Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Antivir Solution Pro Infection


  • This topic is locked This topic is locked
35 replies to this topic

#1 mikgaes

mikgaes

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 13 August 2010 - 04:17 PM

My computer, the server on a 4 PC system, has gotten this malware in it called Antivir Solution Pro and it has really messed up/locked down my PC and ruined the network.

I have run CCleaner (and the registry checker therein) and Malwarebytes. Here is my current Hijackthis log:

___________________________________________________________________________________________


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:16:34 PM, on 8/13/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\techbox\techbox.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sectra\IDS5web\bin\viewer_service.exe
C:\PVSW\BIN\NTBTRV.EXE
C:\PVSW\BIN\NTDBSMGR.EXE
C:\PVSW\BIN\W3SQLMGR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\PROGRA~1\CA\ETRUST~1\realmon.exe" -s
O4 - HKLM\..\Run: [Tech-In-A-Box] C:\techbox\techbox.exe
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ijmghcvt] C:\Documents and Settings\NetworkService\Local Settings\Application Data\aquudfxef\vyuevlqtssd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ijmghcvt] C:\Documents and Settings\NetworkService\Local Settings\Application Data\aquudfxef\vyuevlqtssd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_05) - https://viewer.draimaging.com/viewer/plugin...lugin-win-i.exe
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - https://pacs.draimaging.com/viewer/plugin/j...lugin-win-i.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7501D7E8-C17E-407C-90BF-56FF98A434C2}: NameServer = 209.18.47.61,209.18.47.62
O20 - AppInit_DLLs: aUYLMoooG.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pervasive.SQL 2000 (relational) - Pervasive Software Inc. - C:\PVSW\BIN\W3SQLMGR.EXE
O23 - Service: Pervasive.SQL 2000 (transactional) - Unknown owner - C:\PVSW\BIN\NTBTRV.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SECTRA Viewer Update Service (viewer_service) - Unknown owner - C:\Program Files\Sectra\IDS5web\bin\viewer_service.exe

--
End of file - 5740 bytes


Can you get rid of this for me? Please?

Edited by Orange Blossom, 13 August 2010 - 10:49 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:58 PM

Posted 20 August 2010 - 03:14 AM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

  • Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #3 mikgaes

    mikgaes
    • Topic Starter

    • Members
    • 25 posts
    • OFFLINE
    •  
    • Local time:10:58 AM

    Posted 20 August 2010 - 01:15 PM

    DDS (Ver_10-03-17.01) - FAT32x86
    Run by Michael Gaesser MD at 14:13:11.79 on Fri 08/20/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.495.85 [GMT -4:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    SVCHOST.EXE
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    SVCHOST.EXE
    SVCHOST.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    SVCHOST.EXE
    C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\Citrix\GoToMyPC\g2comm.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\Citrix\GoToMyPC\g2pre.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Citrix\GoToMyPC\g2tray.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\PVSW\BIN\W3SQLMGR.EXE
    C:\PVSW\BIN\NTBTRV.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\PVSW\BIN\NTDBSMGR.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Sectra\IDS5web\bin\viewer_service.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\techbox\techbox.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Lytec Systems\Lytec Medical XE\lmxe.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Michael Gaesser MD\My Documents\Downloads\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = <local>
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [zBrowser Launcher] "c:\program files\logitech\iTouch.exe"
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [SoundMAXPnP] "c:\program files\analog devices\soundmax\SMax4PNP.exe"
    mRun: [SMSERIAL] sm56hlpr.exe
    mRun: [Realtime Monitor] "c:\progra~1\ca\etrust~1\realmon.exe" -s
    mRun: [Tech-In-A-Box] c:\techbox\techbox.exe
    mRun: [GoToMyPC] "c:\program files\citrix\gotomypc\g2svc.exe" -logon
    mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} - hxxps://viewer.draimaging.com/viewer/plugin/java-plugin-win-i.exe
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxps://pacs.draimaging.com/viewer/plugin/java-plugin-win-i.exe
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: {7501D7E8-C17E-407C-90BF-56FF98A434C2} = 192.168.1.1
    Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\afonxakj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    ============= SERVICES / DRIVERS ===============

    R2 Pervasive.SQL 2000 (relational);Pervasive.SQL 2000 (relational);c:\pvsw\bin\W3SQLMGR.EXE [2004-9-8 49152]
    R2 Pervasive.SQL 2000 (transactional);Pervasive.SQL 2000 (transactional);c:\pvsw\bin\NTBTRV.EXE [2004-9-8 86078]
    R2 viewer_service;SECTRA Viewer Update Service;c:\program files\sectra\ids5web\bin\viewer_service.exe [2006-10-4 24628]
    R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2004-9-8 6369]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]

    =============== Created Last 30 ================

    2010-08-18 07:05:16 0 d-----w- c:\windows\system32\XPSViewer
    2010-08-18 07:04:36 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-08-18 07:04:36 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-08-18 07:04:35 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-08-18 07:04:35 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-08-18 07:04:35 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-08-18 07:04:35 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-08-18 07:04:35 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-08-18 07:04:34 0 d-----w- C:\78e69d56a2fa7d4fa2
    2010-08-18 07:01:24 0 d-----w- c:\program files\MSXML 6.0
    2010-08-17 17:59:57 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cb3e3600ac15e8.mof
    2010-08-16 19:55:49 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-08-16 18:48:59 0 d-sh--w- C:\Recycled
    2010-08-16 18:18:37 0 d-sha-r- C:\cmdcons
    2010-08-16 18:17:06 98816 ----a-w- c:\windows\sed.exe
    2010-08-16 18:17:06 77312 ----a-w- c:\windows\MBR.exe
    2010-08-16 18:17:06 256512 ----a-w- c:\windows\PEV.exe
    2010-08-16 18:17:06 161792 ----a-w- c:\windows\SWREG.exe
    2010-08-16 13:06:42 0 d-----w- C:\FOUND.018
    2010-08-13 16:26:26 0 d-----w- C:\FOUND.017
    2010-08-10 21:10:14 0 d-----w- C:\FOUND.016
    2010-08-09 15:16:09 0 d-----w- c:\windows\system32\wbem\Repository

    ==================== Find3M ====================

    2010-06-14 14:30:28 743936 ----a-w- c:\windows\system32\dllcache\helpsvc.exe
    2008-06-23 14:56:10 17220 ----a-w- c:\program files\common files\devecaraz._dl

    ============= FINISH: 14:14:00.01 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/8/2004 1:20:53 PM
    System Uptime: 8/19/2010 3:30:43 AM (35 hours ago)

    Motherboard: Intel Corporation | | D865GLC
    Processor: Intel® Pentium® 4 CPU 2.80GHz | J2E1 | 2793/200mhz
    Processor: Intel® Pentium® 4 CPU 2.80GHz | J2E1 | 2793/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (FAT32) - 64 GiB total, 45.657 GiB free.
    D: is FIXED (FAT32) - 10 GiB total, 8.095 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: Multimedia Video Controller
    Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_001211BD&REV_11\4&2E98101C&0&00F0
    Manufacturer:
    Name: Multimedia Video Controller
    PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_001211BD&REV_11\4&2E98101C&0&00F0
    Service:

    Class GUID:
    Description: Multimedia Controller
    Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_001211BD&REV_11\4&2E98101C&0&01F0
    Manufacturer:
    Name: Multimedia Controller
    PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_001211BD&REV_11\4&2E98101C&0&01F0
    Service:

    ==== System Restore Points ===================

    RP2062: 8/12/2010 11:56:12 AM - Restore Operation
    RP2063: 8/13/2010 1:17:50 PM - System Checkpoint
    RP2064: 8/14/2010 2:49:33 PM - System Checkpoint
    RP2065: 8/15/2010 3:49:30 PM - System Checkpoint
    RP2066: 8/16/2010 4:23:32 PM - System Checkpoint
    RP2067: 8/17/2010 3:01:15 AM - Software Distribution Service 3.0
    RP2068: 8/18/2010 3:00:22 AM - Software Distribution Service 3.0
    RP2069: 8/18/2010 3:28:00 AM - Printer Driver Microsoft XPS Document Writer Installed
    RP2070: 8/19/2010 3:00:19 AM - Software Distribution Service 3.0
    RP2071: 8/20/2010 5:11:22 AM - System Checkpoint

    ==== Installed Programs ======================

    32 Bit HP BiDi Channel Components Installer
    Ad-Aware SE Professional
    Adobe AIR
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Reader 7.1.0
    Apple Application Support
    Apple Software Update
    Business Contact Manager for Outlook 2003
    CA eTrust Antivirus
    CCleaner
    DeLorme Topo USA 5.0
    EarthLink Internet Offers System Builder Setup
    FormsWizard
    GoToMyPC
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 2.0.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB981793)
    IDS5web
    IDS5web_Languages_PMS
    Intel® Extreme Graphics Driver
    Intel® PRO Network Adapters and Drivers
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.1_05
    Java Web Start
    Java™ 6 Update 17
    Lexmark X1100 Series
    Logitech iTouch Software
    Logitech MouseWare 9.79
    Lytec Medical XE Client/Server NT/Scheduler Professional
    Malwarebytes' Anti-Malware
    Medicos
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Small Business Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Windows Journal Viewer
    Mozilla Firefox (3.5.10)
    MSN Music Assistant
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    PCTV
    PDR Electronic Library
    Pervasive.SQL 2000i NT Server v7.94
    QuickTime
    RealPlayer
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Segoe UI
    SoundMAX
    Topo USA 5.0 East Region Data
    Topo USA 5.0 Southeast Region Data
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USA Campground Data
    Viewpoint Manager (Remove Only)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086

    ==== End Of File ===========================


    #4 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:05:58 PM

    Posted 20 August 2010 - 03:16 PM

    Hi,

    It's not advisable to run ComboFix without supervision of trained helper.

