy0q0wgnpzrt303qsty9sgljf] c:\docume~1\owner\locals~1\temp\jnyayawyphk.exe
uRun: [o3kw0axjkgoz] c:\docume~1\owner\locals~1\temp\p9bye6p9v.exe
uRun: [s6dtrdwtmymg3] c:\docume~1\owner\locals~1\temp\rng69s6cgwvl.exe
uRun: [uadxj63md7e] c:\docume~1\owner\locals~1\temp\itdnfxphp6.exe
uRun: [gbwlmfloyn416] c:\docume~1\owner\locals~1\temp\ku6jeetz1gou.exe
uRun: [wo7qw8a6poh8gatqron20jxdlo0avm] c:\docume~1\owner\locals~1\temp\il691h.exe
uRun: [uqaj5l8brgcr5mow997cgjprvq2fs] c:\docume~1\owner\locals~1\temp\bbdm63.exe
uRun: [e6umvtjnzawszi7gn67yam6z37d7urw] c:\docume~1\owner\locals~1\temp\xpswv1.exe
uRun: [zcoyiw940s00b] c:\docume~1\owner\locals~1\temp\zq2suiu0.exe
uRun: [rz2roxve2pcy93upbguts09q9i] c:\docume~1\owner\locals~1\temp\f37ocjt.exe
uRun: [s5y35ubskhqpg7bmywg4p6a2] c:\docume~1\owner\locals~1\temp\xa03b4i2zo0i.exe
uRun: [u8sapsprtqvzbxe1kaffoobgwwc514v8ivun0zr6dpbas] c:\docume~1\owner\locals~1\temp\u36844.exe
uRun: [knn5hxo35tlq0uhh5yce5mc510fxh2dh8utnl] c:\docume~1\owner\locals~1\temp\x7j5cv7zsarho.exe
uRun: [oxnwu5943ebst1v6vob8psel7lry64unfu94my] c:\docume~1\owner\locals~1\temp\v0pratpq.exe
uRun: [ihrvbc1l6fiyh6rhlw49v02d9922] c:\docume~1\owner\locals~1\temp\tzssw87za.exe
uRun: [zzb5h7f0r3y3zx69vjltw4425guogrj80qtqcit50kna] c:\docume~1\owner\locals~1\temp\no26n9ccvv.exe
uRun: [r5oer5mc3wl94hst] c:\docume~1\owner\locals~1\temp\rklg1m6e05y.exe
uRun: [gzm4xic7jqk9z6su2zgcyel] c:\docume~1\owner\locals~1\temp\gby5r921.exe
uRun: [qxcffg8c1nmaymkemkfbfvzb79bjxifr58dxcjrcl8] c:\docume~1\owner\locals~1\temp\dsop1rvcek.exe
uRun: [wj8ek50ju8n8zihezprq6g3ylh2a4w] c:\docume~1\owner\locals~1\temp\t4l68tgo6h0.exe
uRun: [kdnz58cewkfqx6jygfsy84a9v2qlhf2a0] c:\docume~1\owner\locals~1\temp\ibgg2cm2eh3i.exe
uRun: [wk5ffmq0ktrjsjzktcs8gm] c:\docume~1\owner\locals~1\temp\soxel8ipn.exe
uRun: [b12vhvyazla7oupzsrlxq0s0wo6twdouwytmgejth1uhkkdkmy] c:\docume~1\owner\locals~1\temp\omqjppwc.exe
uRun: [isgq1m8fn] c:\docume~1\owner\locals~1\temp\rjdcam1zgw.exe
uRun: [pnwkfifmuplhliiue] c:\docume~1\owner\locals~1\temp\te3q6zryj.exe
uRun: [r2edxsd2ngumk4] c:\docume~1\owner\locals~1\temp\kp2r24.exe
uRun: [jt8jlfva382l9wep5] c:\docume~1\owner\locals~1\temp\f2s48n4bw.exe
uRun: [zscow40ebg66wfd3a7w7f] c:\docume~1\owner\locals~1\temp\vc284bymc.exe
uRun: [bsmvriycl46kij2e] c:\docume~1\owner\locals~1\temp\hxvf8wg7at4.exe
uRun: [zx5fkny8gci] c:\docume~1\owner\locals~1\temp\o7o23atzzv3.exe
uRun: [jj7yjeyt36j5hnjjut] c:\docume~1\owner\locals~1\temp\i4ou8am0.exe
uRun: [c12i75av3hjoycmz94y33k0wmoal] c:\docume~1\owner\locals~1\temp\zqaxut835bpz.exe
