computer is running slow, pop ups, help!!

Abileen · Jan 7, 2008

C:\Documents and Settings\Compaq_Owner\Shared\_\The Bourne Ultimatum (2007) CAM .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Bourne Ultimatum (2007) CAM .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Bourne Ultimatum (2007) PROPER CAM .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Bourne Ultimatum (2007) PROPER CAM .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Bourne Ultimatum (2007).zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Bourne Ultimatum (2007).zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Covenant (2006) DVDRiP .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Covenant (2006) DVDRiP .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Darjeeling Limited (2007).zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Darjeeling Limited (2007).zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Dark Crystal (1982) 25th Anniversary Edition.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Dark Crystal (1982) 25th Anniversary Edition.zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Devil Wears Prada (2006) DVDRiP .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Devil Wears Prada (2006) DVDRiP .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Flame Of New Orleans (1941).zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Flame Of New Orleans (1941).zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Fountain (2006) TS .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Fountain (2006) TS .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Hunting Party (2007) CAM .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Hunting Party (2007) CAM .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Invasion (2007) CAM .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Invasion (2007) CAM .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Jane Austen Book Club (2007).zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Jane Austen Book Club (2007).zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Kingdom (2007).zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Kingdom (2007).zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Nanny Diaries (2007) CAM .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Nanny Diaries (2007) CAM .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The O.C. S01E24 The Proposal.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The O.C. S01E24 The Proposal.zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Quiet (2006) DVDRiP .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Quiet (2006) DVDRiP .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Simpsons Movie (2007) CAM .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Simpsons Movie (2007) CAM .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Simpsons Movie (2007) ENG SE FI.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Simpsons Movie (2007) ENG SE FI.zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Simpsons Movie (2007).zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Simpsons Movie (2007).zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Three Musketeers (1993).zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Three Musketeers (1993).zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Unit S03E11 720p x264 .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Unit S03E11 720p x264 .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Unit S03E11.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Unit S03E11.zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Wicker Man (2006) DVDRiP WS .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Wicker Man (2006) DVDRiP WS .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Woods Have Eyes (2007).zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\The Woods Have Eyes (2007).zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Thr3e (2007) CAM LIMITED .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000

Abileen · Jan 7, 2008

C:\Documents and Settings\Compaq_Owner\Shared\_\Thr3e (2007) CAM LIMITED .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Throat Gaggers 13.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Throat Gaggers 13.zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tinker With My Stinker 2.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tinker With My Stinker 2.zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tits Ahoy 6.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tits Ahoy 6.zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\TMNT (2006) TS .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\TMNT (2006) TS .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tom Byrons POV Cock Suckers 5.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tom Byrons POV Cock Suckers 5.zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Top It Off.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Top It Off.zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Transformers (2007) TS .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Transformers (2007) TS .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Trinity Blood E05 DUAL AUDIO DVDRiP AC3 XViD .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Trinity Blood E05 DUAL AUDIO DVDRiP AC3 XViD .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Trinity Blood E06 DUAL AUDIO DVDRiP AC3 XViD .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Trinity Blood E06 DUAL AUDIO DVDRiP AC3 XViD .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Trinity Blood E07 DUAL AUDIO DVDRiP AC3 XViD .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Trinity Blood E07 DUAL AUDIO DVDRiP AC3 XViD .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Trinity Blood E08 DUAL AUDIO DVDRiP AC3 XViD .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Trinity Blood E08 DUAL AUDIO DVDRiP AC3 XViD .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E01 DUAL AUDIO DVDRiP AC3 XViD .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E01 DUAL AUDIO DVDRiP AC3 XViD .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E02 DUAL AUDIO DVDRiP AC3 XViD .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E02 DUAL AUDIO DVDRiP AC3 XViD .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E03 DUAL AUDIO DVDRiP AC3 XViD .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E03 DUAL AUDIO DVDRiP AC3 XViD .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E04 DUAL AUDIO DVDRiP AC3 XViD .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E04 DUAL AUDIO DVDRiP AC3 XViD .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E05 DUAL AUDIO DVDRiP AC3 XViD .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E05 DUAL AUDIO DVDRiP AC3 XViD .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E06 DUAL AUDIO DVDRiP AC3 XViD .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E06 DUAL AUDIO DVDRiP AC3 XViD .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E07 DUAL AUDIO DVDRiP AC3 XViD .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E07 DUAL AUDIO DVDRiP AC3 XViD .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E08 DUAL AUDIO DVDRiP AC3 XViD .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E08 DUAL AUDIO DVDRiP AC3 XViD .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E09 DUAL AUDIO DVDRiP AC3 XViD .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E09 DUAL AUDIO DVDRiP AC3 XViD .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E10 DUAL AUDIO DVDRiP AC3 XViD .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Tsukuyomi Moon Phase E10 DUAL AUDIO DVDRiP AC3 XViD .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Twilight Zone The Movie (1983).zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Twilight Zone The Movie (1983).zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Underdog (2007) CAM .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Underdog (2007) CAM .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Unknown (2006) DVDSCR FS .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Unknown (2006) DVDSCR FS .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Van Wilder 2 (2006) CAM .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Van Wilder 2 (2006) CAM .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Van Wilder 2 (2006) TS .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Van Wilder 2 (2006) TS .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Violence Jack (1986) DVDR PAL .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Violence Jack (1986) DVDR PAL .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\War (2007) CAM PROPER .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\War (2007) CAM PROPER .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\War (2007) CAM .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\War (2007) CAM .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\We Are Marshall (2006) DVDSCR .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\We Are Marshall (2006) DVDSCR .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\We Got Em All.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\We Got Em All.zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Westside 3 (2007) DVDRiP STV .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Westside 3 (2007) DVDRiP STV .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Wet Lesbians Weekend.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Wet Lesbians Weekend.zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

