jmc617
2009-02-19, 12:58
It is 6:38am as I start to write this and I have been up since 12:38am trying to put out this fire. It has been quite the experience I crave. I just took two shots of the 5 hour energy to fight the exhaustion and delirium starting to set in and am willing to fight this until the last round is over and I am the winner. :rolleyes:
My current status is that my system is automatically saving my settings and logging out all three of the accounts I have (administrator, JMC, DJ) created. When I do get logged in and it starts to load my particular profile I get the desktop only symptom. No icons, start menu, etc. is able to be seen. I created the JMC profile in safe mode to rule out if it was a profile issue and the symptom still occurs.
I have made great progress since earlier this morning using combofix, Malwarebytes' Anti-Malware, dcombobultor, hi-jackThis after kaspersky and Search & Destroy did little to rectify the issue.
I've included copies of 3 logs first from Hi-jack, then from combofix and Malwarebytes' Anti-Malware:
Logs:
Hi-Jack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:45, on 2009-02-19
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Aniyixibabude] rundll32.exe "C:\WINDOWS\ahewayec.dll",e
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203605509447
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: jypxdmq - C:\WINDOWS\SYSTEM32\jypxdmq.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: Google Update Service (gupdate1c97d9b752d9336) (gupdate1c97d9b752d9336) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6929 bytes
Log
Combofix
ComboFix 09-02-17.02 - Deal 2009-02-19 3:15:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.646 [GMT -5:00]
Running from: E:\Combo-Fix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)
FW: Kaspersky Anti-Virus *enabled*
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Deal\LOCALS~1\Temp\mousehook.dll
c:\documents and settings\Deal\Application Data\FunWebProducts
c:\documents and settings\Deal\Application Data\FunWebProducts\Data\Deal\avatar.dat
c:\documents and settings\Deal\Application Data\FunWebProducts\Data\Deal\zbucks.dat
c:\documents and settings\Deal\Start Menu\Antivirus 2009
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Microsoft Common
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\common-x.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\common.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\include.js
c:\program files\MyWebSearch\bar\Avatar\COMMON\index.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loader.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loading.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\logo.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
c:\program files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\window.ico
c:\program files\MyWebSearch\bar\Cache\[u]007CC0D4.bin
c:\program files\MyWebSearch\bar\Cache\007CC22B.bin
c:\program files\MyWebSearch\bar\Cache\007CC2B8.bin
c:\program files\MyWebSearch\bar\Cache\007CC325.bin
c:\program files\MyWebSearch\bar\Cache\04F78D07
c:\program files\MyWebSearch\bar\Cache\04F78E9D
c:\program files\MyWebSearch\bar\Cache\04F78FB6.bin
c:\program files\MyWebSearch\bar\Cache\04F79033.bin
c:\program files\MyWebSearch\bar\Cache\04F7914D.bin
c:\program files\MyWebSearch\bar\Cache\04F79302.bin
c:\program files\MyWebSearch\bar\Cache\04F79370.bin
c:\program files\MyWebSearch\bar\Cache\0ED5870D.bin
c:\program files\MyWebSearch\bar\Cache\0ED58F6A.bin
c:\program files\MyWebSearch\bar\Cache\0ED59575.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\Jmeyogiseyit.dll
c:\windows\system32\ahtn.htm
c:\windows\system32\CKUtAJlm.ini
c:\windows\system32\CKUtAJlm.ini2
c:\windows\system32\crypts.dll
c:\windows\system32\drivers\UACojjicoys.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\frmwrk32.exe
c:\windows\system32\hs78344kjkfd.dll
c:\windows\system32\init32.exe
c:\windows\system32\lVxEOqss.ini
c:\windows\system32\lVxEOqss.ini2
c:\windows\system32\ntdll64.exe
c:\windows\system32\ntos.exe
c:\windows\system32\UACdwupfhee.dll
c:\windows\system32\UACegbkmljw.dat
c:\windows\system32\UACenuhwqji.dll
c:\windows\system32\UACfndgahcc.log
c:\windows\system32\UAChyuegkfl.log
c:\windows\system32\UACijdatnij.log
c:\windows\system32\UACxkfbdxhk.dll
c:\windows\system32\UACxtafkqyy.dll
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\wsnpoem
c:\windows\system32\wsnpoem\audio.dll
c:\windows\system32\wsnpoem\video.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_FCI
-------\Legacy_ICF
-------\Legacy_TCPSR
-------\Service_tcpsr
((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.