    Look for c:\ComboFix.txt file and post back its contents (don't re-run ComboFix but post contents of that file if found).

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #5 mikgaes

    mikgaes
    • Topic Starter

    • Members
    • 25 posts
    • OFFLINE
    •  
    • Local time:10:58 AM

    Posted 22 August 2010 - 06:51 PM

    The person who was guiding the running of ComboFix was an IT specialist from our billing software company who was hooked in remotely. He was telling my wife what to do. He was doing us a favor on the side. He is usually a very expensive telephone call, however he didn't charge us. The system seems to be functioning, but I see these 'proxy servers' and an 017 (domain hijack) still on my hijackthis log. We know not to run ComboFix whimsically.

    My wife said she doesn't think the ComboFix log was saved. But I will be in the office again tomorrow and will search for it.

    Thank you for your help and patience so far.

    #6 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:05:58 PM

    Posted 22 August 2010 - 11:40 PM

    Ok. Shall wait for your reply.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #7 mikgaes

    mikgaes
    • Topic Starter

    • Members
    • 25 posts
    • OFFLINE
    •  
    • Local time:10:58 AM

    Posted 23 August 2010 - 07:58 AM

    Ok. Searched the computer and found no ComboFix Log file. However, the two logs you asked me to run (files above) were done after ComboFix.exe was run.

    #8 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:05:58 PM

    Posted 23 August 2010 - 12:33 PM

    Hi,

    Please run ComboFix again (let it update itself). Post back the report + fresh dds logs.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #9 mikgaes

    mikgaes
    • Topic Starter

    • Members
    • 25 posts
    • OFFLINE
    •  
    • Local time:10:58 AM

    Posted 23 August 2010 - 04:13 PM

    ComboFix 10-08-22.07 - Michael Gaesser MD 08/23/2010 16:34:28.2.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.495.254 [GMT -4:00]
    Running from: C:\Documents and Settings\Michael Gaesser MD\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\gotomon.log . . . . failed to delete

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))
    .

    2010-08-18 07:05:16 . 2010-08-18 07:05:18 -------- d-----w- C:\WINDOWS\system32\XPSViewer
    2010-08-18 07:05:13 . 2010-08-18 07:05:14 -------- d-----w- C:\Program Files\MSBuild
    2010-08-18 07:05:08 . 2010-08-18 07:05:10 -------- d-----w- C:\Program Files\Reference Assemblies
    2010-08-18 07:04:55 . 2008-07-06 12:06:10 89088 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2010-08-18 07:04:36 . 2008-07-06 12:06:10 89088 ------w- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
    2010-08-18 07:04:36 . 2008-07-06 12:06:10 117760 ------w- C:\WINDOWS\system32\prntvpt.dll
    2010-08-18 07:04:35 . 2008-07-06 12:06:10 575488 ------w- C:\WINDOWS\system32\xpsshhdr.dll
    2010-08-18 07:04:35 . 2008-07-06 12:06:10 575488 ------w- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
    2010-08-18 07:04:35 . 2008-07-06 12:06:10 1676288 ------w- C:\WINDOWS\system32\xpssvcs.dll
    2010-08-18 07:04:35 . 2008-07-06 12:06:10 1676288 ------w- C:\WINDOWS\system32\dllcache\xpssvcs.dll
    2010-08-18 07:04:35 . 2008-07-06 10:50:04 597504 ------w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2010-08-18 07:04:35 . 2008-07-06 10:50:04 597504 ------w- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
    2010-08-18 07:04:34 . 2010-08-18 07:04:36 -------- d-----w- C:\78e69d56a2fa7d4fa2
    2010-08-18 07:01:24 . 2010-08-18 07:01:24 -------- d-----w- C:\Program Files\MSXML 6.0
    2010-08-16 19:55:49 . 2010-05-06 10:41:48 743424 ------w- C:\WINDOWS\system32\dllcache\iedvtool.dll
    2010-08-16 13:06:42 . 2010-08-16 13:06:42 -------- d-----w- C:\FOUND.018
    2010-08-13 18:14:22 . 2010-08-13 18:14:24 -------- d-----w- C:\Documents and Settings\Michael Gaesser MD\Local Settings\Application Data\ICS
    2010-08-13 16:26:26 . 2010-08-13 16:26:26 -------- d-----w- C:\FOUND.017
    2010-08-12 16:19:14 . 2010-08-12 16:19:16 -------- d-----w- C:\Documents and Settings\Michael Gaesser MD\Local Settings\Application Data\WMTools Downloaded Files
    2010-08-12 15:40:34 . 2010-08-12 15:40:36 -------- d-----w- C:\Documents and Settings\Janet\Local Settings\Application Data\Adobe
    2010-08-12 15:02:08 . 2010-08-12 15:02:10 -------- d-sh--w- C:\Documents and Settings\Janet\PrivacIE
    2010-08-10 21:10:14 . 2010-08-10 21:10:14 -------- d-----w- C:\FOUND.016
    2010-08-10 18:21:10 . 2010-08-10 18:21:12 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\aquudfxef
    2010-08-10 16:39:59 . 2010-08-10 16:40:00 -------- d-sh--w- C:\Documents and Settings\NetworkService\PrivacIE
    2010-08-09 15:16:09 . 2010-08-09 15:16:10 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
    2010-08-09 13:42:28 . 2010-08-09 13:42:30 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    2010-08-07 13:46:20 . 2010-08-07 13:46:22 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-19 13:49:28 . 2004-10-04 12:36:53 70912 ----a-w- C:\Documents and Settings\Michael Gaesser MD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-12 15:48:46 . 2010-08-12 15:48:45 1167360 ----a-w- C:\Documents and Settings\Janet\ntuser.tmp
    2010-08-07 13:59:34 . 2010-08-09 13:44:15 391480 ----a-w- C:\WINDOWS\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
    2010-06-17 15:38:26 . 2010-04-15 14:33:55 439816 ----a-w- C:\Documents and Settings\Michael Gaesser MD\Application Data\Real\Update\setup3.10\setup.exe
    2010-06-14 14:30:28 . 2004-08-27 19:50:19 743936 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
    2008-06-23 14:56:10 . 2008-06-23 14:56:08 17220 ----a-w- C:\Program Files\Common Files\devecaraz._dl
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch.exe" [2003-12-01 15:38:16 892928]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 13:50:00 19968]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-03-11 14:24:08 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-03-11 14:11:56 114688]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-10-23 13:37:46 962560]
    "SMSERIAL"="sm56hlpr.exe" [2003-09-02 15:32:36 561152]
    "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 21:14:48 504080]
    "Tech-In-A-Box"="C:\techbox\techbox.exe" [2002-05-02 15:06:26 4079616]
    "GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [2007-06-20 15:09:14 258856]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 14:43:48 57344]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-11-11 03:08:18 417792]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
    2007-06-20 15:09:16 10536 ----a-w- C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"=
    "C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
    "C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 Pervasive.SQL 2000 (transactional);Pervasive.SQL 2000 (transactional);C:\PVSW\Bin\NTBTRV.EXE [9/8/2004 2:34:56 PM 86078]
    R2 viewer_service;SECTRA Viewer Update Service;C:\Program Files\Sectra\IDS5web\bin\viewer_service.exe [10/4/2006 7:09:04 PM 24628]
    R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\drivers\pctvvbi.sys [9/8/2004 1:54:51 PM 6369]
    S2 Pervasive.SQL 2000 (relational);Pervasive.SQL 2000 (relational);C:\PVSW\Bin\W3SQLMGR.EXE [9/8/2004 2:34:56 PM 49152]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [1/11/2007 9:16:15 AM 24652]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = <local>
    TCP: {7501D7E8-C17E-407C-90BF-56FF98A434C2} = 192.168.1.1
    FF - ProfilePath - C:\Documents and Settings\Michael Gaesser MD\Application Data\Mozilla\Firefox\Profiles\afonxakj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-23 16:43:08
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(464)
    C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

    - - - - - - - > 'explorer.exe'(2168)
    C:\WINDOWS\system32\WININET.dll
    C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll
    C:\Program Files\Logitech\iTchHk.dll
    C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    C:\WINDOWS\system32\ieframe.dll
    C:\WINDOWS\system32\webcheck.dll
    C:\WINDOWS\system32\WPDShServiceObj.dll
    C:\WINDOWS\system32\PortableDeviceTypes.dll
    C:\WINDOWS\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\Citrix\GoToMyPC\g2comm.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\Citrix\GoToMyPC\g2pre.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Citrix\GoToMyPC\g2tray.exe
    C:\PVSW\BIN\NTDBSMGR.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-08-23 16:52:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-23 20:52:32
    ComboFix2.txt 2010-08-16 18:39:56

    Pre-Run: 47,938,797,568 bytes free
    Post-Run: 48,442,916,864 bytes free

    - - End Of File - - B820E6D7D7129B5A87AC70DA6BE301B8


    #10 mikgaes

    mikgaes
    • Topic Starter

    • Members
    • 25 posts
    • OFFLINE
    •  
    • Local time:10:58 AM

    Posted 23 August 2010 - 04:16 PM

    DDS (Ver_10-03-17.01) - FAT32x86
    Run by Michael Gaesser MD at 17:14:39.50 on Mon 08/23/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.495.304 [GMT -4:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\Citrix\GoToMyPC\g2comm.exe
    C:\Program Files\Citrix\GoToMyPC\g2pre.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Citrix\GoToMyPC\g2tray.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\PVSW\BIN\W3SQLMGR.EXE
    C:\PVSW\BIN\NTBTRV.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Sectra\IDS5web\bin\viewer_service.exe
    C:\PVSW\BIN\NTDBSMGR.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\techbox\techbox.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Michael Gaesser MD\Local Settings\Temporary Internet Files\Content.IE5\NNVPQV7V\dds[1].com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = <local>
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [zBrowser Launcher] "c:\program files\logitech\iTouch.exe"
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [SoundMAXPnP] "c:\program files\analog devices\soundmax\SMax4PNP.exe"
    mRun: [SMSERIAL] sm56hlpr.exe
    mRun: [Realtime Monitor] "c:\progra~1\ca\etrust~1\realmon.exe" -s
    mRun: [Tech-In-A-Box] c:\techbox\techbox.exe
    mRun: [GoToMyPC] "c:\program files\citrix\gotomypc\g2svc.exe" -logon
    mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} - hxxps://viewer.draimaging.com/viewer/plugin/java-plugin-win-i.exe
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxps://pacs.draimaging.com/viewer/plugin/java-plugin-win-i.exe
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: {7501D7E8-C17E-407C-90BF-56FF98A434C2} = 192.168.1.1
    Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\afonxakj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    ============= SERVICES / DRIVERS ===============

    R2 Pervasive.SQL 2000 (relational);Pervasive.SQL 2000 (relational);c:\pvsw\bin\W3SQLMGR.EXE [2004-9-8 49152]
    R2 Pervasive.SQL 2000 (transactional);Pervasive.SQL 2000 (transactional);c:\pvsw\bin\NTBTRV.EXE [2004-9-8 86078]
    R2 viewer_service;SECTRA Viewer Update Service;c:\program files\sectra\ids5web\bin\viewer_service.exe [2006-10-4 24628]
    R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2004-9-8 6369]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]

    =============== Created Last 30 ================

    2010-08-23 20:58:22 0 d-sh--w- C:\Recycled
    2010-08-23 20:32:49 0 d-----w- C:\ComboFix
    2010-08-18 07:05:16 0 d-----w- c:\windows\system32\XPSViewer
    2010-08-18 07:04:36 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-08-18 07:04:36 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-08-18 07:04:35 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-08-18 07:04:35 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-08-18 07:04:35 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-08-18 07:04:35 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-08-18 07:04:35 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-08-18 07:04:34 0 d-----w- C:\78e69d56a2fa7d4fa2
    2010-08-18 07:01:24 0 d-----w- c:\program files\MSXML 6.0
    2010-08-17 17:59:57 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cb3e3600ac15e8.mof
    2010-08-16 19:55:49 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-08-16 18:18:37 0 d-sha-r- C:\cmdcons
    2010-08-16 18:17:06 98816 ----a-w- c:\windows\sed.exe
    2010-08-16 18:17:06 77312 ----a-w- c:\windows\MBR.exe
    2010-08-16 18:17:06 256512 ----a-w- c:\windows\PEV.exe
    2010-08-16 18:17:06 161792 ----a-w- c:\windows\SWREG.exe
    2010-08-16 13:06:42 0 d-----w- C:\FOUND.018
    2010-08-13 16:26:26 0 d-----w- C:\FOUND.017
    2010-08-10 21:10:14 0 d-----w- C:\FOUND.016
    2010-08-09 15:16:09 0 d-----w- c:\windows\system32\wbem\Repository

    ==================== Find3M ====================

    2010-06-14 14:30:28 743936 ----a-w- c:\windows\system32\dllcache\helpsvc.exe
    2008-06-23 14:56:10 17220 ----a-w- c:\program files\common files\devecaraz._dl

    ============= FINISH: 17:15:29.84 ===============


    #11 mikgaes

    mikgaes
    • Topic Starter

    • Members
    • 25 posts
    • OFFLINE
    •  
    • Local time:10:58 AM

    Posted 23 August 2010 - 04:17 PM


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/8/2004 1:20:53 PM
    System Uptime: 8/23/2010 4:53:20 PM (1 hours ago)

    Motherboard: Intel Corporation | | D865GLC
    Processor: Intel® Pentium® 4 CPU 2.80GHz | J2E1 | 2793/200mhz
    Processor: Intel® Pentium® 4 CPU 2.80GHz | J2E1 | 2793/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (FAT32) - 64 GiB total, 45.112 GiB free.
    D: is FIXED (FAT32) - 10 GiB total, 8.095 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: Multimedia Video Controller
    Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_001211BD&REV_11\4&2E98101C&0&00F0
    Manufacturer:
    Name: Multimedia Video Controller
    PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_001211BD&REV_11\4&2E98101C&0&00F0
    Service:

    Class GUID:
    Description: Multimedia Controller
    Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_001211BD&REV_11\4&2E98101C&0&01F0
    Manufacturer:
    Name: Multimedia Controller
    PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_001211BD&REV_11\4&2E98101C&0&01F0
    Service:

    ==== System Restore Points ===================

    RP2062: 8/12/2010 11:56:12 AM - Restore Operation
    RP2063: 8/13/2010 1:17:50 PM - System Checkpoint
    RP2064: 8/14/2010 2:49:33 PM - System Checkpoint
    RP2065: 8/15/2010 3:49:30 PM - System Checkpoint
    RP2066: 8/16/2010 4:23:32 PM - System Checkpoint
    RP2067: 8/17/2010 3:01:15 AM - Software Distribution Service 3.0
    RP2068: 8/18/2010 3:00:22 AM - Software Distribution Service 3.0
    RP2069: 8/18/2010 3:28:00 AM - Printer Driver Microsoft XPS Document Writer Installed
    RP2070: 8/19/2010 3:00:19 AM - Software Distribution Service 3.0
    RP2071: 8/20/2010 5:11:22 AM - System Checkpoint
    RP2072: 8/21/2010 6:58:48 AM - System Checkpoint
    RP2073: 8/22/2010 9:22:49 AM - System Checkpoint
    RP2074: 8/23/2010 4:02:36 PM - System Checkpoint

    ==== Installed Programs ======================

    32 Bit HP BiDi Channel Components Installer
    Ad-Aware SE Professional
    Adobe AIR
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Reader 7.1.0
    Apple Application Support
    Apple Software Update
    Business Contact Manager for Outlook 2003
    CA eTrust Antivirus
    CCleaner
    DeLorme Topo USA 5.0
    EarthLink Internet Offers System Builder Setup
    FormsWizard
    GoToMyPC
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB981793)
    IDS5web
    IDS5web_Languages_PMS
    Intel® Extreme Graphics Driver
    Intel® PRO Network Adapters and Drivers
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.1_05
    Java Web Start
    Java™ 6 Update 17
    Lexmark X1100 Series
    Logitech iTouch Software
    Logitech MouseWare 9.79
    Lytec Medical XE Client/Server NT/Scheduler Professional
    Malwarebytes' Anti-Malware
    Medicos
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Small Business Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Windows Journal Viewer
    Mozilla Firefox (3.5.10)
    MSN Music Assistant
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    PCTV
    PDR Electronic Library
    Pervasive.SQL 2000i NT Server v7.94
    QuickTime
    RealPlayer
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Segoe UI
    SoundMAX
    Topo USA 5.0 East Region Data
    Topo USA 5.0 Southeast Region Data
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USA Campground Data
    Viewpoint Manager (Remove Only)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086