Abileen · Jan 7, 2008

C:\Documents and Settings\Compaq_Owner\Shared\_\When Nietzsche Wept (2007).zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\When Nietzsche Wept (2007).zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Whoregasm 2.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Whoregasm 2.zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Whos Your Caddy (2007) CAM .zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Whos Your Caddy (2007) CAM .zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Whos Your Caddy.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Whos Your Caddy.zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Why Did I Get Married (2007).zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Compaq_Owner\Shared\_\Why Did I Get Married (2007).zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Program Files\a.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Program Files\a.zip »ZIP »Setup.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Program Files\b.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Program Files\b.zip »ZIP »Video.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Program Files\c.zip Win32/VB.NJQ worm (deleted) 00000000000000000000000000000000
C:\Program Files\c.zip »ZIP »Track_03.exe Win32/VB.NJQ worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Program Files\Setup.exe Win32/VB.NJQ worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Track_03.exe Win32/VB.NJQ worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\uy.exe Win32/VB.NJQ worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Video.exe Win32/VB.NJQ worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Brother\ControlCenter2\brctrcen.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Real\Update_OB\realsched.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\DeluxeCommunications\Dxc.exe Win32/Adware.SurfSideKick application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\DeluxeCommunications\DxcBho.dll Win32/Adware.SurfSideKick application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\DeluxeCommunications\DxcCore.dll Win32/Adware.SurfSideKick application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee\SpamKiller\MskAgent .exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee\SpamKiller\MSKAGE~3 .EXE Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee\SpamKiller\MSKAGE~4 .EXE Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee\SpamKiller\MskDetct.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee.com\Agent\mcagent.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\Program Files\McAfee.com\Agent\mcregwiz.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee.com\Agent\mcupdate .exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee.com\Agent\mcupdate .exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee.com\Agent\mcupdate .exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee.com\Agent\mcupdate .exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee.com\Agent\McUpdate.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee.com\Shared\mcappins.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee.com\VSO\mcvsshld.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\NetMeeting\lavu.dll Win32/Adware.ZQuest application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\NetMeeting\lavu247.dll Win32/Adware.ZQuest application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\NetMeeting\lavu703.dll Win32/Adware.ZQuest application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\QuickTime\qttask.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\SusComToolbar\suscom.dll probably a variant of Win32/Adware.Toolbar.Eztracks application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080103-102700-534-dllhost.exe Win32/VB.NJQ worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Zune\ZuneLauncher.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc18.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc19.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc20.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc21.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc22.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc23.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc24.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc25.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc26.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc27.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc28.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc29.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc30.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc31.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc32.tmp Win32/Agent.NEL trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc42.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3089530122-1163765648-1456459851-1009\Dc43.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\VundoFix Backups\jkhfd.dll.bad Win32/Adware.Virtumonde.FP application (unable to clean - deleted) 00000000000000000000000000000000
C:\VundoFix Backups\jkhfd.exe.bad Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\VundoFix Backups\mrofinu1000106.exe.bad Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\876056.exe Win32/Adware.Mirar application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\ac3_0008.exe Win32/PurityScan virus (deleted) 00000000000000000000000000000000
C:\WINDOWS\ac3_0008.exe »NSIS »PSCastor.exe Win32/PurityScan virus (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\cfg32.exe a variant of Win32/Adware.BkdSpace application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\cfg32a.exe a variant of Win32/Adware.BkdSpace application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\kebjkwrA .exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\kebjkwrA .exe Win32/Agent.NEL trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\kebjkwrA .exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\WINDOWS\run2.exe a variant of Win32/TrojanDownloader.PurityScan trojan (deleted) 00000000000000000000000000000000
C:\WINDOWS\run2.exe »NSIS »Yazzle1408OinAdmin.exe a variant of Win32/TrojanDownloader.PurityScan trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\srvijhyh.exe multiple infiltrations (deleted) 00000000000000000000000000000000
C:\WINDOWS\srvijhyh.exe »NSIS »Gck26.exe Win32/VB.TG trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\srvijhyh.exe »NSIS »uni_e6h.exe probably a variant of Win32/VB trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\srvijhyh.exe »NSIS »uninst108.exe Win32/VB.NFQ trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\srvijhyh.exe »NSIS »TagASaurus.exe Win32/VB.NFQ trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\tk58.exe Win32/Adware.ZQuest application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\uni_e6h.exe probably a variant of Win32/VB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\ctfmon.exe.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\jkhfd.dll Win32/Adware.Virtumonde.FP application (unable to clean - deleted (after the next restart)) AB48EC6F412A35BD0B5B901EADB8FC8C
C:\WINDOWS\system32\jkhfd.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\p2pnetworking.exe Win32/VB.NJQ worm (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\RCX13.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\RCX2C.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\RCX32.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\RCX45.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\RCX52.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\ssqnnkj.dll Win32/Adware.Virtumonde application (unable to clean - deleted (after the next restart)) 6AABCF2D230A10DB0912C130881D4AEE
C:\WINDOWS\system32\ardCo05\ardCo051080.exe a variant of Win32/TrojanDownloader.VB.AW trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\z1\aroblcidr31z.exe Win32/TrojanDownloader.Small.BUY trojan (unable to clean - deleted) 00000000000000000000000000000000

I'm sorry it was longer than 3 :sad: I obviously don't really know what i'm doing
thank you

shelf life · Jan 8, 2008

hi Abileen

ok thanks for all the info.
you have a worm no doubt from using bittorent, and you are sharing it with other hapless people that can download it.
you should stop your client from running as it looks like it runs at boot up, or better yet uninstall it via the add/remove programs panel. (bittorrent)
-------------------------------
i havent looked thru the entire log but you should do this;

we will do this in safe mode, so you might want to copy/paste the safe mode part into notepad and safe it so you can find and read it in safe mode

first to show all files in xp:
FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok
--------------------------------------
to reach safe mode you would tap the f8 key during a computer restart, chose the first option from the list:safe mode

safe mode part:

do this again:
using explorer(right click on start>explore) drill down to these you want to delete whats >inside< the folder.

C:\Windows\Temp\

C:\Documents and Settings\-Your Profile-\Local Settings\Temporary Internet Files\ (will dump all your cached internet content including cookies)

C:\Documents and Settings\-Your Profile-\Local Settings\Temp\

C:\Documents and Settings\-Any other users Profile-\Local Settings\Temporary Internet Files\

C:\Documents and Settings\-Any other users Profile-\Local Settings\Temp\

delete your entire shared folder C:\Documents and Settings\Compaq_Owner\Shared\
------------------------
still in safe mode: run spybot and your antivirus once.

Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:

Temporary Files
Temporary Internet Files
-----------------------------
reboot normally first stop:
download, install update and do a complete scan with superantispyware;

http://www.superantispyware.com/

next stop:
repeat the online scan:
ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.
-----------------------
post a new hjt log and the online scan please.

shelf life

Recycle Bin

Abileen · Jan 9, 2008

hey shelf life
here is the new hjt log and the online scan
thanks again for helping me

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:57 AM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://localsrv.net/upd.php?u=162&i=0&uid=kebjkwrA162
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\MCUPDA~3.EXE
O4 - HKLM\..\Run: [kebjkwrA] C:\WINDOWS\kebjkwrA.exe
O4 - HKLM\..\Run: [kebjkwrA ] C:\WINDOWS\kebjkwrA .exe
O4 - HKLM\..\Run: [bc0b2196] rundll32.exe "C:\WINDOWS\system32\iuwtgylj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAGE~3.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: CaSup.lnk = C:\hp\region\CustAtStartUp.wsf
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168893609062
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7944 bytes

ONLINE SCAN:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2776 (20080109)
# vers_arch_module=1.060 (20071228)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=201ac352f9959d4eb4df043fcc03b4cd
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-01-09 05:23:28
# local_time=2008-01-09 12:23:28 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=292228
# found=14
# scan_time=3516
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\RCX14.tmp Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.Vexe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee\SpamKiller\MSKAgent .exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee\SpamKiller\MSKAGE~1 .EXE Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee.com\Agent\mcagent.Vexe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee.com\Agent\mcupdate .exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .Vexe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Windows Live\Messenger\MsnMsgr .VExe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\jkhfd.dll Win32/Adware.Virtumonde.FP application (unable to clean - deleted (after the next restart)) AB48EC6F412A35BD0B5B901EADB8FC8C
C:\WINDOWS\system32\jkhfd.exe Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000

shelf life · Jan 10, 2008

hi,

disable spybots tea timer first, then we will use hjt and then get another download to run.

first hjt:

O4 - HKLM\..\Run: [kebjkwrA] C:\WINDOWS\kebjkwrA.exe

O4 - HKLM\..\Run: [kebjkwrA ] C:\WINDOWS\kebjkwrA .exe

O4 - HKLM\..\Run: [bc0b2196] rundll32.exe "C:\WINDOWS\system32\iuwtgylj.dll",b

O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
--------------------------
next:
download and run vundofix.exe:

http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
--------------------------
last please do another complete scan with superantispyware and post the result. you can get a copy of the last report like this:

To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
------------------------
please post the vundo log, the last superantispyware report and a new hjt log.

shelf life

Abileen · Jan 11, 2008

hello, here's what you requested:

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.11

Scan started at 7:31:55 PM 1/3/2008

Listing files found while scanning....

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.11

Scan started at 10:52:15 PM 1/3/2008

Listing files found while scanning....

C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkhfd.exe

Beginning removal...

Attempting to delete C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1000106.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\dfhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkhfd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfd.exe
C:\WINDOWS\system32\jkhfd.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.11

Scan started at 3:36:37 PM 1/10/2008

Listing files found while scanning....

C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\eegosokj.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkhfd.exe
C:\WINDOWS\system32\pncurynv.dll
C:\WINDOWS\system32\qvfsusvn.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\dfhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\eegosokj.dll
C:\WINDOWS\system32\eegosokj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkhfd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfd.exe
C:\WINDOWS\system32\jkhfd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pncurynv.dll
C:\WINDOWS\system32\pncurynv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qvfsusvn.exe
C:\WINDOWS\system32\qvfsusvn.exe Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qvfsusvn.exe
C:\WINDOWS\system32\qvfsusvn.exe Could not be deleted.

Performing Repairs to the registry.
Done!

