Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Vundo


  • This topic is locked This topic is locked
8 replies to this topic

#1 Twigh

Twigh

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 02 May 2009 - 03:08 PM

So essentially, I have been getting messages from Malwarebyes' after scans that my system is infected with Vundo. It started with pop-ups, then moved on to closing my browsers, And now it's causing general disarray by slowing down my internet, not showing images, etc.. I've done multiple scans in Spyware Doctor, Malwarebytes', VirtumundoBegone, SUPER Antispyware, and VundoFix. Malwarebytes' seems to be the only one to detect it, so I've been doing most of my scans with that program in and out of Safe Mode. However, I continually get the same prompt to restart and it's evident now that it isn't working. I'm currently running on Windows XP.


DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by Kassidy92 at 12:39:55.03 on Sat 05/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.901 [GMT -7:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
svchost.exe C:\WINDOWS\TEMP\VRT1B.tmp
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Adobe\Photoshop 7.0\Presets\Brushes\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = hxxp://www.google.com/
mSearchAssistant = hxxp://www.google.com/
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [Octoshape Streaming Services] "c:\documents and settings\kassidy92\local settings\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [Diagnostic Manager] c:\docume~1\kassid~1\locals~1\temp\2801261928.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [<NO NAME>] c:\windows\temp\bb4nu18l.exe
dRun: [Windows Resurections] c:\windows\temp\bb4nu18l.exe
dRun: [Diagnostic Manager] c:\windows\temp\3886047540.exe
dRun: [svc] c:\program files\thunmail\testabd.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRun: [reader_s] c:\documents and settings\kassidy92\reader_s.exe
StartupFolder: c:\docume~1\kassid~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198719650033
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !saswinlogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ljjaphxx - ljJAPHxX.dll
AppInit_DLLs: fniqpa.dll fuhryu.dll rjztuc.dll cxpzqv.dll sqqkcs.dll odznwc.dll oveoou.dll c:\windows\system32\johubegi.dll , ,c:\progra~1\thunmail\testabd.dll
STS: c:\windows\system32\kjsdiowq8oikf.dll: {b2ba40a2-74f0-42bd-f434-12345a2c8953} - c:\windows\system32\kjsdiowq8oikf.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccApmKC
LSA: Notification Packages = scecli c:\windows\system32\johubegi.dll mt10at.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kassid~1\applic~1\mozilla\firefox\profiles\t7amvl9j.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?query=
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\kassidy92\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\kassidy92\local settings\application data\octoshape\octoshape streaming services\octoprogram-l03-nms0810164_sua_000\npoctoshape.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint_.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {0185333C-9C4E-4791-B0AA-75F783861DA0} - c:\documents and settings\kassidy92\local settings\application data\{0185333C-9C4E-4791-B0AA-75F783861DA0}
FF - HiddenExtension: XUL Cache: {5D18DCB9-8DE3-4806-A753-BA41012DEC40} - c:\documents and settings\administrator\local settings\application data\{5d18dcb9-8de3-4806-a753-ba41012dec40}\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-15 130424]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-15 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-15 1095560]
S0 faad;faad;c:\windows\system32\drivers\ezclm.sys --> c:\windows\system32\drivers\ezclm.sys [?]
S1 adi2b93;adi2b93;c:\windows\system32\drivers\adi2b93.sys --> c:\windows\system32\drivers\adi2b93.sys [?]
S1 afid68b;afid68b;c:\windows\system32\drivers\afid68b.sys --> c:\windows\system32\drivers\afid68b.sys [?]
S1 bmm99a5;bmm99a5;c:\windows\system32\drivers\bmm99a5.sys --> c:\windows\system32\drivers\bmm99a5.sys [?]
S1 dcke670;dcke670;c:\windows\system32\drivers\dcke670.sys --> c:\windows\system32\drivers\dcke670.sys [?]
S1 ectb500;ectb500;c:\windows\system32\drivers\ectb500.sys --> c:\windows\system32\drivers\ectb500.sys [?]
S1 fda4c23;fda4c23;c:\windows\system32\drivers\fda4c23.sys --> c:\windows\system32\drivers\fda4c23.sys [?]
S1 fekc401;fekc401;c:\windows\system32\drivers\fekc401.sys --> c:\windows\system32\drivers\fekc401.sys [?]
S1 hit6d4d;hit6d4d;c:\windows\system32\drivers\hit6d4d.sys --> c:\windows\system32\drivers\hit6d4d.sys [?]
S1 hsjb6f5;hsjb6f5;c:\windows\system32\drivers\hsjb6f5.sys --> c:\windows\system32\drivers\hsjb6f5.sys [?]
S1 ine5baa;ine5baa;c:\windows\system32\drivers\ine5baa.sys --> c:\windows\system32\drivers\ine5baa.sys [?]
S1 jcr8ca1;jcr8ca1;c:\windows\system32\drivers\jcr8ca1.sys --> c:\windows\system32\drivers\jcr8ca1.sys [?]
S1 kbga14e;kbga14e;c:\windows\system32\drivers\kbga14e.sys --> c:\windows\system32\drivers\kbga14e.sys [?]
S1 kdge48c;kdge48c;c:\windows\system32\drivers\kdge48c.sys --> c:\windows\system32\drivers\kdge48c.sys [?]
S1 meqc57b;meqc57b;c:\windows\system32\drivers\meqc57b.sys --> c:\windows\system32\drivers\meqc57b.sys [?]
S1 nqe6f96;nqe6f96;c:\windows\system32\drivers\nqe6f96.sys --> c:\windows\system32\drivers\nqe6f96.sys [?]