    ==== End Of File ===========================


    #12 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:05:58 PM

    Posted 24 August 2010 - 03:27 AM

    Hi,

    Please look for ComboFix2.txt file on your c: drive (should be in c:\qoobox or c:\combofix folder). Post back its contents.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #13 mikgaes

    mikgaes
    • Topic Starter

    • Members
    • 25 posts
    • OFFLINE
    •  
    • Local time:10:58 AM

    Posted 24 August 2010 - 08:24 AM

    ComboFix 10-08-15.04 - Mxxxxxxxxxxxx 08/16/2010 14:23:07.1.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.495.188 [GMT -4:00]
    Running from: c:\documents and settings\Mxxxxxxxxxx\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Mxxxxxxxxxx\Cookies\capoloraka.inf
    c:\documents and settings\Mxxxxxxxxxx\Cookies\enoge.vbs
    c:\documents and settings\Mxxxxxxxxxxx\Cookies\qysy._sy
    c:\documents and settings\Mxxxxxxxxxxx\Cookies\ujikykomo.dll
    c:\windows\aCGxYanV.dll
    c:\windows\aFfGSppsG.dll
    c:\windows\agNRKWCT.dll
    c:\windows\ahdgOAGW.dll
    c:\windows\aIdvBmrkk.exe
    c:\windows\aJOfc.exe
    c:\windows\aLekw.exe
    c:\windows\AMGvmev.dll
    c:\windows\amIYYDYQ.exe
    c:\windows\amWgp.dll
    c:\windows\aplRmr.dll
    c:\windows\aUFJK.exe
    c:\windows\baVJj.exe
    c:\windows\BFYMal.exe
    c:\windows\bhBaRYt.dll
    c:\windows\BKoKX.exe
    c:\windows\bMmLLaQei.exe
    c:\windows\BNsGyAY.dll
    c:\windows\bQIJk.dll
    c:\windows\bXmQUrykK.dll
    c:\windows\bxQlbF.dll
    c:\windows\bXvtO.dll
    c:\windows\CcwhoRlcD.dll
    c:\windows\cjEwktJc.dll
    c:\windows\CjlxVk.exe
    c:\windows\CoJdeUfC.exe
    c:\windows\CPySRERQn.exe
    c:\windows\cQuBHKcod.exe
    c:\windows\cvlmnGNOf.exe
    c:\windows\CWMNuId.exe
    c:\windows\cxwbNOJ.dll
    c:\windows\dCrIrC.exe
    c:\windows\DDMst.exe
    c:\windows\DJVTNMqAG.exe
    c:\windows\dsxftouky.dll
    c:\windows\DTKNFpj.dll
    c:\windows\DynRRXJmx.dll
    c:\windows\EahTNHreI.exe
    c:\windows\ecivb.dll
    c:\windows\EhRvihVlu.dll
    c:\windows\eiajPl.exe
    c:\windows\EiKaW.exe
    c:\windows\EIRCvOFH.dll
    c:\windows\eLWcnK.exe
    c:\windows\eOnNtaChA.exe
    c:\windows\ERdHrBtAF.exe
    c:\windows\ERDtWj.exe
    c:\windows\erRcl.exe
    c:\windows\etBHvP.dll
    c:\windows\etmvOk.exe
    c:\windows\ExXoqF.dll
    c:\windows\eYSHbGco.exe
    c:\windows\faheQ.dll
    c:\windows\FBajOBB.exe
    c:\windows\FeApusXx.dll
    c:\windows\FiSNPrmIu.exe
    c:\windows\FPOkl.dll
    c:\windows\FTspBHxW.dll
    c:\windows\fUIEnPg.exe
    c:\windows\fUjgpOdff.dll
    c:\windows\fvFpgk.exe
    c:\windows\FvMljxAxM.dll
    c:\windows\FWPMuP.exe
    c:\windows\GAhfYwOM.exe
    c:\windows\GAmsNleI.exe
    c:\windows\gcoSqEkMG.exe
    c:\windows\GDwAx.exe
    c:\windows\GHAsWqfb.exe
    c:\windows\ghlYeHvV.dll
    c:\windows\gKkxFSWxc.dll
    c:\windows\GnuUawnwN.exe
    c:\windows\GpNNqIEGg.dll
    c:\windows\gqRdAhhqK.dll
    c:\windows\gURtl.exe
    c:\windows\GvTEh.dll
    c:\windows\hcWJfhICS.dll
    c:\windows\hhTBCw.dll
    c:\windows\hiHmR.exe
    c:\windows\hpCbqD.exe
    c:\windows\hpXnfCTBe.exe
    c:\windows\HseKl.exe
    c:\windows\HVSRBij.dll
    c:\windows\IAtWPqF.dll
    c:\windows\IcGdjFi.exe
    c:\windows\icXtHWG.exe
    c:\windows\IFtqCo.dll
    c:\windows\IjnmDnqK.exe
    c:\windows\IUsRRMmk.exe
    c:\windows\IWnkWc.dll
    c:\windows\iWyhck.exe
    c:\windows\iYiSfTu.exe
    c:\windows\IYjguRTY.dll
    c:\windows\jDcyOjSKg.exe
    c:\windows\JGaoKYBs.exe
    c:\windows\JKssA.exe
    c:\windows\JPLiO.exe
    c:\windows\jrMBGXrNx.dll
    c:\windows\jWxAewBSo.exe
    c:\windows\jYIpDP.exe
    c:\windows\KAkGSfyC.dll
    c:\windows\kBewa.exe
    c:\windows\KCncLki.exe
    c:\windows\KfWwwt.exe
    c:\windows\kikETdio.exe
    c:\windows\KIVnq.dll
    c:\windows\kQqNvK.dll
    c:\windows\ksImjv.exe
    c:\windows\lbdcQejG.dll
    c:\windows\LbSsN.dll
    c:\windows\lCrrhG.exe
    c:\windows\leAfs.exe
    c:\windows\LrPNQf.dll
    c:\windows\LtUEBLV.dll
    c:\windows\LtWNV.dll
    c:\windows\lwmofOCy.exe
    c:\windows\LyOfbNKK.dll
    c:\windows\MBLTdfR.dll
    c:\windows\McPVOhWi.dll
    c:\windows\MDqyIpMr.exe
    c:\windows\MFwxpBHLg.dll
    c:\windows\MmSmsqSuV.exe
    c:\windows\MQgwxyxUN.dll
    c:\windows\msSypyR.exe
    c:\windows\mVLXlD.exe
    c:\windows\MxRHDnx.exe
    c:\windows\nbgMgk.exe
    c:\windows\NFxGidD.exe
    c:\windows\NIwJBgc.exe
    c:\windows\NkoHRghcv.dll
    c:\windows\noPiJe.exe
    c:\windows\nTwvgVDyq.dll
    c:\windows\nuebf.dll
    c:\windows\nuxDMmWEE.exe
    c:\windows\NwwhvPHv.exe
    c:\windows\nwYXwPNt.dll
    c:\windows\OEUJa.dll
    c:\windows\OlPcA.dll
    c:\windows\oqlfOO.dll
    c:\windows\OwBiv.exe
    c:\windows\OyRwFgCQu.exe
    c:\windows\PCFkUvT.exe
    c:\windows\pFncg.dll
    c:\windows\PhQnuCw.exe
    c:\windows\Pjbri.dll
    c:\windows\PKLcRoocY.dll
    c:\windows\pPepkqVOl.exe
    c:\windows\PsgbrnGEu.exe
    c:\windows\pvicivR.exe
    c:\windows\PWcgOYw.dll
    c:\windows\pWXXQbeH.dll
    c:\windows\pwyRe.dll
    c:\windows\pXxKVE.exe
    c:\windows\QChgXb.exe
    c:\windows\qJjow.exe
    c:\windows\QKRbC.dll
    c:\windows\QpbaIoyfG.exe
    c:\windows\qriurcX.dll
    c:\windows\QSLKav.dll
    c:\windows\qTYSsp.dll
    c:\windows\QuEMHpR.dll
    c:\windows\qWDopKXV.exe
    c:\windows\QXvad.dll
    c:\windows\RbkqX.exe
    c:\windows\RbqLcTG.dll
    c:\windows\rjHYMEI.dll
    c:\windows\rjqhUi.exe
    c:\windows\rLvYwyXV.exe
    c:\windows\rMftnYEF.dll
    c:\windows\RnCQG.exe
    c:\windows\RnpWWhk.dll
    c:\windows\rONHYRA.exe
    c:\windows\RPjSBX.exe
    c:\windows\Rsdtvrv.dll
    c:\windows\rVBnPCw.exe
    c:\windows\RxkIC.dll
    c:\windows\RYQXDBl.dll
    c:\windows\SAijXoQp.dll
    c:\windows\SAmPSh.dll
    c:\windows\SEJpS.exe
    c:\windows\sFTXTky.dll
    c:\windows\sgKDHLwO.dll
    c:\windows\ShgVGBkp.dll
    c:\windows\sIxRSs.exe
    c:\windows\SsjsvJpa.dll
    c:\windows\svsxfu.dll
    c:\windows\SyOOr.dll
    c:\windows\system32\ADnvE.dll
    c:\windows\system32\AeaOmX.exe
    c:\windows\system32\aeipOewF.exe
    c:\windows\system32\AexwNCaw.exe
    c:\windows\system32\AHHSsFP.dll
    c:\windows\system32\AjOstn.dll
    c:\windows\system32\aLvIPslx.exe
    c:\windows\system32\ANmEpSsc.exe
    c:\windows\system32\AoKtnsA.dll
    c:\windows\system32\ArjEskjy.dll
    c:\windows\system32\aUkblUj.exe
    c:\windows\system32\axELj.dll
    c:\windows\system32\axyBxxg.dll
    c:\windows\system32\AyYctuEes.dll
    c:\windows\system32\bbeGmK.dll
    c:\windows\system32\BcgwHwb.exe
    c:\windows\system32\BEbwi.exe
    c:\windows\system32\bFSgGAk.exe
    c:\windows\system32\BoHsFGorW.exe
    c:\windows\system32\BqlGmMLfm.exe
    c:\windows\system32\BSGbx.dll
    c:\windows\system32\cAeVphYO.dll
    c:\windows\system32\CgkPD.dll
    c:\windows\system32\chdPJMlAh.dll
    c:\windows\system32\cjNLG.exe
    c:\windows\system32\CjVYVyPW.dll
    c:\windows\system32\cmfoLc.exe
    c:\windows\system32\cNEGeq.exe
    c:\windows\system32\cqpiVjgF.exe
    c:\windows\system32\cujDipaQ.dll
    c:\windows\system32\cVtTMUER.exe
    c:\windows\system32\dBwVLvXq.dll
    c:\windows\system32\DCXqKbKWB.dll
    c:\windows\system32\dFhkKfcj.dll
    c:\windows\system32\dHImPH.exe
    c:\windows\system32\dLkNsRcp.exe
    c:\windows\system32\doitetCTQ.exe
    c:\windows\system32\drivers\ABkiey.exe
    c:\windows\system32\drivers\aCHNHDWD.dll
    c:\windows\system32\drivers\AIyBccs.dll
    c:\windows\system32\drivers\aLDqOf.dll
    c:\windows\system32\drivers\aLumsNIF.exe
    c:\windows\system32\drivers\aOygg.dll
    c:\windows\system32\drivers\AQaLDvh.dll
    c:\windows\system32\drivers\ArJSDf.exe
    c:\windows\system32\drivers\ATMdsKjo.exe
    c:\windows\system32\drivers\aVeJFrpw.dll
    c:\windows\system32\drivers\aYCOk.dll
    c:\windows\system32\drivers\bcFNS.exe
    c:\windows\system32\drivers\BIFFw.dll
    c:\windows\system32\drivers\bISPVgwU.dll
    c:\windows\system32\drivers\bNMHmjKdC.dll
    c:\windows\system32\drivers\bOjnhU.dll
    c:\windows\system32\drivers\bspKWl.dll
    c:\windows\system32\drivers\BUEOV.exe
    c:\windows\system32\drivers\BUNchjJt.dll
    c:\windows\system32\drivers\byRlTV.exe
    c:\windows\system32\drivers\cbDRnST.exe
    c:\windows\system32\drivers\cErJWFGkB.exe
    c:\windows\system32\drivers\cMeDNGwvf.exe
    c:\windows\system32\drivers\CMIUH.exe
    c:\windows\system32\drivers\cTRNlGE.exe
    c:\windows\system32\drivers\cwmUTkW.exe
    c:\windows\system32\drivers\CYkFE.exe
    c:\windows\system32\drivers\cYwYcmNhL.exe
    c:\windows\system32\drivers\DAfDFAE.dll
    c:\windows\system32\drivers\dAtNCo.exe
