Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

2 Pages V   1 2 >  
 Closed TopicStart new topic
> [Closed] Multiple Infections
TBeerL
post Aug 17 2008, 06:11 PM
Post #1


New Member
*

Group: Authentic Member
Posts: 18
Joined: 17-October 06
Member No.: 63,092
Operating System: XP Pro, XP Home, Win2k (3 systems)
Gentlemen,

I scanned and removed with Malwarebytes' Anti-Malware 1.24 twice, capturing logs both before and after each removal, then ran Hijack This and captured a log. The 5 logs are set out below.

I am sending this from a different computer because I didn't want to allow the infected computer to access the Internet after I was told that it was infected (it's my son's machine).

Please help,
LTTexan

AFTER INITIAL SCAN, BEFORE INITIAL REMOVE:

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 2

5:09:15 PM 8/17/2008
mbpre1.txt

Scan type: Quick Scan
Objects scanned: 39645
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 58
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 11
Files Infected: 83

Memory Processes Infected:
C:\WINDOWS\444.470 (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\portsv.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\uoyzsydz.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{82336a8d-6cd0-4647-b791-75fca8cf2b39} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82336a8d-6cd0-4647-b791-75fca8cf2b39} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlayRPC (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssecurity1.209.4 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{270cdf74-a5fb-51ae-2278-8009ac65d602} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{270cdf74-a5fb-51ae-2278-8009ac65d602} (Adware.BHO) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{82336a8d-6cd0-4647-b791-75fca8cf2b39} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.65.0 (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Desktop) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\uoyzsydz.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,) Good: (userinit.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> No action taken.
C:\WINDOWS\T3duZXI (Malware.Trace) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\Aron\Application Data\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> No action taken.

Files Infected:
C:\WINDOWS\444.470 (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\system32\drivers\ctoss2kk.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\mrofinu1000106.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\mrofinu572.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\mrofinu572.exe.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\17PHolmes572.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\T3duZXI\naxRtrK.vbs (Malware.Trace) -> No action taken.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> No action taken.
C:\WINDOWS\explore.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\x.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\y.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\portsv.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> No action taken.
C:\WINDOWS\default.htm (Trojan.Agent) -> No action taken.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\loader.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\internet.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\uoyzsydz.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> No action taken.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pcntrtdm.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\lfn.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> No action taken.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> No action taken.
C:\Documents and Settings\Aron\Start Menu\Programs\Startup\DW_Start.lnk (Malware.Links) -> No action taken.
C:\Documents and Settings\Aron\Start Menu\Programs\Startup\Deewoo.lnk (Malware.Links) -> No action taken.
C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\wfinguoxlttnzx.dll (Adware.BHO) -> No action taken.

--------------------------------------------------------------------------------

AFTER INITIAL REMOVE:

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 2

5:09:35 PM 8/17/2008
mbam-log-8-17-2008 (17-09-35).txt

Scan type: Quick Scan
Objects scanned: 39645
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 58
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 11
Files Infected: 83

Memory Processes Infected:
C:\WINDOWS\444.470 (Trojan.DNSChanger) -> Unloaded process successfully.
C:\WINDOWS\portsv.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\uoyzsydz.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{82336a8d-6cd0-4647-b791-75fca8cf2b39} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82336a8d-6cd0-4647-b791-75fca8cf2b39} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlayRPC (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{270cdf74-a5fb-51ae-2278-8009ac65d602} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{270cdf74-a5fb-51ae-2278-8009ac65d602} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{82336a8d-6cd0-4647-b791-75fca8cf2b39} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.65.0 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\uoyzsydz.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\WINDOWS\T3duZXI (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\444.470 (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ctoss2kk.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\mrofinu1000106.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu572.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu572.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\17PHolmes572.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\T3duZXI\naxRtrK.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\portsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uoyzsydz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pcntrtdm.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\lfn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Start Menu\Programs\Startup\DW_Start.lnk (Malware.Links) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aron\Start Menu\Programs\Startup\Deewoo.lnk (Malware.Links) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wfinguoxlttnzx.dll (Adware.BHO) -> Delete on reboot.

---------------------------------------------------------------------------

AFTER SECOND SCAN, BEFORE SECOND REMOVE:

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 2

6:06:11 PM 8/17/2008
mppost2.txt

Scan type: Quick Scan
Objects scanned: 39078
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\clbinit.dll (Trojan.Vundo) -> No action taken.

-----------------------------------------------------------------

AFTER SECOND REMOVE:

AMalwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 2

6:06:19 PM 8/17/2008
mbam-log-8-17-2008 (18-06-19).txt

Scan type: Quick Scan
Objects scanned: 39078
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\clbinit.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

================================================================================
=

HIJACK THIS, AFTER ALL OF ABOVE WAS DONE:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:35:09 PM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Aron\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate
O2 - BHO: (no name) - {1DAAEDE8-99FA-49AA-B734-FBD5E646E1FF} - C:\WINDOWS\system32\ljJdEVMG.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{F5-5F-FF-F6-DW}] c:\windows\system32\rrwnw64l.exe DWram02FF
O4 - HKLM\..\Run: [{1a4623ff-947e-413c-68ee-a0721a5edf11}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\wfinguoxlttnzx.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acac] "C:\WINDOWS\SSTEM~1\alg.exe" -vt ndrv
O4 - HKCU\..\Run: [Sdqu] C:\WINDOWS\??stem\wowexec.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1196464628593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1196464617406
O20 - Winlogon Notify: fccaAQHB - fccaAQHB.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5967 bytes
Go to the top of the page
 
