I HAVE THE TROJ_VUNDO.BMF virus and cant get rid of it. the antivirus programs i've used dont work a help would be appreciated! :S
blowmaster95 0 Newbie Poster
digitalocksmith 52 Posting Whiz in Training
Download a copy of HijackThis and save it to your desktop in a folder.
Do a scan and save the HijackThis logfile. Do not remove anything.
Post your log file here. Link to HijackThis:
http://www.majorgeeks.com/Trend_Micro_HijackThis_d5554.html
Regards
blowmaster95 0 Newbie Poster
thank you so much for helping me!! here's my logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:22 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\mrofinu1188.exe
C:\Program Files\AntiSpywareMaster\asm.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Svconr\Svconr.exe
C:\Documents and Settings\kymi\Application Data\Microsoft\Windows\qhxktm.exe
C:\Program Files\s?mbols\w?wexec.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.thepickapp.com/search.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {36250995-542A-4CFE-941D-4C5679932CFD} - C:\WINDOWS\system32\awturRhE.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C7FD39A8-816D-A0C6-139A-D78F07252BC7} - C:\WINDOWS\system32\kutyjkm.dll (file missing)
O2 - BHO: (no name) - {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - C:\WINDOWS\system32\jkkKeDVm.dll
O2 - BHO: {47ca907b-556d-f5ab-4714-7e6b2e3d518f} - {f815d3e2-b6e7-4174-ba5f-d655b709ac74} - C:\WINDOWS\system32\eelwhwjy.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKLM\..\Run: [c8c80cd5] rundll32.exe "C:\WINDOWS\system32\kdombvba.dll",b
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\kymi\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\kymi\Application Data\Microsoft\Windows\qhxktm.exe
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\kymi\MYDOCU~1\PPPATC~1\smss.exe" -vt yazb
O4 - HKCU\..\Run: [Qljf] "C:\Program Files\s?mbols\w?wexec.exe"
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm238YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.bnet.com
O15 - Trusted Zone: *.com.com
O15 - Trusted Zone: *.https
O15 - Trusted Zone: *.zdnet.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Word%20Slinger/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A0429F-9229-41C2-B22A-F9065F00E565}: NameServer = 24.25.227.55,24.25.227.56,66.75.168.63
O20 - Winlogon Notify: jkkKeDVm - C:\WINDOWS\SYSTEM32\jkkKeDVm.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 13407 bytes
digitalocksmith 52 Posting Whiz in Training
Yes I now see your dilemma!
The nasties have been sitting on your system32 couch watching TV and helping themselves to your fridge!
Your in bad shape and we need to try and evict these fella's before its too late, lets hope we can bring your system back!
Edit: From what i can tell, these nasties have developed from infected emails that you have opened.
You need to seriously consider your email security procedure and use a virus scanner that includes an email scanning engine. You are using Avast (free edition) yes? Condider upgrading to the Pro version which will include this scanning engine.
Print out or copy this page to Notepad since you will CAN NOT have any of browsers open while you are fixing this (including the browser you are viewing this through) and try to follow it as closely as possible taking it STEP by STEP.
Update your Avast Antivirus program,
Download Spybot Search and Destroy install it and UPDATE the program (Don’t run it yet).
http://www.safer-networking.org/en/mirrors/index.html
Download VundoFix.exe to your desktop. Ignore the AntiVirus warnings and download it anyway because you need to run it.... Wait on installation and running.
http://www.atribune.org/ccount/click.php?id=4
Download CleanUp and install it. Wait on installation and running.
http://www.stevengould.org/downloads/cleanup/CleanUp452.exe
Download following program CWSHREDDER. Wait on installation and running
http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe
Download About:Buster and save it to your desktop. When it has finished downloading, unzip the folder to your desktop as well. You should now be left with an aboutbuster folder on your desktop.Wait on installation and running.
http://www.malwarebytes.org/AboutBuster.zip
I would also recommentd that you download CCleaner. It is a great little program that I use every time I close my browser to get rid of temporary files. I usually just run the cleaner part every time I'm done with the browser.During the install there will be check marks for checking for updates which you should do.....Dont install the toolbars unless you want them so you can uncheck these boxes.
It is a very safe program and it is free.(CCleaner Quick Setup: Go to > Options > Advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours" as this will help in cleaning malware that may be hiding in your temp files etc)
_______________________________________________________________________
Now make sure no OS files are hidden.
To do this:
For XP go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
For Vista go to the Control Panel->Appearance and Personalization
Under the Folder Options, click Show Hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.
You may change the above options back after your log is clean.
Turn off system restore.
Steps to turn off System Restore for XP
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
After a few moments, the System Properties dialog box closes.
Steps to turn off System Restore for Vista:
1. Control Panel -> System Maintenance -> Back Up and Restore Center
2. On the right column, click on "create a restore point or change settings" (this requires administrator's password if set)
3. Uncheck all drives.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
After a few moments, the System Properties dialog box closes.
Do all steps below in safe mode except for at the end when you generate a new HiJackThis log
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (Repeatedly).
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
Please right click the HiJackThis.exe file that you run to do a scan, and rename it to Digitalfix.exe. Run Digitalfix.exe and click "Scan". Place checks next to the following entries if still present in the code and close all browser and other windows except for HijackThis, and click "Fix Checked". (We rename the HiJackThis executable because some forms of malware are capable of hiding themselves when they see it).
C:\Documents and Settings\kymi\Application Data\Microsoft\Windows\qhxktm.exe
C:\Program Files\s?mbols\w?wexec.exe
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {36250995-542A-4CFE-941D-4C5679932CFD} - C:\WINDOWS\system32\awturRhE.dll
O2 - BHO: (no name) - {C7FD39A8-816D-A0C6-139A-D78F07252BC7} - C:\WINDOWS\system32\kutyjkm.dll (file missing)
O2 - BHO: (no name) - {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - C:\WINDOWS\system32\jkkKeDVm.dll
O2 - BHO: {47ca907b-556d-f5ab-4714-7e6b2e3d518f} - {f815d3e2-b6e7-4174-ba5f-d655b709ac74} - C:\WINDOWS\system32\eelwhwjy.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKLM\..\Run: [c8c80cd5] rundll32.exe "C:\WINDOWS\system32\kdombvba.dll",b
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU..Run: [JavaCore] C:Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\kymi\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\kymi\Application Data\Microsoft\Windows\qhxktm.exe
O4 - HKCU\..\Run: [Qljf] "C:\Program Files\s?mbols\w?wexec.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm238YYUS
O15 - Trusted Zone: *.bnet.com
O15 - Trusted Zone: *.com.com
O15 - Trusted Zone: *.https
O15 - Trusted Zone: *.zdnet.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Word%20Slinger/Images/armhelper.ocx
Run your Antivirus and do a full scan.....Remember this is all in safe mode.