    c:\windows\system32\drivers\DbjASy.exe
    c:\windows\system32\drivers\DGLRwxe.exe
    c:\windows\system32\drivers\dIJlTQ.dll
    c:\windows\system32\drivers\DInhEg.exe
    c:\windows\system32\drivers\dRgpaSSc.dll
    c:\windows\system32\drivers\eAotFvlCj.exe
    c:\windows\system32\drivers\eCxyO.exe
    c:\windows\system32\drivers\eGAjymr.exe
    c:\windows\system32\drivers\EhaAS.dll
    c:\windows\system32\drivers\eINnChHp.exe
    c:\windows\system32\drivers\EKijTduj.dll
    c:\windows\system32\drivers\erMdfdTVk.dll
    c:\windows\system32\drivers\esdBV.exe
    c:\windows\system32\drivers\eTMUqqo.exe
    c:\windows\system32\drivers\FaGtjqV.exe
    c:\windows\system32\drivers\FAQpU.exe
    c:\windows\system32\drivers\fbQnG.dll
    c:\windows\system32\drivers\fCvfn.exe
    c:\windows\system32\drivers\fFroKV.exe
    c:\windows\system32\drivers\FFWGICWL.exe
    c:\windows\system32\drivers\FMRpu.exe
    c:\windows\system32\drivers\FNckBk.exe
    c:\windows\system32\drivers\FnOyDUkW.dll
    c:\windows\system32\drivers\FSiHG.dll
    c:\windows\system32\drivers\FuNWVKUh.exe
    c:\windows\system32\drivers\GasPEI.exe
    c:\windows\system32\drivers\gbMSmSE.exe
    c:\windows\system32\drivers\GdncFEfcx.exe
    c:\windows\system32\drivers\ghvof.dll
    c:\windows\system32\drivers\gISSGLy.exe
    c:\windows\system32\drivers\GJJTCWSKV.exe
    c:\windows\system32\drivers\gkuoEyC.exe
    c:\windows\system32\drivers\gLqmTLd.dll
    c:\windows\system32\drivers\GOFlffww.dll
    c:\windows\system32\drivers\gUeGsdB.dll
    c:\windows\system32\drivers\hblIxGR.dll
    c:\windows\system32\drivers\hiIMHF.exe
    c:\windows\system32\drivers\HksTF.dll
    c:\windows\system32\drivers\hQFKMsXVO.dll
    c:\windows\system32\drivers\HtRCgwSBk.dll
    c:\windows\system32\drivers\htUbXcR.dll
    c:\windows\system32\drivers\HTuVwp.dll
    c:\windows\system32\drivers\HUJCLil.dll
    c:\windows\system32\drivers\HwlPjfLa.dll
    c:\windows\system32\drivers\hYPaXg.dll
    c:\windows\system32\drivers\iBXdrdUa.dll
    c:\windows\system32\drivers\ieHFNIrY.dll
    c:\windows\system32\drivers\iKSkdW.dll
    c:\windows\system32\drivers\InDJQ.dll
    c:\windows\system32\drivers\iPihs.dll
    c:\windows\system32\drivers\ITvGYFyf.exe
    c:\windows\system32\drivers\IuOTwn.exe
    c:\windows\system32\drivers\iViBuiq.dll
    c:\windows\system32\drivers\IXPPYqFoo.dll
    c:\windows\system32\drivers\iYQgtoq.dll
    c:\windows\system32\drivers\JdhcVrT.exe
    c:\windows\system32\drivers\jeBTOv.dll
    c:\windows\system32\drivers\JGBauphoY.dll
    c:\windows\system32\drivers\jhiodVKau.exe
    c:\windows\system32\drivers\JNraKQ.exe
    c:\windows\system32\drivers\JnxRsBbVe.dll
    c:\windows\system32\drivers\kdAaH.exe
    c:\windows\system32\drivers\KesfHHP.dll
    c:\windows\system32\drivers\KJiBACbiS.dll
    c:\windows\system32\drivers\KnjmP.dll
    c:\windows\system32\drivers\KRkWIMC.exe
    c:\windows\system32\drivers\ktUPD.exe
    c:\windows\system32\drivers\KVeYtroe.exe
    c:\windows\system32\drivers\Kxvag.exe
    c:\windows\system32\drivers\LAtxy.exe
    c:\windows\system32\drivers\lCEdsDY.exe
    c:\windows\system32\drivers\lfLYg.dll
    c:\windows\system32\drivers\lGkgQOjli.exe
    c:\windows\system32\drivers\ljuGJCH.dll
    c:\windows\system32\drivers\LlwipxsI.dll
    c:\windows\system32\drivers\lVhdarQ.exe
    c:\windows\system32\drivers\lvQyMo.dll
    c:\windows\system32\drivers\lVvNp.dll
    c:\windows\system32\drivers\lxdvl.dll
    c:\windows\system32\drivers\MbsYMdhhf.dll
    c:\windows\system32\drivers\MdsDUfAAa.dll
    c:\windows\system32\drivers\mgyRLBt.exe
    c:\windows\system32\drivers\MhESi.exe
    c:\windows\system32\drivers\mJswh.dll
    c:\windows\system32\drivers\MneNGPIC.dll
    c:\windows\system32\drivers\MNTnmR.exe
    c:\windows\system32\drivers\mOHIkpvMA.exe
    c:\windows\system32\drivers\mtRapAYCr.exe
    c:\windows\system32\drivers\MWwfd.exe
    c:\windows\system32\drivers\mYbwqYM.dll
    c:\windows\system32\drivers\nAwJjDVHT.exe
    c:\windows\system32\drivers\ncvUL.dll
    c:\windows\system32\drivers\nmLUpURy.exe
    c:\windows\system32\drivers\nOGeqno.dll
    c:\windows\system32\drivers\nOXCuPRi.exe
    c:\windows\system32\drivers\NpKkj.dll
    c:\windows\system32\drivers\NpueE.exe
    c:\windows\system32\drivers\nqEBP.exe
    c:\windows\system32\drivers\nQvmpB.dll
    c:\windows\system32\drivers\NrGVg.dll
    c:\windows\system32\drivers\nwPnEubn.exe
    c:\windows\system32\drivers\NYbPuPS.exe
    c:\windows\system32\drivers\OfOKXLw.exe
    c:\windows\system32\drivers\ojerU.exe
    c:\windows\system32\drivers\OOGISkl.exe
    c:\windows\system32\drivers\ooGyEi.dll
    c:\windows\system32\drivers\OpYWn.dll
    c:\windows\system32\drivers\OQoHHr.dll
    c:\windows\system32\drivers\OvcXitqUt.dll
    c:\windows\system32\drivers\OWkLw.dll
    c:\windows\system32\drivers\paVwYjF.dll
    c:\windows\system32\drivers\PawJXQ.exe
    c:\windows\system32\drivers\PKoNRQpKP.exe
    c:\windows\system32\drivers\PmFnOQ.exe
    c:\windows\system32\drivers\poslCQeF.dll
    c:\windows\system32\drivers\PsEImt.dll
    c:\windows\system32\drivers\PUCwcIET.dll
    c:\windows\system32\drivers\PVHKkam.dll
    c:\windows\system32\drivers\pWAjUYtm.dll
    c:\windows\system32\drivers\qCUIWO.exe
    c:\windows\system32\drivers\QcXstesF.dll
    c:\windows\system32\drivers\QEYaco.dll
    c:\windows\system32\drivers\qKwXOeTXb.exe
    c:\windows\system32\drivers\qMdWQK.exe
    c:\windows\system32\drivers\QpTsdwaY.dll
    c:\windows\system32\drivers\QqqqxGHtJ.dll
    c:\windows\system32\drivers\qrrsMJU.dll
    c:\windows\system32\drivers\qsIGd.exe
    c:\windows\system32\drivers\qumLurGy.dll
    c:\windows\system32\drivers\RFROGVEeu.exe
    c:\windows\system32\drivers\rgDiHWH.exe
    c:\windows\system32\drivers\rGMraoWf.dll
    c:\windows\system32\drivers\riBrr.dll
    c:\windows\system32\drivers\RjLEhPskS.dll
    c:\windows\system32\drivers\RJTeB.dll
    c:\windows\system32\drivers\rnRCcJxRE.exe
    c:\windows\system32\drivers\RqOkN.dll
    c:\windows\system32\drivers\rsHmBIkPI.dll
    c:\windows\system32\drivers\rtnecguj.exe
    c:\windows\system32\drivers\rTYIsJvF.dll
    c:\windows\system32\drivers\rUrnPk.dll
    c:\windows\system32\drivers\RyvUBhHh.dll
    c:\windows\system32\drivers\ScpOoim.dll
    c:\windows\system32\drivers\sGXnI.dll
    c:\windows\system32\drivers\sIpNg.exe
    c:\windows\system32\drivers\SIwVQausp.dll
    c:\windows\system32\drivers\sjqKpFhx.exe
    c:\windows\system32\drivers\SkIQl.exe
    c:\windows\system32\drivers\Sqdhm.exe
    c:\windows\system32\drivers\SRsPMHS.dll
    c:\windows\system32\drivers\SsLVEi.exe
    c:\windows\system32\drivers\sUYiYmIw.exe
    c:\windows\system32\drivers\sVeEG.exe
    c:\windows\system32\drivers\sVnLn.dll
    c:\windows\system32\drivers\SwdRHjOD.dll
    c:\windows\system32\drivers\TCahtL.exe
    c:\windows\system32\drivers\TeQdSaJP.dll
    c:\windows\system32\drivers\ThthTSD.exe
    c:\windows\system32\drivers\tINXjPAyB.exe
    c:\windows\system32\drivers\TMPhpCj.dll
    c:\windows\system32\drivers\tOnMvCwN.exe
    c:\windows\system32\drivers\TpxmF.exe
    c:\windows\system32\drivers\TrJbK.exe
    c:\windows\system32\drivers\ttgVMOh.exe
    c:\windows\system32\drivers\TvKKF.exe
    c:\windows\system32\drivers\TYabEDLcW.dll
    c:\windows\system32\drivers\UKkgWm.exe
    c:\windows\system32\drivers\uLxywP.dll
    c:\windows\system32\drivers\UrmqhW.exe
    c:\windows\system32\drivers\usWUeBvA.dll
    c:\windows\system32\drivers\uXHdB.exe
    c:\windows\system32\drivers\vCfIQAM.dll
    c:\windows\system32\drivers\VDunbGMCp.dll
    c:\windows\system32\drivers\vKAtKKSf.dll
    c:\windows\system32\drivers\VkUAnuOLM.exe
    c:\windows\system32\drivers\vnILJDn.exe
    c:\windows\system32\drivers\Vqvhtf.exe
    c:\windows\system32\drivers\vwmmcjcw.exe
    c:\windows\system32\drivers\vXERv.exe
    c:\windows\system32\drivers\vxfkOLTEF.exe
    c:\windows\system32\drivers\VXPKOwF.exe
    c:\windows\system32\drivers\WHekWy.dll
    c:\windows\system32\drivers\WnjcmN.exe
    c:\windows\system32\drivers\wTkYE.dll
    c:\windows\system32\drivers\wTrRjrTiQ.dll
    c:\windows\system32\drivers\xDAwsin.exe
    c:\windows\system32\drivers\XGJiT.dll
    c:\windows\system32\drivers\xMeNUYDgE.exe
    c:\windows\system32\drivers\xnCjQSiSd.dll
    c:\windows\system32\drivers\xnTDp.exe
    c:\windows\system32\drivers\xovseboGn.dll
    c:\windows\system32\drivers\xqhtTcXYU.exe
    c:\windows\system32\drivers\XWQkJQwv.exe
    c:\windows\system32\drivers\yBsVVVao.dll
    c:\windows\system32\drivers\ydAoNfru.dll
    c:\windows\system32\drivers\ygGAOXUCx.exe
    c:\windows\system32\drivers\YNpSIPQ.exe