S1 olh207a;olh207a;c:\windows\system32\drivers\olh207a.sys --> c:\windows\system32\drivers\olh207a.sys [?]
S1 pgsa562;pgsa562;c:\windows\system32\drivers\pgsa562.sys --> c:\windows\system32\drivers\pgsa562.sys [?]
S1 qbm79ee;qbm79ee;c:\windows\system32\drivers\qbm79ee.sys --> c:\windows\system32\drivers\qbm79ee.sys [?]
S1 rgq0be9;rgq0be9;c:\windows\system32\drivers\rgq0be9.sys --> c:\windows\system32\drivers\rgq0be9.sys [?]
S1 rgr1982;rgr1982;c:\windows\system32\drivers\rgr1982.sys --> c:\windows\system32\drivers\rgr1982.sys [?]
S1 sasdifsv;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
S1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
S1 sjtd841;sjtd841;c:\windows\system32\drivers\sjtd841.sys --> c:\windows\system32\drivers\sjtd841.sys [?]
S1 tlke9f2;tlke9f2;c:\windows\system32\drivers\tlke9f2.sys --> c:\windows\system32\drivers\tlke9f2.sys [?]
S1 tti707e;tti707e;c:\windows\system32\drivers\tti707e.sys --> c:\windows\system32\drivers\tti707e.sys [?]
S2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-26 45132]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-1 38496]
S3 protect;protect;c:\windows\system32\drivers\protect.sys --> c:\windows\system32\drivers\protect.sys [?]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-05-02 12:34 61,440 a------- c:\windows\system32\26.tmp
2009-05-02 12:34 36,352 a------- c:\windows\system32\reader_s.exe
2009-05-02 12:34 36,352 a------- c:\documents and settings\kassidy92\reader_s.exe
2009-05-02 12:34 124 a------- c:\windows\system32\1D.tmp
2009-05-02 12:30 0 a------- c:\windows\system32\9.tmp
2009-05-02 11:56 61,440 a------- c:\windows\system32\1A.tmp
2009-05-02 11:56 124 a------- c:\windows\system32\14.tmp
2009-05-02 10:45 61,440 a------- c:\windows\system32\21.tmp
2009-05-02 10:45 124 a------- c:\windows\system32\19.tmp
2009-05-02 10:13 0 a------- C:\3A.tmp
2009-05-02 10:13 22,016 a------- C:\3.tmp
2009-05-02 09:14 61,440 a------- c:\windows\system32\16.tmp
2009-05-02 09:13 124 a------- c:\windows\system32\12.tmp
2009-05-02 09:12 22,538 a------- c:\windows\system32\lmppcsetup.exe
2009-05-01 19:14 61,440 a------- c:\windows\system32\42.tmp
2009-05-01 19:14 124 a------- c:\windows\system32\3E.tmp
2009-05-01 19:14 0 a------- C:\3C.tmp
2009-05-01 19:14 0 a------- C:\39.tmp
2009-05-01 19:14 0 a------- C:\38.tmp
2009-05-01 19:14 0 a------- C:\37.tmp
2009-05-01 19:14 0 a------- C:\36.tmp
2009-05-01 19:14 38 a------- C:\33.tmp
2009-05-01 19:14 0 a------- C:\35.tmp
2009-05-01 19:14 0 a------- C:\34.tmp
2009-05-01 19:14 0 a------- C:\32.tmp
2009-05-01 19:14 0 a------- C:\2E.tmp
2009-05-01 19:13 0 a------- C:\12.tmp
2009-05-01 19:13 0 a------- C:\F.tmp
2009-05-01 19:13 54,784 a------- C:\6.tmp
2009-04-30 20:53 244 a---h--- C:\sqmnoopt19.sqm
2009-04-30 20:53 232 a---h--- C:\sqmdata19.sqm
2009-04-30 20:51 244 a---h--- C:\sqmnoopt18.sqm
2009-04-30 20:51 232 a---h--- C:\sqmdata18.sqm
2009-04-30 20:44 61,440 a------- c:\windows\system32\22.tmp
2009-04-30 20:44 124 a------- c:\windows\system32\15.tmp
2009-04-30 16:55 61,440 a------- c:\windows\system32\25.tmp
2009-04-30 16:55 124 a------- c:\windows\system32\1E.tmp
2009-04-30 16:48 61,440 a------- c:\windows\system32\2D.tmp
2009-04-30 16:47 124 a------- c:\windows\system32\29.tmp
2009-04-30 16:22 61,440 a------- c:\windows\system32\20.tmp
2009-04-30 16:22 124 a------- c:\windows\system32\1C.tmp
2009-04-30 16:22 23,668 a------- c:\windows\system32\winglsetup.exe
2009-04-30 16:00 244 a---h--- C:\sqmnoopt17.sqm
2009-04-30 16:00 232 a---h--- C:\sqmdata17.sqm
2009-04-30 15:58 244 a---h--- C:\sqmnoopt16.sqm
2009-04-30 15:58 232 a---h--- C:\sqmdata16.sqm
2009-04-30 15:56 244 a---h--- C:\sqmnoopt15.sqm
2009-04-30 15:56 232 a---h--- C:\sqmdata15.sqm
2009-04-30 15:54 244 a---h--- C:\sqmnoopt14.sqm
2009-04-30 15:54 232 a---h--- C:\sqmdata14.sqm
2009-04-30 15:45 244 a---h--- C:\sqmnoopt13.sqm
2009-04-30 15:45 232 a---h--- C:\sqmdata13.sqm
2009-04-30 15:43 244 a---h--- C:\sqmnoopt12.sqm
2009-04-30 15:43 232 a---h--- C:\sqmdata12.sqm
2009-04-30 15:40 244 a---h--- C:\sqmnoopt11.sqm
2009-04-30 15:40 232 a---h--- C:\sqmdata11.sqm
2009-04-30 15:39 244 a---h--- C:\sqmnoopt10.sqm
2009-04-30 15:39 232 a---h--- C:\sqmdata10.sqm
2009-04-30 15:37 244 a---h--- C:\sqmnoopt09.sqm
2009-04-30 15:37 232 a---h--- C:\sqmdata09.sqm
2009-04-30 15:36 244 a---h--- C:\sqmnoopt08.sqm
2009-04-30 15:36 232 a---h--- C:\sqmdata08.sqm
2009-04-30 15:22 244 a---h--- C:\sqmnoopt07.sqm
2009-04-30 15:22 232 a---h--- C:\sqmdata07.sqm
2009-04-30 15:22 244 a---h--- C:\sqmnoopt06.sqm
2009-04-30 15:22 232 a---h--- C:\sqmdata06.sqm
2009-04-30 15:20 244 a---h--- C:\sqmnoopt05.sqm
2009-04-30 15:20 232 a---h--- C:\sqmdata05.sqm
2009-04-30 15:17 244 a---h--- C:\sqmnoopt04.sqm
2009-04-30 15:17 232 a---h--- C:\sqmdata04.sqm
2009-04-30 15:15 244 a---h--- C:\sqmnoopt03.sqm
2009-04-30 15:15 232 a---h--- C:\sqmdata03.sqm
2009-04-30 15:13 244 a---h--- C:\sqmnoopt02.sqm
2009-04-30 15:13 232 a---h--- C:\sqmdata02.sqm
2009-04-30 15:11 244 a---h--- C:\sqmnoopt01.sqm
2009-04-30 15:11 232 a---h--- C:\sqmdata01.sqm
2009-04-30 15:10 244 a---h--- C:\sqmnoopt00.sqm
2009-04-30 15:10 232 a---h--- C:\sqmdata00.sqm
2009-04-30 15:01 61,440 a------- c:\windows\system32\11.tmp
2009-04-29 21:40 61,440 a------- c:\windows\system32\1F.tmp
2009-04-29 21:40 124 a------- c:\windows\system32\1B.tmp