2009-02-19 03:42 . 2009-02-19 03:42 <DIR> d-------- c:\windows\LastGood.Tmp
2009-02-19 03:34 . 2009-02-19 03:44 16,896 --a------ c:\windows\system32\jypxdmq.dll
2009-02-19 03:25 . 2009-02-19 03:25 <DIR> d-------- c:\program files\Microsoft Common
2009-02-18 14:09 . 2009-02-19 03:18 6,656 --a------ c:\windows\system32\drivers\OLD1D.tmp
2009-02-18 14:09 . 2009-02-19 03:18 6,656 --a------ c:\windows\system32\drivers\OLD1A.tmp
2009-02-18 13:25 . 2009-02-18 13:25 132,096 --a------ c:\windows\ahewayec.dll
2009-02-18 05:39 . 2009-02-18 13:31 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-02-18 05:39 . 2009-02-18 13:31 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-02-18 05:38 . 2009-02-18 05:38 <DIR> d-------- c:\program files\Kaspersky Lab
2009-02-18 05:38 . 2009-02-19 03:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-18 05:38 . 2009-02-19 03:43 1,042,976 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-18 05:38 . 2009-02-19 03:43 14,924 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-18 05:38 . 2009-02-19 03:43 11,552 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-18 05:38 . 2009-02-19 03:43 2,132 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-18 05:37 . 2009-02-18 05:37 <DIR> d-------- c:\program files\Kaspersky Antivirus for Windows Workstation
2009-02-18 05:12 . 2009-02-18 05:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-02-18 04:55 . 2009-02-18 04:55 <DIR> d-------- c:\documents and settings\Administrator
2009-02-18 04:50 . 2009-02-18 04:50 <DIR> d-------- C:\Downloads
2009-02-17 23:11 . 2009-02-17 23:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-02-17 23:10 . 2009-02-17 23:10 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2009-02-17 23:10 . 2009-02-17 23:10 <DIR> d-------- c:\program files\Common Files\HP
2009-02-17 23:10 . 2009-02-17 23:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2009-02-17 23:08 . 2009-02-17 23:08 <DIR> d-------- c:\program files\Hewlett-Packard
2009-02-17 23:06 . 2009-02-17 23:07 <DIR> d-------- c:\windows\system32\URTTemp
2009-02-17 23:06 . 2009-02-17 23:06 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-02-17 23:05 . 2005-03-07 23:43 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
2009-02-17 23:05 . 2005-03-07 23:43 21,744 -ra------ c:\windows\system32\drivers\HPZius12.sys
2009-02-17 23:05 . 2005-03-07 23:43 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2009-02-17 23:04 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
2009-02-17 23:04 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
2009-02-17 23:04 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
2009-02-17 23:04 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
2009-02-17 23:04 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
2009-02-17 23:04 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
2009-02-17 23:04 . 2008-04-13 13:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-17 23:04 . 2008-04-13 13:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-17 23:02 . 2009-02-17 23:11 <DIR> d-------- c:\program files\HP
2009-02-17 23:01 . 2009-02-17 23:12 <DIR> d-------- c:\documents and settings\Deal\Application Data\HP
2009-02-17 23:01 . 2009-02-17 23:12 112,411 --a------ c:\windows\hpoins07.dat
2009-02-17 23:01 . 2005-05-24 01:52 21,124 --------- c:\windows\hpomdl07.dat
2009-02-17 22:58 . 2008-04-13 13:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-17 22:58 . 2008-04-13 13:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-17 22:18 . 2009-02-17 22:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-17 22:18 . 2009-02-17 22:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-17 21:34 . 2009-02-17 21:34 <DIR> d-------- c:\program files\TeamViewer
2009-02-17 21:34 . 2009-02-17 21:34 <DIR> d-------- c:\documents and settings\Deal\Application Data\TeamViewer
2009-02-17 21:33 . 2009-02-17 21:33 <DIR> d-------- c:\documents and settings\Deal\temp
2009-02-17 21:07 . 2009-02-19 03:37 16,896 --a------ c:\windows\system32\jypxdmq32.dll
2009-02-17 16:28 . 2009-02-19 03:44 32,768 --a------ c:\windows\system32\drivers\ati0odxx.sys
2009-02-17 16:28 . 2009-02-18 13:13 5,189 --a------ c:\windows\system32\uacinit.dll
2009-02-17 16:27 . 2009-02-17 16:27 705 --a------ C:\xyephkl.exe
2009-02-17 16:26 . 2009-02-17 16:26 104,960 --a--c--- c:\windows\system32\dllcache\userinit.exe
2009-02-17 16:26 . 2009-02-17 16:27 81,920 --a------ C:\dykhyp.exe
2009-02-17 16:26 . 2009-02-17 16:26 26,624 --a------ C:\pfkik.exe
2009-02-17 16:26 . 2009-02-17 16:26 8,704 --a------ C:\jttgds.exe
2009-02-17 16:26 . 2009-02-17 16:26 2 --a------ C:\-1472666520
2009-02-17 16:25 . 2009-02-17 16:25 40,448 --a------ C:\cwxwwgtl.exe
2009-02-17 16:24 . 2009-02-17 16:24 72,704 --a------ c:\windows\system32\xonrwwcg.dll
2009-02-17 16:24 . 2009-02-17 16:24 9,728 --a------ c:\windows\instsp1.exe
2009-02-17 10:54 . 2009-02-17 11:04 <DIR> d-------- c:\documents and settings\Deal\Application Data\LimeWire
2009-02-17 10:49 . 2009-02-17 10:50 <DIR> d-------- c:\program files\LimeWire
2009-02-15 16:17 . 2009-02-15 16:17 302,592 --a------ c:\windows\system32\ssqOExVl.dll.vir
2009-02-15 16:02 . 2009-02-15 16:02 0 --a------ c:\windows\nsreg.dat