    c:\windows\system32\drivers\ysrYB.exe
    c:\windows\system32\drivers\Ytfmlv.exe
    c:\windows\system32\drivers\YTmPIdONL.exe
    c:\windows\system32\drivers\YXmfwFYM.dll
    c:\windows\system32\DsefuJqxc.dll
    c:\windows\system32\dXfWqJpYW.exe
    c:\windows\system32\EHbyse.dll
    c:\windows\system32\ehtffk.exe
    c:\windows\system32\EpsFaFWgg.dll
    c:\windows\system32\ErQhchU.exe
    c:\windows\system32\eUQGPt.dll
    c:\windows\system32\fatqDsnY.exe
    c:\windows\system32\fAyyBdB.exe
    c:\windows\system32\fBSvJAj.exe
    c:\windows\system32\FECdML.exe
    c:\windows\system32\fLnfecLP.exe
    c:\windows\system32\flTQbxJrc.dll
    c:\windows\system32\fMACBDp.exe
    c:\windows\system32\FmGxFL.exe
    c:\windows\system32\FOJjBWV.exe
    c:\windows\system32\FoTkP.dll
    c:\windows\system32\FpVbbYQhB.dll
    c:\windows\system32\fqIRFFx.exe
    c:\windows\system32\fWdaNS.dll
    c:\windows\system32\FyvaLA.dll
    c:\windows\system32\GbNjcS.dll
    c:\windows\system32\GBoALry.dll
    c:\windows\system32\glEJeOO.dll
    c:\windows\system32\GPOcbvaYn.dll
    c:\windows\system32\gQOqjlb.exe
    c:\windows\system32\GvTmdi.exe
    c:\windows\system32\gVUQN.exe
    c:\windows\system32\gXeyv.dll
    c:\windows\system32\gXnnp.dll
    c:\windows\system32\HblXg.exe
    c:\windows\system32\hcqjMn.dll
    c:\windows\system32\HdhOMSNM.exe
    c:\windows\system32\hEbiJWNJ.exe
    c:\windows\system32\HFDdQ.dll
    c:\windows\system32\HiMdFrqb.exe
    c:\windows\system32\hQUjGi.dll
    c:\windows\system32\hrPKa.exe
    c:\windows\system32\HscJAlVFl.dll
    c:\windows\system32\hwjIwPF.exe
    c:\windows\system32\ICMYaBE.dll
    c:\windows\system32\iDDvkVD.exe
    c:\windows\system32\IfmWjfsC.exe
    c:\windows\system32\iJwJSaLb.dll
    c:\windows\system32\ILRarjNvh.dll
    c:\windows\system32\iqqPaYeYC.dll
    c:\windows\system32\iRUcIrMB.exe
    c:\windows\system32\ItDiS.dll
    c:\windows\system32\IUPnnX.dll
    c:\windows\system32\ixLYMp.exe
    c:\windows\system32\iywlucJSP.dll
    c:\windows\system32\Jbeormhhv.exe
    c:\windows\system32\jDsmO.dll
    c:\windows\system32\JhPdw.exe
    c:\windows\system32\JIyDr.dll
    c:\windows\system32\JkrfyghPN.exe
    c:\windows\system32\jnwaptxh.exe
    c:\windows\system32\JqpTp.exe
    c:\windows\system32\JrJlvBpkp.exe
    c:\windows\system32\jtxPFD.exe
    c:\windows\system32\juPASGaof.exe
    c:\windows\system32\jvmFI.exe
    c:\windows\system32\KcjQRhCS.dll
    c:\windows\system32\kctAdE.exe
    c:\windows\system32\keIySs.exe
    c:\windows\system32\kLoHB.dll
    c:\windows\system32\kSBGwisB.dll
    c:\windows\system32\KsLLPNTN.exe
    c:\windows\system32\KwFUxOscQ.dll
    c:\windows\system32\LDJfSQKA.dll
    c:\windows\system32\LeHLJ.exe
    c:\windows\system32\lfgRFXR.dll
    c:\windows\system32\ljtWq.exe
    c:\windows\system32\LOkav.dll
    c:\windows\system32\LOYsec.dll
    c:\windows\system32\lRekXDrJo.exe
    c:\windows\system32\lVFgjf.exe
    c:\windows\system32\MAflu.exe
    c:\windows\system32\mELyNmop.dll
    c:\windows\system32\MkFTMhEg.dll
    c:\windows\system32\mlTjROO.exe
    c:\windows\system32\mohgpDlEV.dll
    c:\windows\system32\nePoucA.dll
    c:\windows\system32\NeTCwOW.exe
    c:\windows\system32\njdkU.exe
    c:\windows\system32\NnhCu.exe
    c:\windows\system32\NQgOVwdNp.dll
    c:\windows\system32\nRyLm.dll
    c:\windows\system32\nuGjvcQ.dll
    c:\windows\system32\NvKvvQKV.dll
    c:\windows\system32\OamaUb.dll
    c:\windows\system32\OdtkY.exe
    c:\windows\system32\oFTOGvir.exe
    c:\windows\system32\OHHWEJS.exe
    c:\windows\system32\Oilgu.exe
    c:\windows\system32\oJseQkV.exe
    c:\windows\system32\OLdWMdXo.exe
    c:\windows\system32\OLJAFdE.dll
    c:\windows\system32\ONkCuKu.exe
    c:\windows\system32\OQMRtrahb.exe
    c:\windows\system32\PeKydQ.dll
    c:\windows\system32\pEutECWoD.dll
    c:\windows\system32\pFOQVxOE.exe
    c:\windows\system32\pJcwhiRN.dll
    c:\windows\system32\pQFaOVQNA.dll
    c:\windows\system32\pRJmPQbA.exe
    c:\windows\system32\pTsAxp.exe
    c:\windows\system32\pUMtc.dll
    c:\windows\system32\PxfBaSq.dll
    c:\windows\system32\PxvjOqg.dll
    c:\windows\system32\pyKBUyUDt.dll
    c:\windows\system32\QFOqbnI.exe
    c:\windows\system32\qfuKuDtP.exe
    c:\windows\system32\QGqrikLx.dll
    c:\windows\system32\qhTNydE.exe
    c:\windows\system32\qkpOvody.exe
    c:\windows\system32\qKXVxEFjo.dll
    c:\windows\system32\QlAptWcBv.dll
    c:\windows\system32\qqhmfAXva.exe
    c:\windows\system32\QQIGWGHl.dll
    c:\windows\system32\qWskwEom.dll
    c:\windows\system32\qxiyAfe.dll
    c:\windows\system32\rbjOtqOUH.exe
    c:\windows\system32\RFIGlRQJJ.dll
    c:\windows\system32\RiktH.dll
    c:\windows\system32\rJGsfhsd.dll
    c:\windows\system32\rKANL.dll
    c:\windows\system32\Rkfliwcm.exe
    c:\windows\system32\RKGlkdtK.exe
    c:\windows\system32\rLImECUe.exe
    c:\windows\system32\RNEIMf.exe
    c:\windows\system32\RqHMefPrr.dll
    c:\windows\system32\rtTBsrjKF.exe
    c:\windows\system32\RViEqOFu.dll
    c:\windows\system32\RVqFnR.exe
    c:\windows\system32\SBDchxy.exe
    c:\windows\system32\sbvGN.dll
    c:\windows\system32\sCfKBw.exe
    c:\windows\system32\SfRrb.exe
    c:\windows\system32\SPVaUsemW.dll
    c:\windows\system32\swqGQP.exe
    c:\windows\system32\TdpJTutNT.exe
    c:\windows\system32\TDrwJ.dll
    c:\windows\system32\tekwmfKU.dll
    c:\windows\system32\TestPHXtl.dll
    c:\windows\system32\TFLEWT.exe
    c:\windows\system32\ThJAYCqG.exe
    c:\windows\system32\tkOdtkBx.dll
    c:\windows\system32\tNxlaEEYd.dll
    c:\windows\system32\TPEUDUJdH.dll
    c:\windows\system32\TqkKUjFs.exe
    c:\windows\system32\ttukCoh.exe
    c:\windows\system32\TuAQSe.exe
    c:\windows\system32\tYPJrJXl.dll
    c:\windows\system32\udifJR.dll
    c:\windows\system32\uJrOjvEcp.dll
    c:\windows\system32\uPtMpa.dll
    c:\windows\system32\Uxacgkrp.dll
    c:\windows\system32\UxMeobml.dll
    c:\windows\system32\veHwwNdp.dll
    c:\windows\system32\vIqOmaoQV.exe
    c:\windows\system32\VKRyqid.exe
    c:\windows\system32\vLanTlp.exe
    c:\windows\system32\VniucV.exe
    c:\windows\system32\VNwbn.dll
    c:\windows\system32\vWanKt.exe
    c:\windows\system32\VwtMPv.dll
    c:\windows\system32\VxdORyWTu.exe
    c:\windows\system32\vxlDd.dll
    c:\windows\system32\WBasLB.dll
    c:\windows\system32\wBkyAKIAM.dll
    c:\windows\system32\wDNVp.dll
    c:\windows\system32\WeJnckXT.exe
    c:\windows\system32\WIflejYYj.dll
    c:\windows\system32\WJutxwglj.exe
    c:\windows\system32\wlDyr.dll
    c:\windows\system32\WOAgTyth.dll
    c:\windows\system32\woxUvW.exe
    c:\windows\system32\WPyqqyRy.exe
    c:\windows\system32\xcEOyDp.dll
    c:\windows\system32\xeJMRq.dll
    c:\windows\system32\XnkhjkjQ.exe
    c:\windows\system32\xNNGqKS.exe
    c:\windows\system32\XOuIJog.dll
    c:\windows\system32\xQVViXBlK.exe
    c:\windows\system32\XsAXHuW.dll
    c:\windows\system32\XtKaIwjL.dll
    c:\windows\system32\XvTnq.dll
    c:\windows\system32\YcfAHcmi.dll
    c:\windows\system32\yeixdV.dll
    c:\windows\system32\YFNCmDKr.dll
    c:\windows\system32\YHYAyjb.dll
    c:\windows\system32\yJooVO.exe
    c:\windows\system32\YNPag.exe
    c:\windows\tBNAkAsby.exe
    c:\windows\tdfVeRVqm.exe
    c:\windows\TeVkoT.exe
    c:\windows\tFjuB.exe
    c:\windows\tfsSwS.dll
    c:\windows\TiRlom.dll
    c:\windows\tKKAOndi.dll
    c:\windows\TkNyHpexX.dll
    c:\windows\toFsrF.dll
    c:\windows\TUsvKq.dll
    c:\windows\uDhMDs.dll
    c:\windows\uDkqkS.exe
    c:\windows\uKuuIqSee.dll
    c:\windows\UobwUJyh.exe
    c:\windows\UpIwbuJ.exe
    c:\windows\UrwEWXWFh.dll
    c:\windows\UwNIww.exe
    c:\windows\uWTgsm.exe
    c:\windows\UxPjwlF.exe
    c:\windows\vAaEAhtgd.dll
    c:\windows\VDtse.exe
    c:\windows\vkNRfwO.exe
    c:\windows\vOENLPod.exe
    c:\windows\VQpslrrBm.exe
    c:\windows\VtNQQT.exe
    c:\windows\VuTDQ.dll
    c:\windows\VVnttT.dll
    c:\windows\VxFMTty.exe
    c:\windows\WAnBqy.exe
    c:\windows\WAOMSuTj.exe
    c:\windows\wFfXIFRs.dll
    c:\windows\wGDGVYeVx.dll
    c:\windows\wgjehcIH.exe
    c:\windows\whTuey.dll
    c:\windows\WlmliYn.exe
    c:\windows\WpXyMnUs.exe
    c:\windows\WrPXOjU.exe
    c:\windows\WYjNXug.exe
    c:\windows\xDWdl.exe
    c:\windows\xhpjICxT.exe
    c:\windows\xqAgyy.dll
    c:\windows\xQaqUy.exe
    c:\windows\XQjseAkQE.exe
    c:\windows\xSdaAbuEL.dll
    c:\windows\xvTnsho.exe
    c:\windows\YebdYls.dll
    c:\windows\YNQCmTs.dll
    c:\windows\yQRMGoMQ.dll
    c:\windows\yrXmSh.exe
    c:\windows\YYdmDhh.dll
    c:\windows\YyeBxViJE.exe
    c:\windows\yykKE.dll
    c:\windows\system32\gotomon.log . . . . failed to delete