-----------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/10/2008 at 08:03 PM

Application Version : 3.9.1008

Core Rules Database Version : 3377
Trace Rules Database Version: 1371

Scan type : Complete Scan
Total Scan Time : 00:55:14

Memory items scanned : 384
Memory threats detected : 1
Registry items scanned : 5049
Registry threats detected : 8
File items scanned : 59636
File threats detected : 16

Adware.eZula
C:\WINDOWS\SYSTEM32\QVFSUSVN.EXE
C:\WINDOWS\SYSTEM32\QVFSUSVN.EXE
C:\WINDOWS\Prefetch\QVFSUSVN.EXE-19BC1A48.pf

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{55E48309-6108-4661-9A3A-AC8FAB18EF84}
HKCR\CLSID\{55E48309-6108-4661-9A3A-AC8FAB18EF84}
HKCR\CLSID\{55E48309-6108-4661-9A3A-AC8FAB18EF84}\InprocServer32
HKCR\CLSID\{55E48309-6108-4661-9A3A-AC8FAB18EF84}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKHFD.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55E48309-6108-4661-9A3A-AC8FAB18EF84}

Trojan.Downloader-Gen/DDC
HKLM\System\ControlSet001\Services\DomainService
HKLM\System\ControlSet003\Services\DomainService
HKLM\System\CurrentControlSet\Services\DomainService
C:\VUNDOFIX BACKUPS\QVFSUSVN.EXE.BAD

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-eset.hitbox[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@hitbox[2].txt

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP415\A0029163.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP417\A0032209.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP417\A0032212.DLL

Trojan.Vundo/Variant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP415\A0029164.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP417\A0032211.EXE
C:\VUNDOFIX BACKUPS\JKHFD.EXE.BAD

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP415\A0029165.EXE

Trojan.Downloader-Gen/TaLDrv
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP415\A0029166.EXE

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP417\A0032210.DLL
------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:59 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://localsrv.net/upd.php?u=162&i=0&uid=kebjkwrA162
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {181b2fbd-e072-6f09-9cd4-b9e82d38d3b5} - {5b3d83d2-8e9b-4dc9-90f6-270edbf2b181} - C:\WINDOWS\system32\eegosokj.dll (file missing)
O2 - BHO: (no name) - {6F3618D8-3B0B-4968-9220-97CD4CBAE975} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAGE~1.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: CaSup.lnk = C:\hp\region\CustAtStartUp.wsf
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168893609062
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8537 bytes

Thanks again for the help

shelf life · Jan 13, 2008

hi,

sorry for the delay. we are doing good so far.
yet another download to get and run:

Download combofix from one of these links and save it to Desktop:

http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

as a precaution, before using combofix:
Close any open windows
Close/disable anti virus and any antimalware programs that might have real time protection running.Usually this can be done by clicking on the icons by the clock and selecting exit etc. This is done to prevent any possible interference while Combofix is running. After combofix is done you can restart them.

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

shelf life

Abileen · Jan 14, 2008

Hey shelf life, here's the combofix log you requested

ComboFix 08-01-14.3 - Compaq_Owner 2008-01-13 21:56:40.1 - NTFSx86
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\tsks~1
C:\Program Files\Common Files\uninstall information
C:\Program Files\dobe~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\winlogo.exe
C:\WINDOWS\system32\z1
C:\WINDOWS\timessquare1.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-13 21:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 00:52 . 2008-01-10 00:52 294 ---hs---- C:\WINDOWS\system32\vnyrucnp.ini
2008-01-08 21:54 . 2008-01-10 20:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-08 21:54 . 2008-01-08 21:54 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-01-08 21:54 . 2008-01-08 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-08 21:53 . 2008-01-08 21:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 00:51 . 2008-01-08 21:51 354 ---hs---- C:\WINDOWS\system32\jlygtwui.ini
2008-01-07 00:48 . 2008-01-08 23:24 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-03 19:31 . 2008-01-10 17:19 <DIR> d-------- C:\VundoFix Backups
2008-01-02 11:45 . 2008-01-02 11:45 268 --ah----- C:\sqmdata19.sqm
2008-01-02 11:45 . 2008-01-02 11:45 244 --ah----- C:\sqmnoopt19.sqm
2008-01-02 11:44 . 2008-01-02 11:45 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-01 21:22 . 2008-01-01 21:22 268 --ah----- C:\sqmdata18.sqm
2008-01-01 21:22 . 2008-01-01 21:22 244 --ah----- C:\sqmnoopt18.sqm
2008-01-01 18:24 . 2008-01-01 18:24 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Atari
2008-01-01 14:56 . 2008-01-01 14:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 14:02 . 2008-01-01 14:02 268 --ah----- C:\sqmdata17.sqm
2008-01-01 14:02 . 2008-01-01 14:02 244 --ah----- C:\sqmnoopt17.sqm
2008-01-01 11:48 . 2008-01-01 11:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-01 11:48 . 2008-01-01 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-01 02:04 . 2008-01-01 02:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-01-01 00:25 . 2008-01-01 00:24 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-01 00:24 . 2008-01-01 00:26 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\.housecall6.6
2007-12-31 23:39 . 2007-12-31 23:39 268 --ah----- C:\sqmdata16.sqm
2007-12-31 23:39 . 2007-12-31 23:39 244 --ah----- C:\sqmnoopt16.sqm
2007-12-31 22:36 . 2007-12-31 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 03:11 . 2007-04-18 11:12 2,854,400 --a------ C:\WINDOWS\system32\msi.dll
2007-12-30 03:11 . 2007-04-18 11:12 2,854,400 --a------ C:\WINDOWS\system32\dllcache\msi.dll
2007-12-30 03:11 . 2005-05-04 14:45 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2007-12-30 03:11 . 2005-05-04 14:45 884,736 --a------ C:\WINDOWS\system32\dllcache\msimsg.dll
2007-12-30 03:11 . 2005-05-04 14:45 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2007-12-30 03:11 . 2005-05-04 14:45 271,360 --a------ C:\WINDOWS\system32\dllcache\msihnd.dll
2007-12-30 03:11 . 2005-05-04 14:45 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2007-12-30 03:11 . 2005-05-04 14:45 78,848 --a------ C:\WINDOWS\system32\dllcache\msiexec.exe
2007-12-30 03:11 . 2005-05-04 14:45 15,360 --a------ C:\WINDOWS\system32\msisip.dll
2007-12-30 03:11 . 2005-05-04 14:45 15,360 --a------ C:\WINDOWS\system32\dllcache\msisip.dll
2007-12-29 14:09 . 2007-12-29 14:09 268 --ah----- C:\sqmdata15.sqm
2007-12-29 14:09 . 2007-12-29 14:09 244 --ah----- C:\sqmnoopt15.sqm
2007-12-29 14:05 . 2007-12-29 16:07 <DIR> d-------- C:\Program Files\McAfee
2007-12-29 14:03 . 2007-12-29 14:06 <DIR> d-------- C:\Program Files\McAfee.com
2007-12-29 14:03 . 2005-10-18 11:08 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-12-29 14:03 . 2005-05-24 19:23 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-12-29 14:01 . 2008-01-08 17:15 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-29 13:59 . 2007-12-29 13:59 268 --ah----- C:\sqmdata14.sqm
2007-12-29 13:59 . 2007-12-29 13:59 244 --ah----- C:\sqmnoopt14.sqm
2007-12-29 13:38 . 2007-12-29 13:38 268 --ah----- C:\sqmdata13.sqm
2007-12-29 13:38 . 2007-12-29 13:38 244 --ah----- C:\sqmnoopt13.sqm
2007-12-29 13:20 . 2007-12-29 13:20 249 --a------ C:\Documents and Settings\Compaq_Owner\2553.bat
2007-12-29 13:19 . 2007-12-29 13:19 <DIR> d-------- C:\WINDOWS\system32\pp1
2007-12-29 13:19 . 2008-01-08 21:38 <DIR> d-------- C:\WINDOWS\system32\mr9
2007-12-29 13:19 . 2007-12-29 13:39 <DIR> d-------- C:\WINDOWS\system32\cc9
2007-12-29 13:19 . 2008-01-07 02:01 <DIR> d-------- C:\WINDOWS\system32\ardCo05
2007-12-29 13:19 . 2008-01-08 23:18 <DIR> d-------- C:\WINDOWS\system32\aj2
2007-12-29 13:19 . 2007-12-29 13:19 <DIR> d-------- C:\Temp\cEeer12
2007-12-29 13:19 . 2008-01-13 22:02 <DIR> d-------- C:\Temp
2007-12-28 23:23 . 2007-12-28 23:23 268 --ah----- C:\sqmdata12.sqm
2007-12-28 23:23 . 2007-12-28 23:23 244 --ah----- C:\sqmnoopt12.sqm
2007-12-28 19:25 . 2008-01-13 22:03 268 --ah----- C:\sqmdata11.sqm
2007-12-28 19:25 . 2008-01-13 22:03 244 --ah----- C:\sqmnoopt11.sqm
2007-12-28 18:54 . 2007-12-28 18:54 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-28 14:27 . 2008-01-13 14:43 268 --ah----- C:\sqmdata10.sqm
2007-12-28 14:27 . 2008-01-13 14:43 244 --ah----- C:\sqmnoopt10.sqm
2007-12-27 10:38 . 2008-01-12 13:53 268 --ah----- C:\sqmdata09.sqm
2007-12-27 10:38 . 2008-01-12 13:53 244 --ah----- C:\sqmnoopt09.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 06:41 --------- d-----w C:\Program Files\Zune
2008-01-07 06:41 --------- d-----w C:\Program Files\SusComToolbar
2008-01-07 06:40 --------- d-----w C:\Program Files\QuickTime
2008-01-07 05:42 25,214 ----a-w C:\Program Files\B.ico
2008-01-07 05:42 25,214 ----a-w C:\Program Files\A.ico
2008-01-01 16:22 --------- d-----w C:\Program Files\LimeWire
2008-01-01 07:16 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-01 07:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-01 07:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-29 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-29 04:12 --------- d-----w C:\Program Files\Musicnotes
2007-12-11 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-06 02:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-06 02:17 --------- d-----w C:\Program Files\Nancy Drew
2007-12-03 03:58 4,198 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-11-24 03:14 --------- d-----w C:\Program Files\Comcast Rhapsody
2007-11-24 01:03 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-24 01:03 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-11-21 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-21 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-16 03:38 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2005-11-16 01:19 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

Code:

<pre>
----a-w            68,856 2008-01-07 05:42:11  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w            94,208 2007-12-31 17:16:14  C:\Program Files\McAfee\McAfee QuickClean\Plguni .exe
----a-w           126,976 2008-01-04 00:23:11  C:\Program Files\McAfee\SpamKiller\MS18BE~1 .EXE
----a-w           506,368 2008-01-09 12:13:49  C:\Program Files\McAfee\SpamKiller\MSKAGE~2 .EXE
----a-w           126,976 2008-01-09 12:13:57  C:\Program Files\McAfee\SpamKiller\MSKAGE~3 .EXE
----a-w         1,111,040 2008-01-07 05:42:01  C:\Program Files\McAfee\SpamKiller\MskDetct .exe
----a-w           212,992 2008-01-03 17:01:30  C:\Program Files\McAfee.com\Agent\MC1A39~1 .EXE
----a-w           303,104 2008-01-07 05:41:53  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w           139,264 2008-01-01 19:44:41  C:\Program Files\McAfee.com\Agent\mcregwiz .exe
----a-w           184,320 2008-01-01 05:38:03  C:\Program Files\McAfee.com\Agent\mcupdate      .exe
----a-w           584,192 2008-01-09 12:13:50  C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
----a-w           212,992 2008-01-09 12:13:54  C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
----a-w           131,072 2008-01-02 16:37:32  C:\Program Files\McAfee.com\Shared\mcappins .exe
----a-w           151,552 2008-01-07 05:41:49  C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
----a-w           163,840 2008-01-07 05:41:51  C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w         1,460,560 2008-01-03 15:21:28  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w         1,318,912 2008-01-09 04:22:00  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w           715,888 2008-01-07 05:42:07  C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather  .exe
----a-w         5,728,112 2008-01-09 12:14:03  C:\Program Files\Windows Live\Messenger\MsnMsgr                 .Exe
----a-w         6,107,648 2008-01-09 12:13:49  C:\Program Files\Windows Live\Messenger\MsnMsgr                .Exe
----a-w            15,360 2008-01-08 22:15:16  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b3d83d2-8e9b-4dc9-90f6-270edbf2b181}]
C:\WINDOWS\system32\eegosokj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F3618D8-3B0B-4968-9220-97CD4CBAE975}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" [2008-01-09 07:14 5728112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAGE~1.EXE" [2008-01-09 07:13 126976]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE" [2008-01-09 07:13 212992]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\k9-setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 03:08:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 22:05:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 22:11:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 03:11:36
.
2008-01-09 12:04:30 --- E O F ---

shelf life · Jan 15, 2008

hi,

you have the new vundo making the rounds. i will post back.

shelf life

shelf life · Jan 15, 2008

hi,

ok iam back. lets start over with the combofix part. first delete the copy you have by going to start>run and type in the window: combofix /u
note; there is a space after the 'x" and before the /
it will uninstall combofix.
get a new copy and follow this just like before please:

Download combofix from one of these links and save it to Desktop:

http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

as a precaution, before using combofix:
Close any open windows
Close/disable anti virus and any antimalware programs that might have real time protection running. Usually this can be done by clicking on the icons by the clock and selecting exit etc. This is done to prevent any possible interference while Combofix is running. After combofix is done you can restart them.

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

post a new hjt log also and the combofix log, then we will continue.

shelf life

Abileen · Jan 16, 2008

hey
so did i do it wrong? because i'm not sure if i did it right this time either...i followed the instructions and i didnt click it while it was running, and i exited all the programs that were down in the right corner :sad:
well here's the hjt log and the combofix log like you asked, but i had to split them:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:07, on 2008-01-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://localsrv.net/upd.php?u=162&i=0&uid=kebjkwrA162
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {181b2fbd-e072-6f09-9cd4-b9e82d38d3b5} - {5b3d83d2-8e9b-4dc9-90f6-270edbf2b181} - C:\WINDOWS\system32\eegosokj.dll (file missing)
O2 - BHO: (no name) - {6F3618D8-3B0B-4968-9220-97CD4CBAE975} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAGE~1.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: CaSup.lnk = C:\hp\region\CustAtStartUp.wsf
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168893609062
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8503 bytes

Abileen · Jan 16, 2008

ComboFix 08-01-16.4 - Compaq_Owner 2008-01-15 23:56:30.5 - NTFSx86
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.