2009-02-13 15:03 . 2009-02-13 15:03 <DIR> d-------- c:\program files\Pegasys Inc
2009-02-12 22:02 . 2009-02-18 05:12 <DIR> d-------- c:\documents and settings\Deal\Application Data\DivX
2009-02-12 22:00 . 2009-02-18 05:18 <DIR> d-------- c:\program files\DivX
2009-02-12 03:54 . 2009-02-19 03:10 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-12 03:54 . 2009-02-12 03:54 1,409 --a------ c:\windows\QTFont.for
2009-02-12 03:28 . 2009-02-12 03:29 <DIR> d-------- c:\documents and settings\Deal\Application Data\GrabPro
2009-02-12 03:27 . 2009-02-12 03:52 <DIR> d-------- c:\program files\Orbitdownloader
2009-02-12 03:27 . 2009-02-19 03:10 <DIR> d-------- c:\documents and settings\Deal\Application Data\Orbit
2009-02-11 17:39 . 2009-02-18 00:03 <DIR> d-------- c:\program files\Macromedia
2009-02-11 17:39 . 2009-02-18 00:03 <DIR> d-------- c:\program files\Common Files\Macromedia
2009-02-11 17:38 . 2009-02-18 00:02 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-11 14:22 . 2009-02-11 14:24 <DIR> d-------- c:\documents and settings\Deal\Application Data\TigerPlayer
2009-02-11 14:20 . 2009-02-11 14:22 <DIR> d-------- c:\program files\MpcStar
2009-02-11 01:29 . 2009-02-11 01:29 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-02-11 01:27 . 2009-02-12 21:26 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-08 21:19 . 2009-02-08 21:19 <DIR> d-------- c:\documents and settings\Deal\Application Data\Nero
2009-02-08 21:17 . 2009-02-08 21:17 <DIR> d-------- c:\program files\Nero
2009-02-08 21:16 . 2009-02-08 21:18 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-08 21:16 . 2009-02-08 21:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-02-05 03:50 . 2009-02-05 03:50 <DIR> d-------- c:\windows\system32\scripting
2009-02-05 03:50 . 2009-02-05 03:50 <DIR> d-------- c:\windows\system32\en
2009-02-05 03:50 . 2009-02-05 03:50 <DIR> d-------- c:\windows\system32\bits
2009-02-05 03:50 . 2009-02-05 03:50 <DIR> d-------- c:\windows\l2schemas
2009-02-05 03:47 . 2009-02-05 03:51 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-05 03:35 . 2009-02-05 03:35 <DIR> d-------- c:\windows\EHome
2009-02-03 22:29 . 2009-02-16 23:03 <DIR> d-------- c:\program files\uTorrent
2009-02-03 22:29 . 2009-02-18 00:33 <DIR> d-------- c:\documents and settings\Deal\Application Data\uTorrent
2009-02-03 02:30 . 2009-02-03 02:47 <DIR> d-------- c:\documents and settings\Deal\Application Data\vlc
2009-02-03 02:29 . 2009-02-03 02:29 <DIR> d-------- c:\program files\VideoLAN
2009-02-02 14:28 . 2009-02-18 00:34 <DIR> d-------- C:\OutputFolder
2009-02-01 03:13 . 2009-02-01 03:13 <DIR> d-------- c:\program files\eRightSoft
2009-02-01 03:13 . 2009-02-01 03:13 <DIR> d-------- c:\program files\AviSynth 2.5
2009-01-28 19:16 . 2009-01-28 19:17 <DIR> d-------- c:\documents and settings\Deal\Application Data\Move Networks
2009-01-25 18:54 . 2009-01-25 18:54 <DIR> d-------- c:\program files\Allok Video Joiner
2009-01-25 18:54 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll
2009-01-25 18:54 . 2006-09-26 13:57 28,672 --a------ c:\windows\system32\AVEQT.dll
2009-01-25 18:39 . 2009-02-15 20:59 11,776 --ahs---- c:\windows\Thumbs.db
2009-01-23 15:35 . 2009-02-10 23:02 <DIR> d-------- c:\documents and settings\Deal\Application Data\dvdcss
2009-01-22 17:36 . 2005-11-21 00:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-01-22 17:36 . 2005-11-21 00:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-01-22 17:35 . 2009-01-22 17:35 <DIR> d-------- c:\program files\Xilisoft
2009-01-22 17:33 . 2009-01-23 17:20 <DIR> d-------- c:\program files\Allok Video Splitter
2009-01-22 17:33 . 2006-05-05 06:59 421,888 --a------ c:\windows\system32\Mpeg2DecFilter.ax
2009-01-22 17:33 . 2006-07-18 22:11 376,832 --a------ c:\windows\system32\MpegSplitter.ax
2009-01-22 16:55 . 2008-06-20 05:45 360,320 --a------ c:\windows\system32\drivers\tcpip.sys.ORIGINAL
2009-01-22 16:55 . 2008-06-20 05:45 360,320 --a--c--- c:\windows\system32\dllcache\tcpip.sys.ORIGINAL
2009-01-22 16:53 . 2009-02-19 03:10 <DIR> d-------- c:\program files\BitComet
2009-01-22 16:48 . 2009-01-22 16:48 <DIR> d-------- c:\program files\Bit Che
2009-01-22 16:48 . 2009-01-22 16:48 <DIR> d-------- c:\documents and settings\Deal\Application Data\Convivea
2009-01-22 16:48 . 2004-03-09 00:00 152,848 --a------ c:\windows\system32\comdlg32.OCX
2009-01-22 16:48 . 2004-03-09 00:00 124,688 --a------ c:\windows\system32\mswinsck.ocx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 08:43 6,656 ----a-w c:\windows\system32\drivers\aec.sys
2009-02-18 18:31 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-02-18 10:15 --------- d-----w c:\program files\WinClear
2009-02-18 03:24 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-02-13 20:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-11 22:38 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-11 19:22 --------- d-----w c:\program files\QuickTime
2009-02-11 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-10 01:58 --------- d-----w c:\program files\Google
2009-01-26 22:49 --------- d-----w c:\documents and settings\Deal\Application Data\Apple Computer
