i think im infected

lovely7157 · Aug 10, 2007

i followed the procedures posted in the forum. I had outerinfo but i still think im infected

tashi · Aug 10, 2007

Hello.

I am not sure which procedure you followed, are you requesting assistance in removing a malware infection?

If you attach a zip please say what it contains, thanks.

lovely7157 · Aug 10, 2007

sorry

I had outerinfo downloaded when i downloaded firefox. then i had all these bad things happening to my computer, so i followed the purity scan and it was gone but i think im still infected. so i did a combofix and this is my log of my computer, i just dont understand it.

Download and run the following PurityScan uninstaller from on of the two below links:

PurityScan Uninstaller Link 1

PurityScan Uninstaller Link 2

1. Save the Uninstaller to your desktop.
2. Double click on the OiUninstaller.exe icon on your desktop.
3. Click on
Run
.
4. Enter the four digit code that is displayed and click on
Uninstall
.
5. Click on
Ok
and reboot your computer.

For more explicit instructions with snapshots of some windows from the uninstall tool, see the below link:

OuterInfo Uninstaller Snapshots

1. Download this file -
combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your
next reply with a fresh hjt log.

tashi · Aug 10, 2007

Hi there.

Please follow the procedure in this link:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Then start your own thread in the Malware Removal Forum

A helper will advise you when available. Regards.

lovely7157 · Aug 10, 2007

zip file containing my computer files

ComboFix 07-08-09.3 - "" 2007-08-10 1:34:10.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.56 [GMT -5:00]
(((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\clsid\{3ADB238F-CB1C-4966-A0B5-9331302CC4E8}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{3ADB238F-CB1C-4966-A0B5-9331302CC4E8}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{3ADB238F-CB1C-4966-A0B5-9331302CC4E8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{C422D922-A53E-4A99-8E05-70ACFB19E66D}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\clsid\{C422D922-A53E-4A99-8E05-70ACFB19E66D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{C422D922-A53E-4A99-8E05-70ACFB19E66D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{586A7810-9B84-42E1-AC64-E71672665467}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\clsid\{586A7810-9B84-42E1-AC64-E71672665467}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{586A7810-9B84-42E1-AC64-E71672665467}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{F2674B4F-4F13-4CF1-9968-C4FC8986E570}]
@=""
[HKEY_CLASSES_ROOT\clsid\{F2674B4F-4F13-4CF1-9968-C4FC8986E570}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{F2674B4F-4F13-4CF1-9968-C4FC8986E570}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""
[HKEY_CLASSES_ROOT\clsid\{33B990FE-5B57-4729-9F86-C886E2738832}]
@=""
"IDEx"="AD"
[HKEY_CLASSES_ROOT\clsid\{33B990FE-5B57-4729-9F86-C886E2738832}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{33B990FE-5B57-4729-9F86-C886E2738832}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{6C67AA60-7865-49B0-9E00-9A56AEF5CA87}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\clsid\{6C67AA60-7865-49B0-9E00-9A56AEF5CA87}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{6C67AA60-7865-49B0-9E00-9A56AEF5CA87}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{4FD98BB5-13B7-4BAD-81BD-3D7991DA1318}]
@=""

[HKEY_CLASSES_ROOT\clsid\{4FD98BB5-13B7-4BAD-81BD-3D7991DA1318}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{4FD98BB5-13B7-4BAD-81BD-3D7991DA1318}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Granting SeDebugPrivilege to Administrators ... successful
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Amjad\APPLIC~1.\crosof~1.net
C:\DOCUME~1\Amjad\Desktop.\Find Spyware Remover.lnk
C:\DOCUME~1\Amjad\Desktop.\Go to Casino.lnk
C:\DOCUME~1\Amjad\STARTM~1\Programs.\System Live Protect
C:\DOCUME~1\Amjad\STARTM~1\Programs.\System Live Protect\System Live Protect Web site.url
C:\DOCUME~1\Amjad\STARTM~1\Programs.\System Live Protect\System Live Protect.lnk
C:\DOCUME~1\Amjad\STARTM~1\Programs.\System Live Protect\Uninstall.lnk
C:\DOCUME~1\Amjad\STARTM~1\Programs\System Live Protect\System Live Protect Web site.url
C:\DOCUME~1\Amjad\STARTM~1\Programs\System Live Protect\System Live Protect.lnk
C:\DOCUME~1\Amjad\STARTM~1\Programs\System Live Protect\Uninstall.lnk
C:\DOCUME~1\Ruia\APPLIC~1\Sskcwrd.dll
C:\DOCUME~1\Ruia\APPLIC~1\Sskdmns.dll
C:\DOCUME~1\Ruia\APPLIC~1\Sskknwrd.dll
C:\DOCUME~1\Ruia\APPLIC~1\Sskuknwrd.dll
C:\Program Files\Common Files\{8C634~1
C:\Program Files\Common Files\{8C634~1\system.dll
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\smante~1
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Common Files\ymbols~1
C:\Program Files\LiveProtect
C:\Program Files\LiveProtect\config.ini
C:\Program Files\LiveProtect\LiveProtect.exe
C:\Program Files\LiveProtect\SR.ini
C:\Program Files\LiveProtect\uninstall.exe
C:\Program Files\LiveProtect\VDB.DAT
C:\Program Files\LiveProtect\VDB2.DAT
C:\Program Files\LiveProtect\VDB3.DAT
C:\Program Files\LiveProtect\VDB4.DAT
C:\Program Files\LiveProtect\VDB5.DAT
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\winupdate
C:\Program Files\winupdates
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\inetloader.dll
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\ahjstwen.exe
C:\WINDOWS\system32\alt.exe.exe
C:\WINDOWS\system32\aqfedxcr.dll
C:\WINDOWS\system32\arsvsjpw.ini
C:\WINDOWS\system32\asembl~1
C:\WINDOWS\system32\asembl~1\a?sembly\
C:\WINDOWS\system32\avicap32b.dll
C:\WINDOWS\system32\awtqoon.dll
C:\WINDOWS\system32\bcmnucdw.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\bxclbefs.exe
C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\ccvfddss.exe
C:\WINDOWS\system32\cgonguot.dll
C:\WINDOWS\system32\clqrjxbw.exe
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\cqkuhmhc.dll
C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.bak2
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dcbeg.ini2
C:\WINDOWS\system32\dcbeg.tmp
C:\WINDOWS\system32\dosqcmit.dll
C:\WINDOWS\system32\drxxxxqc.dll
C:\WINDOWS\system32\dyrnrbqp.dll
C:\WINDOWS\system32\eegapsie.dll
C:\WINDOWS\system32\egqmtuct.dll
C:\WINDOWS\system32\eispagee.ini
C:\WINDOWS\system32\enqjbbhq.dll
C:\WINDOWS\system32\eudyetjh.dll
C:\WINDOWS\system32\expryvto.exe
C:\WINDOWS\system32\frillwbj.dll
C:\WINDOWS\system32\fwlkmpsr.exe
C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\glgoqpqu.dll
C:\WINDOWS\system32\grktdvxk.exe
C:\WINDOWS\system32\gtlnsiiy.dll
C:\WINDOWS\system32\hggfdaa.dll
C:\WINDOWS\system32\hjteydue.ini
C:\WINDOWS\system32\hlpsrv.exe
C:\WINDOWS\system32\ilotsgrn.dll
C:\WINDOWS\system32\inmwunyh.exe
C:\WINDOWS\system32\ipv6monl.dll
C:\WINDOWS\system32\j6281934.dll
C:\WINDOWS\system32\jfeyerds.exe
C:\WINDOWS\system32\jfykhnrn.exe
C:\WINDOWS\system32\jsebypmh.exe
C:\WINDOWS\system32\jtrkeklo.exe
C:\WINDOWS\system32\jtymtnbo.exe
C:\WINDOWS\system32\kadxodjm.dll
C:\WINDOWS\system32\khwkbspk.ini
C:\WINDOWS\system32\kibrxjlh.dll
C:\WINDOWS\system32\klrefgal.exe
C:\WINDOWS\system32\kpsbkwhk.dll
C:\WINDOWS\system32\krmhllkx.exe
C:\WINDOWS\system32\lbomoyru.dll
C:\WINDOWS\system32\lflyrtqs.dll
C:\WINDOWS\system32\ljjifeb.dll
C:\WINDOWS\system32\ljjigfg.dll
C:\WINDOWS\system32\mjdoxdak.ini
C:\WINDOWS\system32\mkgaojds.ini
C:\WINDOWS\system32\mljgefc.dll
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mlxulkcp.exe
C:\WINDOWS\system32\mmciqjnv.dll
C:\WINDOWS\system32\motuhbtk.dll
C:\WINDOWS\system32\mqocsopo.exe
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\nimfkeiu.dll
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\otybssdp.exe
C:\WINDOWS\system32\owbapaji.dll
C:\WINDOWS\system32\pee.exe.exe
C:\WINDOWS\system32\pgsctjwl.exe
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\pmnlmlk.dll
C:\WINDOWS\system32\pmnmnll.dll
C:\WINDOWS\system32\pqbrnryd.ini
C:\WINDOWS\system32\qomjkih.dll
C:\WINDOWS\system32\qqsayjpw.dll
C:\WINDOWS\system32\qsiwobyl.exe
C:\WINDOWS\system32\qvfqoxam.exe
C:\WINDOWS\system32\qvgmxetv.exe
C:\WINDOWS\system32\reeigxqw.dll
C:\WINDOWS\system32\riurdwya.exe
C:\WINDOWS\system32\rlvjwiqh.exe
C:\WINDOWS\system32\rndpchss.dll
C:\WINDOWS\system32\rqrrpol.dll
C:\WINDOWS\system32\rsdklcca.dll
C:\WINDOWS\system32\rxyyphyc.exe
C:\WINDOWS\system32\sdjoagkm.dll
C:\WINDOWS\system32\skrejlhy.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\syswin.exe
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\telogqgj.exe
C:\WINDOWS\system32\tmegldrk.exe
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\udexacpw.exe
C:\WINDOWS\system32\uiekfmin.ini
C:\WINDOWS\system32\uqdxofva.dll
C:\WINDOWS\system32\uvqmoylu.dll
C:\WINDOWS\system32\vsl05.exe
C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\wemdipnd.exe
C:\WINDOWS\system32\wfjcvwiq.dll
C:\WINDOWS\system32\wincom32.sys
C:\WINDOWS\system32\windev-4d69-ccf.sys
C:\WINDOWS\system32\windev-peers.ini
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\winsys64.exe
C:\WINDOWS\system32\wnsintsv.exe
C:\WINDOWS\system32\wpjsvsra.dll
C:\WINDOWS\system32\wpjyasqq.ini
C:\WINDOWS\system32\xdknbkxi.exe
C:\WINDOWS\system32\xgehvmyu.exe
C:\WINDOWS\system32\xjqkcfho.exe
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\system32\xxyaaxw.dll
C:\WINDOWS\system32\xxyxxxu.dll
C:\WINDOWS\system32\yhdwbwyn.dll
C:\WINDOWS\system32\yiisnltg.ini
C:\WINDOWS\system32\yotcmljl.exe
C:\WINDOWS\system32\ypjrrbks.exe
C:\WINDOWS\system32\yrbkemfi.exe
C:\WINDOWS\system32\yygcwrja.exe

((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))
2007-08-10 01:30 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 17:12 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-09 17:12 <DIR> d-------- C:\DOCUME~1\Amjad\APPLIC~1\SUPERAntiSpyware.com
2007-08-09 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-09 17:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-09 16:51 <DIR> d-------- C:\b889551bbc0cb5f787
2007-08-09 16:48 75,284 --a------ C:\WINDOWS\system32\ngcgcydx.exe
2007-08-09 16:21 <DIR> d-------- C:\Program Files\CCleaner
2007-08-09 16:10 75,284 --a------ C:\WINDOWS\system32\ikmpcxeq.exe
2007-08-04 11:35 70,252 --a------ C:\Program Files\setup.exe
2007-08-03 21:10 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-03 21:10 <DIR> d-------- C:\DOCUME~1\Ruia\APPLIC~1\PileScrBeep
2007-07-11 00:45 93,696 --a------ C:\WINDOWS\system32\drvnot.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-15 06:28 --------- d-------- C:\DOCUME~1\Amjad\APPLIC~1\uTorrent
2007-07-10 23:03 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-10 17:11 17260 --a------ C:\WINDOWS\system32\tablet.dat
2007-06-23 15:37 359808 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2007-06-23 15:37 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-06-20 23:46 --------- d-------- C:\DOCUME~1\Amjad\APPLIC~1\Real
2007-06-13 15:24 754808 --a--c--- C:\WINDOWS\system32\LiveProtectSetup.exe
2007-06-13 15:22 86744 --a--c--- C:\WINDOWS\system32\hh.dll
2007-06-13 15:22 86744 --a--c--- C:\WINDOWS\system32\diantz.dll
2007-06-13 15:22 86744 --a--c--- C:\WINDOWS\system32\autoconv.dll
2007-06-13 15:22 86744 --a------ C:\WINDOWS\system32\jetcomp.dll
2007-06-13 15:21 86744 --a--c--- C:\WINDOWS\system32\wmpstub.dll
2007-06-13 15:21 86744 --a--c--- C:\WINDOWS\system32\tsshutdn.dll
2007-06-13 12:45 86744 --a--c--- C:\WINDOWS\system32\find.dll
2007-06-13 12:44 86744 --a--c--- C:\WINDOWS\system32\runonce.dll
2007-06-13 12:42 86744 --a--c--- C:\WINDOWS\system32\redir.dll
2007-06-13 12:42 86744 --a--c--- C:\WINDOWS\system32\netsh.dll
2007-06-13 12:42 86744 --a--c--- C:\WINDOWS\system32\msswchx.dll
2007-06-13 12:41 86744 --a--c--- C:\WINDOWS\system32\cmdl32.dll
2007-06-10 06:20 44338 --a--c--- C:\WINDOWS\system32\co.dll
2007-06-10 06:18 44338 --a--c--- C:\WINDOWS\system32\cimm.dll
2007-06-06 20:27 134354 --a--c--- C:\WINDOWS\system32\alt.exe
2007-06-05 12:45 21504 --a------ C:\WINDOWS\system32\asferrorb.dll
2007-06-04 12:19 21504 --a--c--- C:\WINDOWS\system32\batta.dll
2007-06-03 10:45 21504 --a--c--- C:\WINDOWS\system32\ati2dvags.dll
2007-05-31 23:38 22016 --a------ C:\WINDOWS\system32\mscoriezb.dll
2007-05-31 23:38 21504 --a--c--- C:\WINDOWS\system32\avicapv.dll
2007-05-16 10:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-10-11 11:12 8224 --a--c--- C:\DOCUME~1\Amjad\APPLIC~1\GDIPFONTCACHEV1.DAT
2006-09-11 13:40 2216 --a--c--- C:\DOCUME~1\Amjad\APPLIC~1\ViewerApp.dat
2005-10-06 15:17 280576 --a--c--- C:\WINDOWS\inf\WG311v3\WG311v3XP.sys
2005-10-06 15:17 280576 --a--c--- C:\WINDOWS\inf\WG311v3\WG311v3.sys
2005-03-01 11:16 212992 --a--c--- C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe
2004-03-01 17:55 561179 --a--c--- C:\WINDOWS\msapps\DAO\DAO360.DLL
2005-03-16 17:30:06 220 -csh--w C:\WINDOWS\dwin.sys
2004-08-04 07:56:49 2,490,368 -csha-r C:\WINDOWS\system32\utptaz.exe~

Reg Loading Points
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1102890156\ee\AOLSoftware.exe" [2006-09-25 19:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-03-13 12:34]
"AOL Fast Start"="C:\PROGRA~1\AMERIC~1.0\AOL.exe" [2005-07-12 00:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Update Machine"=utptaz.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebabxw]
gebabxw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcd]
C:\WINDOWS\system32\gebcd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopa32]
winopa32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Amjad^Start Menu^Programs^Startup^FontHit Font Tools.lnk]
backup=C:\WINDOWS\pss\FontHit Font Tools.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
rundll32.exe "C:\WINDOWS\system32\nimfkeiu.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cjoef3a2]
RUNDLL32.EXE w127e263.dll,n 002ef3a000000003127e263

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j6281934]
rundll32 C:\WINDOWS\system32\j6281934.dll sook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFEXE]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Multi-Media Keyboard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Photoshop Design Messenger]
C:\WINDOWS\Photoshop Design Messenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tutorials Training Messenger]
C:\WINDOWS\Tutorials Training Messenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vbefl]
C:\WINDOWS\system32\amsmke.exe reg_run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w280698b.dll]
RUNDLL32.EXE w280698b.dll,I2 002ef3a00280698b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yewejc]
C:\WINDOWS\system32\amsmke.exe reg_run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#*L"h'þ9Óœð3rÅWC:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#*L"h'þ9Óœð3rÅWC:\Program Files]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#*L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#*L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"TabletService"=2 (0x2)
"Spooler"=2 (0x2)
"MpfService"=2 (0x2)
"mcupdmgr.exe"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
R0 PenClass;Pen Class;C:\WINDOWS\system32\drivers\PenClass.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 MPFIREWL;MPFIREWL;C:\WINDOWS\system32\Drivers\MpFirewall.sys
R1 pwd_2K;pwd_2K;C:\WINDOWS\system32\drivers\pwd_2K.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver;C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
R3 W8335XP;NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335);C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 IPFilter;Microsoft IntelliPoint Features driver;C:\WINDOWS\system32\DRIVERS\IPFilter.sys
Contents of the 'Scheduled Tasks' folder
2007-08-10 01:00:00 C:\WINDOWS\Tasks\7CC7590686BD8FD2.job - c:\docume~1\ruia\applic~1\pilesc~1\toolcorndvd.exe
2007-08-10 01:00:00 C:\WINDOWS\Tasks\B4E189EE942A350A.job - c:\docume~1\amjad\applic~1\pilesc~1\toolcorndvd.exe
2007-08-05 06:08:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
2007-04-27 06:08:58 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

tashi · Aug 11, 2007

Hello.

Please follow the instructions in the links as provided and post in the Malware Removal Forum

tashi said:
Hi there.

Please follow the procedure in this link:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Then start your own thread in the Malware Removal Forum

A helper will advise you when available. Regards.

Thank you.

i think im infected

lovely7157

New member

tashi

Member of Team Spybot

lovely7157

New member

tashi

Member of Team Spybot

lovely7157

New member

tashi

Member of Team Spybot