Run Spybot Search and Destroy and do a full scan remember this is all in safe mode.
Open Cleanup by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Only Check the following for now:
-Empty Recycle Bins
-Delete Cookies
-Delete Prefetch Files
-Clean up All Users
*Uncheck the following:
-Delete Newsgroup cache
-Delete Newsgroup Subscriptions
*Press the Temporary Files Tab and check.
-Scan drives for files matching
Click OK
Press the CleanUp button to start the program. Reboot/logoff when prompted.
Note: CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup or MOVE THEM out of the Temp folder before running CleanUp
If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.
Install and run CWSHREDDER
Close all browser windows, open cwshredder.exe then click "Fix" and let it run.
Double-click on the AbouBuster.exe icon.
Click Begin scan. Close when completed.
It is advised that you run the AboutBuster twice in a row to make sure you get all the infections.
_____________________________________________________________
NOTE For AboutBuster: If you recieve the error"Run-time error '339': Component 'comctl32.ocx' or one of its dependencies not correctly registered: a file is missing or invalid".
Download and run this file http://www.spywareinfo.com/downloads/tools...ngfilesetup.exe
_____________________________________________________________
Double-click VundoFix.exe to run it(Do this a few times until nothing shows up)
Then install CCleaner but note it installs the Yahoo Toolbar as an option which IS check marked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option.
Before first use, select Options > Advanced and UNCHECK 'Only delete files in Windows Temp folder older than 48 hours'
Then select the items you wish to clean up.
In the Windows Tab:
* Clean all entries in the "Internet Explorer" section except Cookies.
* Clean all the entries in the "Windows Explorer" section.
* Clean all entries in the "System" section.
* Clean all entries in the "Advanced" section.
* Clean any others that you choose.
In the Applications Tab:
* Clean all except cookies in the Firefox/Mozilla section if you use it.
* Clean all in the Opera section if you use it.
* Clean Sun Java in the Internet Section.
* Clean any others that you choose.
Click the "Run Cleaner" button.
A pop-up box will appear advising this process will permanently delete files from your system.
Click "OK" and it will scan and clean your system.
Click the "Issues" button.
Click the "Scan For Issues" button.
Click the "Fix Selected Issues" button.
Click the "Fix All Selected Issues" button.
Click "OK"
Click "Close" when done.
REBOOT in normal mode and turn on System Restore.
Steps to turn on System Restore For XP:
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to clear the Turn off System Restore check box. Or, click the Turn off System Restore on all drives check box.
4. Click OK.
After a few moments, the System Properties dialog box closes.
To create a new restore point, click on Start – All Programs – Accessories – System Tools and then select System Restore.
In the System Restore wizard, select Create a restore point and click the Next button.
Type a name for your new restore point then click on Create.
To create a Restore point for Vista:
1.Control Panel – System Maintenance – Back Up and Restore Center. On the right column, click on "Create A Restore Point Or Change Settings" (This requires Administrator's password if set.) Put a check on the drive your OS is on. Then click on the Create button. Type in a name and then click OK.
Do another scan with Digitalfix.exe in normal windows mode and post your new log file here for final verification. Make sure it is a new log file.
Also let us know how the systems overall condition is now.
blowmaster95 0 Newbie Poster
hello its me again i dont know if it makes a difference or not but the antivirus program that i have is systemsuite8 pro edition not avanquest. and another thing when i try to enable the e-mail scan and firewall it doesnt do anything. and as for the avanquest program i ereased that i dont know why its showing up. should i do that hijackthis thing again? please get back to me soon. right now im only able to get on the web because im in safe mode with networking. otherwise if i run it in normal mode itsw impossible for me to do anything. heres my newe logfile for the hijackthis thing:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:46 PM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avanquest\SystemSuite\SSuite.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.thepickapp.com/search.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [c8c80cd5] rundll32.exe "C:\WINDOWS\system32\kdombvba.dll",b
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic 7\SystemGuardAlerter.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\kymi\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\kymi\Application Data\Microsoft\Windows\qhxktm.exe
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\kymi\MYDOCU~1\PPPATC~1\smss.exe" -vt yazb
O4 - HKCU\..\Run: [Qljf] "C:\Program Files\s?mbols\w?wexec.exe"
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm238YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.bnet.com
O15 - Trusted Zone: *.com.com
O15 - Trusted Zone: *.https
O15 - Trusted Zone: *.zdnet.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Word%20Slinger/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A0429F-9229-41C2-B22A-F9065F00E565}: NameServer = 24.25.227.55,24.25.227.56,66.75.168.63
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8921 bytes
digitalocksmith 52 Posting Whiz in Training
I dont see any evidence of systemsuite8 pro edition running on your computer.
Your log still lists Avast as the active scanner???
You should only install and run one Antivirus program or your computer will experience software script confliction and neither will work effectively.
Dont worry too much about it at this stage and just continue on with the Avast updates!
The infections may have inhibited your new installation
Please follow the instructions given.
According to your new log, none of the given instructions have been followed correctly as you have not done the full clean in safe mode only, nor have you renamed the HJT.exe.
If you cant access normal mode, download all the files needed in safe mode with networking, then reboot to safe mode only to carry out the cleaning procedure!
Go over the instructions again (following them as closely as possible) and post me a NEW log please!