uRun: [t4fii9eew9atlccly4vjtbfc52eakw66z9bxg6] c:\docume~1\owner\locals~1\temp\ifbwjef.exe
uRun: [n9d7ey4cg99ebt3p86bq9lvhkz9nycrlq4zhj] c:\docume~1\owner\locals~1\temp\tze65ga.exe
uRun: [blnp3rk09w07crs4z4q444zso8z80p180accyi0ar34g6] c:\docume~1\owner\locals~1\temp\tfx8p7gb.exe
uRun: [iohurapg641scqwbc] c:\docume~1\owner\locals~1\temp\jj3ulyhc.exe
uRun: [m47r4ln1vqieg9qayj12005fiz7am] c:\docume~1\owner\locals~1\temp\uegsihx54jr6.exe
uRun: [yb0r0hgl4jp37p47omlm] c:\docume~1\owner\locals~1\temp\pudg8srmo0m1.exe
uRun: [ph9p92cm6etca52nv456] c:\docume~1\owner\locals~1\temp\kfto9a4pc6k.exe
uRun: [a5ppuh1zu0uznj3sjy4dndmf28] c:\docume~1\owner\locals~1\temp\c9do4f0mua6u0.exe
uRun: [d4tcn7u38q] c:\docume~1\owner\locals~1\temp\efjkgqvyy.exe
uRun: [feq3csslrn5zzrkbuknk3uc311] c:\docume~1\owner\locals~1\temp\ru2bcd4y44.exe
uRun: [xd6epy7ng5h9e1fh5y0bdo5inhixpjn5kkttresk] c:\docume~1\owner\locals~1\temp\hwrqh024ry.exe
uRun: [oqtn7uy4ga2hqiwn0otgb08mkd4a] c:\docume~1\owner\locals~1\temp\zau9jamn1.exe
uRun: [olj24sfp6wnednncpz] c:\docume~1\owner\locals~1\temp\zq0vz5p.exe
uRun: [td7t4v59ljm80q274xg7e1pacameag6wwv94h2gns6rlin4le9] c:\docume~1\owner\locals~1\temp\jjcbqafynci.exe
uRun: [y55z174zvjr14f9sfopvv34m9q8om4kd9ylqj1jd3] c:\docume~1\owner\locals~1\temp\zp8aua5ng.exe
uRun: [s6gu3ofp8nvmlckdkiew] c:\docume~1\owner\locals~1\temp\dgqm46hz3.exe
uRun: [igmfmqhxxorpq0o0o3q329ln] c:\docume~1\owner\locals~1\temp\rxmp6ceb6.exe
uRun: [lncw7c8cadhopfh879thg] c:\docume~1\owner\locals~1\temp\nx70d0fkna.exe
uRun: [lxolledg5y75brsfk7zx9u77ntl57u75oy] c:\docume~1\owner\locals~1\temp\hpupj0.exe
uRun: [mfczso8ct9cq8z21odc46vjyoqk6l] c:\docume~1\owner\locals~1\temp\xx8owgomw48q.exe
uRun: [sudbtet55ua4fvixv7jr7gk0swi1ig] c:\docume~1\owner\locals~1\temp\o29lytr9w415.exe
uRun: [w3y1xahpil4] c:\docume~1\owner\locals~1\temp\twu21krny.exe
uRun: [yseentzh6qjkmkwvn5nvg3p0izmes4] c:\docume~1\owner\locals~1\temp\gsnd3szrek1ru.exe
uRun: [qmp3tf2wrtvvhgpmgi4axehgqovij1uvrgc0xmnofyxp870bh] c:\docume~1\owner\locals~1\temp\hfvr8t.exe
uRun: [ncp90ggdzppfouhgc8mnkz] c:\docume~1\owner\locals~1\temp\xevuy25.exe
uRun: [rm8xhmacpojreirr80mngf43dt7lkpm3sj5lm4ww6p1fr] c:\docume~1\owner\locals~1\temp\kse3eq22m.exe
uRun: [b4gwdlq6xxt47dggfa48u2w1focfw] c:\docume~1\owner\locals~1\temp\qex8l3xtna10h.exe
uRun: [hlho1jie1zjnygjxi] c:\docume~1\owner\locals~1\temp\hc9huq805.exe
uRun: [emfsitfelt2k3oikx] c:\docume~1\owner\locals~1\temp\y87ii7.exe
uRun: [muzaa0mo9z1wnmkhm0etftyufve] c:\docume~1\owner\locals~1\temp\xb9kkv9j72.exe
uRun: [t3tome3peuu1i38rl2uze4mmo331ize873zgf] c:\docume~1\owner\locals~1\temp\p3d28b825ygcg.exe