2009-04-29 20:36 61,440 a------- c:\windows\system32\3F.tmp
2009-04-29 20:36 19,420 a------- c:\windows\system32\3D.tmp
2009-04-29 20:36 0 a------- C:\3B.tmp
2009-04-29 20:35 124 a------- c:\windows\system32\39.tmp
2009-04-29 20:35 0 a------- C:\30.tmp
2009-04-29 20:35 0 a------- C:\2B.tmp
2009-04-29 20:35 0 a------- C:\2A.tmp
2009-04-29 20:35 0 a------- C:\29.tmp
2009-04-29 20:35 0 a------- C:\28.tmp
2009-04-29 20:35 0 a------- C:\26.tmp
2009-04-29 20:35 0 a------- C:\25.tmp
2009-04-29 20:35 0 a------- C:\24.tmp
2009-04-29 20:35 38 a------- C:\E.tmp
2009-04-29 20:34 0 a------- C:\D.tmp
2009-04-29 20:34 0 a------- C:\C.tmp
2009-04-29 20:34 0 a------- C:\B.tmp
2009-04-29 20:34 54,784 a------- C:\A.tmp
2009-04-29 17:46 1,433,818 ---sh--- c:\windows\system32\ekolajol.ini
2009-04-29 17:43 0 a------- C:\27.tmp
2009-04-29 17:43 0 a------- C:\23.tmp
2009-04-29 17:43 0 a------- C:\22.tmp
2009-04-29 17:43 0 a------- C:\21.tmp
2009-04-29 17:43 0 a------- C:\20.tmp
2009-04-29 17:43 0 a------- C:\1F.tmp
2009-04-29 17:43 0 a------- C:\1E.tmp
2009-04-29 17:43 0 a------- C:\1D.tmp
2009-04-29 17:43 0 a------- C:\1C.tmp
2009-04-29 17:41 38 a------- C:\9.tmp
2009-04-29 17:41 0 a------- C:\8.tmp
2009-04-29 17:41 0 a------- C:\7.tmp
2009-04-29 17:41 0 a------- C:\5.tmp
2009-04-29 17:41 54,784 a------- C:\4.tmp
2009-04-29 10:50 <DIR> --d----- c:\windows\system32\3361
2009-04-29 10:50 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-04-29 10:50 <DIR> --d----- c:\windows\dhcp
2009-04-29 09:55 182,912 ac------ c:\windows\system32\dllcache\ndis.sys
2009-04-29 09:50 0 a------- c:\windows\system32\5B1.tmp
2009-04-29 09:50 61,440 a------- c:\windows\system32\5B0.tmp
2009-04-29 09:50 19,420 a------- c:\windows\system32\5AF.tmp
2009-04-29 09:50 124 a------- c:\windows\system32\5AD.tmp
2009-04-29 09:50 15,000 a------- c:\windows\system32\jksahfo93wjfkd.dll
2009-04-28 23:47 28,672 a------- c:\windows\system32\frmwrk32.ex_
2009-04-28 23:47 71,758 a------- c:\windows\system32\loader49.exe
2009-04-28 23:17 15,000 a------- c:\windows\system32\yhs783ijfo3fe.dll
2009-04-16 22:27 <DIR> --d----- C:\bin
2009-04-16 22:24 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-04-16 22:19 <DIR> --d----- c:\program files\common files\HP
2009-04-16 22:12 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-04-16 22:10 77,824 a----r-- c:\windows\system32\HPZIDS01.dll
2009-04-16 22:10 38,400 a------- c:\windows\system32\hpz3l054.dll
2009-04-16 22:10 254,026 a----r-- c:\windows\system32\hpovst09.dll
2009-04-16 22:10 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-04-16 22:10 827,392 a----r-- c:\windows\system32\hpotiop2.dll
2009-04-16 22:10 659,456 a----r-- c:\windows\system32\hpowiax2.dll
2009-04-16 22:10 6,784 a------- c:\windows\system32\drivers\serscan.sys
2009-04-16 22:10 166 a------- c:\windows\system32\AddPort.ini
2009-04-16 22:08 734 a------- c:\windows\hpntwksetup.ini
2009-04-16 22:08 <DIR> --d----- C:\TEMP
2009-04-16 22:03 282,680 a------- c:\windows\system32\HPZidr12.dll
2009-04-16 22:03 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-04-16 22:03 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-04-16 22:03 86,016 a------- c:\windows\system32\HPZinw12.exe
2009-04-16 22:03 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-04-16 22:01 <DIR> --d----- c:\program files\HP
2009-04-16 22:00 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-04-16 22:00 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-16 21:59 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-04-16 21:59 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-04-16 21:58 117,363 a------- c:\windows\hpoins11.dat
2009-04-16 17:05 <DIR> --d----- c:\docume~1\kassid~1\applic~1\OpenOffice.org
2009-04-16 17:01 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-04-16 16:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-15 17:11 51,355 a------- c:\windows\system32\muzika.xm
2009-04-15 16:26 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-04-15 16:26 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-04-15 16:26 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-15 16:26 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-04-15 16:26 <DIR> --d----- c:\program files\common files\PC Tools
2009-04-15 16:25 <DIR> --d----- c:\program files\Spyware Doctor
2009-04-15 16:25 <DIR> --d----- c:\docume~1\kassid~1\applic~1\PC Tools
2009-04-15 16:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-04-10 22:58 <DIR> --d----- c:\docume~1\kassid~1\applic~1\ZoomBrowser EX
2009-04-10 22:57 <DIR> --d----- c:\docume~1\kassid~1\applic~1\CameraWindowDC
2009-04-10 22:57 <DIR> --d----- c:\docume~1\kassid~1\applic~1\CANON INC
2009-04-10 22:57 5,632 a------- c:\windows\system32\ptpusb.dll
2009-04-10 22:57 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-10 22:57 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-10 22:57 159,232 a------- c:\windows\system32\ptpusd.dll
2009-04-10 07:05 <DIR> --d----- c:\program files\iPod
2009-04-10 07:05 <DIR> --d----- c:\program files\iTunes
2009-04-10 07:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-10 07:03 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-04-07 19:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-04-07 19:16 <DIR> --d----- c:\program files\Canon
2009-04-07 18:37 <DIR> --d----- c:\program files\common files\Canon

==================== Find3M ====================

2009-05-02 10:14 61,440 a------- c:\windows\system32\4D.tmp
2009-04-29 17:46 74,752 a--sh--- c:\windows\system32\yejewusi.exe
2009-04-29 13:18 87,552 a--sh--- c:\windows\system32\tomoguno.dll
2009-04-29 12:55 87,552 a--sh--- c:\windows\system32\metalobu.dll
2009-04-29 12:32 87,552 a--sh--- c:\windows\system32\kuwodera.dll
2009-04-29 12:09 87,552 a--sh--- c:\windows\system32\rafaburi.dll
2009-04-29 11:47 87,552 a--sh--- c:\windows\system32\humufeka.dll
2009-04-29 11:20 87,552 a--sh--- c:\windows\system32\mimigewu.dll
2009-04-29 09:55 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-04-28 23:02 88,064 a--sh--- c:\windows\system32\lujegifu.dll
2009-04-28 23:02 75,776 a--sh--- c:\windows\system32\gurukuma.exe
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-29 10:36 68,608 a------- C:\rojpcck.exe
2009-03-29 10:36 14,336 a------- c:\windows\system32\svchost.exe
2009-03-26 15:23 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 20:19 47,096 a------- c:\docume~1\kassid~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 12:41:30.03 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 02 May 2009 - 08:14 PM

Ok.. Looking at log, I would advised you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installer and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar/.pif/.asp/.php/.iso files... We are looking for possible Virut or Sality infection, and if it is.. Then you might have to wipe the machine clean..

Make sure you back-up everything ONLY via CD or DVD (non-rewritable).. If you need to backup into external hard drive or thumbdrive, make sure it is EMPTY.. Meaning NO FILE inside it.. Format the external drive first before attach it to the infected computer.. A single .exe file inside the external drive may infected other computers as well



Please download Dr.Web CureIt to the Desktop:
  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, just let it cure whatever it finds...
    • Now, go to Settings >> Change Settings
    • Go to Actions tab >> under Objects section, change the settings to below
      • Infected objects - Cure
        Incurable objects - Report
        Suspicious objects - Report
    • Don't change any other settings
  • Start the scan again. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Twigh

Twigh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 03 May 2009 - 04:36 PM

Thanks so much for your help!

nsi15.#mp;C:\Documents and Settings\Kassidy92\Local Settings\Temp;Tool.Prockill;;
nsjD.#mp;C:\Documents and Settings\Kassidy92\Local Settings\Temp;Tool.Prockill;;
nsp5.#mp;C:\Documents and Settings\Kassidy92\Local Settings\Temp;Tool.Prockill;;
nss10.#mp;C:\Documents and Settings\Kassidy92\Local Settings\Temp;Tool.Prockill;;
nst4E.#mp;C:\Documents and Settings\Kassidy92\Local Settings\Temp;Tool.Prockill;;
nsx1A.#mp;C:\Documents and Settings\Kassidy92\Local Settings\Temp;Tool.Prockill;;
click,AAAAAA8tBQBkIRQAqhoGAAIBxAEAAP8AAAABCgIACgPkvAYAHsoEAIYfCQAAAAAAAAAAAAAAAAAAAAAAAAAAADcs8kgAAAAA,,http%3A%2F%2F67.205.138;C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8CM55N37;Win32.HLLM.Graz;;
A0078553.#xe;C:\System Volume Information\_restore{26BD1DE0-7085-4DB7-8947-D16F7661FBFB}\RP389;Probably BACKDOOR.Trojan;;
A0084071.#xe;C:\System Volume Information\_restore{26BD1DE0-7085-4DB7-8947-D16F7661FBFB}\RP459;Probably DLOADER.Trojan;;
A0084082.#xe;C:\System Volume Information\_restore{26BD1DE0-7085-4DB7-8947-D16F7661FBFB}\RP459;Probably DLOADER.Trojan;;
A0084119.#ll;C:\System Volume Information\_restore{26BD1DE0-7085-4DB7-8947-D16F7661FBFB}\RP459;Probably DLOADER.Trojan;;

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 03 May 2009 - 05:23 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..




NEXT


Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\explorer.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.

Edited by fenzodahl512, 03 May 2009 - 05:25 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Twigh

Twigh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 03 May 2009 - 09:27 PM

My computer's internet is blocked off, and even if I put Combofix on a CD it won't let me download.
I think I'll just have to wipe my system at this point. Thanks for all your help, though!

#6 Twigh

Twigh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 03 May 2009 - 10:45 PM

Disregard that! I got my internet working again. I'll post both scans in my next post.

#7 Twigh

Twigh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 03 May 2009 - 11:33 PM

ComboFix still won't seem to work, but I get a message that the download has been compromised even after trying all three links.