2008-01-15 22:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 00:52 . 2008-01-10 00:52 294 ---hs---- C:\WINDOWS\system32\vnyrucnp.ini
2008-01-08 21:54 . 2008-01-10 20:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-08 21:54 . 2008-01-08 21:54 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-01-08 21:54 . 2008-01-08 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-08 21:53 . 2008-01-08 21:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 00:51 . 2008-01-08 21:51 354 ---hs---- C:\WINDOWS\system32\jlygtwui.ini
2008-01-07 00:48 . 2008-01-08 23:24 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-02 11:45 . 2008-01-02 11:45 268 --ah----- C:\sqmdata19.sqm
2008-01-02 11:45 . 2008-01-02 11:45 244 --ah----- C:\sqmnoopt19.sqm
2008-01-02 11:44 . 2008-01-02 11:45 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-01 21:22 . 2008-01-01 21:22 268 --ah----- C:\sqmdata18.sqm
2008-01-01 21:22 . 2008-01-01 21:22 244 --ah----- C:\sqmnoopt18.sqm
2008-01-01 18:24 . 2008-01-01 18:24 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Atari
2008-01-01 14:56 . 2008-01-01 14:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 14:02 . 2008-01-01 14:02 268 --ah----- C:\sqmdata17.sqm
2008-01-01 14:02 . 2008-01-01 14:02 244 --ah----- C:\sqmnoopt17.sqm
2008-01-01 11:48 . 2008-01-01 11:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-01 11:48 . 2008-01-01 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-01 02:04 . 2008-01-01 02:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-01-01 00:25 . 2008-01-01 00:24 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-01 00:24 . 2008-01-01 00:26 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\.housecall6.6
2007-12-31 23:39 . 2007-12-31 23:39 268 --ah----- C:\sqmdata16.sqm
2007-12-31 23:39 . 2007-12-31 23:39 244 --ah----- C:\sqmnoopt16.sqm
2007-12-31 22:36 . 2007-12-31 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 03:11 . 2007-04-18 11:12 2,854,400 --a------ C:\WINDOWS\system32\msi.dll
2007-12-30 03:11 . 2007-04-18 11:12 2,854,400 --a------ C:\WINDOWS\system32\dllcache\msi.dll
2007-12-30 03:11 . 2005-05-04 14:45 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2007-12-30 03:11 . 2005-05-04 14:45 884,736 --a------ C:\WINDOWS\system32\dllcache\msimsg.dll
2007-12-30 03:11 . 2005-05-04 14:45 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2007-12-30 03:11 . 2005-05-04 14:45 271,360 --a------ C:\WINDOWS\system32\dllcache\msihnd.dll
2007-12-30 03:11 . 2005-05-04 14:45 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2007-12-30 03:11 . 2005-05-04 14:45 78,848 --a------ C:\WINDOWS\system32\dllcache\msiexec.exe
2007-12-30 03:11 . 2005-05-04 14:45 15,360 --a------ C:\WINDOWS\system32\msisip.dll
2007-12-30 03:11 . 2005-05-04 14:45 15,360 --a------ C:\WINDOWS\system32\dllcache\msisip.dll
2007-12-29 14:09 . 2008-01-15 23:52 268 --ah----- C:\sqmdata15.sqm
2007-12-29 14:09 . 2008-01-15 23:52 244 --ah----- C:\sqmnoopt15.sqm
2007-12-29 14:05 . 2007-12-29 16:07 <DIR> d-------- C:\Program Files\McAfee
2007-12-29 14:03 . 2007-12-29 14:06 <DIR> d-------- C:\Program Files\McAfee.com
2007-12-29 14:03 . 2005-10-18 11:08 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-12-29 14:03 . 2005-05-24 19:23 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-12-29 14:01 . 2008-01-08 17:15 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-29 13:59 . 2008-01-15 22:19 268 --ah----- C:\sqmdata14.sqm
2007-12-29 13:59 . 2008-01-15 22:19 244 --ah----- C:\sqmnoopt14.sqm
2007-12-29 13:38 . 2008-01-15 19:51 268 --ah----- C:\sqmdata13.sqm
2007-12-29 13:38 . 2008-01-15 19:51 244 --ah----- C:\sqmnoopt13.sqm
2007-12-29 13:20 . 2007-12-29 13:20 249 --a------ C:\Documents and Settings\Compaq_Owner\2553.bat
2007-12-29 13:19 . 2007-12-29 13:19 <DIR> d-------- C:\WINDOWS\system32\pp1
2007-12-29 13:19 . 2008-01-08 21:38 <DIR> d-------- C:\WINDOWS\system32\mr9
2007-12-29 13:19 . 2007-12-29 13:39 <DIR> d-------- C:\WINDOWS\system32\cc9
2007-12-29 13:19 . 2008-01-07 02:01 <DIR> d-------- C:\WINDOWS\system32\ardCo05
2007-12-29 13:19 . 2008-01-08 23:18 <DIR> d-------- C:\WINDOWS\system32\aj2
2007-12-29 13:19 . 2007-12-29 13:19 <DIR> d-------- C:\Temp\cEeer12
2007-12-29 13:19 . 2008-01-13 22:02 <DIR> d-------- C:\Temp
2007-12-28 23:23 . 2008-01-13 22:05 268 --ah----- C:\sqmdata12.sqm
2007-12-28 23:23 . 2008-01-13 22:05 244 --ah----- C:\sqmnoopt12.sqm
2007-12-28 19:25 . 2008-01-13 22:03 268 --ah----- C:\sqmdata11.sqm
2007-12-28 19:25 . 2008-01-13 22:03 244 --ah----- C:\sqmnoopt11.sqm
2007-12-28 18:54 . 2007-12-28 18:54 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-28 14:27 . 2008-01-13 14:43 268 --ah----- C:\sqmdata10.sqm
2007-12-28 14:27 . 2008-01-13 14:43 244 --ah----- C:\sqmnoopt10.sqm
2007-12-27 10:38 . 2008-01-12 13:53 268 --ah----- C:\sqmdata09.sqm
2007-12-27 10:38 . 2008-01-12 13:53 244 --ah----- C:\sqmnoopt09.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-07 06:41 --------- d-----w C:\Program Files\Zune
2008-01-07 06:41 --------- d-----w C:\Program Files\SusComToolbar
2008-01-07 06:40 --------- d-----w C:\Program Files\QuickTime
2008-01-07 05:42 25,214 ----a-w C:\Program Files\B.ico
2008-01-07 05:42 25,214 ----a-w C:\Program Files\A.ico
2008-01-01 16:22 --------- d-----w C:\Program Files\LimeWire
2008-01-01 07:16 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-01 07:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-01 07:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-29 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-29 04:12 --------- d-----w C:\Program Files\Musicnotes
2007-12-11 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-06 02:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-06 02:17 --------- d-----w C:\Program Files\Nancy Drew
2007-12-03 03:58 4,198 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-11-24 03:14 --------- d-----w C:\Program Files\Comcast Rhapsody
2007-11-24 01:03 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-24 01:03 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-11-21 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-21 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-16 03:51 80,288 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2007-11-16 03:51 72,608 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2007-11-16 03:51 59,296 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2007-11-16 03:51 45,472 ----a-w C:\WINDOWS\system32\ZuneUsbConnection.dll
2007-11-16 03:51 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2007-11-16 03:51 155,552 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2007-11-16 03:38 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-18 19:09 1,419,232 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2006-08-10 01:22 15,221,934 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_08_09_16_25_13.dmp.zip
2006-08-09 20:23 10,445,680 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_08_09_16_20_34.dmp.zip
2006-07-31 22:25 15,274,219 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_07_31_00_03_11.dmp.zip
2006-07-28 01:10 13,011,213 -c--a-w C:\WINDOWS\Internet Logs\ca_2nd_2006_07_27_21_04_33.dmp.zip
2006-07-28 01:02 15,173,360 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_07_27_20_56_28.dmp.zip
2006-07-28 00:51 15,129,214 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_07_27_10_01_09.dmp.zip
2006-07-27 10:59 16,847,060 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_07_26_16_10_53.dmp.zip
2006-07-26 19:56 10,419,633 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_07_26_15_48_34.dmp.zip
2006-06-24 18:59 15,142,903 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_06_24_13_50_16.dmp.zip
2006-06-24 18:25 15,128,347 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_06_24_13_46_23.dmp.zip
2006-06-24 17:53 15,111,563 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_06_24_13_46_22.dmp.zip
2006-06-20 00:44 15,171,500 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_06_19_20_24_44.dmp.zip
2006-06-13 20:59 15,773,418 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_06_06_10_52_15.dmp.zip
2006-03-21 03:08 10,448,133 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_03_18_23_02_14.dmp.zip
2006-03-19 04:23 15,185,187 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_03_18_23_01_50.dmp.zip
2006-03-19 04:01 15,495,878 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_03_18_22_49_23.dmp.zip
2005-12-20 21:22 14,731,062 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_17_13_49_06.dmp.zip
2005-12-17 18:48 14,706,767 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_17_13_37_07.dmp.zip
2005-12-17 18:40 14,735,675 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_17_13_18_41.dmp.zip
2005-12-17 18:35 14,729,289 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_17_13_18_36.dmp.zip
2005-12-14 01:48 15,204,734 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_13_20_28_51.dmp.zip
2005-12-14 01:31 14,695,514 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_13_20_28_46.dmp.zip
2005-11-16 01:19 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

Code:

<pre>
----a-w            68,856 2008-01-07 05:42:11  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w            94,208 2007-12-31 17:16:14  C:\Program Files\McAfee\McAfee QuickClean\Plguni .exe
----a-w           126,976 2008-01-04 00:23:11  C:\Program Files\McAfee\SpamKiller\MS18BE~1 .EXE
----a-w           506,368 2008-01-09 12:13:49  C:\Program Files\McAfee\SpamKiller\MSKAGE~2 .EXE
----a-w           126,976 2008-01-09 12:13:57  C:\Program Files\McAfee\SpamKiller\MSKAGE~3 .EXE
----a-w         1,111,040 2008-01-07 05:42:01  C:\Program Files\McAfee\SpamKiller\MskDetct .exe
----a-w           212,992 2008-01-03 17:01:30  C:\Program Files\McAfee.com\Agent\MC1A39~1 .EXE
----a-w           303,104 2008-01-07 05:41:53  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w           139,264 2008-01-01 19:44:41  C:\Program Files\McAfee.com\Agent\mcregwiz .exe
----a-w           184,320 2008-01-01 05:38:03  C:\Program Files\McAfee.com\Agent\mcupdate      .exe
----a-w           584,192 2008-01-09 12:13:50  C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
----a-w           212,992 2008-01-09 12:13:54  C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
----a-w           131,072 2008-01-02 16:37:32  C:\Program Files\McAfee.com\Shared\mcappins .exe
----a-w           151,552 2008-01-07 05:41:49  C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
----a-w           163,840 2008-01-07 05:41:51  C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w         1,460,560 2008-01-03 15:21:28  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w         1,318,912 2008-01-09 04:22:00  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w           715,888 2008-01-07 05:42:07  C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather  .exe
----a-w         5,728,112 2008-01-09 12:14:03  C:\Program Files\Windows Live\Messenger\MsnMsgr                 .Exe
----a-w         6,107,648 2008-01-09 12:13:49  C:\Program Files\Windows Live\Messenger\MsnMsgr                .Exe
----a-w            15,360 2008-01-08 22:15:16  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b3d83d2-8e9b-4dc9-90f6-270edbf2b181}]
C:\WINDOWS\system32\eegosokj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F3618D8-3B0B-4968-9220-97CD4CBAE975}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" [2008-01-09 07:14 5728112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAGE~1.EXE" [2008-01-09 07:13 126976]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [ ]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [ ]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1998-02-24 11:02:41]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 22:51]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S3 maa950c;maa950c;C:\WINDOWS\system32\Drivers\maa950c.sys [2005-06-16 18:11]
S3 maa950m;maa950m;C:\WINDOWS\system32\Drivers\maa950m.sys [2005-06-16 18:13]
S3 maa950u;maa950u;C:\WINDOWS\system32\Drivers\maa950u.sys [2006-09-28 14:32]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-18 11:44]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 22:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\k9-setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 05:03:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 00:01:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 0:04:06
ComboFix-quarantined-files.txt 2008-01-16 05:04:02
ComboFix2.txt 2008-01-16 03:49:01
ComboFix3.txt 2008-01-16 03:33:10
.
2008-01-09 12:04:30 --- E O F ---

shelf life · Jan 16, 2008

hi,

no you did it right, both times. we ran combofix again since there was a delay in fix.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

FILE::
C:\WINDOWS\system32\vnyrucnp.ini
C:\WINDOWS\system32\jlygtwui.ini

RENV::
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni .exe
C:\Program Files\McAfee\SpamKiller\MS18BE~1 .EXE 
C:\Program Files\McAfee\SpamKiller\MSKAGE~2 .EXE
C:\Program Files\McAfee\SpamKiller\MSKAGE~3 .EXE
C:\Program Files\McAfee\SpamKiller\MskDetct .exe
C:\Program Files\McAfee.com\Agent\MC1A39~1 .EXE
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\McAfee.com\Agent\mcregwiz .exe
C:\Program Files\McAfee.com\Agent\mcupdate .exe
C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
C:\Program Files\McAfee.com\Shared\mcappins .exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
C:\Program Files\McAfee.com\VSO\mcvsshld .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\WINDOWS\system32\ctfmon .exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b3d83d2-8e9b-4dc9-90f6-270edbf2b181}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F3618D8-3B0B-4968-9220-97CD4CBAE975}]

Name the Notepad file CFScript.txt and Save it to your desktop.

now locate both the CFScript you just saved and the combofix icon. using your mouse drag the CFScript right on top of the combofix icon and release. combofix will run
your machine may reboot again. please post the new combofix log.
--------------------------------
next:

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

O2 - BHO: {181b2fbd-e072-6f09-9cd4-b9e82d38d3b5} - {5b3d83d2-8e9b-4dc9-90f6-270edbf2b181} - C:\WINDOWS\system32\eegosokj.dll (file missing)

O2 - BHO: (no name) - {6F3618D8-3B0B-4968-9220-97CD4CBAE975} - (no file)
---------------------------------

shelf life

Abileen · Jan 17, 2008

hello
ok i'm glad i did it right

so here's the combofix log you requested:

ComboFix 08-01-16.4 - Compaq_Owner 2008-01-16 19:32:39.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.122 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\jlygtwui.ini
C:\WINDOWS\system32\vnyrucnp.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jlygtwui.ini
C:\WINDOWS\system32\vnyrucnp.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-16 15:09 . 2002-03-13 08:50 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2008-01-15 22:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 21:54 . 2008-01-16 19:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-08 21:54 . 2008-01-08 21:54 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-01-08 21:54 . 2008-01-08 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-08 21:53 . 2008-01-08 21:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-07 00:48 . 2008-01-08 23:24 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-02 11:45 . 2008-01-02 11:45 268 --ah----- C:\sqmdata19.sqm
2008-01-02 11:45 . 2008-01-02 11:45 244 --ah----- C:\sqmnoopt19.sqm
2008-01-02 11:44 . 2008-01-02 11:45 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-01 21:22 . 2008-01-01 21:22 268 --ah----- C:\sqmdata18.sqm
2008-01-01 21:22 . 2008-01-01 21:22 244 --ah----- C:\sqmnoopt18.sqm
2008-01-01 18:24 . 2008-01-01 18:24 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Atari
2008-01-01 14:56 . 2008-01-01 14:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 14:02 . 2008-01-01 14:02 268 --ah----- C:\sqmdata17.sqm
2008-01-01 14:02 . 2008-01-01 14:02 244 --ah----- C:\sqmnoopt17.sqm
2008-01-01 11:48 . 2008-01-01 11:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-01 11:48 . 2008-01-01 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-01 02:04 . 2008-01-01 02:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-01-01 00:25 . 2008-01-01 00:24 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-01 00:24 . 2008-01-01 00:26 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\.housecall6.6
2007-12-31 23:39 . 2007-12-31 23:39 268 --ah----- C:\sqmdata16.sqm
2007-12-31 23:39 . 2007-12-31 23:39 244 --ah----- C:\sqmnoopt16.sqm
2007-12-31 22:36 . 2007-12-31 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 03:11 . 2007-04-18 11:12 2,854,400 --a------ C:\WINDOWS\system32\msi.dll
2007-12-30 03:11 . 2007-04-18 11:12 2,854,400 --a------ C:\WINDOWS\system32\dllcache\msi.dll
2007-12-30 03:11 . 2005-05-04 14:45 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2007-12-30 03:11 . 2005-05-04 14:45 884,736 --a------ C:\WINDOWS\system32\dllcache\msimsg.dll
2007-12-30 03:11 . 2005-05-04 14:45 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2007-12-30 03:11 . 2005-05-04 14:45 271,360 --a------ C:\WINDOWS\system32\dllcache\msihnd.dll
2007-12-30 03:11 . 2005-05-04 14:45 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2007-12-30 03:11 . 2005-05-04 14:45 78,848 --a------ C:\WINDOWS\system32\dllcache\msiexec.exe
2007-12-30 03:11 . 2005-05-04 14:45 15,360 --a------ C:\WINDOWS\system32\msisip.dll
2007-12-30 03:11 . 2005-05-04 14:45 15,360 --a------ C:\WINDOWS\system32\dllcache\msisip.dll
2007-12-29 14:09 . 2008-01-15 23:52 268 --ah----- C:\sqmdata15.sqm
2007-12-29 14:09 . 2008-01-15 23:52 244 --ah----- C:\sqmnoopt15.sqm
2007-12-29 14:05 . 2007-12-29 16:07 <DIR> d-------- C:\Program Files\McAfee
2007-12-29 14:03 . 2007-12-29 14:06 <DIR> d-------- C:\Program Files\McAfee.com
2007-12-29 14:01 . 2008-01-08 17:15 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-29 14:01 . 2008-01-08 17:15 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-29 13:59 . 2008-01-15 22:19 268 --ah----- C:\sqmdata14.sqm
2007-12-29 13:59 . 2008-01-15 22:19 244 --ah----- C:\sqmnoopt14.sqm
2007-12-29 13:38 . 2008-01-15 19:51 268 --ah----- C:\sqmdata13.sqm
2007-12-29 13:38 . 2008-01-15 19:51 244 --ah----- C:\sqmnoopt13.sqm
2007-12-29 13:20 . 2007-12-29 13:20 249 --a------ C:\Documents and Settings\Compaq_Owner\2553.bat
2007-12-29 13:19 . 2007-12-29 13:19 <DIR> d-------- C:\WINDOWS\system32\pp1
2007-12-29 13:19 . 2008-01-08 21:38 <DIR> d-------- C:\WINDOWS\system32\mr9
2007-12-29 13:19 . 2007-12-29 13:39 <DIR> d-------- C:\WINDOWS\system32\cc9
2007-12-29 13:19 . 2008-01-07 02:01 <DIR> d-------- C:\WINDOWS\system32\ardCo05
2007-12-29 13:19 . 2008-01-08 23:18 <DIR> d-------- C:\WINDOWS\system32\aj2
2007-12-29 13:19 . 2007-12-29 13:19 <DIR> d-------- C:\Temp\cEeer12
2007-12-29 13:19 . 2008-01-13 22:02 <DIR> d-------- C:\Temp
2007-12-28 23:23 . 2008-01-13 22:05 268 --ah----- C:\sqmdata12.sqm
2007-12-28 23:23 . 2008-01-13 22:05 244 --ah----- C:\sqmnoopt12.sqm
2007-12-28 19:25 . 2008-01-13 22:03 268 --ah----- C:\sqmdata11.sqm
2007-12-28 19:25 . 2008-01-13 22:03 244 --ah----- C:\sqmnoopt11.sqm
2007-12-28 18:54 . 2007-12-28 18:54 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-28 14:27 . 2008-01-13 14:43 268 --ah----- C:\sqmdata10.sqm
2007-12-28 14:27 . 2008-01-13 14:43 244 --ah----- C:\sqmnoopt10.sqm
2007-12-27 10:38 . 2008-01-12 13:53 268 --ah----- C:\sqmdata09.sqm
2007-12-27 10:38 . 2008-01-12 13:53 244 --ah----- C:\sqmnoopt09.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-07 06:41 --------- d-----w C:\Program Files\Zune
2008-01-07 06:41 --------- d-----w C:\Program Files\SusComToolbar
2008-01-07 06:40 --------- d-----w C:\Program Files\QuickTime
2008-01-07 05:42 25,214 ----a-w C:\Program Files\B.ico
2008-01-07 05:42 25,214 ----a-w C:\Program Files\A.ico
2008-01-01 16:22 --------- d-----w C:\Program Files\LimeWire
2008-01-01 07:16 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-01 07:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-01 07:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-29 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-29 04:12 --------- d-----w C:\Program Files\Musicnotes
2007-12-11 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-06 02:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-06 02:17 --------- d-----w C:\Program Files\Nancy Drew
2007-12-03 03:58 4,198 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-11-24 03:14 --------- d-----w C:\Program Files\Comcast Rhapsody
2007-11-24 01:03 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-24 01:03 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-11-21 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-21 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2005-11-16 01:19 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