uRun: [w1lxqah1dls6in8f2] c:\docume~1\owner\locals~1\temp\q01csh.exe
uRun: [kqg81m1h48dt80kb4i7hp7v] c:\docume~1\owner\locals~1\temp\uaummyn9znm.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [_AntiSpyware] c:\program files\mcafee\mcafee antispyware\MssCli.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CPM07e49c47] Rundll32.exe "c:\windows\system32\lijaduhi.dll",a
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [jsf8uiw3jnjgffght] c:\docume~1\owner\locals~1\temp\winlognn.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9d.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\watch.lnk - c:\program files\3.0m sd dsc\console\Watch.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
Notify: cbXQkklj - cbXQkklj.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: rqRHwVml - rqRHwVml.dll
Notify: __c0059724 - c:\windows\system32\__c0059724.dat
AppInit_DLLs: c:\windows\system32\jefiyuna.dll c:\windows\system32\lijaduhi.dll uxqvvw.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lijaduhi.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\lijaduhi.dll
STS: c:\windows\system32\hs78344kjkfd.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hs78344kjkfd.dll
SEH: McAfee AntiSpyware Shell Extension: {f2a0229a-c4ca-4789-b606-973d24dcdd1c} - c:\program files\mcafee\mcafee antispyware\MssShell.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\cbXQkklj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\xxywVpME
LSA: Notification Packages = scecli c:\windows\system32\jefiyuna.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\enqhxrxk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ujiko.com/v2a/flash.php?langue=en
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\enqhxrxk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-7-11 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-7-11 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-7-11 242808]
R2 McAfeeAntiSpyware;McAfee AntiSpyware Real-Time Scanner;c:\program files\mcafee\mcafee antispyware\Msssrv.exe [2004-11-17 110592]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-7-11 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-7-11 1258712]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-1 45132]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090213.003\naveng.sys [2009-2-14 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090213.003\navex15.sys [2009-2-14 876112]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-7-11 87160]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2007-9-18 249856]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-7-11 169192]