Regards
blowmaster95 0 Newbie Poster
hello again. well i tried to follow your directions as closely as i could however my computer keeps telling me i have that trojan virus. my computer did get a lot better though at least i can access in normal mode w/out everything freezing up. i went out and bought a better antivirus program called kapersky internet security and im trying to install it but my computer keeps telling me that the administrator doesnt allow me to but im the admin. how do i fix this? i want to unistall the other antivirus programs but when i go to control panel those programs arent even on the list and a lot of other programs are missing from the list too i mean alot is that how its supposed to be? and here is my new log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:25 AM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\KIS7EN.EXE
C:\Documents and Settings\kymi\Local Settings\Temporary Internet Files\Content.IE5\EDIIXJWM\IE7-WindowsXP-x86-enu[1].exe
c:\eeafaa49036daf4d5d39cb1c5031bc\update\iesetup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061115
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.thepickapp.com/search.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic 7\SystemGuardAlerter.exe
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210076979500
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A0429F-9229-41C2-B22A-F9065F00E565}: NameServer = 24.25.227.55,24.25.227.56,66.75.168.63
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 7739 bytes
blowmaster95 0 Newbie Poster
i know im probably becoming a pest to you, if i am, im sorry. here is my new hijackthis logfile and can you tell me why there are alot of my programs that are missing?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:31 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.thepickapp.com/search.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic 7\SystemGuardAlerter.exe
O4 - HKLM\..\Run: [c8c80cd5] rundll32.exe "C:\WINDOWS\system32\lmoaiuec.dll",b
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [BMcbfb3f49] Rundll32.exe "C:\WINDOWS\system32\hoivotpv.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA5750] command /c del "C:\Documents and Settings\kymi\Start Menu\Programs\Outerinfo\Terms.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5717] cmd /c del "C:\Documents and Settings\kymi\Start Menu\Programs\Outerinfo\Terms.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA362] command /c del "C:\Documents and Settings\kymi\Start Menu\Programs\Outerinfo\Uninstall.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5659] cmd /c del "C:\Documents and Settings\kymi\Start Menu\Programs\Outerinfo\Uninstall.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8256] command /c del "C:\Program Files\Outerinfo\FF\install.rdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2536] cmd /c del "C:\Program Files\Outerinfo\FF\install.rdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA123] command /c del "C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC975] cmd /c del "C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB649] command /c del "C:\Documents and Settings\kymi\Start Menu\Programs\Outerinfo\Terms.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2264] cmd /c del "C:\Documents and Settings\kymi\Start Menu\Programs\Outerinfo\Terms.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2689] command /c del "C:\Documents and Settings\kymi\Start Menu\Programs\Outerinfo\Uninstall.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7355] cmd /c del "C:\Documents and Settings\kymi\Start Menu\Programs\Outerinfo\Uninstall.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3992] command /c del "C:\Program Files\Outerinfo\FF\install.rdf"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2120] cmd /c del "C:\Program Files\Outerinfo\FF\install.rdf"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4285] command /c del "C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7615] cmd /c del "C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1210080521546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210076979500
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A0429F-9229-41C2-B22A-F9065F00E565}: NameServer = 24.25.227.55,24.25.227.56,66.75.168.63
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9690 bytes
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Because you are running in safe mode.
Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Make sure that you restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Post new HJT log.
blowmaster95 0 Newbie Poster
:?: thank you for helping me that program got rid of alot of my viruses but it still left some behind here is the new log file, and another thing why does my computer keep trying to run windows installer? how can i fix that?
Malwarebytes' Anti-Malware 1.12
Database version: 730
Scan type: Full Scan (C:\|)
Objects scanned: 110841
Time elapsed: 1 hour(s), 6 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 136
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 27
Files Infected: 129
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\awturRhE.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\jkkKeDVm.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e829fe49-8693-4c61-aacd-3f12ce75c3ee} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e829fe49-8693-4c61-aacd-3f12ce75c3ee} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d2376fb3-3d0d-414d-83aa-3ad6ad6b111f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2376fb3-3d0d-414d-83aa-3ad6ad6b111f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkkedvm (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c8c80cd5 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Svconr (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d2376fb3-3d0d-414d-83aa-3ad6ad6b111f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMcbfb3f49 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awturrhe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awturrhe -> Delete on reboot.
Folders Infected:
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\Program Files\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\ajawofkw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wkfowaja.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awturRhE.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\EhRrutwa.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\EhRrutwa.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jmbpjhbu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubhjpbmj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdombvba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\abvbmodk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmoaiuec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ceuiaoml.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ndhlugsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsgulhdn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Svconr\Svconr.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkKeDVm.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\kymi\Application Data\Avanquest\SystemSuite\Quarantine\b104.exe.QUAR00 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\kymi\Application Data\Avanquest\SystemSuite\Quarantine\M3IMPIPE.EXE.QUAR00 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CPV\CPV8.dll (Adware.Bestrevenue) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\b116.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b152.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\WINDOWS\b155.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\b156.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\WINDOWS\b157.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfCtUOG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thnelldy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUopNDt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00022531 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\001DF38A (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0025E192.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0025E451.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0025E606.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0025E9EE.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0025ECCD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\01DD8099.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\01DD84DF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\01DD87FC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\01DD89F0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\000D610C.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\02891BE0.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\02880501.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoivotpv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
what do i do next to get them all out?
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Let's get rid of the trash first and we will have a look at the rest later :).
