Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91844 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Blue Screen -- Warning: Spyware threat has been detect


  • This topic is locked This topic is locked
38 replies to this topic

#1 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 28 April 2008 - 01:19 PM

Sorry For The Double Post I didn't know what really happened... but anyways



I know this has been posted before..yeah. Can anyone help me, pretty much everything crashes when I try to use it and CTRL + ALT + Delete doesn't work. Says task manager has been disabled by your administrator. No Internet Connection, I had to tranfer the HJT log with a Thumb Drive. Any Help? I'm Running Windows XP





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:43 PM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\winself.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F} - C:\WINDOWS\system32\iifeBRLF.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {5fe8c384-8928-1a39-6904-ca27e150cc9b} - {b9cc051e-72ac-4096-93a1-8298483c8ef5} - C:\WINDOWS\system32\vqgfxcne.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [64a74115] rundll32.exe "C:\WINDOWS\system32\ndienjea.dll",b
O4 - HKLM\..\Run: [BM67947289] Rundll32.exe "C:\WINDOWS\system32\pmkkevry.dll",s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\webhancer\programs\webhdll.dll' missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...abs/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by135fd.bay13...es/MsnPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zon...ro.cab50997.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B54F3AD8-23D1-4C34-B421-525200FCDA81}: NameServer = 206.124.64.253,206.124.65.253
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifeBRLF - C:\WINDOWS\SYSTEM32\iifeBRLF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://us.i1.yimg.co...smileys2/01.gif

--
End of file - 13479 bytes

Edited by brandon99337, 28 April 2008 - 01:25 PM.

    Advertisements

Register to Remove


#2 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 28 April 2008 - 02:43 PM

Hello brandon99337 and welcome to the What the Tech Forums

My name is Trevuren and I will be helping you with your problem.

Your system is in pretty bad shape. I think it is still salvageable. Time will tell. Our first priority is to re-establish some form of internet connectivity. For this, we will use the same form of removable media that you used to transfer the HijackThis log from the infected computer to the computer you used to post the log.


Missing .DLL file(s) has/have disrupted the LSP chain on your computer. This can be seen by the (010) entry(ies) in your HJT log. We must fix this problem as a priority.

1. Backup the registry by going to Start>Run> and type ‘regedit’ without the quotes. Then on the file menu choose ‘export’ in XP.

2. Download the LSPfix.txt and read the readme file.

3. Download LSPfix.zip or LSPfix.exe

4. Close all windows except LSPfix

5. Launch LSPfix.zip and install to its own folder, then click on LSPfix.exe. Or click on LSPfix.exe and it will launch the program.

6. Put a check mark in the box “I know what I am doing

7. Click ‘Finish

7. REBOOT to complete the task.

8. Now RUN HJT, click Scan and POST a new log file in this thread using “Add Reply”.

Regards,

Trevuren

Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#3 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 28 April 2008 - 05:33 PM

:notworthy: haha I got my internet back! Not much use seeing as IE keeps crashing, and great, I'm getting pop up internt ads now. Here's my new Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:51 PM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\winself.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {0B9F2E81-A125-40DA-9EC2-766FDCBFD09F} - C:\WINDOWS\system32\ssqNHxwx.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F} - C:\WINDOWS\system32\iifeBRLF.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {5fe8c384-8928-1a39-6904-ca27e150cc9b} - {b9cc051e-72ac-4096-93a1-8298483c8ef5} - C:\WINDOWS\system32\vqgfxcne.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [64a74115] rundll32.exe "C:\WINDOWS\system32\ndienjea.dll",b
O4 - HKLM\..\Run: [BM67947289] Rundll32.exe "C:\WINDOWS\system32\pmkkevry.dll",s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKUS\S-1-5-21-2407111165-3750935764-181012579-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Singha Thepvongsa')
O4 - HKUS\S-1-5-21-2407111165-3750935764-181012579-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Singha Thepvongsa')
O4 - HKUS\S-1-5-21-2407111165-3750935764-181012579-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Singha Thepvongsa')
O4 - HKUS\S-1-5-21-2407111165-3750935764-181012579-1006\..\Run: [Aim6] (User 'Singha Thepvongsa')
O4 - HKUS\S-1-5-21-2407111165-3750935764-181012579-1006\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User 'Singha Thepvongsa')
O4 - HKUS\S-1-5-21-2407111165-3750935764-181012579-1006\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\SINGHA~1\LOCALS~1\Temp\ie.exe (User 'Singha Thepvongsa')
O4 - HKUS\S-1-5-21-2407111165-3750935764-181012579-1006\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'Singha Thepvongsa')
O4 - S-1-5-21-2407111165-3750935764-181012579-1006 Startup: OneNote Table Of Contents.onetoc2 (User 'Singha Thepvongsa')
O4 - S-1-5-21-2407111165-3750935764-181012579-1006 User Startup: OneNote Table Of Contents.onetoc2 (User 'Singha Thepvongsa')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...abs/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by135fd.bay13...es/MsnPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zon...ro.cab50997.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B54F3AD8-23D1-4C34-B421-525200FCDA81}: NameServer = 206.124.64.253,206.124.65.253
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifeBRLF - C:\WINDOWS\SYSTEM32\iifeBRLF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://us.i1.yimg.co...smileys2/01.gif