=============== Created Last 30 ================

2009-02-15 13:27 54,784 a------- c:\windows\system32\17.tmp
2009-02-15 13:27 1 a------- c:\windows\system32\16.tmp
2009-02-15 13:27 84 a------- c:\windows\system32\15.tmp
2009-02-15 13:27 5,189 a------- c:\windows\system32\uacinit.dll
2009-02-15 13:27 81,920 a------- c:\windows\system32\UACbborlpir.dll
2009-02-15 13:27 27,136 a------- c:\windows\system32\UACuwqbavbw.dll
2009-02-15 13:27 127 a------- c:\windows\system32\UACdppkklyp.dat
2009-02-15 13:27 31,232 a------- c:\windows\system32\UACqjduxfmu.dll
2009-02-15 13:26 99,696 a------- c:\windows\system32\drivers\af18bbd1.sys
2009-02-15 13:26 39,936 a------- C:\xyephkl.exe
2009-02-15 13:26 2 a------- C:\81244020
2009-02-15 13:26 15,000 a------- c:\windows\system32\hs78344kjkfd.dll
2009-02-15 13:26 60,928 a------- C:\cwxwwgtl.exe
2009-02-15 13:26 72,704 a------- c:\windows\system32\gwisdqaa.dll
2009-02-15 13:25 129,024 a------- c:\windows\system32\uxqvvw.dll
2009-02-15 13:25 129,024 a------- c:\windows\system32\nkqwlaae.dll
2009-02-14 20:39 129,024 a------- c:\windows\system32\mlivlo.dll
2009-02-14 20:39 129,024 a------- c:\windows\system32\ltwaebxx.dll
2009-02-14 20:36 1,583,467 a--sh--- c:\windows\system32\lkpqwodq.ini
2009-02-14 20:36 72,704 a------- c:\windows\system32\qdowqpkl.dll
2009-02-14 08:39 129,024 a------- c:\windows\system32\diquoa.dll
2009-02-14 08:39 129,024 a------- c:\windows\system32\acmruxph.dll
2009-02-14 08:36 1,583,467 a--sh--- c:\windows\system32\adjbuahs.ini
2009-02-13 08:38 129,024 a------- c:\windows\system32\qdpudr.dll
2009-02-13 08:38 129,024 a------- c:\windows\system32\luejiwof.dll
2009-02-13 08:35 1,581,740 a--sh--- c:\windows\system32\cajdirsw.ini
2009-02-13 08:35 72,704 a------- c:\windows\system32\wsridjac.dll
2009-02-13 00:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-02-12 08:38 129,024 a------- c:\windows\system32\uaxotr.dll
2009-02-12 08:38 129,024 a------- c:\windows\system32\ipvtfita.dll
2009-02-12 08:35 1,544,555 a--sh--- c:\windows\system32\qyiutxmo.ini
2009-02-11 09:41 129,024 a------- c:\windows\system32\eyvrri.dll
2009-02-11 09:41 129,024 a------- c:\windows\system32\gwgrcokm.dll
2009-02-11 09:38 1,532,908 a--sh--- c:\windows\system32\bhqfavlh.ini
2009-02-10 18:50 <DIR> --d----- c:\docume~1\owner\applic~1\OpenOffice.org
2009-02-10 18:44 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-02-10 09:39 129,024 a------- c:\windows\system32\krbtqy.dll
2009-02-10 09:39 129,024 a------- c:\windows\system32\ccissxrd.dll
2009-02-10 09:38 1,530,381 a--sh--- c:\windows\system32\vgxlwkok.ini
2009-02-10 09:38 72,704 a------- c:\windows\system32\kokwlxgv.dll
2009-02-09 17:57 129,024 a------- c:\windows\system32\bqawpg.dll
2009-02-09 17:57 129,024 a------- c:\windows\system32\uwogngds.dll
2009-02-09 17:54 1,551,683 a--sh--- c:\windows\system32\mlcjcgls.ini
2009-02-08 17:54 129,024 a------- c:\windows\system32\aloeedim.dll
2009-02-08 17:52 1,569,641 a--sh--- c:\windows\system32\iueqedmb.ini
2009-02-08 17:52 72,704 a------- c:\windows\system32\bmdeqeui.dll
2009-02-06 12:18 129,024 a------- c:\windows\system32\fnebxx.dll
2009-02-06 12:18 129,024 a------- c:\windows\system32\aokpvftd.dll
2009-02-06 12:15 1,563,061 a--sh--- c:\windows\system32\qehuxcaa.ini
2009-02-06 12:15 72,704 a------- c:\windows\system32\aacxuheq.dll
2009-02-06 04:32 995,328 a------- c:\windows\system32\__c00BE1F9.exe
2009-02-05 12:15 1,558,506 a--sh--- c:\windows\system32\wairktan.ini
2009-02-05 12:13 129,024 a------- c:\windows\system32\vmqbldca.dll
2009-02-04 12:15 1,536,827 a--sh--- c:\windows\system32\uqfyyddm.ini
2009-02-04 12:12 129,024 a------- c:\windows\system32\jdcjwmsk.dll
2009-02-04 05:02 36,352 a------- c:\windows\system32\tuVpPFYo.dll
2009-02-03 12:14 129,024 a------- c:\windows\system32\ljxicq.dll