Please download ComboFix by sUBs from HERE or HERE
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
- Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
blowmaster95 0 Newbie Poster
hello crunchie!! i finally got to do the combo fix and here is the logfile:
ComboFix 08-05-08.1 - kymi 2008-05-09 14:18:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.369 [GMT -10:00]
Running from: C:\Documents and Settings\kymi\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
2008-05-09 14:08 . 2008-05-09 14:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-09 14:08 . 2008-05-09 14:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-08 17:25 . 2008-05-08 17:25 2,112 --a------ C:\WINDOWS\system32\rnnrkxwc.exe
2008-05-08 00:48 . 2008-05-08 00:48 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 00:48 . 2008-05-08 00:48 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\Malwarebytes
2008-05-08 00:48 . 2008-05-08 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-08 00:48 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-08 00:48 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-07 13:47 . 2008-05-07 13:47 2,112 --a------ C:\WINDOWS\system32\bpwggfqx.exe
2008-05-06 03:56 . 2008-05-07 17:05 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-06 03:56 . 2008-05-07 17:05 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-06 03:54 . 2008-05-06 03:54 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-06 03:54 . 2008-05-09 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-06 03:53 . 2008-05-09 14:31 139,808 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-06 03:53 . 2008-05-09 14:29 7,200 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-06 03:53 . 2008-05-09 14:23 2,900 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-06 03:53 . 2008-05-09 14:23 1,676 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-06 02:21 . 2004-08-10 01:00 101,888 --a------ C:\WINDOWS\system32\evntagnt.dll
2008-05-05 02:06 . 2008-05-05 02:07 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-05 02:06 . 2008-05-05 02:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-05 01:27 . 2008-05-05 01:27 <DIR> d-------- C:\WINDOWS\system32\msmq
2008-05-05 01:27 . 2008-05-05 01:27 <DIR> d-------- C:\Inetpub
2008-05-05 01:27 . 2004-08-10 01:00 6,144 --a------ C:\WINDOWS\system32\snmpmib.dll
2008-05-05 01:27 . 2004-08-10 01:00 6,144 --a------ C:\WINDOWS\system32\dllcache\snmpmib.dll
2008-05-05 00:50 . 2008-05-05 00:50 <DIR> d-------- C:\Program Files\CCleaner
2008-05-05 00:14 . 2008-05-05 00:14 <DIR> d-------- C:\VundoFix Backups
2008-05-04 22:45 . 2008-05-07 16:00 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-01 16:47 . 2008-05-01 16:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 23:15 . 2008-04-30 23:15 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-30 21:22 . 2008-04-30 21:22 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-04-30 21:13 . 2008-04-30 21:20 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\iolo
2008-04-30 21:11 . 2008-04-30 21:11 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-04-30 21:03 . 2008-04-30 21:03 <DIR> d-------- C:\Program Files\iolo
2008-04-30 21:03 . 2008-03-31 15:09 439,656 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-04-30 21:03 . 2008-03-13 10:08 38,912 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-04-30 21:03 . 2008-03-13 09:25 32,768 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-04-30 20:58 . 2008-04-30 20:58 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-04-30 20:51 . 2008-04-30 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-04-30 20:51 . 2008-04-30 20:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\iolo
2008-04-30 20:48 . 2008-04-30 20:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Avanquest
2008-04-30 03:30 . 2008-05-08 17:42 109,801 --a------ C:\WINDOWS\BMcbfb3f49.xml
2008-04-30 03:05 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-25 15:00 . 2008-04-25 15:00 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\Talkback
2008-04-22 23:32 . 2004-08-10 01:00 39,936 --a------ C:\WINDOWS\system32\hostmib.dll
2008-04-22 23:32 . 2004-08-10 01:00 39,936 --a------ C:\WINDOWS\system32\dllcache\hostmib.dll
2008-04-22 16:34 . 2008-04-22 16:34 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\CyberLink
2008-04-21 23:30 . 2008-04-21 23:30 <DIR> d-------- C:\Program Files\New Folder 2
2008-04-21 23:30 . 2008-04-21 23:30 <DIR> d-------- C:\Program Files\New Folder 1
2008-04-17 15:49 . 2008-04-30 03:24 <DIR> d-------- C:\Program Files\GameHouse
2008-04-17 15:49 . 2008-04-17 15:49 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-17 15:49 . 2008-04-17 15:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-04-17 15:49 . 2008-04-17 15:49 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\Jane s Hotel
2008-04-17 15:49 . 2008-04-17 15:49 <DIR> d-------- C:\Documents and Settings\bina\Application Data\Template
2008-04-17 15:49 . 2008-04-17 15:49 <DIR> d-------- C:\Documents and Settings\bina\Application Data\Avanquest
2008-04-16 05:40 . 2008-05-04 01:43 <DIR> d-------- C:\Program Files\WoW-2.3.0.7561-enUS
2008-04-16 05:40 . 2008-04-16 05:40 1,283,912 --a------ C:\Program Files\WoW-2.3.0.7561-enUS-downloader.exe
2008-04-15 19:37 . 2008-04-15 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-04-15 16:15 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-15 12:11 . 2008-04-15 12:11 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\GameBlend
2008-04-15 12:11 . 2008-04-15 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameBlend
2008-04-13 17:09 . 2004-08-04 00:56 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-13 17:09 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-13 17:09 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-13 17:09 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-13 17:09 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-13 17:07 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-13 17:07 . 2004-08-10 01:00 28,288 --a------ C:\WINDOWS\system32\dllcache\xjis.nls
2008-04-13 17:07 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-04-13 17:07 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-04-13 17:07 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-04-13 17:07 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-04-13 17:07 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\dllcache\wshirda.dll
2008-04-13 17:05 . 2001-08-17 13:28 701,386 --a------ C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-04-13 17:04 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-13 17:03 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-04-13 17:02 . 2004-08-10 01:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-04-13 17:01 . 2001-08-17 14:56 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-04-13 17:00 . 2004-08-10 01:00 358,400 --a------ C:\WINDOWS\system32\dllcache\snmpincl.dll
2008-04-13 16:59 . 2004-08-10 01:00 456,704 --a------ C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-04-13 16:58 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-04-13 16:57 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-13 16:56 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-04-13 16:55 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-13 16:54 . 2004-08-10 01:00 131,584 --a------ C:\WINDOWS\system32\dllcache\pmxviceo.dll
2008-04-13 16:52 . 2004-08-10 01:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-04-13 16:51 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-04-13 16:50 . 2004-08-10 01:00 226,816 --a------ C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-04-13 16:49 . 2004-08-04 00:56 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-04-13 16:48 . 2004-08-10 01:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-04-13 16:47 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-04-13 16:46 . 2004-08-10 01:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-04-13 16:45 . 2004-08-10 01:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-04-13 16:44 . 2004-08-10 01:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-13 16:43 . 2001-08-17 13:28 542,879 --a------ C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-04-13 16:42 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-13 16:41 . 2001-08-17 12:15 455,680 --a------ C:\WINDOWS\system32\dllcache\fus2base.sys
2008-04-13 16:40 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-04-13 16:39 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-13 16:38 . 2001-08-17 22:36 614,429 --a------ C:\WINDOWS\system32\dllcache\digiview.exe
2008-04-13 16:37 . 2004-08-10 01:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-04-13 16:36 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-04-13 16:35 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-04-13 16:34 . 2004-08-10 01:00 2,134,528 --a------ C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-04-13 16:33 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-04-12 12:01 . 2008-05-02 00:34 <DIR> d-------- C:\Program Files\Selectsoft
2008-04-12 05:53 . 2008-04-12 05:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-04-12 05:53 . 2008-04-12 05:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-12 05:51 . 2008-04-12 05:51 <DIR> dr-hs---- C:\_Backup.RC
2008-04-12 05:51 . 2008-05-04 01:43 <DIR> d--h----- C:\_Backup
2008-04-12 05:49 . 2008-04-12 05:49 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\Avanquest
2008-04-12 05:48 . 2008-04-12 05:48 <DIR> d-------- C:\Program Files\Avanquest
2008-04-12 05:43 . 2008-04-12 05:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 18:56 . 2008-04-11 18:56 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\Template
2008-04-11 04:14 . 2008-05-02 00:17 <DIR> d-------- C:\Program Files\PopCap Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-08 08:49 --------- d-----w C:\Documents and Settings\kymi\Application Data\LimeWire
2008-05-05 12:05 --------- d-----w C:\Program Files\LimeWire
2008-05-04 11:43 --------- d-----w C:\Program Files\CA Yahoo! Anti-Spy
2008-05-04 06:54 --------- d-----w C:\Program Files\iTunes
2008-05-02 10:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-02 10:29 --------- d-----w C:\Program Files\Yahoo! Games
2008-04-25 08:12 --------- d-----w C:\Program Files\Shockwave.com
2008-04-24 03:18 --------- d-----w C:\Program Files\Apple Software Update
2008-04-22 09:27 --------- d-----w C:\Documents and Settings\kymi\Application Data\DivX
2008-04-16 03:04 --------- d-----w C:\Program Files\Google
2008-04-16 02:15 --------- d-----w C:\Program Files\Java
2008-04-13 06:04 --------- d-----w C:\Documents and Settings\kymi\Application Data\Yahoo!