2009-01-09 23:12 --------- d-----w c:\program files\Java
2008-08-04 03:28 0 ----a-w c:\documents and settings\Deal\jagex_runescape_preferences.dat
2005-05-13 22:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 16:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-14 02:27 422,400 --sha-r c:\windows\x2.64.exe
2005-10-08 00:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2005-07-14 17:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 20:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-22 03:37 45,568 --sha-r c:\windows\system32\cygz.dll
2004-01-25 05:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2006-04-27 15:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 18:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-25 05:00 217,088 --sha-r c:\windows\system32\yv12vfw.dll
.
------- Sigcheck -------
2004-08-12 09:08 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2009-02-17 16:26 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\userinit.exe
2009-02-17 16:26 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Aniyixibabude"="c:\windows\ahewayec.dll" [2009-02-18 132096]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 c:\windows\stsystra.exe]
c:\documents and settings\Deal\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-03-14 256000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-02-12 1711304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jypxdmq]
2009-02-19 03:44 16896 c:\windows\system32\jypxdmq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0odxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20093:TCP"= 20093:TCP:BitComet 20093 TCP
"20093:UDP"= 20093:UDP:BitComet 20093 UDP
R0 ati0odxx;ati0odxx;c:\windows\system32\drivers\ati0odxx.sys [2009-02-17 32768]
S2 gupdate1c97d9b752d9336;Google Update Service (gupdate1c97d9b752d9336);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 ICF;ICF;c:\windows\system32\svchost.exe:ext.exe []
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-12 14336]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-05-30 24344]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - DMUSIC
*NewlyCreated* - DRMKAUD
*NewlyCreated* - KMIXER
*NewlyCreated* - SPLITTER
*NewlyCreated* - SWMIDI
*NewlyCreated* - SYSAUDIO
*NewlyCreated* - USBCCGP
*NewlyCreated* - USBPRINT
*NewlyCreated* - USBSCAN
*NewlyCreated* - WDMAUD
.
Contents of the 'Scheduled Tasks' folder
2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-02-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe []
2009-02-19 c:\windows\Tasks\pvmhjmxl.job
- c:\windows\system32\iifGayWn.dll []
.
- - - - ORPHANS REMOVED - - - -
BHO-{C5BF49A2-94F3-42BD-F434-3604812C8955} - c:\windows\system32\hs78344kjkfd.dll
Toolbar-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
SharedTaskScheduler-{C5BF49A2-94F3-42BD-F434-3604812C8955} - c:\windows\system32\hs78344kjkfd.dll
.
------- Supplementary Scan -------
.
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 03:49:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\svchost.exe:ext.exe 32768 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ICF]
"ImagePath"="c:\windows\system32\svchost.exe:ext.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(216)
c:\windows\system32\klogon.dll
c:\windows\system32\jypxdmq.dll
.
Completion time: 2009-02-19 3:52:50 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2009-02-19 08:52:48
Pre-Run: 33,069,510,656 bytes free
Post-Run: 36,221,837,312 bytes free
452 --- E O F --- 2009-02-15 08:01:17
L O G
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3
2009-02-19 04:00:12
mbam-log-2009-02-19 (04-00-12).txt
Scan type: Quick Scan
Objects scanned: 63354
Time elapsed: 4 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 140
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\jypxdmq.dll (Trojan.Fakealert) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jypxdmq (Trojan.Fakealert) -> Delete on reboot.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aec (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\aec (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aec (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\jypxdmq.dll (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\system32\jypxdmq32.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xonrwwcg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\aec.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\OLD1A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\OLD1D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\cwxwwgtl.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\xyephkl.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Common\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\instsp1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
My current status is that my system is automatically saving my settings and logging out all three of the accounts I have (administrator, JMC, DJ) created. When I do get logged in and it starts to load my particular profile I get the desktop only symptom. No icons, start menu, etc. is able to be seen. I created the JMC profile in safe mode to rule out if it was a profile issue and the symptom still occurs.