2009-02-03 12:14 129,024 a------- c:\windows\system32\rweaoboh.dll
2009-02-03 12:11 1,543,846 a--sh--- c:\windows\system32\xeieicpp.ini
2009-02-03 12:11 72,704 a------- c:\windows\system32\ppcieiex.dll
2009-02-03 02:36 36,352 a------- c:\windows\system32\ljJCtssQ.dll
2009-02-03 02:36 36,352 a------- c:\windows\system32\awtttsqO.dll
2009-02-03 00:24 129,024 a------- c:\windows\system32\shieqo.dll
2009-02-03 00:22 1,527,548 a--sh--- c:\windows\system32\qtaspnlb.ini
2009-02-02 02:18 36,352 a------- c:\windows\system32\jkkLCroN.dll
2009-02-02 02:18 198,706 a------- c:\windows\system32\wpv141233435391.cpx
2009-02-01 23:13 36,352 a------- c:\windows\system32\efcCttrR.dll
2009-02-01 23:13 36,352 a------- c:\windows\system32\tuvUOEVN.dll
2009-02-01 22:32 36,352 a------- c:\windows\system32\rqRJAsrQ.dll
2009-02-01 12:10 129,024 a------- c:\windows\system32\rdngaw.dll
2009-02-01 12:10 129,024 a------- c:\windows\system32\gvyvaebp.dll
2009-02-01 12:07 1,527,548 a--sh--- c:\windows\system32\gggofryl.ini
2009-01-31 12:10 1,483,060 a--sh--- c:\windows\system32\ykvcijrd.ini
2009-01-31 12:07 129,024 a------- c:\windows\system32\bzbgca.dll
2009-01-31 12:07 129,024 a------- c:\windows\system32\wscsidxd.dll
2009-01-30 12:10 129,024 a------- c:\windows\system32\asqszz.dll
2009-01-30 12:10 129,024 a------- c:\windows\system32\ixcvycnt.dll
2009-01-30 12:07 1,483,060 a--sh--- c:\windows\system32\oyasknac.ini
2009-01-29 12:10 1,483,063 a--sh--- c:\windows\system32\mrmoxhlh.ini
2009-01-29 12:07 129,024 a------- c:\windows\system32\tmrvxrym.dll
2009-01-28 12:08 129,024 a------- c:\windows\system32\pgxtcitx.dll
2009-01-28 12:05 1,529,507 a--sh--- c:\windows\system32\obadclpp.ini
2009-01-27 12:05 1,526,666 a--sh--- c:\windows\system32\thtbdhbq.ini
2009-01-26 12:05 129,024 a------- c:\windows\system32\owvmdcjh.dll
2009-01-26 12:04 1,526,666 a--sh--- c:\windows\system32\ixgmngjq.ini
2009-01-25 10:39 129,024 a------- c:\windows\system32\hitjvetm.dll
2009-01-25 10:36 1,525,122 a--sh--- c:\windows\system32\mjrarugl.ini
2009-01-24 10:36 129,024 a------- c:\windows\system32\uzagjc.dll
2009-01-24 10:36 129,024 a------- c:\windows\system32\ngibkkyw.dll
2009-01-24 10:35 1,434,061 a--sh--- c:\windows\system32\rhyrkgpw.ini
2009-01-24 10:35 72,704 a------- c:\windows\system32\wpgkryhr.dll
2009-01-23 10:15 129,024 a------- c:\windows\system32\hyjxmqml.dll
2009-01-23 10:12 1,434,061 a--sh--- c:\windows\system32\qvblblbj.ini
2009-01-22 10:13 129,024 a------- c:\windows\system32\ndfqtbda.dll
2009-01-22 10:10 1,434,638 a--sh--- c:\windows\system32\beyvnnyi.ini
2009-01-21 10:10 1,434,638 a--sh--- c:\windows\system32\ytbvrptq.ini
2009-01-21 10:09 129,024 a------- c:\windows\system32\trxqgelu.dll
2009-01-20 16:11 129,024 a------- c:\windows\system32\hnoxdn.dll
2009-01-20 16:11 129,024 a------- c:\windows\system32\omktvwyf.dll
2009-01-20 16:08 1,432,143 a--sh--- c:\windows\system32\osxsqpuy.ini
2009-01-19 16:09 129,024 a------- c:\windows\system32\apofzq.dll
2009-01-19 16:09 129,024 a------- c:\windows\system32\iotfqjdt.dll
2009-01-19 16:08 1,406,503 a--sh--- c:\windows\system32\miymikir.ini
2009-01-19 16:08 72,704 a------- c:\windows\system32\rikimyim.dll
2009-01-18 19:16 129,024 a------- c:\windows\system32\wlflsr.dll
2009-01-18 19:16 129,024 a------- c:\windows\system32\prrhsdru.dll
2009-01-18 19:13 1,403,021 a--sh--- c:\windows\system32\nwdqbxgq.ini
2009-01-18 19:13 72,704 a------- c:\windows\system32\qgxbqdwn.dll
2009-01-17 19:47 36,352 a------- c:\windows\system32\ssqOEWMg.dll
2009-01-17 19:46 191,103 a------- c:\windows\system32\wpv531232083525.cpx
2009-01-17 03:31 1,402,999 a--sh--- c:\windows\system32\ihsxoiul.ini
2009-01-17 03:30 129,024 a------- c:\windows\system32\jmfhda.dll
2009-01-17 03:30 129,024 a------- c:\windows\system32\linsxvws.dll