    Infected copy of c:\windows\system32\drivers\imapi.sys was found and disinfected
    Restored copy from - Kitty had a snack tongue.gif
    .
    ((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
    .

    2010-08-16 13:06 . 2010-08-16 13:06 -------- d-----w- C:\FOUND.018
    2010-08-13 18:14 . 2010-08-13 18:14 -------- d-----w- c:\documents and settings\Mxxxxxxxxxxx\Local Settings\Application Data\ICS
    2010-08-13 16:26 . 2010-08-13 16:26 -------- d-----w- C:\FOUND.017
    2010-08-12 16:19 . 2010-08-12 16:19 -------- d-----w- c:\documents and settings\Mxxxxxxxxxxx\Local Settings\Application Data\WMTools Downloaded Files
    2010-08-12 15:40 . 2010-08-12 15:40 -------- d-----w- c:\documents and settings\Janet\Local Settings\Application Data\Adobe
    2010-08-12 15:02 . 2010-08-12 15:02 -------- d-sh--w- c:\documents and settings\Janet\PrivacIE
    2010-08-10 21:10 . 2010-08-10 21:10 -------- d-----w- C:\FOUND.016
    2010-08-10 18:21 . 2010-08-10 18:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\aquudfxef
    2010-08-10 16:39 . 2010-08-10 16:40 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2010-08-09 15:16 . 2010-08-09 15:16 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-08-09 13:42 . 2010-08-09 13:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-08-07 13:46 . 2010-08-07 13:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-12 15:48 . 2010-08-12 15:48 1167360 ----a-w- c:\documents and settings\Janet\ntuser.tmp
    2010-08-07 13:59 . 2010-08-09 13:44 391480 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
    2010-06-17 15:38 . 2010-04-15 14:33 439816 ----a-w- c:\documents and settings\Mxxxxxxxxxxx\Application Data\Real\Update\setup3.10\setup.exe
    2008-06-23 14:56 . 2008-06-23 14:56 17220 ----a-w- c:\program files\Common Files\devecaraz._dl
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch.exe" [2003-12-01 892928]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-03-11 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-03-11 114688]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-10-23 962560]
    "SMSERIAL"="sm56hlpr.exe" [2003-09-02 561152]
    "Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]
    "Tech-In-A-Box"="c:\techbox\techbox.exe" [2002-05-02 4079616]
    "GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2007-06-20 258856]
    "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
    2007-06-20 15:09 10536 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"=
    "c:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
    "c:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 Pervasive.SQL 2000 (relational);Pervasive.SQL 2000 (relational);c:\pvsw\Bin\W3SQLMGR.EXE [9/8/2004 2:34 PM 49152]
    R2 Pervasive.SQL 2000 (transactional);Pervasive.SQL 2000 (transactional);c:\pvsw\Bin\NTBTRV.EXE [9/8/2004 2:34 PM 86078]
    R2 viewer_service;SECTRA Viewer Update Service;c:\program files\Sectra\IDS5web\bin\viewer_service.exe [10/4/2006 7:09 PM 24628]
    R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [9/8/2004 1:54 PM 6369]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 9:16 AM 24652]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = <local>
    TCP: {7501D7E8-C17E-407C-90BF-56FF98A434C2} = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Mxxxxxxxx\Application Data\Mozilla\Firefox\Profiles\afonxakj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-16 14:34
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(464)
    c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