Here's the HijackThis log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Kassidy92 at 21:06:27.07 on Sun 05/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.702 [GMT -7:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Documents and Settings\Kassidy92\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
svchost.exe C:\WINDOWS\TEMP\VRT10.tmp
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
svchost.exe
C:\WINDOWS\TEMP\d29a4.exe
C:\WINDOWS\TEMP\d29a4.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\TEMP\2798725732.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Photoshop 7.0\Presets\Brushes\dds(2).scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = hxxp://www.google.com/
mSearchAssistant = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
BHO: c:\windows\system32\sdrgfcvbf.dll: {c2ba40a1-74f3-42bd-f434-12345a2c8953} - c:\windows\system32\sdrgfcvbf.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [Octoshape Streaming Services] "c:\documents and settings\kassidy92\local settings\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [reader_s] c:\documents and settings\kassidy92\reader_s.exe
uRun: [Diagnostic Manager] c:\docume~1\kassid~1\locals~1\temp\95600732.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [reader_s] c:\windows\system32\reader_s.exe
dRun: [<NO NAME>] c:\windows\temp\d29a4.exe
dRun: [Windows Resurections] c:\windows\temp\bb4nu18l.exe
dRun: [Diagnostic Manager] c:\windows\temp\2798725732.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRun: [reader_s] c:\documents and settings\kassidy92\reader_s.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\d29a4.exe
StartupFolder: c:\docume~1\kassid~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198719650033
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !saswinlogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ljjaphxx - ljJAPHxX.dll
STS: {b2ba40a2-74f0-42bd-f434-12345a2c8953}: jso8joigm409gopgmrlgd
STS: c:\windows\system32\sdrgfcvbf.dll: {c2ba40a1-74f3-42bd-f434-12345a2c8953} - c:\windows\system32\sdrgfcvbf.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccApmKC
LSA: Notification Packages = scecli c:\windows\system32\johubegi.dll mt10at.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kassid~1\applic~1\mozilla\firefox\profiles\t7amvl9j.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?query=
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\kassidy92\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\kassidy92\local settings\application data\octoshape\octoshape streaming services\octoprogram-l03-nms0810164_sua_000\npoctoshape.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint_.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {0185333C-9C4E-4791-B0AA-75F783861DA0} - c:\documents and settings\kassidy92\local settings\application data\{0185333C-9C4E-4791-B0AA-75F783861DA0}
FF - HiddenExtension: XUL Cache: {5D18DCB9-8DE3-4806-A753-BA41012DEC40} - c:\documents and settings\administrator\local settings\application data\{5d18dcb9-8de3-4806-a753-ba41012dec40}\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-15 130424]
R1 bpe0464;bpe0464;c:\windows\system32\drivers\bpe0464.sys --> c:\windows\system32\drivers\bpe0464.sys [?]
R1 raf9ee9;raf9ee9;c:\windows\system32\drivers\raf9ee9.sys [2009-5-3 17376]
R1 sasdifsv;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-2 45132]
R3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S0 faad;faad;c:\windows\system32\drivers\ezclm.sys --> c:\windows\system32\drivers\ezclm.sys [?]
S0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-5-3 18944]
S1 adi2b93;adi2b93;c:\windows\system32\drivers\adi2b93.sys --> c:\windows\system32\drivers\adi2b93.sys [?]
S1 afid68b;afid68b;c:\windows\system32\drivers\afid68b.sys --> c:\windows\system32\drivers\afid68b.sys [?]
S1 ahk0a95;ahk0a95;c:\windows\system32\drivers\ahk0a95.sys --> c:\windows\system32\drivers\ahk0a95.sys [?]
S1 bmm99a5;bmm99a5;c:\windows\system32\drivers\bmm99a5.sys --> c:\windows\system32\drivers\bmm99a5.sys [?]
S1 cfkd71a;cfkd71a;c:\windows\system32\drivers\cfkd71a.sys --> c:\windows\system32\drivers\cfkd71a.sys [?]
S1 dcke670;dcke670;c:\windows\system32\drivers\dcke670.sys --> c:\windows\system32\drivers\dcke670.sys [?]
S1 ectb500;ectb500;c:\windows\system32\drivers\ectb500.sys --> c:\windows\system32\drivers\ectb500.sys [?]
S1 fda4c23;fda4c23;c:\windows\system32\drivers\fda4c23.sys --> c:\windows\system32\drivers\fda4c23.sys [?]
S1 fekc401;fekc401;c:\windows\system32\drivers\fekc401.sys --> c:\windows\system32\drivers\fekc401.sys [?]
S1 gebcf1a;gebcf1a;c:\windows\system32\drivers\gebcf1a.sys --> c:\windows\system32\drivers\gebcf1a.sys [?]
S1 hit6d4d;hit6d4d;c:\windows\system32\drivers\hit6d4d.sys --> c:\windows\system32\drivers\hit6d4d.sys [?]
S1 hsjb6f5;hsjb6f5;c:\windows\system32\drivers\hsjb6f5.sys --> c:\windows\system32\drivers\hsjb6f5.sys [?]
S1 ine5baa;ine5baa;c:\windows\system32\drivers\ine5baa.sys --> c:\windows\system32\drivers\ine5baa.sys [?]
S1 jcr8ca1;jcr8ca1;c:\windows\system32\drivers\jcr8ca1.sys --> c:\windows\system32\drivers\jcr8ca1.sys [?]
S1 jltc879;jltc879;c:\windows\system32\drivers\jltc879.sys --> c:\windows\system32\drivers\jltc879.sys [?]
S1 kbga14e;kbga14e;c:\windows\system32\drivers\kbga14e.sys --> c:\windows\system32\drivers\kbga14e.sys [?]
S1 kdge48c;kdge48c;c:\windows\system32\drivers\kdge48c.sys --> c:\windows\system32\drivers\kdge48c.sys [?]
S1 meqc57b;meqc57b;c:\windows\system32\drivers\meqc57b.sys --> c:\windows\system32\drivers\meqc57b.sys [?]
S1 mhg8d1f;mhg8d1f;c:\windows\system32\drivers\mhg8d1f.sys --> c:\windows\system32\drivers\mhg8d1f.sys [?]
S1 nqe6f96;nqe6f96;c:\windows\system32\drivers\nqe6f96.sys --> c:\windows\system32\drivers\nqe6f96.sys [?]
S1 nsg41c4;nsg41c4;c:\windows\system32\drivers\nsg41c4.sys --> c:\windows\system32\drivers\nsg41c4.sys [?]
S1 olh207a;olh207a;c:\windows\system32\drivers\olh207a.sys --> c:\windows\system32\drivers\olh207a.sys [?]
S1 one06c3;one06c3;c:\windows\system32\drivers\one06c3.sys --> c:\windows\system32\drivers\one06c3.sys [?]
S1 pgsa562;pgsa562;c:\windows\system32\drivers\pgsa562.sys --> c:\windows\system32\drivers\pgsa562.sys [?]
S1 qbm79ee;qbm79ee;c:\windows\system32\drivers\qbm79ee.sys --> c:\windows\system32\drivers\qbm79ee.sys [?]
S1 qhk2fdf;qhk2fdf;c:\windows\system32\drivers\qhk2fdf.sys --> c:\windows\system32\drivers\qhk2fdf.sys [?]
S1 rgq0be9;rgq0be9;c:\windows\system32\drivers\rgq0be9.sys --> c:\windows\system32\drivers\rgq0be9.sys [?]
S1 rgr1982;rgr1982;c:\windows\system32\drivers\rgr1982.sys --> c:\windows\system32\drivers\rgr1982.sys [?]
S1 sjtd841;sjtd841;c:\windows\system32\drivers\sjtd841.sys --> c:\windows\system32\drivers\sjtd841.sys [?]
S1 tlke9f2;tlke9f2;c:\windows\system32\drivers\tlke9f2.sys --> c:\windows\system32\drivers\tlke9f2.sys [?]
S1 tti707e;tti707e;c:\windows\system32\drivers\tti707e.sys --> c:\windows\system32\drivers\tti707e.sys [?]
S2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-15 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-15 1095560]
S3 vitra;vitra;c:\windows\system32\drivers\vitra.sys --> c:\windows\system32\drivers\vitra.sys [?]