I have made great progress since earlier this morning using combofix, Malwarebytes' Anti-Malware, dcombobultor, hi-jackThis after kaspersky and Search & Destroy did little to rectify the issue.
I've included copies of 3 logs first from Hi-jack, then from combofix and Malwarebytes' Anti-Malware:
Logs:
Hi-Jack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:45, on 2009-02-19
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Aniyixibabude] rundll32.exe "C:\WINDOWS\ahewayec.dll",e
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203605509447
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: jypxdmq - C:\WINDOWS\SYSTEM32\jypxdmq.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: Google Update Service (gupdate1c97d9b752d9336) (gupdate1c97d9b752d9336) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6929 bytes
Log
Combofix
ComboFix 09-02-17.02 - Deal 2009-02-19 3:15:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.646 [GMT -5:00]
Running from: E:\Combo-Fix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)
FW: Kaspersky Anti-Virus *enabled*
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Deal\LOCALS~1\Temp\mousehook.dll
c:\documents and settings\Deal\Application Data\FunWebProducts
c:\documents and settings\Deal\Application Data\FunWebProducts\Data\Deal\avatar.dat
c:\documents and settings\Deal\Application Data\FunWebProducts\Data\Deal\zbucks.dat
c:\documents and settings\Deal\Start Menu\Antivirus 2009
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Microsoft Common
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\common-x.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\common.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\include.js
c:\program files\MyWebSearch\bar\Avatar\COMMON\index.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loader.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loading.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\logo.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
c:\program files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\window.ico
c:\program files\MyWebSearch\bar\Cache\[u]007CC0D4.bin
c:\program files\MyWebSearch\bar\Cache\007CC22B.bin
c:\program files\MyWebSearch\bar\Cache\007CC2B8.bin
c:\program files\MyWebSearch\bar\Cache\007CC325.bin
c:\program files\MyWebSearch\bar\Cache\04F78D07
c:\program files\MyWebSearch\bar\Cache\04F78E9D
c:\program files\MyWebSearch\bar\Cache\04F78FB6.bin
c:\program files\MyWebSearch\bar\Cache\04F79033.bin
c:\program files\MyWebSearch\bar\Cache\04F7914D.bin
c:\program files\MyWebSearch\bar\Cache\04F79302.bin
c:\program files\MyWebSearch\bar\Cache\04F79370.bin
c:\program files\MyWebSearch\bar\Cache\0ED5870D.bin
c:\program files\MyWebSearch\bar\Cache\0ED58F6A.bin
c:\program files\MyWebSearch\bar\Cache\0ED59575.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\Jmeyogiseyit.dll
c:\windows\system32\ahtn.htm
c:\windows\system32\CKUtAJlm.ini
c:\windows\system32\CKUtAJlm.ini2
c:\windows\system32\crypts.dll
c:\windows\system32\drivers\UACojjicoys.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\frmwrk32.exe
c:\windows\system32\hs78344kjkfd.dll
c:\windows\system32\init32.exe
c:\windows\system32\lVxEOqss.ini
c:\windows\system32\lVxEOqss.ini2
c:\windows\system32\ntdll64.exe
c:\windows\system32\ntos.exe
c:\windows\system32\UACdwupfhee.dll
c:\windows\system32\UACegbkmljw.dat
c:\windows\system32\UACenuhwqji.dll
c:\windows\system32\UACfndgahcc.log
c:\windows\system32\UAChyuegkfl.log
c:\windows\system32\UACijdatnij.log
c:\windows\system32\UACxkfbdxhk.dll
c:\windows\system32\UACxtafkqyy.dll
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\wsnpoem
c:\windows\system32\wsnpoem\audio.dll
c:\windows\system32\wsnpoem\video.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_FCI
-------\Legacy_ICF
-------\Legacy_TCPSR
-------\Service_tcpsr
((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.