Code:

<pre>
----a-w           184,320 2008-01-01 05:38:03  C:\Program Files\McAfee.com\Agent\mcupdate      .exe
----a-w           715,888 2008-01-07 05:42:07  C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather  .exe
----a-w         5,728,112 2008-01-09 12:14:03  C:\Program Files\Windows Live\Messenger\MsnMsgr                 .Exe
----a-w         6,107,648 2008-01-09 12:13:49  C:\Program Files\Windows Live\Messenger\MsnMsgr                .Exe
</pre>

((((((((((((((((((((((((((((( snapshot@2008-01-15_22.27.58.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-16 03:20:31 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-17 00:32:19 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-16 03:20:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-17 00:32:19 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-16 03:20:31 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-17 00:32:19 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-16 03:20:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-17 00:32:19 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-16 03:20:31 6,135,808 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-17 00:32:20 6,135,808 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-16 03:20:31 167,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-17 00:32:20 167,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-08 17:15 15360]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 16:19 5728112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 00:42 68856]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAGE~1.EXE" [ ]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-08 23:22 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [ ]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [2008-01-07 00:41 303104]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2008-01-07 00:41 151552]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1998-02-24 11:02:41]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S3 maa950c;maa950c;C:\WINDOWS\system32\Drivers\maa950c.sys [2005-06-16 18:11]
S3 maa950m;maa950m;C:\WINDOWS\system32\Drivers\maa950m.sys [2005-06-16 18:13]
S3 maa950u;maa950u;C:\WINDOWS\system32\Drivers\maa950u.sys [2006-09-28 14:32]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-18 11:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\k9-setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-01-17 00:38:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 19:38:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 19:40:40
ComboFix-quarantined-files.txt 2008-01-17 00:40:31
ComboFix2.txt 2008-01-16 05:04:06
ComboFix3.txt 2008-01-16 03:49:01
ComboFix4.txt 2008-01-16 03:33:10
.
2008-01-09 12:04:30 --- E O F ---

shelf life · Jan 17, 2008

hi,

ok good. iam afraid i did something wrong. do this;

Open notepad and copy/paste the text in the quote box below into it, like last time:

Code:

Renv::
C:\Program Files\McAfee.com\Agent\mcupdate      .exe    
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather  .exe
C:\Program Files\Windows Live\Messenger\MsnMsgr                 .Exe
C:\Program Files\Windows Live\Messenger\MsnMsgr                .Exe

Name the Notepad file CFScript.txt and Save it to your desktop.

now locate both the CFScript you just saved and the combofix icon. using your mouse drag the CFScript right on top of the combofix icon and release. combofix will run
your machine may reboot again. please post the new combofix log. and a new hjt log this time also please.

Abileen · Jan 21, 2008

hello
here's the new combofix log, and hjt log in a separate post because it was too long:

ComboFix 08-01-16.4 - Compaq_Owner 2008-01-21 12:18:31.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.120 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.