==================== Find3M ====================

2009-02-15 13:23 43,270 a--sh--- c:\windows\system32\EMpVwyxx.ini2
2009-02-11 22:39 10,908 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2009-01-16 14:14 129,024 a------- c:\windows\system32\wmtcyr.dll
2009-01-16 14:14 129,024 a------- c:\windows\system32\sfdwpjno.dll
2009-01-15 12:47 129,024 a------- c:\windows\system32\scwdzc.dll
2009-01-15 12:47 129,024 a------- c:\windows\system32\fbpbuuny.dll
2009-01-14 11:36 129,024 a------- c:\windows\system32\haxmcxlm.dll
2009-01-14 11:36 129,024 a------- c:\windows\system32\djpubh.dll
2009-01-13 09:42 129,024 a------- c:\windows\system32\udqzcd.dll
2009-01-13 09:42 129,024 a------- c:\windows\system32\lhgybyir.dll
2009-01-13 09:41 72,704 a------- c:\windows\system32\vttatsst.dll
2009-01-13 00:24 129,024 a------- c:\windows\system32\lyxvydpe.dll
2009-01-13 00:24 129,024 a------- c:\windows\system32\lgcawz.dll
2009-01-13 00:21 72,704 a------- c:\windows\system32\fxprpbkp.dll
2009-01-12 13:27 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-12 00:22 129,024 a------- c:\windows\system32\qiirpm.dll
2009-01-12 00:22 129,024 a------- c:\windows\system32\mgqivxnn.dll
2009-01-12 00:21 72,704 a------- c:\windows\system32\foekannb.dll
2009-01-10 23:45 129,024 a------- c:\windows\system32\ufkoue.dll
2009-01-10 23:45 129,024 a------- c:\windows\system32\cwlwlmwv.dll
2009-01-10 23:42 302,592 a------- c:\windows\system32\xxywVpME.dll.vir
2008-12-16 14:00 8,628 a---h--- c:\program files\DOWNLOAD.GID
2007-09-24 21:51 242 a------- c:\program files\Camera.Ini
2002-07-22 11:04 106,496 a------- c:\program files\PEXVideo.dll
2002-07-22 11:03 110,592 a------- c:\program files\u32File.dll
2002-07-16 11:39 1,572,864 a------- c:\program files\Pex.exe
2001-07-25 10:10 364,544 a------- c:\program files\ExpWeb.dll
2001-07-24 10:26 110,592 a------- c:\program files\u32Prod.dll
2001-07-24 10:22 466,944 a------- c:\program files\WebPageOutput.dll
2001-07-24 10:17 32,768 a------- c:\program files\VfwPluin.dll
2001-07-24 10:09 163,840 a------- c:\program files\eViewer.exe
2001-07-24 10:08 98,304 a------- c:\program files\embview.dll
2001-07-09 11:21 21,916 a------- c:\program files\CAPMGR.HLP
2001-06-06 16:39 36,864 a------- c:\program files\CapMgr.dll
2001-02-08 09:33 118,784 a------- c:\program files\AutoRen.dll
2001-02-06 09:24 57,344 a------- c:\program files\upload1.dll
2001-02-06 09:24 102,400 a------- c:\program files\PexSlide.dll
2001-01-17 18:33 5,196 ----h--- c:\program files\U32FILE.CFG
2001-01-17 17:35 151,552 a------- c:\program files\uEdtTool.dll
2001-01-17 17:35 28,672 a------- c:\program files\urotate.dll
2001-01-17 17:35 77,824 a------- c:\program files\UCrop.dll
2001-01-17 17:35 45,056 a------- c:\program files\uclrbaln.dll
2001-01-17 17:35 69,632 a------- c:\program files\ubrincon.dll
2001-01-17 17:35 36,864 a------- c:\program files\uoacomm.dll
2001-01-17 17:35 24,576 a------- c:\program files\uoares.dll
2001-01-17 17:34 675,840 a------- c:\program files\Uipares.dll
2001-01-17 17:34 249,856 a------- c:\program files\Drop.exe
2001-01-17 17:32 24,576 a------- c:\program files\MailAPI.dll
2001-01-17 17:31 28,672 a------- c:\program files\pexDesc.dll
2001-01-17 17:31 57,344 a------- c:\program files\u32opas.dll