2009-02-19 03:42 . 2009-02-19 03:42 <DIR> d-------- c:\windows\LastGood.Tmp
2009-02-19 03:34 . 2009-02-19 03:44 16,896 --a------ c:\windows\system32\jypxdmq.dll
2009-02-19 03:25 . 2009-02-19 03:25 <DIR> d-------- c:\program files\Microsoft Common
2009-02-18 14:09 . 2009-02-19 03:18 6,656 --a------ c:\windows\system32\drivers\OLD1D.tmp
2009-02-18 14:09 . 2009-02-19 03:18 6,656 --a------ c:\windows\system32\drivers\OLD1A.tmp
2009-02-18 13:25 . 2009-02-18 13:25 132,096 --a------ c:\windows\ahewayec.dll
2009-02-18 05:39 . 2009-02-18 13:31 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-02-18 05:39 . 2009-02-18 13:31 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-02-18 05:38 . 2009-02-18 05:38 <DIR> d-------- c:\program files\Kaspersky Lab
2009-02-18 05:38 . 2009-02-19 03:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-18 05:38 . 2009-02-19 03:43 1,042,976 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-18 05:38 . 2009-02-19 03:43 14,924 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-18 05:38 . 2009-02-19 03:43 11,552 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-18 05:38 . 2009-02-19 03:43 2,132 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-18 05:37 . 2009-02-18 05:37 <DIR> d-------- c:\program files\Kaspersky Antivirus for Windows Workstation
2009-02-18 05:12 . 2009-02-18 05:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-02-18 04:55 . 2009-02-18 04:55 <DIR> d-------- c:\documents and settings\Administrator
2009-02-18 04:50 . 2009-02-18 04:50 <DIR> d-------- C:\Downloads
2009-02-17 23:11 . 2009-02-17 23:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-02-17 23:10 . 2009-02-17 23:10 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2009-02-17 23:10 . 2009-02-17 23:10 <DIR> d-------- c:\program files\Common Files\HP
2009-02-17 23:10 . 2009-02-17 23:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2009-02-17 23:08 . 2009-02-17 23:08 <DIR> d-------- c:\program files\Hewlett-Packard
2009-02-17 23:06 . 2009-02-17 23:07 <DIR> d-------- c:\windows\system32\URTTemp
2009-02-17 23:06 . 2009-02-17 23:06 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-02-17 23:05 . 2005-03-07 23:43 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
2009-02-17 23:05 . 2005-03-07 23:43 21,744 -ra------ c:\windows\system32\drivers\HPZius12.sys
2009-02-17 23:05 . 2005-03-07 23:43 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2009-02-17 23:04 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
2009-02-17 23:04 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
2009-02-17 23:04 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
2009-02-17 23:04 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
2009-02-17 23:04 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
2009-02-17 23:04 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
2009-02-17 23:04 . 2008-04-13 13:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-17 23:04 . 2008-04-13 13:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-17 23:02 . 2009-02-17 23:11 <DIR> d-------- c:\program files\HP
2009-02-17 23:01 . 2009-02-17 23:12 <DIR> d-------- c:\documents and settings\Deal\Application Data\HP
2009-02-17 23:01 . 2009-02-17 23:12 112,411 --a------ c:\windows\hpoins07.dat
2009-02-17 23:01 . 2005-05-24 01:52 21,124 --------- c:\windows\hpomdl07.dat
2009-02-17 22:58 . 2008-04-13 13:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-17 22:58 . 2008-04-13 13:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-17 22:18 . 2009-02-17 22:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-17 22:18 . 2009-02-17 22:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-17 21:34 . 2009-02-17 21:34 <DIR> d-------- c:\program files\TeamViewer
2009-02-17 21:34 . 2009-02-17 21:34 <DIR> d-------- c:\documents and settings\Deal\Application Data\TeamViewer
2009-02-17 21:33 . 2009-02-17 21:33 <DIR> d-------- c:\documents and settings\Deal\temp
2009-02-17 21:07 . 2009-02-19 03:37 16,896 --a------ c:\windows\system32\jypxdmq32.dll
2009-02-17 16:28 . 2009-02-19 03:44 32,768 --a------ c:\windows\system32\drivers\ati0odxx.sys
2009-02-17 16:28 . 2009-02-18 13:13 5,189 --a------ c:\windows\system32\uacinit.dll
2009-02-17 16:27 . 2009-02-17 16:27 705 --a------ C:\xyephkl.exe
2009-02-17 16:26 . 2009-02-17 16:26 104,960 --a--c--- c:\windows\system32\dllcache\userinit.exe
2009-02-17 16:26 . 2009-02-17 16:27 81,920 --a------ C:\dykhyp.exe
2009-02-17 16:26 . 2009-02-17 16:26 26,624 --a------ C:\pfkik.exe
2009-02-17 16:26 . 2009-02-17 16:26 8,704 --a------ C:\jttgds.exe
2009-02-17 16:26 . 2009-02-17 16:26 2 --a------ C:\-1472666520
2009-02-17 16:25 . 2009-02-17 16:25 40,448 --a------ C:\cwxwwgtl.exe
2009-02-17 16:24 . 2009-02-17 16:24 72,704 --a------ c:\windows\system32\xonrwwcg.dll
2009-02-17 16:24 . 2009-02-17 16:24 9,728 --a------ c:\windows\instsp1.exe
2009-02-17 10:54 . 2009-02-17 11:04 <DIR> d-------- c:\documents and settings\Deal\Application Data\LimeWire
2009-02-17 10:49 . 2009-02-17 10:50 <DIR> d-------- c:\program files\LimeWire