2008-01-16 15:09 . 2002-03-13 08:50 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2008-01-15 22:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 21:54 . 2008-01-16 19:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-08 21:54 . 2008-01-08 21:54 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-01-08 21:54 . 2008-01-08 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-08 21:53 . 2008-01-08 21:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-07 00:48 . 2008-01-08 23:24 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-02 11:45 . 2008-01-02 11:45 268 --ah----- C:\sqmdata19.sqm
2008-01-02 11:45 . 2008-01-02 11:45 244 --ah----- C:\sqmnoopt19.sqm
2008-01-02 11:44 . 2008-01-02 11:45 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-01 21:22 . 2008-01-01 21:22 268 --ah----- C:\sqmdata18.sqm
2008-01-01 21:22 . 2008-01-01 21:22 244 --ah----- C:\sqmnoopt18.sqm
2008-01-01 18:24 . 2008-01-01 18:24 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Atari
2008-01-01 14:56 . 2008-01-01 14:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 14:02 . 2008-01-01 14:02 268 --ah----- C:\sqmdata17.sqm
2008-01-01 14:02 . 2008-01-01 14:02 244 --ah----- C:\sqmnoopt17.sqm
2008-01-01 11:48 . 2008-01-01 11:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-01 11:48 . 2008-01-01 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-01 02:04 . 2008-01-01 02:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-01-01 00:25 . 2008-01-01 00:24 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-01 00:24 . 2008-01-01 00:26 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\.housecall6.6
2007-12-31 23:39 . 2007-12-31 23:39 268 --ah----- C:\sqmdata16.sqm
2007-12-31 23:39 . 2007-12-31 23:39 244 --ah----- C:\sqmnoopt16.sqm
2007-12-31 22:36 . 2007-12-31 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 03:11 . 2007-04-18 11:12 2,854,400 --a------ C:\WINDOWS\system32\msi.dll
2007-12-30 03:11 . 2007-04-18 11:12 2,854,400 --a------ C:\WINDOWS\system32\dllcache\msi.dll
2007-12-30 03:11 . 2005-05-04 14:45 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2007-12-30 03:11 . 2005-05-04 14:45 884,736 --a------ C:\WINDOWS\system32\dllcache\msimsg.dll
2007-12-30 03:11 . 2005-05-04 14:45 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2007-12-30 03:11 . 2005-05-04 14:45 271,360 --a------ C:\WINDOWS\system32\dllcache\msihnd.dll
2007-12-30 03:11 . 2005-05-04 14:45 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2007-12-30 03:11 . 2005-05-04 14:45 78,848 --a------ C:\WINDOWS\system32\dllcache\msiexec.exe
2007-12-30 03:11 . 2005-05-04 14:45 15,360 --a------ C:\WINDOWS\system32\msisip.dll
2007-12-30 03:11 . 2005-05-04 14:45 15,360 --a------ C:\WINDOWS\system32\dllcache\msisip.dll
2007-12-29 14:09 . 2008-01-15 23:52 268 --ah----- C:\sqmdata15.sqm
2007-12-29 14:09 . 2008-01-15 23:52 244 --ah----- C:\sqmnoopt15.sqm
2007-12-29 14:05 . 2007-12-29 16:07 <DIR> d-------- C:\Program Files\McAfee
2007-12-29 14:03 . 2007-12-29 14:06 <DIR> d-------- C:\Program Files\McAfee.com
2007-12-29 14:01 . 2008-01-08 17:15 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-29 14:01 . 2008-01-08 17:15 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-29 13:59 . 2008-01-15 22:19 268 --ah----- C:\sqmdata14.sqm
2007-12-29 13:59 . 2008-01-15 22:19 244 --ah----- C:\sqmnoopt14.sqm
2007-12-29 13:38 . 2008-01-15 19:51 268 --ah----- C:\sqmdata13.sqm
2007-12-29 13:38 . 2008-01-15 19:51 244 --ah----- C:\sqmnoopt13.sqm
2007-12-29 13:20 . 2007-12-29 13:20 249 --a------ C:\Documents and Settings\Compaq_Owner\2553.bat
2007-12-29 13:19 . 2007-12-29 13:19 <DIR> d-------- C:\WINDOWS\system32\pp1
2007-12-29 13:19 . 2008-01-08 21:38 <DIR> d-------- C:\WINDOWS\system32\mr9
2007-12-29 13:19 . 2007-12-29 13:39 <DIR> d-------- C:\WINDOWS\system32\cc9
2007-12-29 13:19 . 2008-01-07 02:01 <DIR> d-------- C:\WINDOWS\system32\ardCo05
2007-12-29 13:19 . 2008-01-08 23:18 <DIR> d-------- C:\WINDOWS\system32\aj2
2007-12-29 13:19 . 2007-12-29 13:19 <DIR> d-------- C:\Temp\cEeer12
2007-12-29 13:19 . 2008-01-13 22:02 <DIR> d-------- C:\Temp
2007-12-28 23:23 . 2008-01-13 22:05 268 --ah----- C:\sqmdata12.sqm
2007-12-28 23:23 . 2008-01-13 22:05 244 --ah----- C:\sqmnoopt12.sqm
2007-12-28 19:25 . 2008-01-13 22:03 268 --ah----- C:\sqmdata11.sqm
2007-12-28 19:25 . 2008-01-13 22:03 244 --ah----- C:\sqmnoopt11.sqm
2007-12-28 18:54 . 2007-12-28 18:54 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-28 14:27 . 2008-01-13 14:43 268 --ah----- C:\sqmdata10.sqm
2007-12-28 14:27 . 2008-01-13 14:43 244 --ah----- C:\sqmnoopt10.sqm
2007-12-27 10:38 . 2008-01-12 13:53 268 --ah----- C:\sqmdata09.sqm
2007-12-27 10:38 . 2008-01-12 13:53 244 --ah----- C:\sqmnoopt09.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-07 06:41 --------- d-----w C:\Program Files\Zune
2008-01-07 06:41 --------- d-----w C:\Program Files\SusComToolbar
2008-01-07 06:40 --------- d-----w C:\Program Files\QuickTime
2008-01-07 05:42 25,214 ----a-w C:\Program Files\B.ico
2008-01-07 05:42 25,214 ----a-w C:\Program Files\A.ico
2008-01-01 16:22 --------- d-----w C:\Program Files\LimeWire
2008-01-01 07:16 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-01 07:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-01 07:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-29 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-29 04:12 --------- d-----w C:\Program Files\Musicnotes
2007-12-11 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-06 02:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-06 02:17 --------- d-----w C:\Program Files\Nancy Drew
2007-12-03 03:58 4,198 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-11-24 03:14 --------- d-----w C:\Program Files\Comcast Rhapsody
2007-11-24 01:03 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-24 01:03 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-11-21 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-21 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-16 03:51 80,288 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2007-11-16 03:51 72,608 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2007-11-16 03:51 59,296 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2007-11-16 03:51 45,472 ----a-w C:\WINDOWS\system32\ZuneUsbConnection.dll
2007-11-16 03:51 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2007-11-16 03:51 155,552 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2006-08-10 01:22 15,221,934 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_08_09_16_25_13.dmp.zip
2006-08-09 20:23 10,445,680 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_08_09_16_20_34.dmp.zip
2006-07-31 22:25 15,274,219 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_07_31_00_03_11.dmp.zip
2006-07-28 01:10 13,011,213 -c--a-w C:\WINDOWS\Internet Logs\ca_2nd_2006_07_27_21_04_33.dmp.zip
2006-07-28 01:02 15,173,360 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_07_27_20_56_28.dmp.zip
2006-07-28 00:51 15,129,214 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_07_27_10_01_09.dmp.zip
2006-07-27 10:59 16,847,060 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_07_26_16_10_53.dmp.zip
2006-07-26 19:56 10,419,633 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_07_26_15_48_34.dmp.zip
2006-06-24 18:59 15,142,903 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_06_24_13_50_16.dmp.zip
2006-06-24 18:25 15,128,347 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_06_24_13_46_23.dmp.zip
2006-06-24 17:53 15,111,563 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_06_24_13_46_22.dmp.zip
2006-06-20 00:44 15,171,500 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_06_19_20_24_44.dmp.zip
2006-06-13 20:59 15,773,418 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_06_06_10_52_15.dmp.zip
2006-03-21 03:08 10,448,133 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_03_18_23_02_14.dmp.zip
2006-03-19 04:23 15,185,187 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_03_18_23_01_50.dmp.zip
2006-03-19 04:01 15,495,878 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_03_18_22_49_23.dmp.zip
2005-12-20 21:22 14,731,062 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_17_13_49_06.dmp.zip
2005-12-17 18:48 14,706,767 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_17_13_37_07.dmp.zip
2005-12-17 18:40 14,735,675 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_17_13_18_41.dmp.zip
2005-12-17 18:35 14,729,289 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_17_13_18_36.dmp.zip
2005-12-14 01:48 15,204,734 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_13_20_28_51.dmp.zip
2005-12-14 01:31 14,695,514 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_13_20_28_46.dmp.zip
2005-11-16 01:19 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-15_22.27.58.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-16 03:20:31 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-21 17:18:02 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-16 03:20:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-21 17:18:02 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-16 03:20:31 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-21 17:18:02 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-16 03:20:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-21 17:18:02 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-16 03:20:31 6,135,808 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-21 17:18:02 6,135,808 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-16 03:20:31 167,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-21 17:18:02 167,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-08 17:15 15360]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-09 07:13 6107648]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 00:42 68856]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAGE~1.EXE" [ ]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-08 23:22 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2008-01-01 00:38 184320]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [2008-01-07 00:41 303104]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2008-01-07 00:41 151552]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1998-02-24 11:02:41]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S3 maa950c;maa950c;C:\WINDOWS\system32\Drivers\maa950c.sys [2005-06-16 18:11]
S3 maa950m;maa950m;C:\WINDOWS\system32\Drivers\maa950m.sys [2005-06-16 18:13]
S3 maa950u;maa950u;C:\WINDOWS\system32\Drivers\maa950u.sys [2006-09-28 14:32]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-18 11:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\k9-setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 17:21:26 C:\WINDOWS\Tasks\McAfee.com Update Check (YOUR-27E1513D96-Compaq_Owner).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- c:\PROGRA~1\mcafee.com\agent
"2008-01-21 17:23:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 12:24:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 12:26:12
ComboFix-quarantined-files.txt 2008-01-21 17:26:02
ComboFix2.txt 2008-01-17 00:40:41
ComboFix3.txt 2008-01-16 05:04:06
ComboFix4.txt 2008-01-16 03:49:01
ComboFix5.txt 2008-01-16 03:33:10
.
2008-01-09 12:04:30 --- E O F ---

Abileen · Jan 21, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27, on 2008-01-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://localsrv.net/upd.php?u=162&i=0&uid=kebjkwrA162
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAGE~1.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: CaSup.lnk = C:\hp\region\CustAtStartUp.wsf
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168893609062
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7933 bytes

shelf life · Jan 21, 2008

hi,

its been awhile log looks ok. hows it looking on your end? have you done a scan with superantispyware and/or spybot recently? any pop ups etc?

shelf life

Abileen · Jan 22, 2008

hey, yea everything is looking good here! no more pop ups and the computer is running just fine! i've learned my lesson, no more limewire for me. thank you so so much for your help shelf life!!

so should i do anything else?
thanks again!

computer is running slow, pop ups, help!!

New member

New member

New member

Emeritus

New member

Emeritus

New member

Emeritus

New member

Emeritus

Emeritus

New member

New member

Emeritus

New member

Emeritus

New member

New member

Emeritus

New member