+Quote Post
Rorschach112
post Aug 18 2008, 06:34 AM
Post #2


SuperMember
*****

Group: Visiting Teacher
Posts: 2,196
Joined: 29-September 07
Member No.: 73,164
Operating System: Windows XP
Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
Go to the top of the page
 
+Quote Post
TBeerL
post Aug 18 2008, 06:58 PM
Post #3


New Member
*

Group: Authentic Member
Posts: 18
Joined: 17-October 06
Member No.: 63,092
Operating System: XP Pro, XP Home, Win2k (3 systems)
> Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Here they are:

Many thanks,
LT

ComboFix 08-08-18.01 - Aron 2008-08-18 19:29:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.728 [GMT -5:00]
Running from: C:\Documents and Settings\Aron\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Aron\Application Data\macromedia\Flash Player\#SharedObjects\BAFHBX7Z\interclick.com
C:\Documents and Settings\Aron\Application Data\macromedia\Flash Player\#SharedObjects\BAFHBX7Z\interclick.com\ud.sol
C:\Documents and Settings\Aron\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Aron\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\#SharedObjects\HGMYJ4Q4\interclick.com
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\#SharedObjects\HGMYJ4Q4\interclick.com\ud.sol
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\sstem~1
C:\WINDOWS\sstem~1\alg.exe
C:\WINDOWS\sstem~1\s?stem\
C:\WINDOWS\stem~1
C:\WINDOWS\stem~1\wowexec.exe
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(11).dsk
C:\WINDOWS\system32\drivers\core.cache(12).dsk
C:\WINDOWS\system32\drivers\core.cache(13).dsk
C:\WINDOWS\system32\drivers\core.cache(14).dsk
C:\WINDOWS\system32\drivers\core.cache(15).dsk
C:\WINDOWS\system32\drivers\core.cache(16).dsk
C:\WINDOWS\system32\drivers\core.cache(17).dsk
C:\WINDOWS\system32\drivers\core.cache(18).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\GMVEdJjl.ini
C:\WINDOWS\system32\GMVEdJjl.ini2
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_TNIDRIVER
-------\Service_clbdriver
-------\Service_TnIDriver


((((((((((((((((((((((((( Files Created from 2008-07-19 to 2008-08-19 )))))))))))))))))))))))))))))))
.

2008-08-17 17:03 . 2008-08-17 18:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-17 17:03 . 2008-08-17 17:03 <DIR> d-------- C:\Documents and Settings\Aron\Application Data\Malwarebytes
2008-08-17 17:03 . 2008-08-17 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-17 17:03 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-17 17:03 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-11 18:39 . 2008-08-11 19:16 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 00:16 --------- d-----w C:\Program Files\Bodog Poker
2008-08-12 00:16 --------- d-----w C:\Documents and Settings\Aron\Application Data\uTorrent
2008-08-02 15:22 --------- d-----w C:\Documents and Settings\Aron\Application Data\U3
2008-08-02 13:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 06:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Meal Memo Free View
2006-03-18 19:12 765,952 ----a-w C:\Documents and Settings\Aron\CRLDS3D.DLL
.

------- Sigcheck -------

2007-11-30 17:51 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sdqu"="C:\WINDOWS\??stem\wowexec.exe" [?]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 08:29 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 08:29 86016]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 22:26 368706]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"{F5-5F-FF-F6-DW}"="c:\windows\system32\rrwnw64l.exe" [2008-07-11 08:53 49184]
"CTHelper"="CTHELPER.EXE" [2006-03-18 14:12 16384 C:\WINDOWS\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2006-03-09 08:29 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Petersons\\GMAT\\jre\\bin\\java.exe"=

S1 ctoss2kk;ctoss2kk;C:\WINDOWS\system32\drivers\ctoss2kk.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb61fb46-9f96-11dc-8673-0050baaa9899}]
\Shell\AutoRun\command - E:\PCConnect.exe
.
Contents of the 'Scheduled Tasks' folder

2008-07-31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1DAAEDE8-99FA-49AA-B734-FBD5E646E1FF} - C:\WINDOWS\system32\ljJdEVMG.dll
HKCU-Run-Acac - C:\WINDOWS\SSTEM~1\alg.exe
HKLM-Run-{1a4623ff-947e-413c-68ee-a0721a5edf11} - C:\WINDOWS\system32\wfinguoxlttnzx.dll
Notify-fccaAQHB - fccaAQHB.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Aron\Application Data\Mozilla\Firefox\Profiles\yswjv5fi.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 19:33:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2008-08-18 19:36:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-19 00:36:26

Pre-Run: 256,283,422,720 bytes free
Post-Run: 256,283,312,128 bytes free

170 --- E O F --- 2008-07-10 08:02:53


-------------------------------------------------------------------------

HIJACK THIS AFTER COMBO FIX:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:25 PM, on 8/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Aron\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{F5-5F-FF-F6-DW}] c:\windows\system32\rrwnw64l.exe DWram02FF
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sdqu] C:\WINDOWS\??stem\wowexec.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -