PDA

View Full Version : I have a bad case of virtumonde :(



saxymoose
2008-02-13, 18:31
I can't seem to get rid of this thing.

The Kaspersky log is too long for one post, but it said that I have 16 viruses and 141 infected objects.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:10 AM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1163454654\ee\AOLSoftware.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\common files\aol\1163454654\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1163454654\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {296401D7-BB78-42F3-96B4-57B91BF29D06} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O2 - BHO: (no name) - {49D63E18-33B1-46F2-82C2-39431FB94794} - C:\WINDOWS\system32\mljjggh.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {70FE15DF-9086-4083-A1ED-FF92E4B1D93D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\nylymnxb.dll (file missing)
O2 - BHO: {94d10c7f-f79e-ee78-f2e4-27463361de0c} - {c0ed1633-6472-4e2f-87ee-e97ff7c01d49} - C:\WINDOWS\system32\ckcbtaks.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {E49C425E-A1C5-48BA-B9D5-53648F7A62CF} - (no file)
O2 - BHO: (no name) - {F354061C-22E7-4EA0-A06C-52DFD409D74D} - C:\WINDOWS\system32\gebyv.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1163454654\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [e0208b57] "rundll32.exe" "C:\WINDOWS\system32\hqbrtnpn.dll",b
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [iSproggler] "C:\New Folder\iSproggler.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nylymnxb - nylymnxb.dll (file missing)
O20 - Winlogon Notify: rqrsttq - rqrsttq.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 15236 bytes

ken545
2008-02-13, 21:00
Hello saxymoose

Welcome to Safer Networking.

Please read Before YouPost (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

Your infected with the Vundo Trojan, lets do this

Download VundoFix (http://www.atribune.org/ccount/click.php?id=4) to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.





Please download SuperAntiSpyware (http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE)
Install the program
Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your reply, as well as a new HijackThis log.





Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall



Let me see the Vundo Report, the SAS Report, the Combofix report and a New HJT log. They most likely won't fit all in one post so take as many replies as you need.

saxymoose
2008-02-14, 04:06
Thanks for responding so quickly!


So I've been dealing with this problem for the past few weeks, and I downloaded Vundofix when it first started happening. Because of that, the log I have says that I started January 29th, just so you know.


Here are my logs


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 11:19:59 PM 1/29/2008

Listing files found while scanning....

C:\windows\system32\alhwfkyp.dll
C:\windows\system32\alhwfkyp.dllbox
C:\WINDOWS\system32\bmdhumav.dll
C:\WINDOWS\system32\byetwvcj.dll
C:\WINDOWS\system32\cfbnkcuk.dll
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\hvalcshk.dll
C:\WINDOWS\system32\ixlfoglu.dll
C:\WINDOWS\system32\khsclavh.ini
C:\WINDOWS\system32\kqvmvofp.dll
C:\WINDOWS\system32\ljjjiji.dll
C:\WINDOWS\system32\mljjggh.dll
C:\WINDOWS\system32\njmgscdc.dll
C:\windows\system32\vybeg.ini
C:\windows\system32\vybeg.ini2

Beginning removal...

Attempting to delete C:\windows\system32\alhwfkyp.dll
C:\windows\system32\alhwfkyp.dll Could not be deleted.

Attempting to delete C:\windows\system32\alhwfkyp.dllbox
C:\windows\system32\alhwfkyp.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\bmdhumav.dll
C:\WINDOWS\system32\bmdhumav.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byetwvcj.dll
C:\WINDOWS\system32\byetwvcj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cfbnkcuk.dll
C:\WINDOWS\system32\cfbnkcuk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyv.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hvalcshk.dll
C:\WINDOWS\system32\hvalcshk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ixlfoglu.dll
C:\WINDOWS\system32\ixlfoglu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khsclavh.ini
C:\WINDOWS\system32\khsclavh.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kqvmvofp.dll
C:\WINDOWS\system32\kqvmvofp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjjiji.dll
C:\WINDOWS\system32\ljjjiji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjggh.dll
C:\WINDOWS\system32\mljjggh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\njmgscdc.dll
C:\WINDOWS\system32\njmgscdc.dll Could not be deleted.

Attempting to delete C:\windows\system32\vybeg.ini
C:\windows\system32\vybeg.ini Has been deleted!

Attempting to delete C:\windows\system32\vybeg.ini2
C:\windows\system32\vybeg.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\alhwfkyp.dll
C:\windows\system32\alhwfkyp.dll Has been deleted!

Attempting to delete C:\windows\system32\alhwfkyp.dllbox
C:\windows\system32\alhwfkyp.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\cfbnkcuk.dll
C:\WINDOWS\system32\cfbnkcuk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjggh.dll
C:\WINDOWS\system32\mljjggh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\njmgscdc.dll
C:\WINDOWS\system32\njmgscdc.dll Has been deleted!

Attempting to delete C:\windows\system32\vybeg.ini
C:\windows\system32\vybeg.ini Has been deleted!

Attempting to delete C:\windows\system32\vybeg.ini2
C:\windows\system32\vybeg.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 11:56:41 PM 1/29/2008

Listing files found while scanning....

C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\mljjggh.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjggh.dll
C:\WINDOWS\system32\mljjggh.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljjggh.dll
C:\WINDOWS\system32\mljjggh.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 6:17:13 PM 2/4/2008

Listing files found while scanning....

C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini2
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\ennhddev.dll
C:\WINDOWS\system32\ffelkvat.dll
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\geuprhds.dll
C:\WINDOWS\system32\jqdpywfp.dll
C:\WINDOWS\system32\keymonvu.dll
C:\WINDOWS\system32\mljjggh.dll
C:\WINDOWS\system32\naraouwu.dll
C:\WINDOWS\system32\nweddptv.dll
C:\WINDOWS\system32\nylymnxb.dll
C:\windows\system32\nylymnxb.dllbox
C:\WINDOWS\system32\odogaiby.dll
C:\WINDOWS\system32\ovajlifu.dll
C:\WINDOWS\system32\saenhtpp.dll
C:\WINDOWS\system32\xcnfjtte.dll
C:\WINDOWS\system32\xvxvidaj.dll

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 9:01:23 AM 2/11/2008

Listing files found while scanning....

C:\windows\system32\awtsp.dll
C:\WINDOWS\system32\ennhddev.dll
C:\WINDOWS\system32\ffelkvat.dll
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\geuprhds.dll
C:\WINDOWS\system32\hkevltln.dll
C:\WINDOWS\system32\ixvkmtka.dll
C:\WINDOWS\system32\jebactfk.ini
C:\WINDOWS\system32\jqdpywfp.dll
C:\WINDOWS\system32\keymonvu.dll
C:\WINDOWS\system32\kftcabej.dll
C:\WINDOWS\system32\lrhucngr.dll
C:\WINDOWS\system32\mdianykk.dll
C:\WINDOWS\system32\mljjggh.dll
C:\WINDOWS\system32\naraouwu.dll
C:\WINDOWS\system32\nculjjwj.dll
C:\WINDOWS\system32\nweddptv.dll
C:\WINDOWS\system32\nylymnxb.dll
C:\windows\system32\nylymnxb.dllbox
C:\WINDOWS\system32\odogaiby.dll
C:\windows\system32\pstwa.ini
C:\windows\system32\pstwa.ini2
C:\WINDOWS\system32\qffydbob.dll
C:\WINDOWS\system32\rtwevobi.dll
C:\WINDOWS\system32\sdhrpueg.ini
C:\WINDOWS\system32\sfmndohe.dll
C:\WINDOWS\system32\skxprdaj.dll
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\xcnfjtte.dll
C:\WINDOWS\system32\xvxvidaj.dll

Beginning removal...

Attempting to delete C:\windows\system32\awtsp.dll
C:\windows\system32\awtsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ennhddev.dll
C:\WINDOWS\system32\ennhddev.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ffelkvat.dll
C:\WINDOWS\system32\ffelkvat.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\gebca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geuprhds.dll
C:\WINDOWS\system32\geuprhds.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hkevltln.dll
C:\WINDOWS\system32\hkevltln.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ixvkmtka.dll
C:\WINDOWS\system32\ixvkmtka.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jebactfk.ini
C:\WINDOWS\system32\jebactfk.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jqdpywfp.dll
C:\WINDOWS\system32\jqdpywfp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\keymonvu.dll
C:\WINDOWS\system32\keymonvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kftcabej.dll
C:\WINDOWS\system32\kftcabej.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\lrhucngr.dll
C:\WINDOWS\system32\lrhucngr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mdianykk.dll
C:\WINDOWS\system32\mdianykk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjggh.dll
C:\WINDOWS\system32\mljjggh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\naraouwu.dll
C:\WINDOWS\system32\naraouwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nculjjwj.dll
C:\WINDOWS\system32\nculjjwj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nweddptv.dll
C:\WINDOWS\system32\nweddptv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nylymnxb.dll
C:\WINDOWS\system32\nylymnxb.dll Could not be deleted.

Attempting to delete C:\windows\system32\nylymnxb.dllbox
C:\windows\system32\nylymnxb.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\odogaiby.dll
C:\WINDOWS\system32\odogaiby.dll Has been deleted!

Attempting to delete C:\windows\system32\pstwa.ini
C:\windows\system32\pstwa.ini Has been deleted!

Attempting to delete C:\windows\system32\pstwa.ini2
C:\windows\system32\pstwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qffydbob.dll
C:\WINDOWS\system32\qffydbob.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtwevobi.dll
C:\WINDOWS\system32\rtwevobi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sdhrpueg.ini
C:\WINDOWS\system32\sdhrpueg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sfmndohe.dll
C:\WINDOWS\system32\sfmndohe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\skxprdaj.dll
C:\WINDOWS\system32\skxprdaj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xcnfjtte.dll
C:\WINDOWS\system32\xcnfjtte.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xvxvidaj.dll
C:\WINDOWS\system32\xvxvidaj.dll Has been deleted!

Performing Repairs to the registry.
Done!

saxymoose
2008-02-14, 04:07
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/13/2008 at 05:49 PM

Application Version : 3.9.1008

Core Rules Database Version : 3401
Trace Rules Database Version: 1393

Scan type : Complete Scan
Total Scan Time : 04:14:34

Memory items scanned : 778
Memory threats detected : 4
Registry items scanned : 6676
Registry threats detected : 52
File items scanned : 51990
File threats detected : 181

Adware.Vundo-Variant/PolyMorph-A
C:\WINDOWS\SYSTEM32\MLJJGGH.DLL
C:\WINDOWS\SYSTEM32\MLJJGGH.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP362\A0116731.DLL

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\CKCBTAKS.DLL
C:\WINDOWS\SYSTEM32\CKCBTAKS.DLL

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\VTURP.DLL
C:\WINDOWS\SYSTEM32\VTURP.DLL
HKLM\Software\Classes\CLSID\{45E35A82-1A15-45DE-A6A9-815C3EBC46D6}
HKCR\CLSID\{45E35A82-1A15-45DE-A6A9-815C3EBC46D6}
HKCR\CLSID\{45E35A82-1A15-45DE-A6A9-815C3EBC46D6}\InprocServer32
HKCR\CLSID\{45E35A82-1A15-45DE-A6A9-815C3EBC46D6}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKHHF.DLL
HKLM\Software\Classes\CLSID\{49D63E18-33B1-46F2-82C2-39431FB94794}
HKCR\CLSID\{49D63E18-33B1-46F2-82C2-39431FB94794}
HKCR\CLSID\{49D63E18-33B1-46F2-82C2-39431FB94794}\InprocServer32
HKCR\CLSID\{49D63E18-33B1-46F2-82C2-39431FB94794}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{93D0975B-A519-4BF1-9FF1-AC0B9E702E38}
HKCR\CLSID\{93D0975B-A519-4BF1-9FF1-AC0B9E702E38}
HKCR\CLSID\{93D0975B-A519-4BF1-9FF1-AC0B9E702E38}\InprocServer32
HKCR\CLSID\{93D0975B-A519-4BF1-9FF1-AC0B9E702E38}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\AWTQN.DLL
HKLM\Software\Classes\CLSID\{A0C11FD7-6E01-4C0E-97D5-3E0DA98E4038}
HKCR\CLSID\{A0C11FD7-6E01-4C0E-97D5-3E0DA98E4038}
HKCR\CLSID\{A0C11FD7-6E01-4C0E-97D5-3E0DA98E4038}\InprocServer32
HKCR\CLSID\{A0C11FD7-6E01-4C0E-97D5-3E0DA98E4038}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{296401D7-BB78-42F3-96B4-57B91BF29D06}
HKCR\CLSID\{296401D7-BB78-42F3-96B4-57B91BF29D06}
HKCR\CLSID\{296401D7-BB78-42F3-96B4-57B91BF29D06}\InprocServer32
HKCR\CLSID\{296401D7-BB78-42F3-96B4-57B91BF29D06}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SSQRR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49D63E18-33B1-46F2-82C2-39431FB94794}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0C11FD7-6E01-4C0E-97D5-3E0DA98E4038}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{49D63E18-33B1-46F2-82C2-39431FB94794}
HKCR\CLSID\{49D63E18-33B1-46F2-82C2-39431FB94794}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\OAYRRBKK.DLL
C:\WINDOWS\SYSTEM32\OAYRRBKK.DLL
HKLM\Software\Classes\CLSID\{07f21a05-3dd6-4b62-858c-b9b1d5dd6730}
HKCR\CLSID\{07F21A05-3DD6-4B62-858C-B9B1D5DD6730}
HKCR\CLSID\{07F21A05-3DD6-4B62-858C-B9B1D5DD6730}\InprocServer32
HKCR\CLSID\{07F21A05-3DD6-4B62-858C-B9B1D5DD6730}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\XVXVIDAJ.DLL
HKLM\Software\Classes\CLSID\{56016a86-2037-4554-9132-8faa6523713c}
HKCR\CLSID\{56016A86-2037-4554-9132-8FAA6523713C}
HKCR\CLSID\{56016A86-2037-4554-9132-8FAA6523713C}\InprocServer32
HKCR\CLSID\{56016A86-2037-4554-9132-8FAA6523713C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\QFFYDBOB.DLL
HKLM\Software\Classes\CLSID\{74f11ea9-7a0f-47ed-bf2f-d373375e54ed}
HKCR\CLSID\{74F11EA9-7A0F-47ED-BF2F-D373375E54ED}
HKCR\CLSID\{74F11EA9-7A0F-47ED-BF2F-D373375E54ED}\InprocServer32
HKCR\CLSID\{74F11EA9-7A0F-47ED-BF2F-D373375E54ED}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ENNHDDEV.DLL
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-149C311E84\LOCAL SETTINGS\TEMP\STBJPVCS.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP361\A0108637.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP362\A0116726.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP362\A0116727.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP362\A0116728.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP362\A0116729.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP362\A0116730.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP364\A0119793.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP364\A0119795.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121897.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121898.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121899.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121900.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121901.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121950.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121951.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121953.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121954.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121955.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121956.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121958.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121959.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121960.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121961.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121962.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121963.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121964.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121965.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121967.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121968.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121969.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0122001.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP369\A0123128.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP369\A0123162.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP369\A0123201.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP369\A0123204.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP369\A0123219.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP369\A0123220.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP369\A0123276.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP369\A0123277.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP369\A0123278.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP369\A0124276.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP371\A0124393.DLL
C:\WINDOWS\SYSTEM32\APLXWFST.DLL
C:\WINDOWS\SYSTEM32\FFELKVAT.DLL
C:\WINDOWS\SYSTEM32\GEUPRHDS.DLL
C:\WINDOWS\SYSTEM32\HQBRTNPN.DLL
C:\WINDOWS\SYSTEM32\ICBAWFVS.DLL
C:\WINDOWS\SYSTEM32\IXVKMTKA.DLL
C:\WINDOWS\SYSTEM32\JQDPYWFP.DLL
C:\WINDOWS\SYSTEM32\NARAOUWU.DLL
C:\WINDOWS\SYSTEM32\NWEDDPTV.DLL
C:\WINDOWS\SYSTEM32\ODOGAIBY.DLL
C:\WINDOWS\SYSTEM32\RPYNITUK.DLL
C:\WINDOWS\SYSTEM32\RTWEVOBI.DLL
C:\WINDOWS\SYSTEM32\RXDNYYKS.DLL
C:\WINDOWS\SYSTEM32\SKXPRDAJ.DLL
C:\WINDOWS\SYSTEM32\SYWMROQP.DLL
C:\WINDOWS\SYSTEM32\XCNFJTTE.DLL
C:\WINDOWS\SYSTEM32\XJWWRLUS.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\NYLYMNXB.DLL

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{F354061C-22E7-4EA0-A06C-52DFD409D74D}
HKCR\CLSID\{F354061C-22E7-4EA0-A06C-52DFD409D74D}
HKCR\CLSID\{F354061C-22E7-4EA0-A06C-52DFD409D74D}\InprocServer32
HKCR\CLSID\{F354061C-22E7-4EA0-A06C-52DFD409D74D}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GEBYV.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F354061C-22E7-4EA0-A06C-52DFD409D74D}

Adware.Tracking Cookie
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@bizadverts[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@ad.lookery[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@21526[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@viamtvcom.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@hornymatches[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@cgi-bin[3].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@ads.adbrite[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@1063928765[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@ig[4].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@media6degrees[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@estat[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@login.tracking101[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@ads3.blastro[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@cgi-bin[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@gettyimages.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@eas.apm.emediate[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@23591[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@chl-newmexico.stats.pointstreak[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@mediafire[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@1071957183[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@ice.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@optimize.indieclick[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@linkto.mediafire[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@eyewonder[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@ads.devbook[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@media.medhelp[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@ads.realtechnetwork[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@ads.bridgetrack[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@lynxtrack[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@html[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@metacafe.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@ads.lookery[3].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@4.adbrite[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@ad[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@ad.us-ec.adtechus[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@ads.joinaxxess[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@ads.lookery[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@microsoftwlmailmkt.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@track.bestbuy[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@citi.bridgetrack[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@stats.sellmosoft[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@www.greatcracks[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@sixapart.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@nhl.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@divx.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@indiads[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@clicksor[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@advancedcleaner[2].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@1071592016[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@stats.sphere[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-149C311E84\Cookies\owner@ads.gmodules[2].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@ad.us-ec.adtechus[1].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@ad.zanox[1].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@adbrite[2].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@adopt.euroclick[2].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@adredired[1].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@ads.adbrite[2].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@ads.bridgetrack[1].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@bidzcom.112.2o7[1].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@doubleclick[1].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@ehg-ctv.hitbox[1].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@fastclick[1].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@ice.112.2o7[1].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@interclick[1].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@lynxtrack[1].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@media6degrees[2].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@mediapromoter[1].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@optimize.indieclick[1].txt
C:\Documents and Settings\Chrissie\Cookies\chrissie@revsci[1].txt

RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk

Adware.WebBuying Assistant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP356\A0105367.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP357\A0105421.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP358\A0105459.EXE

Trojan.Downloader-Gen/DDC
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP362\A0113746.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP362\A0113747.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP362\A0114745.EXE

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP362\A0116742.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP364\A0119794.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121949.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0121952.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP367\A0123012.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP369\A0123212.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP371\A0124392.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP371\A0124411.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP371\A0124413.DLL

Trojan.Downloader-Gen/Bundle Installer
C:\WINDOWS\B143.EXE

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\FFHKJ.INI2
C:\WINDOWS\SYSTEM32\RRQSS.INI

Trace.Known Threat Sources
C:\Documents and Settings\Owner.YOUR-149C311E84\Local Settings\Temporary Internet Files\Content.IE5\Q4NSYP3W\spacer[1].gif
C:\Documents and Settings\Owner.YOUR-149C311E84\Local Settings\Temporary Internet Files\Content.IE5\CJ33U455\ajax[1].htm
C:\Documents and Settings\Owner.YOUR-149C311E84\Local Settings\Temporary Internet Files\Content.IE5\8LXXNX0Z\flash[1].swf
C:\Documents and Settings\Owner.YOUR-149C311E84\Local Settings\Temporary Internet Files\Content.IE5\CJ33U455\index[6].htm
C:\Documents and Settings\Owner.YOUR-149C311E84\Local Settings\Temporary Internet Files\Content.IE5\QJ2J6PM3\errorhandler[1].htm
C:\Documents and Settings\Owner.YOUR-149C311E84\Local Settings\Temporary Internet Files\Content.IE5\CTW7CZ0R\AC_RunActiveContent[1].htm
C:\Documents and Settings\Owner.YOUR-149C311E84\Local Settings\Temporary Internet Files\Content.IE5\MD7WDCVQ\flash_detect[1].htm
C:\Documents and Settings\Owner.YOUR-149C311E84\Local Settings\Temporary Internet Files\Content.IE5\25872LAL\index[7].htm
C:\Documents and Settings\Owner.YOUR-149C311E84\Local Settings\Temporary Internet Files\Content.IE5\UNILG8Z6\AC_ActiveX[1].htm
C:\Documents and Settings\Owner.YOUR-149C311E84\Local Settings\Temporary Internet Files\Content.IE5\B6WNVXK5\fullresize[1].htm

saxymoose
2008-02-14, 04:07
ComboFix 08-02-14.1 - Owner 2008-02-13 18:14:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.388 [GMT -7:00]
Running from: C:\Documents and Settings\Owner.YOUR-149C311E84\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\imapii.sys
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\imapii.sys
C:\WINDOWS\system32\gbyxmkun.ini
C:\WINDOWS\system32\ltxmpxsx.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nqhhxrtn.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\rrqss.ini2
C:\WINDOWS\system32\xieifrfg.dll
C:\WINDOWS\system32\xjcgxnfj.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IMAPII
-------\LEGACY_NPF
-------\imapii


((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-13 12:41 . 2008-02-13 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-13 12:40 . 2008-02-13 17:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-13 12:40 . 2008-02-13 12:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 12:40 . 2008-02-13 12:40 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\SUPERAntiSpyware.com
2008-02-12 23:56 . 2008-02-12 23:56 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-12 20:15 . 2008-02-12 20:15 294 --ahs---- C:\WINDOWS\system32\jwhgwqlo.ini
2008-02-12 16:40 . 2008-02-12 17:21 414 --ahs---- C:\WINDOWS\system32\sulrwwjx.ini
2008-02-11 20:14 . 2008-02-11 20:14 714 --ahs---- C:\WINDOWS\system32\kutinypr.ini
2008-02-11 20:11 . 2008-02-11 20:11 268 --ah----- C:\sqmdata11.sqm
2008-02-11 20:11 . 2008-02-11 20:11 244 --ah----- C:\sqmnoopt10.sqm
2008-02-11 18:53 . 2008-02-11 18:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-11 18:53 . 2008-02-11 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-11 09:02 . 2008-02-11 09:02 268 --ah----- C:\sqmdata09.sqm
2008-02-11 09:02 . 2008-02-11 09:02 268 --ah----- C:\sqmdata08.sqm
2008-02-11 09:02 . 2008-02-11 09:02 244 --ah----- C:\sqmnoopt09.sqm
2008-02-11 09:02 . 2008-02-11 09:02 244 --ah----- C:\sqmnoopt08.sqm
2008-02-11 09:02 . 2008-02-11 09:02 136 --ah----- C:\sqmdata10.sqm
2008-02-09 10:17 . 2008-02-11 20:09 654 --ahs---- C:\WINDOWS\system32\omwopely.ini
2008-02-08 09:27 . 2008-02-09 10:11 474 --ahs---- C:\WINDOWS\system32\npavqksm.ini
2008-02-07 09:28 . 2008-02-07 09:28 414 --ahs---- C:\WINDOWS\system32\gusxddlw.ini
2008-02-06 06:16 . 2008-02-07 09:19 354 --ahs---- C:\WINDOWS\system32\sqgyitqb.ini
2008-02-04 18:22 . 2008-02-04 18:22 354 --ahs---- C:\WINDOWS\system32\ybiagodo.ini
2008-02-04 18:10 . 2008-02-04 18:10 294 --ahs---- C:\WINDOWS\system32\ufiljavo.ini
2008-02-03 22:18 . 2008-02-04 22:18 414 --ahs---- C:\WINDOWS\system32\ppthneas.ini
2008-02-03 00:47 . 2008-02-03 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\View22
2008-01-29 23:19 . 2008-02-13 18:02 <DIR> d-------- C:\VundoFix Backups
2008-01-29 08:48 . 2008-01-29 08:49 <DIR> d-------- C:\New Folder (2)
2008-01-27 13:18 . 2008-01-27 13:18 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\acccore
2008-01-27 08:18 . 2008-02-13 04:53 1,260 --a------ C:\WINDOWS\wininit.ini
2008-01-27 08:17 . 2008-01-27 08:17 <DIR> d---s---- C:\Documents and Settings\Chrissie\UserData
2008-01-27 08:16 . 2008-01-27 08:16 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\NCH Swift Sound
2008-01-26 22:45 . 2008-01-26 22:45 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\AdobeUM
2008-01-26 22:38 . 2008-01-26 22:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-26 22:38 . 2008-01-26 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 22:26 . 2008-01-26 22:26 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\Apple Computer
2008-01-26 21:42 . 2008-01-26 21:48 <DIR> d-------- C:\Documents and Settings\Chrissie\Contacts
2008-01-26 21:42 . 2008-01-26 21:42 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\Viewpoint
2008-01-26 21:41 . 2008-01-26 21:41 268 --ah----- C:\sqmdata07.sqm
2008-01-26 21:41 . 2008-01-26 21:41 268 --ah----- C:\sqmdata06.sqm
2008-01-26 21:41 . 2008-01-26 21:41 244 --ah----- C:\sqmnoopt07.sqm
2008-01-26 21:41 . 2008-01-26 21:41 244 --ah----- C:\sqmnoopt06.sqm
2008-01-26 21:39 . 2008-01-26 21:39 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\Webroot
2008-01-26 21:39 . 2008-01-26 21:39 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\AOL
2008-01-26 21:38 . 2006-06-21 02:12 <DIR> d-------- C:\Documents and Settings\Chrissie\WINDOWS
2008-01-26 21:38 . 2006-11-13 14:51 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\You've Got Pictures Screensaver
2008-01-26 21:38 . 2006-11-13 14:52 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\SampleView
2008-01-26 21:38 . 2006-11-13 15:02 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\Intel
2008-01-26 21:16 . 2008-02-13 18:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-26 21:16 . 2008-01-26 21:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-26 17:19 . 2008-01-26 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-26 17:07 . 2008-01-26 17:07 <DIR> d-------- C:\Program Files\Bonjour
2008-01-26 16:43 . 2008-01-26 16:43 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-25 19:44 . 2008-01-25 19:44 147,520 --a------ C:\WINDOWS\system32\dpmlyvgy.dll
2008-01-25 19:44 . 2008-01-25 19:47 294 --ahs---- C:\WINDOWS\system32\ygvylmpd.ini
2008-01-24 21:19 . 2008-01-24 21:19 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-149C311E84\.DownloadManager
2008-01-24 21:05 . 2008-01-24 21:06 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\Download Manager
2008-01-24 20:01 . 2008-01-24 20:01 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-24 19:58 . 2008-01-24 19:58 <DIR> d-------- C:\WINDOWS\system32\wnzs6
2008-01-24 19:58 . 2008-01-24 19:58 <DIR> d-------- C:\WINDOWS\system32\ni4
2008-01-24 19:58 . 2008-01-24 19:58 <DIR> d-------- C:\WINDOWS\system32\etz1
2008-01-24 19:58 . 2008-01-25 18:26 <DIR> d-------- C:\WINDOWS\system32\comg7
2008-01-24 19:57 . 2008-01-24 19:57 <DIR> d-------- C:\WINDOWS\system32\nGpxx18

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 16:14 --------- d-----w C:\Program Files\Trend Micro
2008-02-06 03:20 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\iSproggler
2008-02-04 04:08 --------- d-----w C:\Program Files\Replay AV 8
2008-02-02 20:30 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\Walgreens
2008-01-27 05:19 --------- d-----w C:\Program Files\LimeWire
2008-01-27 05:15 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\LimeWire
2008-01-27 00:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-22 22:58 --------- d-----w C:\Program Files\AOM MP4 Converter V1.20
2008-01-18 06:45 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\Free Download Manager
2008-01-09 06:54 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\DivX
2008-01-09 06:50 --------- d-----w C:\Program Files\DivX
2007-12-27 19:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 19:56 --------- d-----w C:\Program Files\Common Files\snpstd3
2007-12-27 19:55 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\InstallShield
2007-12-25 17:14 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\HP
2007-12-25 17:11 --------- d-----w C:\Program Files\Common Files\HP
2007-12-25 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-12-25 17:10 --------- d-----w C:\Program Files\HP
2007-12-25 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2007-12-19 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-19 03:03 --------- d-----w C:\Program Files\AIM6
2007-12-19 03:03 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\acccore
2007-12-19 03:02 --------- d-----w C:\Program Files\Viewpoint
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-10-04 04:46 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-06-25 21:30 0 ----a-w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Walgreens PhotoShow Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [ ]
"iSproggler"="C:\New Folder\iSproggler.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 08:20 50528]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56 64512]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-11-13 14:43 169984]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 08:47 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 08:47 688218]
"HostManager"="C:\Program Files\Common Files\AOL\1163454654\ee\AOLSoftware.exe" [2006-09-25 17:52 50736]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 13:30 139264]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 11:20 413696 C:\WINDOWS\stsystra.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-23 20:22 573440]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 15:51 950337]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 15:51 634949]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 15:50 290816]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-10-08 11:11 4804096]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 14:33 99480]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 05:50 71216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-11 12:57 185632]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-10 15:40 20480]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-03-10 14:43 270336]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392]
"e0208b57"="rundll32.exe" [2004-08-10 12:00 33280 C:\WINDOWS\system32\rundll32.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2006-11-13 14:46:00 2168360]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-01-14 13:19:52 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsttq]
rqrsttq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-28 22:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 02:52:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 18:51:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
c:\program files\common files\aol\1163454654\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\America Online 9.0\shellmon.exe
.
**************************************************************************
.
Completion time: 2008-02-13 19:00:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-14 02:00:26
.
2008-02-13 06:55:10 --- E O F ---

saxymoose
2008-02-14, 04:08
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:22 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1163454654\ee\AOLSoftware.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
c:\program files\common files\aol\1163454654\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1163454654\ee\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1163454654\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [e0208b57] "rundll32.exe" "C:\WINDOWS\system32\oayrrbkk.dll",b
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [iSproggler] "C:\New Folder\iSproggler.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: rqrsttq - rqrsttq.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14357 bytes

ken545
2008-02-14, 06:06
Hello,

Your doing well, :bigthumb: a bit more to do.

Go to your Add Remove Programs in the Control Panel and uninstall any programs related to Viewpoint At the present time its not malicious but installs without your knowledge or consent and is about to cross the line into Adware.

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



Open Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::



File::
C:\WINDOWS\system32\jwhgwqlo.ini
C:\WINDOWS\system32\sulrwwjx.ini
C:\WINDOWS\system32\kutinypr.ini
C:\WINDOWS\system32\omwopely.ini
C:\WINDOWS\system32\npavqksm.ini
C:\WINDOWS\system32\gusxddlw.ini
C:\WINDOWS\system32\sqgyitqb.ini
C:\WINDOWS\system32\ybiagodo.ini
C:\WINDOWS\system32\ufiljavo.ini
C:\WINDOWS\system32\ppthneas.ini
C:\WINDOWS\system32\dpmlyvgy.dll
C:\WINDOWS\system32\ygvylmpd.ini
C:\WINDOWS\system32\oayrrbkk.dll

Folder::
C:\VundoFix Backups
C:\Program Files\Viewpoint

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e0208b57"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsttq]


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log, also let me know how your system is running now?????

saxymoose
2008-02-14, 06:19
I tried to remove Viewpoint, but it won't let me. I went to Add Remove Programs and clicked on change/remove. Then, it asked me if I wanted to remove it, so I clicked 'yes', and nothing happened. I tried it a few times, and still, nothing happens.

Also, it appears to have grown in size. The first time I went to remove it, it took up 7MB. Now it takes up 9MB.

ken545
2008-02-14, 06:23
OK, before you run the CFScript do this, remove both those entries that I posted with HJT.

Then...


Open HJT > Misc Tools > Delete an NT Service
Type in Viewpoint Manager Service
Then click on OK, it will ask you to reboot, do so.


Then run the script for Combofix

saxymoose
2008-02-14, 07:18
My system is running much better than it has been. Thank you so much for helping me out with this! It's been driving me absolutely crazy for weeks


Here are my logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:26 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1163454654\ee\AOLSoftware.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\common files\aol\1163454654\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1163454654\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1163454654\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [iSproggler] "C:\New Folder\iSproggler.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 13898 bytes

saxymoose
2008-02-14, 07:19
ComboFix 08-02-14.1 - Owner 2008-02-13 21:54:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.336 [GMT -7:00]
Running from: C:\Documents and Settings\Owner.YOUR-149C311E84\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner.YOUR-149C311E84\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\dpmlyvgy.dll
C:\WINDOWS\system32\gusxddlw.ini
C:\WINDOWS\system32\jwhgwqlo.ini
C:\WINDOWS\system32\kutinypr.ini
C:\WINDOWS\system32\npavqksm.ini
C:\WINDOWS\system32\oayrrbkk.dll
C:\WINDOWS\system32\omwopely.ini
C:\WINDOWS\system32\ppthneas.ini
C:\WINDOWS\system32\sqgyitqb.ini
C:\WINDOWS\system32\sulrwwjx.ini
C:\WINDOWS\system32\ufiljavo.ini
C:\WINDOWS\system32\ybiagodo.ini
C:\WINDOWS\system32\ygvylmpd.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus\FLFBootStrap.mtx
C:\VundoFix Backups
C:\VundoFix Backups\awtsp.dll.bad
C:\VundoFix Backups\ennhddev.dll.bad
C:\VundoFix Backups\ffelkvat.dll.bad
C:\VundoFix Backups\gebca.dll.bad
C:\VundoFix Backups\geuprhds.dll.bad
C:\VundoFix Backups\higiiccs.dll.bad
C:\VundoFix Backups\hkevltln.dll.bad
C:\VundoFix Backups\ixvkmtka.dll.bad
C:\VundoFix Backups\jebactfk.ini.bad
C:\VundoFix Backups\jqdpywfp.dll.bad
C:\VundoFix Backups\keymonvu.dll.bad
C:\VundoFix Backups\kftcabej.dll.bad
C:\VundoFix Backups\kkbrryao.ini.bad
C:\VundoFix Backups\lrhucngr.dll.bad
C:\VundoFix Backups\mdianykk.dll.bad
C:\VundoFix Backups\mljjggh.dll.bad
C:\VundoFix Backups\naraouwu.dll.bad
C:\VundoFix Backups\nculjjwj.dll.bad
C:\VundoFix Backups\npntrbqh.ini.bad
C:\VundoFix Backups\npqss.ini.bad
C:\VundoFix Backups\npqss.ini2.bad
C:\VundoFix Backups\nweddptv.dll.bad
C:\VundoFix Backups\nylymnxb.dll.bad
C:\VundoFix Backups\nylymnxb.dllbox.bad
C:\VundoFix Backups\odogaiby.dll.bad
C:\VundoFix Backups\pstwa.ini.bad
C:\VundoFix Backups\pstwa.ini2.bad
C:\VundoFix Backups\qffydbob.dll.bad
C:\VundoFix Backups\rengwhul.dll.bad
C:\VundoFix Backups\rengwhul.dllbox.bad
C:\VundoFix Backups\rtwevobi.dll.bad
C:\VundoFix Backups\sdhrpueg.ini.bad
C:\VundoFix Backups\sfmndohe.dll.bad
C:\VundoFix Backups\skxprdaj.dll.bad
C:\VundoFix Backups\ssqpn.dll.bad
C:\VundoFix Backups\vtpddewn.ini.bad
C:\VundoFix Backups\wcrlycxl.dll.bad
C:\VundoFix Backups\wcrlycxl.dllbox.bad
C:\VundoFix Backups\xcnfjtte.dll.bad
C:\VundoFix Backups\xvxvidaj.dll.bad
C:\WINDOWS\system32\dpmlyvgy.dll
C:\WINDOWS\system32\gusxddlw.ini
C:\WINDOWS\system32\jwhgwqlo.ini
C:\WINDOWS\system32\kutinypr.ini
C:\WINDOWS\system32\npavqksm.ini
C:\WINDOWS\system32\omwopely.ini
C:\WINDOWS\system32\ppthneas.ini
C:\WINDOWS\system32\sqgyitqb.ini
C:\WINDOWS\system32\sulrwwjx.ini
C:\WINDOWS\system32\ufiljavo.ini
C:\WINDOWS\system32\ybiagodo.ini
C:\WINDOWS\system32\ygvylmpd.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-13 12:41 . 2008-02-13 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-13 12:40 . 2008-02-13 17:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-13 12:40 . 2008-02-13 12:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 12:40 . 2008-02-13 12:40 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\SUPERAntiSpyware.com
2008-02-12 23:56 . 2008-02-12 23:56 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-11 20:11 . 2008-02-11 20:11 268 --ah----- C:\sqmdata11.sqm
2008-02-11 20:11 . 2008-02-11 20:11 244 --ah----- C:\sqmnoopt10.sqm
2008-02-11 18:53 . 2008-02-11 18:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-11 18:53 . 2008-02-11 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-11 09:02 . 2008-02-11 09:02 268 --ah----- C:\sqmdata09.sqm
2008-02-11 09:02 . 2008-02-11 09:02 268 --ah----- C:\sqmdata08.sqm
2008-02-11 09:02 . 2008-02-11 09:02 244 --ah----- C:\sqmnoopt09.sqm
2008-02-11 09:02 . 2008-02-11 09:02 244 --ah----- C:\sqmnoopt08.sqm
2008-02-11 09:02 . 2008-02-11 09:02 136 --ah----- C:\sqmdata10.sqm
2008-02-03 00:47 . 2008-02-03 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\View22
2008-01-29 08:48 . 2008-01-29 08:49 <DIR> d-------- C:\New Folder (2)
2008-01-27 13:18 . 2008-01-27 13:18 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\acccore
2008-01-27 08:18 . 2008-02-13 04:53 1,260 --a------ C:\WINDOWS\wininit.ini
2008-01-27 08:17 . 2008-01-27 08:17 <DIR> d---s---- C:\Documents and Settings\Chrissie\UserData
2008-01-27 08:16 . 2008-01-27 08:16 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\NCH Swift Sound
2008-01-26 22:45 . 2008-01-26 22:45 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\AdobeUM
2008-01-26 22:38 . 2008-01-26 22:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-26 22:38 . 2008-01-26 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 22:26 . 2008-01-26 22:26 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\Apple Computer
2008-01-26 21:42 . 2008-01-26 21:48 <DIR> d-------- C:\Documents and Settings\Chrissie\Contacts
2008-01-26 21:42 . 2008-01-26 21:42 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\Viewpoint
2008-01-26 21:41 . 2008-01-26 21:41 268 --ah----- C:\sqmdata07.sqm
2008-01-26 21:41 . 2008-01-26 21:41 268 --ah----- C:\sqmdata06.sqm
2008-01-26 21:41 . 2008-01-26 21:41 244 --ah----- C:\sqmnoopt07.sqm
2008-01-26 21:41 . 2008-01-26 21:41 244 --ah----- C:\sqmnoopt06.sqm
2008-01-26 21:39 . 2008-01-26 21:39 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\Webroot
2008-01-26 21:39 . 2008-01-26 21:39 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\AOL
2008-01-26 21:38 . 2006-06-21 02:12 <DIR> d-------- C:\Documents and Settings\Chrissie\WINDOWS
2008-01-26 21:38 . 2006-11-13 14:51 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\You've Got Pictures Screensaver
2008-01-26 21:38 . 2006-11-13 14:52 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\SampleView
2008-01-26 21:38 . 2006-11-13 15:02 <DIR> d-------- C:\Documents and Settings\Chrissie\Application Data\Intel
2008-01-26 21:16 . 2008-02-13 21:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-26 21:16 . 2008-01-26 21:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-26 17:19 . 2008-01-26 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-26 17:07 . 2008-01-26 17:07 <DIR> d-------- C:\Program Files\Bonjour
2008-01-26 16:43 . 2008-01-26 16:43 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-24 21:19 . 2008-01-24 21:19 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-149C311E84\.DownloadManager
2008-01-24 21:05 . 2008-01-24 21:06 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\Download Manager
2008-01-24 20:01 . 2008-01-24 20:01 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-24 19:58 . 2008-01-24 19:58 <DIR> d-------- C:\WINDOWS\system32\wnzs6
2008-01-24 19:58 . 2008-01-24 19:58 <DIR> d-------- C:\WINDOWS\system32\ni4
2008-01-24 19:58 . 2008-01-24 19:58 <DIR> d-------- C:\WINDOWS\system32\etz1
2008-01-24 19:58 . 2008-01-25 18:26 <DIR> d-------- C:\WINDOWS\system32\comg7
2008-01-24 19:57 . 2008-01-24 19:57 <DIR> d-------- C:\WINDOWS\system32\nGpxx18

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 16:14 --------- d-----w C:\Program Files\Trend Micro
2008-02-06 03:20 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\iSproggler
2008-02-04 04:08 --------- d-----w C:\Program Files\Replay AV 8
2008-02-02 20:30 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\Walgreens
2008-01-27 05:19 --------- d-----w C:\Program Files\LimeWire
2008-01-27 05:15 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\LimeWire
2008-01-27 00:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-25 03:01 278,554 ----a-w C:\WINDOWS\Fonts\Setup.exe
2008-01-22 22:58 --------- d-----w C:\Program Files\AOM MP4 Converter V1.20
2008-01-18 06:45 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\Free Download Manager
2008-01-09 06:54 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\DivX
2008-01-09 06:50 --------- d-----w C:\Program Files\DivX
2007-12-27 19:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 19:56 --------- d-----w C:\Program Files\Common Files\snpstd3
2007-12-27 19:55 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\InstallShield
2007-12-25 17:14 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\HP
2007-12-25 17:11 --------- d-----w C:\Program Files\Common Files\HP
2007-12-25 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-12-25 17:10 --------- d-----w C:\Program Files\HP
2007-12-25 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2007-12-19 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-19 03:03 --------- d-----w C:\Program Files\AIM6
2007-12-19 03:03 --------- d-----w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\acccore
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 00:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-11-29 22:30 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-04 04:46 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-06-25 21:30 0 ----a-w C:\Documents and Settings\Owner.YOUR-149C311E84\Application Data\wklnhst.dat
2006-10-03 08:43 2,402,550 ----a-w C:\WINDOWS\inf\SET5B0.tmp
2006-10-03 08:43 2,402,550 ----a-w C:\WINDOWS\inf\SET296.tmp
2006-10-03 08:43 2,402,550 ----a-w C:\WINDOWS\inf\SET1FD.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Walgreens PhotoShow Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [ ]
"iSproggler"="C:\New Folder\iSproggler.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 08:20 50528]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56 64512]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-11-13 14:43 169984]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 08:47 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 08:47 688218]
"HostManager"="C:\Program Files\Common Files\AOL\1163454654\ee\AOLSoftware.exe" [2006-09-25 17:52 50736]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 13:30 139264]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 11:20 413696 C:\WINDOWS\stsystra.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-23 20:22 573440]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 15:51 950337]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 15:51 634949]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 15:50 290816]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-10-08 11:11 4804096]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 14:33 99480]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 05:50 71216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-11 12:57 185632]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-10 15:40 20480]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-03-10 14:43 270336]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392]
"e0208b57"="rundll32.exe" [2004-08-10 12:00 33280 C:\WINDOWS\system32\rundll32.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2006-11-13 14:46:00 2168360]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-01-14 13:19:52 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsttq]
rqrsttq.dll

saxymoose
2008-02-14, 07:20
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-28 22:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 02:52:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 21:58:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-13 21:59:46
ComboFix-quarantined-files.txt 2008-02-14 04:59:43
ComboFix2.txt 2008-02-14 02:00:39
.
2008-02-13 06:55:10 --- E O F ---

ken545
2008-02-14, 12:06
Good Morning,

Everything looks good :bigthumb: Lets do some clean up.

Download CCleaner from here (http://www.ccleaner.com/) to clean temp files from your computer.

Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location. Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
Click on the "Options" icon at the left side of the window, then click on "Advanced."
deselect "Only delete files in Windows Temp folders older than 48 hours."
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
After CCleaner has completed its process, click Exit.


*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!
**Note** Go to Options> Cookies and any you want to keep move them to The Keep window






Your Java is out of date and leaving your system vulnerable.
Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
It should have an icon next to it:
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
Select it and click Remove.
Reboot your system.
Then go to the Sun Microsystems (http://java.sun.com/javase/downloads/index.jsp) and install the update
Java Runtime Environment (JRE) 6 Update 4 <--This is what you need to download and install.
If you chose the online installation, it will prompt you to run the program.
If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
Then after install you can verify your installation here Sun Java Verify (http://www.java.com/en/download/manual.jsp)
I like to to do the offline installation and save the setup file in case I may need it in the future





Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png


When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.



If you feel all is ok then I am going to link you to some free programs to install to help keep you more secure.

saxymoose
2008-02-14, 18:03
Thanks! I did all of that stuff, except install Java. It wouldn't let me for some reason. Maybe there's something wrong with their site...


Anyways, there is a big red 'x' next to my C drive when I go into My Computer. What does that mean, and how do I get rid of it?

ken545
2008-02-14, 20:16
Try this


Using your mouse, Highlight and then Right-click> Copy the entire contents of the Code box below, including blank lines:


REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c\DefaultIcon]


Open a new Notepad document. (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is unchecked
Right-click > Paste the Code box contents from above into Notepad.
Click File> Save as... and enter (including quotation marks) as the filename: "RedIcon.REG".
Exit Notepad.

Double click your new file and agree to the registry merge when asked. You can then delete this new file.

saxymoose
2008-02-15, 02:04
That worked great, thanks!


Is there anything else I need to do?

ken545
2008-02-15, 02:57
Thats it, go on and enjoy life :)



Malware Complaints (http://malwarecomplaints.info/index.php)
Are you mad ? I mean really mad, seething mad, so mad your ready to spit, mad that you have taken your hard earned dollars to buy a computer only to have some Miscredents, Dirt Bags and Cyber Criminals install a malicious program on your computer without your knowledge or consent. You can post your complaint at the above site. If you live in the U.S.A. you can also report your grievance to your State Attorney Generals Office and the Federal Trade Commission's Bureau of Consumer Protection.


How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
TonyKlein CastleCops (http://www.castlecops.com/postlite7736-.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.5 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 2.0.0.12 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.


Glad we could help

Safe Surfn
Ken

saxymoose
2008-02-15, 03:34
Thank you so much for you help :)

ken545
2008-02-15, 03:43
Your very welcome :)

Stay well,
Ken