2008-04-12 22:25 --------- d-----w C:\Documents and Settings\kymi\Application Data\BVS Solitaire Collection
2008-04-12 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-04-12 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-09 22:31 --------- d-----w C:\Documents and Settings\kymi\Application Data\Sonic
2008-04-09 07:40 --------- d-----w C:\Program Files\Rack Em Up Roadtrip
2008-04-09 07:39 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-04-07 23:22 --------- d-----w C:\Program Files\Common Files\Scanner
2008-04-03 03:25 --------- d-----w C:\Program Files\ReflexiveArcade
2008-04-02 10:34 --------- d-----w C:\Documents and Settings\bina\Application Data\PlayFirst
2008-04-02 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-30 15:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-03-30 13:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-30 07:12 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-30 07:12 --------- d-----w C:\Program Files\MSBuild
2008-03-30 07:04 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-30 06:37 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-30 06:32 --------- d-----w C:\Program Files\ErrorSmart
2008-03-30 03:14 --------- d-----w C:\Documents and Settings\kymi\Application Data\ErrorSmart
2008-03-29 13:11 --------- d-----w C:\Documents and Settings\kymi\Application Data\Apple Computer
2008-03-21 03:39 --------- d-----w C:\Documents and Settings\kymi\Application Data\SpinTop
2008-03-20 22:39 2,672 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-20 22:38 --------- d-----w C:\Documents and Settings\bina\Application Data\Corel
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 09:34 --------- d-----w C:\Documents and Settings\bina\Application Data\WildTangent
2008-03-19 07:58 --------- d-----w C:\Documents and Settings\bina\Application Data\Apple Computer
2008-03-19 05:04 --------- d-----w C:\Documents and Settings\bina\Application Data\Yahoo!
2008-03-19 03:08 --------- d-----w C:\Documents and Settings\bina\Application Data\McAfee.com Personal Firewall
2008-03-19 01:14 --------- d-----w C:\Documents and Settings\Guest\Application Data\Yahoo!
2008-03-14 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-14 17:40 --------- d-----w C:\Program Files\Yahoo!
2008-03-14 09:43 --------- d-----w C:\Program Files\WildTangent
2008-03-14 09:43 --------- d-----w C:\Program Files\iPod
2008-03-14 09:41 --------- d-----w C:\Program Files\Bonjour
2008-03-14 09:40 --------- d-----w C:\Program Files\QuickTime
2008-03-14 09:19 --------- d-----w C:\Documents and Settings\kymi\Application Data\McAfee.com Personal Firewall
2008-03-13 06:30 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Talkback
2008-03-13 02:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2008-03-13 02:37 --------- d-----w C:\Program Files\Dell
2008-03-13 02:35 --------- d-----w C:\Program Files\GemMaster
2008-03-13 02:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 02:31 --------- d-----w C:\Program Files\Full Tilt Poker
2008-03-13 02:26 --------- d-----w C:\Documents and Settings\Niru\Application Data\Corel
2008-03-02 04:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-12-04 12:27 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-09_14.13.41.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-10 00:05:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 00:24:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 00:24:13 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_468.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-09 22:24 20480]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 17:29 389120]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 01:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-17 17:13 3810544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 10:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 05:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 05:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 05:45 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 14:48 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 05:28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 05:28 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 19:30 282624 C:\WINDOWS\stsystra.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 01:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 12:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 12:50 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 11:32 184320]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-10 01:00 143360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49 1121280]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe" [2008-01-31 22:05 173312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2008-03-31 15:09 725352]
"SystemGuardAlerter"="C:\Program Files\iolo\System Mechanic 7\SystemGuardAlerter.exe" [2008-03-31 15:09 487784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-03-31 14:46]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-03-31 14:46]
R3 KFilter;KFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys [2008-01-31 08:11]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 TFilter;TFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\TFilter.sys [2008-01-31 11:11]
S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\SYSTEM~1\MailScan.sys [2008-01-31 22:05]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-23 10:49:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-30 13:30:02 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-04-12 04:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (NEAL-Niru).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-05-03 07:29:07 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_ALL_Niru.job"
- C:\WINDOWS\system32\mobsync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 14:30:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-09 14:34:20 - machine was rebooted [kymi]
ComboFix-quarantined-files.txt 2008-05-10 00:34:13
ComboFix2.txt 2008-05-10 00:15:12
Pre-Run: 23,216,783,360 bytes free
Post-Run: 23,188,787,200 bytes free
334 --- E O F --- 2008-04-09 22:41:28
now heres my hjt log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:31 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic 7\SystemGuardAlerter.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1210080521546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210076979500
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A0429F-9229-41C2-B22A-F9065F00E565}: NameServer = 24.25.227.55,24.25.227.56,66.75.168.63
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8181 bytes
ill be waiting for your reply with much anticipation :*
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Combofix was run 3 times according to the log, so I cannot see what was removed. Hijackthis needs to be run in normal mode please.
==
Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.
C:\WINDOWS\system32\rnnrkxwc.exe
C:\WINDOWS\system32\bpwggfqx.exe
* Please download F2T (Files To Text)
- *Doubleclick
F2Ts.exe to start the program.
*Next to Path on top, copy and paste next line:
*C:\WINDOWS\system32\win32k.sys
*When done, press the GO button next to it.
*Then click the Select F2T-list button below to select the results.