--
End of file - 14982 bytes

#4 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 28 April 2008 - 05:54 PM

A. I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
Do the same for each Viewpoint component.



B. Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Regards,

Trevuren

Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#5 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 28 April 2008 - 06:23 PM

Ok I'm doing that all right now, but I noticed that I had C:/WINDOWS/winself.exe....It wanted access to the internet yesterday and thats usually not a good thing. I just remembered right now and I googled it ("winself.exe") and people are saying its a trojan. Is that true (most likely yes) and how would I go about uninstalling it, whenver I try it has an error

Edited by brandon99337, 28 April 2008 - 06:26 PM.


#6 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 28 April 2008 - 06:41 PM

Just continue with my instructions and do not attempt any cleanup yourself. Most people who work on their own while receiving help from experts end up by doing harm to their systems. We know what we are doing.

Trevuren
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#7 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 28 April 2008 - 06:44 PM

Well Put :D. I'm still doing the SDFix...it takes a while but its making some progress

#8 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 28 April 2008 - 06:45 PM

:thumbup:
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#9 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 28 April 2008 - 07:30 PM

Ok! Everythings back to normal and great now exept I still havethe popup ads. It's not a pop up more as a new page.

Here's the logs that you asked for

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:11 PM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\lxdicoms.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [64a74115] rundll32.exe "C:\WINDOWS\system32\cxclivkg.dll",b
O4 - HKLM\..\Run: [BM67947289] Rundll32.exe "C:\WINDOWS\system32\hbtdvjht.dll",s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...abs/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by135fd.bay13...es/MsnPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zon...ro.cab50997.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B54F3AD8-23D1-4C34-B421-525200FCDA81}: NameServer = 206.124.64.253,206.124.65.253
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12203 bytes






Here is the Report



SDFix: Version 1.176
Run by Brandon Thepvongsa on Mon 04/28/2008 at 05:39 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\BRANDO~1\Desktop\SDFix

Checking Services :

Killing PID 868 'wmsdkns.exe'

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\WINDOWS\SYSTEM32\PMKHF.DLL - Deleted
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\tmplbldr.exe - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe - Deleted
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe - Deleted
C:\WINDOWS\b104.exe - Deleted
C:\WINDOWS\b138.exe - Deleted
C:\WINDOWS\b143.exe - Deleted
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe - Deleted
C:\WINDOWS\system32\000060.exe - Deleted
C:\WINDOWS\system32\000070.exe - Deleted
C:\WINDOWS\system32\000080.exe - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\sft.res - Deleted
C:\WINDOWS\system32\sockins32.dll - Deleted
C:\WINDOWS\system32\winfrun32.bin - Deleted
C:\WINDOWS\system32\wmsdkns.exe - Deleted
C:\WINDOWS\tcb.pmw - Deleted
C:\WINDOWS\uninstall_nmon.vbs - Deleted
C:\WINDOWS\winself.exe - Deleted



Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed
Folder C:\WINDOWS\system32\b02FdUe - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 17:58:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\clb.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\clbcatex.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\clbcatq.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriver]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\system32\drivers\clbdriver.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\clb.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40,38,e1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\clbcatex.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6,ec,d3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\clbcatq.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a,19,42
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\clbdriver]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\system32\drivers\clbdriver.sys"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\clbImageData]
"affid"="7"
"subid"="run01"
"prov"="10010"
"server"="72.232.212.29"
"flagged"=dword:00000001
"downloaded"=dword:00000001

scanning hidden files ...