    - - - - - - - > 'explorer.exe'(3348)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\MouseWare\System\LgWndHk.dll
    c:\program files\Logitech\iTchHk.dll
    c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\CA\eTrust Antivirus\InoRpc.exe
    c:\program files\Citrix\GoToMyPC\g2comm.exe
    c:\program files\Citrix\GoToMyPC\g2pre.exe
    c:\program files\CA\eTrust Antivirus\InoRT.exe
    c:\program files\CA\eTrust Antivirus\InoTask.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Citrix\GoToMyPC\g2tray.exe
    c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    c:\pvsw\BIN\NTDBSMGR.EXE
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Logitech\MouseWare\system\em_exec.exe
    c:\windows\sm56hlpr.exe
    c:\program files\Lexmark X1100 Series\lxbkbmon.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-08-16 14:39:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-16 18:39

    Pre-Run: 41,950,593,024 bytes free
    Post-Run: 42,216,062,976 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 05F24EEE3658403597C9EB24A4BFFB7F


    I replaced my name with 'Mxxxxxxxxxx' throughout this post.

    Edited by mikgaes, 24 August 2010 - 08:28 AM.


    #14 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:05:58 PM

    Posted 24 August 2010 - 09:51 AM

    Hi again,


    Open notepad and copy/paste the text in the quotebox below into it:

    CODE
    Folder::
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\aquudfxef
    File::
    C:\Program Files\Common Files\devecaraz._dl
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = <local>



    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Uninstall old Adobe Reader versions and get the latest one with updates (9.3 and updates 9.3.2 & 9.3.3 & 9.3.4) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



    Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.


    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #15 mikgaes

    mikgaes
    • Topic Starter

    • Members
    • 25 posts
    • OFFLINE
    •  
    • Local time:10:58 AM

    Posted 24 August 2010 - 12:47 PM

    ComboFix 10-08-22.07 - Michael Gaesser MD 08/23/2010 16:34:28.2.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.495.254 [GMT -4:00]
    Running from: c:\documents and settings\Michael Gaesser MD\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\gotomon.log . . . . failed to delete

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))
    .

    2010-08-18 07:05 . 2010-08-18 07:05 -------- d-----w- c:\windows\system32\XPSViewer
    2010-08-18 07:05 . 2010-08-18 07:05 -------- d-----w- c:\program files\MSBuild
    2010-08-18 07:05 . 2010-08-18 07:05 -------- d-----w- c:\program files\Reference Assemblies
    2010-08-18 07:04 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2010-08-18 07:04 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-08-18 07:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-08-18 07:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-08-18 07:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-08-18 07:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-08-18 07:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-08-18 07:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2010-08-18 07:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-08-18 07:04 . 2010-08-18 07:04 -------- d-----w- C:\78e69d56a2fa7d4fa2
    2010-08-18 07:01 . 2010-08-18 07:01 -------- d-----w- c:\program files\MSXML 6.0
    2010-08-16 19:55 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-08-16 13:06 . 2010-08-16 13:06 -------- d-----w- C:\FOUND.018
    2010-08-13 18:14 . 2010-08-13 18:14 -------- d-----w- c:\documents and settings\Michael Gaesser MD\Local Settings\Application Data\ICS
    2010-08-13 16:26 . 2010-08-13 16:26 -------- d-----w- C:\FOUND.017
    2010-08-12 16:19 . 2010-08-12 16:19 -------- d-----w- c:\documents and settings\Michael Gaesser MD\Local Settings\Application Data\WMTools Downloaded Files
    2010-08-12 15:40 . 2010-08-12 15:40 -------- d-----w- c:\documents and settings\Janet\Local Settings\Application Data\Adobe
    2010-08-12 15:02 . 2010-08-12 15:02 -------- d-sh--w- c:\documents and settings\Janet\PrivacIE
    2010-08-10 21:10 . 2010-08-10 21:10 -------- d-----w- C:\FOUND.016
    2010-08-10 18:21 . 2010-08-10 18:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\aquudfxef
    2010-08-10 16:39 . 2010-08-10 16:40 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2010-08-09 15:16 . 2010-08-09 15:16 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-08-09 13:42 . 2010-08-09 13:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-08-07 13:46 . 2010-08-07 13:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-19 13:49 . 2004-10-04 12:36 70912 ----a-w- c:\documents and settings\Michael Gaesser MD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-12 15:48 . 2010-08-12 15:48 1167360 ----a-w- c:\documents and settings\Janet\ntuser.tmp
    2010-08-07 13:59 . 2010-08-09 13:44 391480 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
    2010-06-17 15:38 . 2010-04-15 14:33 439816 ----a-w- c:\documents and settings\Michael Gaesser MD\Application Data\Real\Update\setup3.10\setup.exe
    2010-06-14 14:30 . 2004-08-27 19:50 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
    2008-06-23 14:56 . 2008-06-23 14:56 17220 ----a-w- c:\program files\Common Files\devecaraz._dl
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch.exe" [2003-12-01 892928]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-03-11 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-03-11 114688]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-10-23 962560]
    "SMSERIAL"="sm56hlpr.exe" [2003-09-02 561152]
    "Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]
    "Tech-In-A-Box"="c:\techbox\techbox.exe" [2002-05-02 4079616]
    "GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2007-06-20 258856]
    "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
    2007-06-20 15:09 10536 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"=
    "c:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
    "c:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 Pervasive.SQL 2000 (transactional);Pervasive.SQL 2000 (transactional);c:\pvsw\Bin\NTBTRV.EXE [9/8/2004 2:34 PM 86078]
    R2 viewer_service;SECTRA Viewer Update Service;c:\program files\Sectra\IDS5web\bin\viewer_service.exe [10/4/2006 7:09 PM 24628]
    R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [9/8/2004 1:54 PM 6369]
    S2 Pervasive.SQL 2000 (relational);Pervasive.SQL 2000 (relational);c:\pvsw\Bin\W3SQLMGR.EXE [9/8/2004 2:34 PM 49152]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 9:16 AM 24652]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = <local>
    TCP: {7501D7E8-C17E-407C-90BF-56FF98A434C2} = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Michael Gaesser MD\Application Data\Mozilla\Firefox\Profiles\afonxakj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-23 16:43
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(464)
    c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

    - - - - - - - > 'explorer.exe'(2168)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\MouseWare\System\LgWndHk.dll
    c:\program files\Logitech\iTchHk.dll
    c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\CA\eTrust Antivirus\InoRpc.exe
    c:\program files\Citrix\GoToMyPC\g2comm.exe
    c:\program files\CA\eTrust Antivirus\InoRT.exe
    c:\program files\CA\eTrust Antivirus\InoTask.exe
    c:\program files\Citrix\GoToMyPC\g2pre.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    c:\program files\Citrix\GoToMyPC\g2tray.exe
    c:\pvsw\BIN\NTDBSMGR.EXE
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Logitech\MouseWare\system\em_exec.exe
    c:\windows\sm56hlpr.exe
    c:\program files\Lexmark X1100 Series\lxbkbmon.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-08-23 16:52:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-23 20:52
    ComboFix2.txt 2010-08-16 18:39

    Pre-Run: 47,938,797,568 bytes free
    Post-Run: 48,442,916,864 bytes free

    - - End Of File - - B820E6D7D7129B5A87AC70DA6BE301B8




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users