*Right-click the selected text
*Click on "copy"
*Paste the copied text into your next reply.
Do the same for this one;
C:\WINDOWS\system32\dllcache\win32k.sys
blowmaster95 0 Newbie Poster
me again, heres the results of the files you wanted me to scan:
Service load: 0% 100%
File: rnnrkxwc.exe
Status: INFECTED/MALWARE
MD5: 1510be53e10763b9f6db9cce16f215d7
Packers detected: -
Bit9 reports:
Scanner results
Scan taken on 10 May 2008 05:56:58 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic10.UDV
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/Smalltroj.EGXV
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
and heres the other:
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
i dont think thats very good huh? ill post back w/my hjt logfile run in normal mode in a little while. meanwhile what should i do about the two up there?
blowmaster95 0 Newbie Poster
well heres the other 2:
F2Ts version 1.1 (april 5, 2006)
Date: 5/9/2008 8:04:56 PM
F2Ts File-Properties of C:\WINDOWS\system32\win32k.sys
-------------------------------------------------------
Company Name: Microsoft Corporation
File Description:Multi-User Win32 Driver
Product version: File Version:5.1.2600.3335 (xpsp_sp2_gdr.080319-1240)
Internal Name: win32k.sys
Legal Copyright: © Microsoft Corporation. All rights reserved.
Original FileName:win32k.sys
Product Name:Microsoft® Windows® Operating System
Original FileName:Product Version: 5.1.2600.3335
F2Ts version 1.1 (april 5, 2006)
Date: 5/9/2008 8:07:04 PM
F2Ts File-Properties of C:\WINDOWS\system32\win32k.sys
-------------------------------------------------------F2Ts File-Properties of C:\WINDOWS\system32\dllcache\win32k.sys
-------------------------------------------------------
Company Name: Microsoft Corporation
File Description:Multi-User Win32 Driver
Product version: File Version:5.1.2600.3335 (xpsp_sp2_gdr.080319-1240)
Internal Name: win32k.sys
Legal Copyright: © Microsoft Corporation. All rights reserved.
Original FileName:win32k.sys
Product Name:Microsoft® Windows® Operating System
Original FileName:Product Version: 5.1.2600.3335
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
File::
C:\WINDOWS\system32\rnnrkxwc.exe
C:\WINDOWS\system32\bpwggfqx.exeNote: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Save the above as CFScript.txt
4. Physically disconnect from the internet.
5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
A new HijackThis log.
Please take note:
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
blowmaster95 0 Newbie Poster
hi again!! this is my new hjt logfile run in normal mode. im only now gonna do the notepad steps you told me to do
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:43 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\SSuite.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic 7\SystemGuardAlerter.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1210080521546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210076979500
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A0429F-9229-41C2-B22A-F9065F00E565}: NameServer = 24.25.227.55,24.25.227.56,66.75.168.63
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10362 bytes
also, i have no idea why this is happening but i recently got a new antivirus program called kaspersky so i removed the other antivirus programs by going to control panel, add/remove etc but those programs are still running on my computer so i checked the add/remove program list again and found that they arent on that list, but they're still running. any clues?
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Are they running in the processes when you open Task manager, or are they just showing in your log?
I need you to follow the instructions in my last post in the order they are given.
blowmaster95 0 Newbie Poster
well what i can tell u is that when i start windows in normal mode down in the right hand side bottom of the screen get those quick launch icons and the other antivirus programs are there and yes they are running. i keep having to right click them to disable them and they're still on my all programs list, they are active but they arent on my add/remove list. and that windows installer thing keeps popping up and just recently my comp is telling me that my intel proset/wireless software is unable to detect a supported wireless adapter and that i need to install a supported adapter. its never done that before and i havent changed anything on it. as for the last instructions u gave me i did do what u told me to do and here are the log files u asked for. and i just want to say thank u again so much for helping me i hope im not being too much of a bother for u.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:48 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic 7\SystemGuardAlerter.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1210080521546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210076979500
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A0429F-9229-41C2-B22A-F9065F00E565}: NameServer = 24.25.227.55,24.25.227.56,66.75.168.63
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10146 bytes
ComboFix 08-05-08.1 - kymi 2008-05-10 20:52:48.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.808 [GMT -10:00]
Running from: C:\Documents and Settings\kymi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\kymi\Desktop\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\bpwggfqx.exe
C:\WINDOWS\system32\rnnrkxwc.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bpwggfqx.exe
C:\WINDOWS\system32\rnnrkxwc.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.
2008-05-09 20:54 . 2008-05-10 20:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-09 20:54 . 2008-05-09 20:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-08 00:48 . 2008-05-08 00:48 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 00:48 . 2008-05-08 00:48 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\Malwarebytes
2008-05-08 00:48 . 2008-05-08 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-08 00:48 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-08 00:48 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-06 03:56 . 2008-05-07 17:05 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-06 03:56 . 2008-05-07 17:05 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-06 03:54 . 2008-05-06 03:54 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-06 03:54 . 2008-05-10 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-06 03:53 . 2008-05-10 20:08 227,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-06 03:53 . 2008-05-10 20:07 10,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-06 03:53 . 2008-05-09 15:03 3,212 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-06 03:53 . 2008-05-09 15:03 1,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-06 02:21 . 2004-08-10 01:00 101,888 --a------ C:\WINDOWS\system32\evntagnt.dll
2008-05-05 02:06 . 2008-05-05 02:07 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-05 02:06 . 2008-05-05 02:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-05 01:27 . 2008-05-05 01:27 <DIR> d-------- C:\WINDOWS\system32\msmq
2008-05-05 01:27 . 2008-05-05 01:27 <DIR> d-------- C:\Inetpub
2008-05-05 01:27 . 2004-08-10 01:00 6,144 --a------ C:\WINDOWS\system32\snmpmib.dll
2008-05-05 01:27 . 2004-08-10 01:00 6,144 --a------ C:\WINDOWS\system32\dllcache\snmpmib.dll
2008-05-05 00:50 . 2008-05-05 00:50 <DIR> d-------- C:\Program Files\CCleaner
2008-05-05 00:14 . 2008-05-05 00:14 <DIR> d-------- C:\VundoFix Backups
2008-05-04 22:45 . 2008-05-07 16:00 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-01 16:47 . 2008-05-01 16:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 23:15 . 2008-04-30 23:15 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-30 21:22 . 2008-04-30 21:22 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-04-30 21:13 . 2008-04-30 21:20 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\iolo