C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes executable
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes executable
C:\WINDOWS\system32\dllcache\clb.dll 10752 bytes executable
C:\WINDOWS\system32\dllcache\clbcatex.dll 110080 bytes executable
C:\WINDOWS\system32\dllcache\clbcatq.dll 498688 bytes executable
C:\WINDOWS\system32\drivers\clbdriver.sys 6656 bytes executable
C:\WINDOWS\system32\clb.dll 10752 bytes executable
C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
C:\WINDOWS\system32\clbcfg.dat 1695 bytes
C:\WINDOWS\system32\clbdll.dll 29184 bytes executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes executable
C:\Program Files\Common Files\Real\Plugins\clbascauth.dll 25088 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 14


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\ugieattk.exe"="C:\\WINDOWS\\system32\\ugi"
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe:*:Enabled:Device Monitor"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe:*:Enabled:Printer Status Window Interface"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe:*:Enabled:Job Status Window Interface"
"C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe:*:Enabled: "
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe:*:Enabled:Lexmark Web Gateway"
"C:\\Documents and Settings\\Singha Thepvongsa\\Desktop\\Axis & Allies\\AA.exe"="C:\\Documents and Settings\\Singha Thepvongsa\\Desktop\\Axis & Allies\\AA.exe:*:Enabled:AA"
"C:\\Program Files\\Java\\jdk1.6.0_03\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.6.0_03\\bin\\java.exe:*:Disabled:Java™ Platform SE binary"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\lxdicoms.exe"="C:\\WINDOWS\\system32\\lxdicoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe:*:Enabled:Lexmark Imaging Studio"
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"="C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\\Program Files\\Lexmark Fax Solutions\\faxctr.exe"="C:\\Program Files\\Lexmark Fax Solutions\\faxctr.exe:*:Enabled:Fax software"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Lexmark 3500-4500 Series\\app4r.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\BRANDO~1\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 30 May 2006 61,952 A..H. --- "C:\Program Files\MSN\msnupdate!@#@.exe"
Tue 30 May 2006 308,224 A..H. --- "C:\Program Files\MSN\txsrvc.dll"
Tue 30 May 2006 302,592 A..H. --- "C:\Program Files\MSN\unicows.dll"
Wed 1 Aug 2007 6,467 ..SH. --- "C:\WINDOWS\system32\pqstv.bak1"
Mon 26 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 15 Sep 2005 182,136 A.SH. --- "C:\WINDOWS\Help\SBSI\dvd.tmp"
Sat 27 Aug 2005 180,667 A.SH. --- "C:\WINDOWS\Help\SBSI\dvd.bak1"
Fri 7 Oct 2005 339,153 A.SH. --- "C:\WINDOWS\Help\SBSI\dvd.bak2"
Sat 24 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Fri 18 Apr 2008 13,808 ...H. --- "C:\Documents and Settings\Brandon Thepvongsa\My Documents\Mikaela's\~WRL1837.tmp"
Mon 13 Jun 2005 6,862 ...H. --- "C:\Documents and Settings\Nancy Thepvongsa\Local Settings\Temp\Mar18.tmp"
Mon 13 Jun 2005 6,862 ...H. --- "C:\Documents and Settings\Nancy Thepvongsa\Local Settings\Temp\Mar1C.tmp"
Mon 13 Jun 2005 6,862 ...H. --- "C:\Documents and Settings\Nancy Thepvongsa\Local Settings\Temp\Mar22.tmp"
Mon 13 Jun 2005 6,862 ...H. --- "C:\Documents and Settings\Nancy Thepvongsa\Local Settings\Temp\MarA8.tmp"
Fri 20 Oct 2006 121,344 ...H. --- "C:\Documents and Settings\Singha Thepvongsa\Application Data\MSN6\msnupdate!@#@.exe"
Mon 28 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT5.tmp"
Mon 28 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1.tmp"
Mon 28 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT7.tmp"
Mon 28 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT6.tmp"
Mon 28 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT8.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT10.tmp"
Mon 28 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT2.tmp"
Thu 13 Oct 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Thu 19 Apr 2007 8 A..H. --- "C:\Documents and Settings\Brandon Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Thu 19 Apr 2007 8 A..H. --- "C:\Documents and Settings\Brandon Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 19 Apr 2007 8 A..H. --- "C:\Documents and Settings\Brandon Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Thu 19 Apr 2007 8 A..H. --- "C:\Documents and Settings\Brandon Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Thu 26 Jul 2007 8 A..H. --- "C:\Documents and Settings\Mikaela Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Wed 23 Apr 2008 8 A..H. --- "C:\Documents and Settings\Mikaela Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Wed 23 Apr 2008 8 A..H. --- "C:\Documents and Settings\Mikaela Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Wed 23 Apr 2008 8 A..H. --- "C:\Documents and Settings\Mikaela Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Wed 20 Jun 2007 8 A..H. --- "C:\Documents and Settings\Nancy Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Wed 20 Jun 2007 8 A..H. --- "C:\Documents and Settings\Nancy Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Wed 20 Jun 2007 8 A..H. --- "C:\Documents and Settings\Nancy Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Wed 20 Jun 2007 8 A..H. --- "C:\Documents and Settings\Nancy Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Singha Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Singha Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Singha Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Singha Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!

#10 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 28 April 2008 - 07:43 PM

This looks pretty bad. I will do my best but it does not look good!!