=============== Created Last 30 ================

2009-05-03 20:51 46 a------- c:\windows\system32\p2hhr.bat
2009-05-03 20:51 15,000 a------- c:\windows\system32\afnoinkdsfe.dll
2009-05-03 20:51 17,920 a------- c:\windows\system32\ak1.exe
2009-05-03 20:42 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-05-03 20:42 36,352 a------- c:\documents and settings\kassidy92\reader_s.exe
2009-05-03 20:42 36,352 a------- c:\windows\system32\reader_s.exe
2009-05-03 20:42 17,376 a------- c:\windows\system32\drivers\raf9ee9.sys
2009-05-03 20:42 61,440 a------- c:\windows\system32\2B.tmp
2009-05-03 20:41 124 a------- c:\windows\system32\13.tmp
2009-05-02 23:48 61,440 a------- c:\windows\system32\67.tmp
2009-05-02 23:48 124 a------- c:\windows\system32\63.tmp
2009-05-02 20:37 <DIR> --d----- c:\documents and settings\kassidy92\DoctorWeb
2009-05-02 19:53 61,440 a------- c:\windows\system32\87.tmp
2009-05-02 19:53 0 a------- C:\83.tmp
2009-05-02 19:53 124 a------- c:\windows\system32\82.tmp
2009-05-02 19:52 0 a------- C:\81.tmp
2009-05-02 19:52 0 a------- C:\7F.tmp
2009-05-02 19:52 0 a------- C:\7E.tmp
2009-05-02 19:52 0 a------- C:\7D.tmp
2009-05-02 19:52 0 a------- C:\7C.tmp
2009-05-02 19:52 0 a------- C:\6D.tmp
2009-05-02 19:52 0 a------- C:\6C.tmp
2009-05-02 19:52 0 a------- C:\6B.tmp
2009-05-02 19:51 38 a------- C:\5C.tmp
2009-05-02 19:51 0 a------- C:\5A.tmp
2009-05-02 19:51 0 a------- C:\59.tmp
2009-05-02 19:51 0 a------- C:\58.tmp
2009-05-02 19:51 54,784 a------- C:\57.tmp
2009-05-02 18:53 61,440 a------- c:\windows\system32\80.tmp
2009-05-02 18:53 124 a------- c:\windows\system32\7D.tmp
2009-05-02 18:32 <DIR> --d----- c:\program files\AIM6
2009-05-02 18:06 61,440 a------- c:\windows\system32\2E.tmp
2009-05-02 18:06 124 a------- c:\windows\system32\17.tmp
2009-05-02 17:32 61,440 a------- c:\windows\system32\2C.tmp
2009-05-02 17:32 124 a------- c:\windows\system32\27.tmp
2009-05-02 15:45 61,440 a------- c:\windows\system32\28.tmp
2009-05-02 15:45 0 a------- c:\windows\system32\24.tmp
2009-05-02 15:45 124 a------- c:\windows\system32\23.tmp
2009-05-02 12:34 61,440 a------- c:\windows\system32\26.tmp
2009-05-02 12:34 124 a------- c:\windows\system32\1D.tmp
2009-05-02 11:56 61,440 a------- c:\windows\system32\1A.tmp
2009-05-02 11:56 124 a------- c:\windows\system32\14.tmp
2009-05-02 10:45 61,440 a------- c:\windows\system32\21.tmp
2009-05-02 10:45 124 a------- c:\windows\system32\19.tmp
2009-05-02 10:13 0 a------- C:\3A.tmp
2009-05-02 10:13 22,016 a------- C:\3.tmp
2009-05-02 09:14 61,440 a------- c:\windows\system32\16.tmp
2009-05-02 09:13 124 a------- c:\windows\system32\12.tmp
2009-05-02 09:12 22,538 a------- c:\windows\system32\lmppcsetup.exe
2009-05-01 19:14 61,440 a------- c:\windows\system32\42.tmp
2009-05-01 19:14 124 a------- c:\windows\system32\3E.tmp
2009-05-01 19:14 0 a------- C:\3C.tmp
2009-05-01 19:14 0 a------- C:\39.tmp
2009-05-01 19:14 0 a------- C:\38.tmp
2009-05-01 19:14 0 a------- C:\37.tmp
2009-05-01 19:14 0 a------- C:\36.tmp
2009-05-01 19:14 38 a------- C:\33.tmp
2009-05-01 19:14 0 a------- C:\35.tmp
2009-05-01 19:14 0 a------- C:\34.tmp
2009-05-01 19:14 0 a------- C:\32.tmp
2009-05-01 19:14 0 a------- C:\2E.tmp
2009-05-01 19:13 0 a------- C:\12.tmp
2009-05-01 19:13 0 a------- C:\F.tmp
2009-05-01 19:13 54,784 a------- C:\6.tmp
2009-04-30 20:53 244 a---h--- C:\sqmnoopt19.sqm
2009-04-30 20:53 232 a---h--- C:\sqmdata19.sqm
2009-04-30 20:51 244 a---h--- C:\sqmnoopt18.sqm
2009-04-30 20:51 232 a---h--- C:\sqmdata18.sqm
2009-04-30 20:44 61,440 a------- c:\windows\system32\22.tmp
2009-04-30 20:44 124 a------- c:\windows\system32\15.tmp
2009-04-30 16:55 61,440 a------- c:\windows\system32\25.tmp
2009-04-30 16:55 124 a------- c:\windows\system32\1E.tmp
2009-04-30 16:48 61,440 a------- c:\windows\system32\2D.tmp
2009-04-30 16:47 124 a------- c:\windows\system32\29.tmp
2009-04-30 16:22 61,440 a------- c:\windows\system32\20.tmp
2009-04-30 16:22 124 a------- c:\windows\system32\1C.tmp
2009-04-30 16:22 23,668 a------- c:\windows\system32\winglsetup.exe
2009-04-30 16:00 244 a---h--- C:\sqmnoopt17.sqm
2009-04-30 16:00 232 a---h--- C:\sqmdata17.sqm
2009-04-30 15:58 244 a---h--- C:\sqmnoopt16.sqm
2009-04-30 15:58 232 a---h--- C:\sqmdata16.sqm
2009-04-30 15:56 244 a---h--- C:\sqmnoopt15.sqm
2009-04-30 15:56 232 a---h--- C:\sqmdata15.sqm
2009-04-30 15:54 244 a---h--- C:\sqmnoopt14.sqm
2009-04-30 15:54 232 a---h--- C:\sqmdata14.sqm
2009-04-30 15:45 244 a---h--- C:\sqmnoopt13.sqm
2009-04-30 15:45 232 a---h--- C:\sqmdata13.sqm
2009-04-30 15:43 244 a---h--- C:\sqmnoopt12.sqm
2009-04-30 15:43 232 a---h--- C:\sqmdata12.sqm
2009-04-30 15:40 244 a---h--- C:\sqmnoopt11.sqm
2009-04-30 15:40 232 a---h--- C:\sqmdata11.sqm
2009-04-30 15:39 244 a---h--- C:\sqmnoopt10.sqm
2009-04-30 15:39 232 a---h--- C:\sqmdata10.sqm
2009-04-30 15:37 244 a---h--- C:\sqmnoopt09.sqm
2009-04-30 15:37 232 a---h--- C:\sqmdata09.sqm
2009-04-30 15:36 244 a---h--- C:\sqmnoopt08.sqm
2009-04-30 15:36 232 a---h--- C:\sqmdata08.sqm
2009-04-30 15:22 244 a---h--- C:\sqmnoopt07.sqm
2009-04-30 15:22 232 a---h--- C:\sqmdata07.sqm
2009-04-30 15:22 244 a---h--- C:\sqmnoopt06.sqm
2009-04-30 15:22 232 a---h--- C:\sqmdata06.sqm
2009-04-30 15:20 244 a---h--- C:\sqmnoopt05.sqm
2009-04-30 15:20 232 a---h--- C:\sqmdata05.sqm
2009-04-30 15:17 244 a---h--- C:\sqmnoopt04.sqm
2009-04-30 15:17 232 a---h--- C:\sqmdata04.sqm
2009-04-30 15:15 244 a---h--- C:\sqmnoopt03.sqm
2009-04-30 15:15 232 a---h--- C:\sqmdata03.sqm
2009-04-30 15:13 244 a---h--- C:\sqmnoopt02.sqm
2009-04-30 15:13 232 a---h--- C:\sqmdata02.sqm
2009-04-30 15:11 244 a---h--- C:\sqmnoopt01.sqm
2009-04-30 15:11 232 a---h--- C:\sqmdata01.sqm