2008-04-30 21:11 . 2008-04-30 21:11 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-04-30 21:03 . 2008-04-30 21:03 <DIR> d-------- C:\Program Files\iolo
2008-04-30 21:03 . 2008-03-31 15:09 439,656 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-04-30 21:03 . 2008-03-13 10:08 38,912 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-04-30 21:03 . 2008-03-13 09:25 32,768 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-04-30 20:58 . 2008-04-30 20:58 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-04-30 20:51 . 2008-04-30 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-04-30 20:51 . 2008-04-30 20:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\iolo
2008-04-30 20:48 . 2008-04-30 20:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Avanquest
2008-04-30 03:30 . 2008-05-08 17:42 109,801 --a------ C:\WINDOWS\BMcbfb3f49.xml
2008-04-30 03:05 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-25 15:00 . 2008-04-25 15:00 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\Talkback
2008-04-22 23:32 . 2004-08-10 01:00 39,936 --a------ C:\WINDOWS\system32\hostmib.dll
2008-04-22 23:32 . 2004-08-10 01:00 39,936 --a------ C:\WINDOWS\system32\dllcache\hostmib.dll
2008-04-22 16:34 . 2008-04-22 16:34 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\CyberLink
2008-04-21 23:30 . 2008-04-21 23:30 <DIR> d-------- C:\Program Files\New Folder 2
2008-04-21 23:30 . 2008-04-21 23:30 <DIR> d-------- C:\Program Files\New Folder 1
2008-04-17 15:49 . 2008-04-30 03:24 <DIR> d-------- C:\Program Files\GameHouse
2008-04-17 15:49 . 2008-04-17 15:49 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-17 15:49 . 2008-04-17 15:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-04-17 15:49 . 2008-04-17 15:49 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\Jane s Hotel
2008-04-17 15:49 . 2008-04-17 15:49 <DIR> d-------- C:\Documents and Settings\bina\Application Data\Template
2008-04-17 15:49 . 2008-04-17 15:49 <DIR> d-------- C:\Documents and Settings\bina\Application Data\Avanquest
2008-04-16 05:40 . 2008-05-04 01:43 <DIR> d-------- C:\Program Files\WoW-2.3.0.7561-enUS
2008-04-16 05:40 . 2008-04-16 05:40 1,283,912 --a------ C:\Program Files\WoW-2.3.0.7561-enUS-downloader.exe
2008-04-15 19:37 . 2008-04-15 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-04-15 16:15 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-15 12:11 . 2008-04-15 12:11 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\GameBlend
2008-04-15 12:11 . 2008-04-15 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameBlend
2008-04-13 17:09 . 2004-08-04 00:56 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-13 17:09 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-13 17:09 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-13 17:09 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-13 17:09 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-13 17:07 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-13 17:07 . 2004-08-10 01:00 28,288 --a------ C:\WINDOWS\system32\dllcache\xjis.nls
2008-04-13 17:07 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-04-13 17:07 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-04-13 17:07 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-04-13 17:07 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-04-13 17:07 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\dllcache\wshirda.dll
2008-04-13 17:05 . 2001-08-17 13:28 701,386 --a------ C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-04-13 17:04 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-13 17:03 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-04-13 17:02 . 2004-08-10 01:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-04-13 17:01 . 2001-08-17 14:56 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-04-13 17:00 . 2004-08-10 01:00 358,400 --a------ C:\WINDOWS\system32\dllcache\snmpincl.dll
2008-04-13 16:59 . 2004-08-10 01:00 456,704 --a------ C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-04-13 16:58 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-04-13 16:57 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-13 16:56 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-04-13 16:55 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-13 16:54 . 2004-08-10 01:00 131,584 --a------ C:\WINDOWS\system32\dllcache\pmxviceo.dll
2008-04-13 16:52 . 2004-08-10 01:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-04-13 16:51 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-04-13 16:50 . 2004-08-10 01:00 226,816 --a------ C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-04-13 16:49 . 2004-08-04 00:56 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-04-13 16:48 . 2004-08-10 01:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-04-13 16:47 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-04-13 16:46 . 2004-08-10 01:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-04-13 16:45 . 2004-08-10 01:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-04-13 16:44 . 2004-08-10 01:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-13 16:43 . 2001-08-17 13:28 542,879 --a------ C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-04-13 16:42 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-13 16:41 . 2001-08-17 12:15 455,680 --a------ C:\WINDOWS\system32\dllcache\fus2base.sys
2008-04-13 16:40 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-04-13 16:39 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-13 16:38 . 2001-08-17 22:36 614,429 --a------ C:\WINDOWS\system32\dllcache\digiview.exe
2008-04-13 16:37 . 2004-08-10 01:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-04-13 16:36 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-04-13 16:35 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-04-13 16:34 . 2004-08-10 01:00 2,134,528 --a------ C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-04-13 16:33 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-04-12 12:01 . 2008-05-02 00:34 <DIR> d-------- C:\Program Files\Selectsoft
2008-04-12 05:53 . 2008-04-12 05:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-04-12 05:53 . 2008-04-12 05:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-12 05:51 . 2008-04-12 05:51 <DIR> dr-hs---- C:\_Backup.RC
2008-04-12 05:51 . 2008-05-04 01:43 <DIR> d--h----- C:\_Backup
2008-04-12 05:49 . 2008-04-12 05:49 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\Avanquest
2008-04-12 05:48 . 2008-04-12 05:48 <DIR> d-------- C:\Program Files\Avanquest
2008-04-12 05:43 . 2008-04-12 05:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 18:56 . 2008-04-11 18:56 <DIR> d-------- C:\Documents and Settings\kymi\Application Data\Template
2008-04-11 04:14 . 2008-05-02 00:17 <DIR> d-------- C:\Program Files\PopCap Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 02:10 --------- d-----w C:\Documents and Settings\kymi\Application Data\LimeWire
2008-05-09 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-05 12:05 --------- d-----w C:\Program Files\LimeWire
2008-05-04 11:43 --------- d-----w C:\Program Files\CA Yahoo! Anti-Spy
2008-05-04 06:54 --------- d-----w C:\Program Files\iTunes
2008-05-02 10:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-02 10:29 --------- d-----w C:\Program Files\Yahoo! Games
2008-04-25 08:12 --------- d-----w C:\Program Files\Shockwave.com
2008-04-24 03:18 --------- d-----w C:\Program Files\Apple Software Update
2008-04-22 09:27 --------- d-----w C:\Documents and Settings\kymi\Application Data\DivX
2008-04-16 03:04 --------- d-----w C:\Program Files\Google
2008-04-16 02:15 --------- d-----w C:\Program Files\Java
2008-04-13 06:04 --------- d-----w C:\Documents and Settings\kymi\Application Data\Yahoo!