A. First we must disable some of your security programs so that they do not interfere with the running of our tools:

MCAFEE ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right-click it -> chose "Exit."
  • a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
You succesfully disabled the McAfee Guard.


B. Please download ComboFix by sUBs from HERE or HERE directly to your Desktop.

Note: If you already have ComboFix on your machine, please DELETE it from your desktop before downloading the newest version.

Go to Posted Image -> Run -> copy/paste the following single line command in the runbox & click OK

"%userprofile%\desktop\combofix.exe" /killall

Posted Image
  • ComboFix will automatically start. Any monitoring programs will be shut down like your antivirus, antispyware programs for example.
  • DO NO USE your computer for any other purpose while ComboFix is running. It could prove to be disastrous.
  • ComboFix may restart your computer, this is normal.
  • When finished, it will produce a log, ComboFix.txt.
  • Please post ComboFix.txt in your next reply along with a new HijackThis log.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

    Advertisements

Register to Remove


#11 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 28 April 2008 - 08:46 PM

I noticed that whenever I google search, and then click on a link..it takes me to a different page, as in a different search engine entering my search terms



Here's the CF log

ComboFix 08-04-27.3 - Brandon Thepvongsa 2008-04-28 19:18:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.588 [GMT -7:00]
Running from: C:\Documents and Settings\Brandon Thepvongsa\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\Singha Thepvongsa\Application Data\WinAntiVirus Pro 2007
C:\Documents and Settings\Singha Thepvongsa\Application Data\WinAntiVirus Pro 2007\avtasks.dat
C:\Documents and Settings\Singha Thepvongsa\Application Data\WinAntiVirus Pro 2007\CookieList.dat
C:\Documents and Settings\Singha Thepvongsa\Application Data\WinAntiVirus Pro 2007\history.db
C:\Documents and Settings\Singha Thepvongsa\Application Data\WinAntiVirus Pro 2007\Logs\update.log
C:\Documents and Settings\Singha Thepvongsa\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\Documents and Settings\Singha Thepvongsa\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
C:\Documents and Settings\Singha Thepvongsa\Application Data\WinAntiVirus Pro 2007\PGE.dat
C:\Documents and Settings\Singha Thepvongsa\Application Data\WinTouch
C:\Program Files\SoftwareOnline
C:\Program Files\SoftwareOnline\soproc.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\acccKkkj.ini
C:\WINDOWS\system32\acccKkkj.ini2
C:\WINDOWS\system32\aejneidn.ini
C:\WINDOWS\system32\aevtrfag.dll
C:\WINDOWS\system32\cxclivkg.dll
C:\WINDOWS\system32\eltitdmv.ini
C:\WINDOWS\system32\fccagksj.ini
C:\WINDOWS\system32\fkdyekiq.dll
C:\WINDOWS\system32\gafrtvea.ini
C:\WINDOWS\system32\gkvilcxc.ini
C:\WINDOWS\system32\hbtdvjht.dll
C:\WINDOWS\system32\iifeBRLF.dll
C:\WINDOWS\system32\imdqkbvb.ini
C:\WINDOWS\system32\kmrpkqha.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mxxsfcme.ini
C:\WINDOWS\system32\nngnncrc.dll
C:\WINDOWS\system32\pelqhbgo.ini
C:\WINDOWS\system32\pmkkevry.dll
C:\WINDOWS\system32\pqexnlnw.ini
C:\WINDOWS\system32\pqstv.bak1
C:\WINDOWS\system32\qppxdlev.ini
C:\WINDOWS\system32\ssqNHxwx.dll
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\vagtowiy.ini
C:\WINDOWS\system32\vqgfxcne.dll
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vwencmdg.ini
C:\WINDOWS\system32\win
C:\WINDOWS\system32\xlrfxgty.ini
C:\WINDOWS\system32\xwxHNqss.ini
C:\WINDOWS\system32\xwxHNqss.ini2
C:\WINDOWS\system32\xxyftejt.ini
C:\WINDOWS\system32\yqaidhur.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4


((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-28 17:28 . 2008-04-28 17:29 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-28 17:18 . 2008-04-28 17:18 578 --a------ C:\WINDOWS\index.html
2008-04-28 12:02 . 2008-04-28 12:02 <DIR> d-------- C:\Documents and Settings\Brandon Thepvongsa\Application Data\SUPERAntiSpyware.com
2008-04-28 11:08 . 2008-04-28 11:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-28 11:01 . 2008-04-28 16:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-28 11:01 . 2008-04-28 11:01 <DIR> d-------- C:\Documents and Settings\Singha Thepvongsa\Application Data\SUPERAntiSpyware.com
2008-04-28 11:01 . 2008-04-28 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-28 11:00 . 2008-04-28 11:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 22:15 . 2008-04-27 22:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-04-27 15:25 . 2008-04-28 15:42 109,738 --a------ C:\WINDOWS\BM67947289.xml
2008-04-27 14:10 . 2008-04-27 14:10 <DIR> d-------- C:\WINDOWS\system32\pnVes06
2008-04-27 14:10 . 2008-04-27 14:10 <DIR> d-------- C:\Temp\zvebs14
2008-04-27 14:09 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-04-25 17:08 . 2008-04-25 17:08 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-18 16:42 . 2008-04-28 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-18 10:06 . 2008-04-18 10:06 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Earthlink
2008-04-17 18:44 . 2008-04-17 18:44 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\McAfee.com Personal Firewall
2008-04-17 15:48 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2008-04-14 18:24 . 2008-04-14 18:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-14 12:02 . 2008-04-27 14:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 10:32 . 2008-04-03 10:32 <DIR> d-------- C:\Program Files\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 23:58 --------- d-----w C:\Documents and Settings\Singha Thepvongsa\Application Data\DNA
2008-04-28 18:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 20:43 --------- d-----w C:\Documents and Settings\Singha Thepvongsa\Application Data\MSN6
2008-04-27 18:28 --------- d-----w C:\Program Files\Axis & Allies
2008-04-26 00:07 --------- d-----w C:\Program Files\Common Files\Real
2008-04-21 04:06 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\MSN6
2008-04-18 23:44 --------- d-----w C:\Program Files\Google
2008-04-18 05:02 --------- d-----w C:\Documents and Settings\Singha Thepvongsa\Application Data\Lexmark Productivity Studio
2008-04-17 22:48 --------- d-----w C:\Program Files\Windows Live
2008-04-17 22:47 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-17 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 05:16 --------- d-----w C:\Program Files\Jasc Software Inc
2008-04-13 10:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-22 04:16 --------- d-----w C:\Program Files\PHP
2008-03-22 04:09 --------- d-----w C:\Program Files\Apache Software Foundation
2008-03-22 00:29 --------- d-----w C:\Program Files\No-IP
2008-03-19 07:19 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\gtk-2.0
2008-03-18 04:11 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\Intuit
2008-03-17 18:30 --------- d-----w C:\Program Files\Inkscape
2008-03-17 18:30 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\Inkscape
2008-03-11 16:41 --------- d-----w C:\Program Files\Lexmark 3500-4500 Series
2008-03-10 18:33 --------- d-----w C:\Program Files\Inno Setup 5
2008-03-10 17:52 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\Lexmark Productivity Studio
2008-03-10 17:47 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-03-10 17:46 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-03-07 05:51 --------- d-----w C:\Program Files\GrassSoft
2008-03-07 05:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grasssoft
2008-03-07 05:49 --------- d-----w C:\Program Files\Flash Website Design
2008-03-07 05:48 --------- d-----w C:\Program Files\Perfect Sound Recorder
2008-03-06 20:44 --------- d-----w C:\Program Files\Cheat Engine
2008-03-05 03:00 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\Dev-Cpp
2008-03-05 00:25 --------- d-----w C:\Program Files\Spanish CD
2008-03-03 05:04 --------- d-----w C:\Program Files\Microsoft Money 2006
2008-03-01 00:52 --------- d-----w C:\Program Files\Common Files\Bcgsoft
2008-03-01 00:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 00:43 --------- d-----w C:\Program Files\The Game Creators
2008-02-29 23:46 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\CoreFTP
2008-02-29 22:04 --------- d-----w C:\Program Files\CoreFTP
2008-02-29 03:22 --------- d-----w C:\Program Files\Conquer 2.0
2008-02-28 00:48 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-02-28 00:48 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-02-28 00:48 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-07 19:20 439,296 ----a-w C:\Documents and Settings\Brandon Thepvongsa\GoToAssist_phone__317_en.exe
2008-02-01 22:26 21,504 -c--a-w C:\WINDOWS\jestertb.dll
2008-01-08 19:24 26,694 -c--a-w C:\Program Files\12247285-4023-8430-9530-928348073246.ico
2007-11-15 17:42 26,694 -c--a-w C:\Program Files\12247285-4023-8430-9530-928348073245.ico
2007-09-18 22:17 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-05-26 22:39 64,280 -c--a-w C:\Documents and Settings\Singha Thepvongsa\Application Data\GDIPFONTCACHEV1.DAT
2006-05-09 03:43 57,312 -c--a-w C:\Documents and Settings\Brandon Thepvongsa\Application Data\GDIPFONTCACHEV1.DAT
2005-10-19 03:32 51,000 -c--a-w C:\Documents and Settings\Nancy Thepvongsa\Application Data\GDIPFONTCACHEV1.DAT
2005-10-06 23:51 389,632 -c--a-w C:\Documents and Settings\Singha Thepvongsa\remote.exe
2005-08-28 03:31 180,667 -csha-w C:\WINDOWS\Help\SBSI\dvd.bak1
2005-10-07 21:58 339,153 -csha-w C:\WINDOWS\Help\SBSI\dvd.bak2
2005-10-13 17:21 182,438 -csha-w C:\WINDOWS\Help\SBSI\dvd.ini2
2005-07-29 23:24 472 -csha-r C:\WINDOWS\U2luZ2hhICBUaGVwdm9uZ3Nh\oZ5RtZ11KF1ou3pTxA6Rtah1.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"SpySweeper"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-16 20:52 155648]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 14:46 135168]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42 1404928]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 14:54 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 23:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 23:05 127035]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20 50744]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 14:41 950272]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05 212992]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 19:19 143360]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28 196608]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 21:36 50688]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 03:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 03:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-16 20:52 155648]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 11:07 435120]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 05:40 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 11:10 312240]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 17:06 185896]

C:\Documents and Settings\Singha Thepvongsa\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2007-11-14 09:30:45 3656]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-18 16:42:00 124400]
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-01-18 00:38:50 41041]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifeBRLF]
iifeBRLF.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Singha Thepvongsa^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Singha Thepvongsa\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Singha Thepvongsa^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=C:\Documents and Settings\Singha Thepvongsa\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=C:\WINDOWS\pss\OneNote Table Of Contents.onetoc2Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-09-13 16:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
--a------ 2007-03-05 05:40 20480 C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
--a------ 2007-05-07 11:07 435120 C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2005-04-13 19:51 385024 C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-11-16 20:52 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-18 16:42 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-25 17:06 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
--a------ 2005-11-21 15:57 140880 C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=
"C:\\Program Files\\Java\\jdk1.6.0_03\\bin\\java.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\lxdicoms.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe"=
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Program Files\\Lexmark Fax Solutions\\faxctr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"= 43594:TCP:PkScape

R2 Apache2.2;Apache2.2;"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice []
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-04-26 08:38]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 08:38]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys [2008-02-02 23:36]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 05:00]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule
.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 02:30:53 C:\WINDOWS\Tasks\dfrg.job"
- C:\WINDOWS\system32\dfrg.msc
"2008-04-29 02:30:53 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 19:35:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\drivers\clbdriver.sys 6656 bytes executable
C:\Program Files\Common Files\Real\Plugins\clbascauth.dll 25088 bytes executable
C:\WINDOWS\system32\clb.dll 10752 bytes executable
C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
C:\WINDOWS\system32\clbcfg.dat 1695 bytes
C:\WINDOWS\system32\clbdll.dll 29184 bytes executable

scan completed successfully
hidden files: 7

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver]
"imagepath"="\??\globalroot\systemroot\system32\drivers\clbdriver.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-28 19:44:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-29 02:43:56

Pre-Run: 47,679,176,704 bytes free
Post-Run: 48,160,571,392 bytes free

340 --- E O F --- 2008-04-19 10:08:31







Here's the new Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47, on 2008-04-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...abs/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by135fd.bay13...es/MsnPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zon...ro.cab50997.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B54F3AD8-23D1-4C34-B421-525200FCDA81}: NameServer = 206.124.64.253,206.124.65.253
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifeBRLF - iifeBRLF.dll (file missing)
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13082 bytes

Edited by brandon99337, 28 April 2008 - 09:27 PM.


#12 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 28 April 2008 - 09:45 PM

A. First, we must ensure that your security programs are still disabled.

B. Please RUN HijackThis
  • Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
    R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in this thread so we can check how everything looks now. In addition, please tell me if there are any more malware problems that you are aware of.


C. 1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\BM67947289.xml
C:\WINDOWS\jestertb.dll
C:\Program Files\12247285-4023-8430-9530-928348073246.ico
C:\Program Files\12247285-4023-8430-9530-928348073245.ico
C:\WINDOWS\Help\SBSI\dvd.bak1
C:\WINDOWS\Help\SBSI\dvd.bak2
C:\WINDOWS\Help\SBSI\dvd.ini2
C:\Windows\\system32\drivers\clbdriver.sys

Folder::
C:\WINDOWS\system32\pnVes06
C:\Temp\zvebs14
C:\WINDOWS\U2luZ2hhICBUaGVwdm9uZ3Nh

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifeBRLF]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver]

Driver::
Apache2.2

Rootkit::
C:\WINDOWS\system32\drivers\clbdriver.sys 
C:\Program Files\Common Files\Real\Plugins\clbascauth.dll 
C:\WINDOWS\system32\clb.dll 
C:\WINDOWS\system32\clbcatex.dll 
C:\WINDOWS\system32\clbcatq.dll 
C:\WINDOWS\system32\clbcfg.dat 
C:\WINDOWS\system32\clbdll.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. Do not use your computer for any other purpose while ComboFix is running.

5. All your monitoring programs (Antivirus/Antispyware, Guards and Shields) will be stopped.

Posted Image

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

6. ComboFix will automatically REBOOT your machine when the KillAll:: switch is used..

7. Post the following logs/Reports:
  • ComboFix.txt
  • Fresh HijackThis log run after all the other tools have performed their cleanup.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


D. Using Internet Explorer, please do a Kaspersky Online Scan

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will provide a report if your system is infected. It does not provide an option to clean/disinfect. We only require a report from it.

    Posted Image

  • Click the Save as Text button to save the file to your desktop and post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#13 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 28 April 2008 - 10:31 PM

Alright I'm no longer having the online searches redirected :notworthy:

Here's my new HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31, on 2008-04-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeperUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF32383.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...abs/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by135fd.bay13...es/MsnPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zon...ro.cab50997.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B54F3AD8-23D1-4C34-B421-525200FCDA81}: NameServer = 206.124.64.253,206.124.65.253
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe

--
End of file - 12913 bytes


Here's the ComboFix Log

ComboFix 08-04-27.3 - Brandon Thepvongsa 2008-04-28 21:02:42.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.615 [GMT -7:00]
Running from: C:\Documents and Settings\Brandon Thepvongsa\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brandon Thepvongsa\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\12247285-4023-8430-9530-928348073245.ico
C:\Program Files\12247285-4023-8430-9530-928348073246.ico
C:\Windows\\system32\drivers\clbdriver.sys
C:\WINDOWS\BM67947289.xml
C:\WINDOWS\Help\SBSI\dvd.bak1
C:\WINDOWS\Help\SBSI\dvd.bak2
C:\WINDOWS\Help\SBSI\dvd.ini2
C:\WINDOWS\jestertb.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Singha Thepvongsa\err.log
C:\Documents and Settings\Singha Thepvongsa\ResErrors.log
C:\Program Files\12247285-4023-8430-9530-928348073245.ico
C:\Program Files\12247285-4023-8430-9530-928348073246.ico
C:\Program Files\Common Files\Real\Plugins\clbascauth.dll
C:\Temp\zvebs14
C:\WINDOWS\BM67947289.xml
C:\WINDOWS\Help\SBSI\dvd.bak1
C:\WINDOWS\Help\SBSI\dvd.bak2
C:\WINDOWS\Help\SBSI\dvd.ini2
C:\WINDOWS\jestertb.dll
C:\WINDOWS\system32\clb.dll
C:\WINDOWS\system32\clbcatex.dll
C:\WINDOWS\system32\clbcatq.dll
C:\WINDOWS\system32\clbcfg.dat
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\pnVes06
C:\WINDOWS\system32\pnVes06\pnVes061083.exe
C:\WINDOWS\U2luZ2hhICBUaGVwdm9uZ3Nh
C:\WINDOWS\U2luZ2hhICBUaGVwdm9uZ3Nh\oZ5RtZ11KF1ou3pTxA6Rtah1.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APACHE2.2
-------\Service_Apache2.2