2001-01-17 17:31 32,768 a------- c:\program files\OPASMgr.dll
2001-01-17 17:31 122,880 a------- c:\program files\DSCWzrd.dll
2001-01-17 17:31 81,920 a------- c:\program files\download.dll
2001-01-17 17:30 65,536 a------- c:\program files\AddStamp.dll
2001-01-17 17:30 45,056 a------- c:\program files\ExifLib.dll
2001-01-17 17:30 36,864 a------- c:\program files\pexBuf.dll
2001-01-17 17:29 45,056 a------- c:\program files\u32xView.dll
2001-01-17 17:29 143,419 a------- c:\program files\unzip32.dll
2001-01-17 17:29 102,400 a------- c:\program files\U32wallp.dll
2001-01-17 17:24 61,440 a------- c:\program files\U32zlib.dll
2001-01-17 17:24 24,576 a------- c:\program files\uGifLib.dll
2001-01-17 17:24 20,480 a------- c:\program files\uLzwLib.dll
2001-01-17 17:24 57,344 a------- c:\program files\u32scan.dll
2001-01-17 17:23 32,768 a------- c:\program files\scanres.dll
2001-01-17 17:23 98,304 a------- c:\program files\u32Tx.dll
2001-01-17 17:22 40,960 a------- c:\program files\u32Tu.dll
2001-01-17 17:22 106,496 a------- c:\program files\u32Print.dll
2001-01-17 17:22 221,184 a------- c:\program files\u32Fido.dll
2001-01-17 17:21 122,880 a------- c:\program files\u32Fe.dll
2001-01-17 17:21 147,456 a------- c:\program files\u32Cvt.dll
2001-01-17 17:20 110,592 a------- c:\program files\u32Clips.dll
2001-01-17 17:19 188,416 a------- c:\program files\uJpgLib.dll
2001-01-17 17:19 53,248 a------- c:\program files\u32Cfg.dll
2001-01-17 17:19 20,480 a------- c:\program files\u32sn.dll
2001-01-17 17:19 45,056 a------- c:\program files\u32Brows.dll
2001-01-17 17:19 32,768 a------- c:\program files\u32Misc.dll
2001-01-17 17:19 225,280 a------- c:\program files\u32Base.dll
2001-01-17 17:18 94,208 a------- c:\program files\u32Comm.dll
2000-11-29 14:20 491,370 a------- c:\program files\PEX.HLP
2000-10-24 13:56 83,918 a------- c:\program files\EVIEWER.HLP
2000-10-23 11:38 448 a------- c:\program files\AdjustImage.dat
2000-10-19 18:07 262,416 a------- c:\program files\wmvds32.ax
2000-10-19 14:33 4,710 a------- c:\program files\pex.ico
2000-10-18 10:08 15,633 a------- c:\program files\Pex.cnt
2000-10-16 15:08 27,121 a------- c:\program files\PEXVIDEO.HLP
2000-10-14 16:49 14,633 a------- c:\program files\PEXSLIDE.HLP
2000-10-14 16:48 13,937 a------- c:\program files\DSCWZRD.HLP
2000-10-14 16:47 21,017 a------- c:\program files\AutoRen.hlp
2000-10-14 16:46 17,774 a------- c:\program files\ADJUSTIMAGE.HLP
2000-10-06 15:58 2,324,498 a------- c:\program files\SCANNER.HLP
2000-10-06 15:41 27,719 a------- c:\program files\WEBPAGEOUTPUT.HLP
2000-10-06 15:34 21,397 a------- c:\program files\DROP.HLP
2000-10-06 15:25 17,251 a------- c:\program files\DOWNLOAD.HLP
2000-10-06 15:24 17,416 a------- c:\program files\DB.HLP
2000-10-06 15:22 10,002 a------- c:\program files\cleanBKN.hlp
2000-10-06 15:15 12,497 a------- c:\program files\AddStamp.hlp
2000-09-27 15:25 5,357 a------- c:\program files\SCANNER.CNT
1999-08-28 10:16 77,824 a------- c:\program files\Olreg.exe
1999-06-15 17:13 28,672 a------- c:\program files\AutoLoad.exe
1996-09-11 13:33:04 A------- 48,640 c:\program files\INETWH32.dll
2008-09-23 14:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 0:57:31.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:11:50 PM

Posted 16 February 2009 - 09:29 AM

Hello, wishiwassleeping

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

If you do not make a reply in 5 days, we will have to close your topic.


You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.


I need some time to look over your log, I will post back soon.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#3 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:11:50 PM

Posted 18 February 2009 - 05:23 AM

Hello,

ATF Cleaner

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

ComboFix

Please download ComboFix from one of these locations (if you already have ComboFix, then delete it and download again) :

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. See this topic to find out how to disable your antivirus and firewall (post #1 and #2).
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

NOTE**ComboFix was intended to be used under the supervision of a helper, not for general use. This is a powerful tool which can permanently damage your computer.

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

ReScan

Please rescan with DDS and post DDS.txt


In your next reply, please post:
  • ComboFix log
  • DDS log

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#4 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:11:50 PM

Posted 19 February 2009 - 03:27 PM

Hello are you there?
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#5 wishiwassleeping

wishiwassleeping
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 20 February 2009 - 10:34 AM

I am still here, sorry. I rant the ATF cleaner.
I tried to run ComboFix, but it never produced a log, it just kept running for hours. Now when I start up my computer the explorer.exe doesn't start up automatically. I no longer have popup appear when I use a search engine, but there are still a lot of trojans being detected. Please let me know what other information you need.

#6 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:11:50 PM

Posted 20 February 2009 - 02:57 PM

Hello,

Hm, ok please do the following:



ComboFix - Safe Mode

Please download ComboFix from one of these locations (if you already have ComboFix, then delete it and download again) :

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. See this topic to find out how to disable your antivirus and firewall (post #1 and #2).
Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

NOTE**ComboFix was intended to be used under the supervision of a helper, not for general use. This is a powerful tool which can permanently damage your computer.

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

MBAM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

ReScan

Please rescan with DDS and post DDS.txt


In your next reply, please post:
  • ComboFix logs
  • MBAM log
  • DDS log

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#7 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:11:50 PM

Posted 23 February 2009 - 01:20 PM

Hello,

are you still there?
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#8 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:50 AM

Posted 25 February 2009 - 03:11 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users