2008-04-12 22:25 --------- d-----w C:\Documents and Settings\kymi\Application Data\BVS Solitaire Collection
2008-04-12 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-04-12 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-09 22:31 --------- d-----w C:\Documents and Settings\kymi\Application Data\Sonic
2008-04-09 07:40 --------- d-----w C:\Program Files\Rack Em Up Roadtrip
2008-04-09 07:39 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-04-07 23:22 --------- d-----w C:\Program Files\Common Files\Scanner
2008-04-03 03:25 --------- d-----w C:\Program Files\ReflexiveArcade
2008-04-02 10:34 --------- d-----w C:\Documents and Settings\bina\Application Data\PlayFirst
2008-04-02 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-30 15:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-03-30 13:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-30 07:12 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-30 07:12 --------- d-----w C:\Program Files\MSBuild
2008-03-30 07:04 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-30 06:37 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-30 06:32 --------- d-----w C:\Program Files\ErrorSmart
2008-03-30 03:14 --------- d-----w C:\Documents and Settings\kymi\Application Data\ErrorSmart
2008-03-29 13:11 --------- d-----w C:\Documents and Settings\kymi\Application Data\Apple Computer
2008-03-21 03:39 --------- d-----w C:\Documents and Settings\kymi\Application Data\SpinTop
2008-03-20 22:39 2,672 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-20 22:38 --------- d-----w C:\Documents and Settings\bina\Application Data\Corel
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 09:34 --------- d-----w C:\Documents and Settings\bina\Application Data\WildTangent
2008-03-19 07:58 --------- d-----w C:\Documents and Settings\bina\Application Data\Apple Computer
2008-03-19 05:04 --------- d-----w C:\Documents and Settings\bina\Application Data\Yahoo!
2008-03-19 03:08 --------- d-----w C:\Documents and Settings\bina\Application Data\McAfee.com Personal Firewall
2008-03-19 01:14 --------- d-----w C:\Documents and Settings\Guest\Application Data\Yahoo!
2008-03-14 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-14 17:40 --------- d-----w C:\Program Files\Yahoo!
2008-03-14 09:43 --------- d-----w C:\Program Files\WildTangent
2008-03-14 09:43 --------- d-----w C:\Program Files\iPod
2008-03-14 09:41 --------- d-----w C:\Program Files\Bonjour
2008-03-14 09:40 --------- d-----w C:\Program Files\QuickTime
2008-03-14 09:19 --------- d-----w C:\Documents and Settings\kymi\Application Data\McAfee.com Personal Firewall
2008-03-13 06:30 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Talkback
2008-03-13 02:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2008-03-13 02:37 --------- d-----w C:\Program Files\Dell
2008-03-13 02:35 --------- d-----w C:\Program Files\GemMaster
2008-03-13 02:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 02:31 --------- d-----w C:\Program Files\Full Tilt Poker
2008-03-13 02:26 --------- d-----w C:\Documents and Settings\Niru\Application Data\Corel
2008-03-02 04:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-12-04 12:27 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-09_14.13.41.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-10 00:05:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-11 06:44:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-06 14:44:07 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-11 05:54:15 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-06 14:44:07 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-11 05:54:15 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-06 14:44:07 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-11 05:54:15 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-09 22:24 20480]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 17:29 389120]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 01:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-17 17:13 3810544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 10:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 05:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 05:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 05:45 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 14:48 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 05:28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 05:28 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 19:30 282624 C:\WINDOWS\stsystra.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 01:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 12:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 12:50 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 11:32 184320]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-10 01:00 143360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49 1121280]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe" [2008-01-31 22:05 173312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2008-03-31 15:09 725352]
"SystemGuardAlerter"="C:\Program Files\iolo\System Mechanic 7\SystemGuardAlerter.exe" [2008-03-31 15:09 487784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-03-31 14:46]
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-03-31 14:46]
S3 KFilter;KFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys [2008-01-31 08:11]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\SYSTEM~1\MailScan.sys [2008-01-31 22:05]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 TFilter;TFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\TFilter.sys [2008-01-31 11:11]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-23 10:49:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-30 13:30:02 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-04-12 04:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (NEAL-Niru).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-05-03 07:29:07 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_ALL_Niru.job"
- C:\WINDOWS\system32\mobsync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 20:56:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-10 20:58:21
ComboFix-quarantined-files.txt 2008-05-11 06:58:12
ComboFix2.txt 2008-05-10 00:34:23
ComboFix3.txt 2008-05-10 00:15:12
Pre-Run: 23,735,435,264 bytes free
Post-Run: 23,777,812,480 bytes free
312 --- E O F --- 2008-04-09 22:41:28
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
well what i can tell u is that when i start windows in normal mode down in the right hand side bottom of the screen get those quick launch icons and the other antivirus programs are there and yes they are running. i keep having to right click them to disable them and they're still on my all programs list, they are active but they arent on my add/remove list. and that windows installer thing keeps popping up and just recently my comp is telling me that my intel proset/wireless software is unable to detect a supported wireless adapter and that i need to install a supported adapter. its never done that before and i havent changed anything on it. as for the last instructions u gave me i did do what u told me to do and here are the log files u asked for. and i just want to say thank u again so much for helping me i hope im not being too much of a bother for u.
If you go to their respective folders in Program Files, is there an uninstall file there? If there is, try uninstalling the AV's from there.
blowmaster95 0 Newbie Poster
well there is one of them in program files but there is no uninstall there as for everything else did i do everything correctly? whnen i start in normal mode my comp runs so slow and things keep freezing up
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
It may well be best now to do a system restore back to a time before all the crap jumped on board your pc. If that does not cure it you may well have to reformat.
blowmaster95 0 Newbie Poster
well then i guess i do hav to do a reformat because alot of files hav been lost during this whole time and now alot of my programs cant b opened up and i can no linger get on the web on my comp. im using my friends comp rite now. not even when running in safe mode with networking can i get on the web so yah i guess i will do a reformat. thank u so much for helping me though its been an interesting experience
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
No worries. Sorry it ended up this way :(
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.