2009-04-30 15:10 244 a---h--- C:\sqmnoopt00.sqm
2009-04-30 15:10 232 a---h--- C:\sqmdata00.sqm
2009-04-30 15:01 61,440 a------- c:\windows\system32\11.tmp
2009-04-29 21:40 61,440 a------- c:\windows\system32\1F.tmp
2009-04-29 21:40 124 a------- c:\windows\system32\1B.tmp
2009-04-29 20:36 61,440 a------- c:\windows\system32\3F.tmp
2009-04-29 20:36 19,420 a------- c:\windows\system32\3D.tmp
2009-04-29 20:36 0 a------- C:\3B.tmp
2009-04-29 20:35 124 a------- c:\windows\system32\39.tmp
2009-04-29 20:35 0 a------- C:\30.tmp
2009-04-29 20:35 0 a------- C:\2B.tmp
2009-04-29 20:35 0 a------- C:\2A.tmp
2009-04-29 20:35 0 a------- C:\29.tmp
2009-04-29 20:35 0 a------- C:\28.tmp
2009-04-29 20:35 0 a------- C:\26.tmp
2009-04-29 20:35 0 a------- C:\25.tmp
2009-04-29 20:35 0 a------- C:\24.tmp
2009-04-29 20:35 38 a------- C:\E.tmp
2009-04-29 20:34 0 a------- C:\D.tmp
2009-04-29 20:34 0 a------- C:\C.tmp
2009-04-29 20:34 0 a------- C:\B.tmp
2009-04-29 20:34 54,784 a------- C:\A.tmp
2009-04-29 17:46 1,433,818 ---sh--- c:\windows\system32\ekolajol.ini
2009-04-29 17:43 0 a------- C:\27.tmp
2009-04-29 17:43 0 a------- C:\23.tmp
2009-04-29 17:43 0 a------- C:\22.tmp
2009-04-29 17:43 0 a------- C:\21.tmp
2009-04-29 17:43 0 a------- C:\20.tmp
2009-04-29 17:43 0 a------- C:\1F.tmp
2009-04-29 17:43 0 a------- C:\1E.tmp
2009-04-29 17:43 0 a------- C:\1D.tmp
2009-04-29 17:43 0 a------- C:\1C.tmp
2009-04-29 17:41 38 a------- C:\9.tmp
2009-04-29 17:41 0 a------- C:\8.tmp
2009-04-29 17:41 0 a------- C:\7.tmp
2009-04-29 17:41 0 a------- C:\5.tmp
2009-04-29 17:41 54,784 a------- C:\4.tmp
2009-04-29 10:50 <DIR> --d----- c:\windows\system32\3361
2009-04-29 10:50 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-04-29 10:50 <DIR> --d----- c:\windows\dhcp
2009-04-29 09:55 182,912 ac------ c:\windows\system32\dllcache\ndis.sys
2009-04-29 09:50 0 a------- c:\windows\system32\5B1.tmp
2009-04-29 09:50 61,440 a------- c:\windows\system32\5B0.tmp
2009-04-29 09:50 19,420 a------- c:\windows\system32\5AF.tmp
2009-04-29 09:50 124 a------- c:\windows\system32\5AD.tmp
2009-04-29 09:50 15,000 a------- c:\windows\system32\jksahfo93wjfkd.dll
2009-04-28 23:47 28,672 a------- c:\windows\system32\frmwrk32.ex_
2009-04-28 23:47 71,758 a------- c:\windows\system32\loader49.exe
2009-04-28 23:17 15,000 a------- c:\windows\system32\yhs783ijfo3fe.dll
2009-04-16 22:27 <DIR> --d----- C:\bin
2009-04-16 22:24 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-04-16 22:19 <DIR> --d----- c:\program files\common files\HP
2009-04-16 22:12 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-04-16 22:10 77,824 a----r-- c:\windows\system32\HPZIDS01.dll
2009-04-16 22:10 38,400 a------- c:\windows\system32\hpz3l054.dll
2009-04-16 22:10 254,026 a----r-- c:\windows\system32\hpovst09.dll
2009-04-16 22:10 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-04-16 22:10 827,392 a----r-- c:\windows\system32\hpotiop2.dll
2009-04-16 22:10 659,456 a----r-- c:\windows\system32\hpowiax2.dll
2009-04-16 22:10 6,784 a------- c:\windows\system32\drivers\serscan.sys
2009-04-16 22:10 166 a------- c:\windows\system32\AddPort.ini
2009-04-16 22:08 734 a------- c:\windows\hpntwksetup.ini
2009-04-16 22:08 <DIR> --d----- C:\TEMP
2009-04-16 22:03 282,680 a------- c:\windows\system32\HPZidr12.dll
2009-04-16 22:03 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-04-16 22:03 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-04-16 22:03 86,016 a------- c:\windows\system32\HPZinw12.exe
2009-04-16 22:03 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-04-16 22:01 <DIR> --d----- c:\program files\HP
2009-04-16 22:00 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-04-16 22:00 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-16 21:59 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-04-16 21:59 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-04-16 21:58 117,363 a------- c:\windows\hpoins11.dat
2009-04-16 17:05 <DIR> --d----- c:\docume~1\kassid~1\applic~1\OpenOffice.org
2009-04-16 17:01 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-04-16 16:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-15 17:11 51,355 a------- c:\windows\system32\muzika.xm
2009-04-15 16:26 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-04-15 16:26 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-04-15 16:26 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-15 16:26 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-04-15 16:26 <DIR> --d----- c:\program files\common files\PC Tools
2009-04-15 16:25 <DIR> --d----- c:\program files\Spyware Doctor
2009-04-15 16:25 <DIR> --d----- c:\docume~1\kassid~1\applic~1\PC Tools
2009-04-15 16:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-04-10 22:58 <DIR> --d----- c:\docume~1\kassid~1\applic~1\ZoomBrowser EX
2009-04-10 22:57 <DIR> --d----- c:\docume~1\kassid~1\applic~1\CameraWindowDC
2009-04-10 22:57 <DIR> --d----- c:\docume~1\kassid~1\applic~1\CANON INC
2009-04-10 22:57 5,632 a------- c:\windows\system32\ptpusb.dll
2009-04-10 22:57 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-10 22:57 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-10 22:57 159,232 a------- c:\windows\system32\ptpusd.dll
2009-04-10 07:05 <DIR> --d----- c:\program files\iPod
2009-04-10 07:05 <DIR> --d----- c:\program files\iTunes
2009-04-10 07:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-10 07:03 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-04-07 19:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-04-07 19:16 <DIR> --d----- c:\program files\Canon
2009-04-07 18:37 <DIR> --d----- c:\program files\common files\Canon

==================== Find3M ====================

2009-05-03 20:38 176 a------- c:\program files\nthgdlrh.txt
2009-05-02 18:36 15,000 -------- c:\windows\system32\sdrgfcvbf.dll
2009-05-02 10:14 61,440 a------- c:\windows\system32\4D.tmp
2009-04-29 17:46 74,752 a--sh--- c:\windows\system32\yejewusi.exe
2009-04-29 13:18 87,552 a--sh--- c:\windows\system32\tomoguno.dll
2009-04-29 12:55 87,552 a--sh--- c:\windows\system32\metalobu.dll
2009-04-29 12:32 87,552 a--sh--- c:\windows\system32\kuwodera.dll
2009-04-29 12:09 87,552 a--sh--- c:\windows\system32\rafaburi.dll
2009-04-29 11:47 87,552 a--sh--- c:\windows\system32\humufeka.dll
2009-04-29 11:20 87,552 a--sh--- c:\windows\system32\mimigewu.dll
2009-04-29 09:55 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-04-28 23:02 88,064 a--sh--- c:\windows\system32\lujegifu.dll
2009-04-28 23:02 75,776 a--sh--- c:\windows\system32\gurukuma.exe
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-29 10:36 68,608 a------- C:\rojpcck.exe
2009-03-29 10:36 14,336 a------- c:\windows\system32\svchost.exe
2009-03-26 15:23 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 20:19 47,096 a------- c:\docume~1\kassid~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 21:08:19.95 ===============




And here's the VirSCAN:

http://virscan.org/report/a68b48544896beba...b8d0aa6c16.html

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 04 May 2009 - 04:16 AM

From the VirScan result it appears that you have Win32.Virut on that computer.. I'm sorry but the only way out of this is to repartition and reformat your computer clean..

A quote from Malware Expert (sUBs)

Virut is not disinfectable. Your only option is to perform a full reformat. Do NOT attempt a repair install. It shall be a waste of time. If you do so, the infected executables remain on the machine & you shall likely trigger another bout of Virut.

If you do not know how to perform a fresh install, use this website > http://www.windowsreinstall.com/

Note: If you have to backup files, do so only for MS Office documents & any non executable file. Burn them to CD/DVD. Do NOT copy files from the infected machine to your pendrive OR another machine. You risk infecting the other machine.


full reformat means, format on ALL partitions..

If you have any thumbdrive/external drives that been plugged to that computer previously, those too will need to reformat..

I'll let this topic open until you successfully reformat the computer :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 12 May 2009 - 05:17 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users