2009-02-15 16:17 . 2009-02-15 16:17 302,592 --a------ c:\windows\system32\ssqOExVl.dll.vir
2009-02-15 16:02 . 2009-02-15 16:02 0 --a------ c:\windows\nsreg.dat
2009-02-13 15:03 . 2009-02-13 15:03 <DIR> d-------- c:\program files\Pegasys Inc
2009-02-12 22:02 . 2009-02-18 05:12 <DIR> d-------- c:\documents and settings\Deal\Application Data\DivX
2009-02-12 22:00 . 2009-02-18 05:18 <DIR> d-------- c:\program files\DivX
2009-02-12 03:54 . 2009-02-19 03:10 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-12 03:54 . 2009-02-12 03:54 1,409 --a------ c:\windows\QTFont.for
2009-02-12 03:28 . 2009-02-12 03:29 <DIR> d-------- c:\documents and settings\Deal\Application Data\GrabPro
2009-02-12 03:27 . 2009-02-12 03:52 <DIR> d-------- c:\program files\Orbitdownloader
2009-02-12 03:27 . 2009-02-19 03:10 <DIR> d-------- c:\documents and settings\Deal\Application Data\Orbit
2009-02-11 17:39 . 2009-02-18 00:03 <DIR> d-------- c:\program files\Macromedia
2009-02-11 17:39 . 2009-02-18 00:03 <DIR> d-------- c:\program files\Common Files\Macromedia
2009-02-11 17:38 . 2009-02-18 00:02 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-11 14:22 . 2009-02-11 14:24 <DIR> d-------- c:\documents and settings\Deal\Application Data\TigerPlayer
2009-02-11 14:20 . 2009-02-11 14:22 <DIR> d-------- c:\program files\MpcStar
2009-02-11 01:29 . 2009-02-11 01:29 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-02-11 01:27 . 2009-02-12 21:26 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-08 21:19 . 2009-02-08 21:19 <DIR> d-------- c:\documents and settings\Deal\Application Data\Nero
2009-02-08 21:17 . 2009-02-08 21:17 <DIR> d-------- c:\program files\Nero
2009-02-08 21:16 . 2009-02-08 21:18 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-08 21:16 . 2009-02-08 21:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-02-05 03:50 . 2009-02-05 03:50 <DIR> d-------- c:\windows\system32\scripting
2009-02-05 03:50 . 2009-02-05 03:50 <DIR> d-------- c:\windows\system32\en
2009-02-05 03:50 . 2009-02-05 03:50 <DIR> d-------- c:\windows\system32\bits
2009-02-05 03:50 . 2009-02-05 03:50 <DIR> d-------- c:\windows\l2schemas
2009-02-05 03:47 . 2009-02-05 03:51 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-05 03:35 . 2009-02-05 03:35 <DIR> d-------- c:\windows\EHome
2009-02-03 22:29 . 2009-02-16 23:03 <DIR> d-------- c:\program files\uTorrent
2009-02-03 22:29 . 2009-02-18 00:33 <DIR> d-------- c:\documents and settings\Deal\Application Data\uTorrent
2009-02-03 02:30 . 2009-02-03 02:47 <DIR> d-------- c:\documents and settings\Deal\Application Data\vlc
2009-02-03 02:29 . 2009-02-03 02:29 <DIR> d-------- c:\program files\VideoLAN
2009-02-02 14:28 . 2009-02-18 00:34 <DIR> d-------- C:\OutputFolder
2009-02-01 03:13 . 2009-02-01 03:13 <DIR> d-------- c:\program files\eRightSoft
2009-02-01 03:13 . 2009-02-01 03:13 <DIR> d-------- c:\program files\AviSynth 2.5
2009-01-28 19:16 . 2009-01-28 19:17 <DIR> d-------- c:\documents and settings\Deal\Application Data\Move Networks
2009-01-25 18:54 . 2009-01-25 18:54 <DIR> d-------- c:\program files\Allok Video Joiner
2009-01-25 18:54 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll
2009-01-25 18:54 . 2006-09-26 13:57 28,672 --a------ c:\windows\system32\AVEQT.dll
2009-01-25 18:39 . 2009-02-15 20:59 11,776 --ahs---- c:\windows\Thumbs.db
2009-01-23 15:35 . 2009-02-10 23:02 <DIR> d-------- c:\documents and settings\Deal\Application Data\dvdcss
2009-01-22 17:36 . 2005-11-21 00:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-01-22 17:36 . 2005-11-21 00:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-01-22 17:35 . 2009-01-22 17:35 <DIR> d-------- c:\program files\Xilisoft
2009-01-22 17:33 . 2009-01-23 17:20 <DIR> d-------- c:\program files\Allok Video Splitter
2009-01-22 17:33 . 2006-05-05 06:59 421,888 --a------ c:\windows\system32\Mpeg2DecFilter.ax
2009-01-22 17:33 . 2006-07-18 22:11 376,832 --a------ c:\windows\system32\MpegSplitter.ax
2009-01-22 16:55 . 2008-06-20 05:45 360,320 --a------ c:\windows\system32\drivers\tcpip.sys.ORIGINAL
2009-01-22 16:55 . 2008-06-20 05:45 360,320 --a--c--- c:\windows\system32\dllcache\tcpip.sys.ORIGINAL
2009-01-22 16:53 . 2009-02-19 03:10 <DIR> d-------- c:\program files\BitComet
2009-01-22 16:48 . 2009-01-22 16:48 <DIR> d-------- c:\program files\Bit Che
2009-01-22 16:48 . 2009-01-22 16:48 <DIR> d-------- c:\documents and settings\Deal\Application Data\Convivea
2009-01-22 16:48 . 2004-03-09 00:00 152,848 --a------ c:\windows\system32\comdlg32.OCX
2009-01-22 16:48 . 2004-03-09 00:00 124,688 --a------ c:\windows\system32\mswinsck.ocx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 08:43 6,656 ----a-w c:\windows\system32\drivers\aec.sys
2009-02-18 18:31 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-02-18 10:15 --------- d-----w c:\program files\WinClear
2009-02-18 03:24 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-02-13 20:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-11 22:38 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-11 19:22 --------- d-----w c:\program files\QuickTime
2009-02-11 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-10 01:58 --------- d-----w c:\program files\Google
2009-01-26 22:49 --------- d-----w c:\documents and settings\Deal\Application Data\Apple Computer
2009-01-09 23:12 --------- d-----w c:\program files\Java
2008-08-04 03:28 0 ----a-w c:\documents and settings\Deal\jagex_runescape_preferences.dat
2005-05-13 22:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 16:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-14 02:27 422,400 --sha-r c:\windows\x2.64.exe
2005-10-08 00:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2005-07-14 17:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 20:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-22 03:37 45,568 --sha-r c:\windows\system32\cygz.dll
2004-01-25 05:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2006-04-27 15:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 18:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-25 05:00 217,088 --sha-r c:\windows\system32\yv12vfw.dll
.
------- Sigcheck -------
2004-08-12 09:08 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2009-02-17 16:26 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\userinit.exe
2009-02-17 16:26 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Aniyixibabude"="c:\windows\ahewayec.dll" [2009-02-18 132096]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 c:\windows\stsystra.exe]
c:\documents and settings\Deal\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-03-14 256000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-02-12 1711304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jypxdmq]
2009-02-19 03:44 16896 c:\windows\system32\jypxdmq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0odxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20093:TCP"= 20093:TCP:BitComet 20093 TCP
"20093:UDP"= 20093:UDP:BitComet 20093 UDP
R0 ati0odxx;ati0odxx;c:\windows\system32\drivers\ati0odxx.sys [2009-02-17 32768]
S2 gupdate1c97d9b752d9336;Google Update Service (gupdate1c97d9b752d9336);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 ICF;ICF;c:\windows\system32\svchost.exe:ext.exe []
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-12 14336]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-05-30 24344]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - DMUSIC
*NewlyCreated* - DRMKAUD
*NewlyCreated* - KMIXER
*NewlyCreated* - SPLITTER
*NewlyCreated* - SWMIDI
*NewlyCreated* - SYSAUDIO
*NewlyCreated* - USBCCGP
*NewlyCreated* - USBPRINT
*NewlyCreated* - USBSCAN
*NewlyCreated* - WDMAUD
.
Contents of the 'Scheduled Tasks' folder
2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-02-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe []
2009-02-19 c:\windows\Tasks\pvmhjmxl.job
- c:\windows\system32\iifGayWn.dll []
.
- - - - ORPHANS REMOVED - - - -
BHO-{C5BF49A2-94F3-42BD-F434-3604812C8955} - c:\windows\system32\hs78344kjkfd.dll
Toolbar-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
SharedTaskScheduler-{C5BF49A2-94F3-42BD-F434-3604812C8955} - c:\windows\system32\hs78344kjkfd.dll
.
------- Supplementary Scan -------
.
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 03:49:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\svchost.exe:ext.exe 32768 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ICF]
"ImagePath"="c:\windows\system32\svchost.exe:ext.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(216)
c:\windows\system32\klogon.dll
c:\windows\system32\jypxdmq.dll
.
Completion time: 2009-02-19 3:52:50 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2009-02-19 08:52:48
Pre-Run: 33,069,510,656 bytes free
Post-Run: 36,221,837,312 bytes free
452 --- E O F --- 2009-02-15 08:01:17
L O G
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3
2009-02-19 04:00:12
mbam-log-2009-02-19 (04-00-12).txt
Scan type: Quick Scan
Objects scanned: 63354
Time elapsed: 4 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 140
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\jypxdmq.dll (Trojan.Fakealert) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jypxdmq (Trojan.Fakealert) -> Delete on reboot.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aec (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\aec (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aec (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\jypxdmq.dll (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\system32\jypxdmq32.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xonrwwcg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\aec.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\OLD1A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\OLD1D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\cwxwwgtl.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\xyephkl.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Common\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\instsp1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.