((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-28 21:07 . 2008-04-28 21:07 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-28 20:49 . 2008-04-28 20:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-28 20:49 . 2008-04-28 20:49 <DIR> d-------- C:\Documents and Settings\Brandon Thepvongsa\Application Data\Webroot
2008-04-28 20:49 . 2007-12-04 23:24 145,208 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-04-28 20:49 . 2007-12-04 23:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-04-28 20:49 . 2007-12-04 23:24 20,792 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-04-28 20:49 . 2007-12-04 23:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-04-28 20:43 . 2008-04-28 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-28 17:28 . 2008-04-28 17:29 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-28 17:18 . 2008-04-28 17:18 578 --a------ C:\WINDOWS\index.html
2008-04-28 12:02 . 2008-04-28 12:02 <DIR> d-------- C:\Documents and Settings\Brandon Thepvongsa\Application Data\SUPERAntiSpyware.com
2008-04-28 11:08 . 2008-04-28 11:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-28 11:01 . 2008-04-28 16:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-28 11:01 . 2008-04-28 11:01 <DIR> d-------- C:\Documents and Settings\Singha Thepvongsa\Application Data\SUPERAntiSpyware.com
2008-04-28 11:01 . 2008-04-28 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-28 11:00 . 2008-04-28 11:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 22:15 . 2008-04-27 22:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-04-27 14:09 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-04-25 17:08 . 2008-04-25 17:08 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-18 16:42 . 2008-04-28 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-18 10:06 . 2008-04-18 10:06 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Earthlink
2008-04-17 18:44 . 2008-04-17 18:44 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\McAfee.com Personal Firewall
2008-04-17 15:48 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2008-04-14 18:24 . 2008-04-14 18:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-14 12:02 . 2008-04-27 14:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 10:32 . 2008-04-03 10:32 <DIR> d-------- C:\Program Files\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 03:49 --------- d-----w C:\Program Files\EarthLink TotalAccess
2008-04-28 23:58 --------- d-----w C:\Documents and Settings\Singha Thepvongsa\Application Data\DNA
2008-04-28 18:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 20:43 --------- d-----w C:\Documents and Settings\Singha Thepvongsa\Application Data\MSN6
2008-04-27 18:28 --------- d-----w C:\Program Files\Axis & Allies
2008-04-26 00:07 --------- d-----w C:\Program Files\Common Files\Real
2008-04-26 00:06 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-21 04:06 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\MSN6
2008-04-18 23:44 --------- d-----w C:\Program Files\Google
2008-04-18 05:02 --------- d-----w C:\Documents and Settings\Singha Thepvongsa\Application Data\Lexmark Productivity Studio
2008-04-17 22:48 --------- d-----w C:\Program Files\Windows Live
2008-04-17 22:47 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-17 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 05:16 --------- d-----w C:\Program Files\Jasc Software Inc
2008-04-13 10:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-03 17:32 56,912 ----a-w C:\WINDOWS\java\g2mdlhlpx.exe
2008-03-22 04:16 --------- d-----w C:\Program Files\PHP
2008-03-22 04:09 --------- d-----w C:\Program Files\Apache Software Foundation
2008-03-22 00:29 --------- d-----w C:\Program Files\No-IP
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 07:19 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\gtk-2.0
2008-03-18 04:11 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\Intuit
2008-03-17 18:30 --------- d-----w C:\Program Files\Inkscape
2008-03-17 18:30 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\Inkscape
2008-03-11 16:41 --------- d-----w C:\Program Files\Lexmark 3500-4500 Series
2008-03-10 18:33 --------- d-----w C:\Program Files\Inno Setup 5
2008-03-10 17:52 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\Lexmark Productivity Studio
2008-03-10 17:47 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-03-10 17:46 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-03-07 05:51 --------- d-----w C:\Program Files\GrassSoft
2008-03-07 05:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grasssoft
2008-03-07 05:49 --------- d-----w C:\Program Files\Flash Website Design
2008-03-07 05:48 --------- d-----w C:\Program Files\Perfect Sound Recorder
2008-03-06 20:44 --------- d-----w C:\Program Files\Cheat Engine
2008-03-05 03:00 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\Dev-Cpp
2008-03-05 00:25 --------- d-----w C:\Program Files\Spanish CD
2008-03-03 05:04 --------- d-----w C:\Program Files\Microsoft Money 2006
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 00:52 --------- d-----w C:\Program Files\Common Files\Bcgsoft
2008-03-01 00:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 00:43 --------- d-----w C:\Program Files\The Game Creators
2008-02-29 23:46 --------- d-----w C:\Documents and Settings\Brandon Thepvongsa\Application Data\CoreFTP
2008-02-29 22:04 --------- d-----w C:\Program Files\CoreFTP
2008-02-29 03:22 --------- d-----w C:\Program Files\Conquer 2.0
2008-02-28 00:48 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-02-28 00:48 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-02-28 00:48 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-07 19:20 439,296 ----a-w C:\Documents and Settings\Brandon Thepvongsa\GoToAssist_phone__317_en.exe
2007-09-18 22:17 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-05-26 22:39 64,280 -c--a-w C:\Documents and Settings\Singha Thepvongsa\Application Data\GDIPFONTCACHEV1.DAT
2006-05-09 03:43 57,312 -c--a-w C:\Documents and Settings\Brandon Thepvongsa\Application Data\GDIPFONTCACHEV1.DAT
2005-10-19 03:32 51,000 -c--a-w C:\Documents and Settings\Nancy Thepvongsa\Application Data\GDIPFONTCACHEV1.DAT
2005-10-06 23:51 389,632 -c--a-w C:\Documents and Settings\Singha Thepvongsa\remote.exe
2004-09-15 17:27 192,512 -c--a-w C:\WINDOWS\inf\unregmp2(2).exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-28_19.43.36.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-07-26 04:20:23 110,080 -c--a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
+ 2005-07-26 04:20:24 498,688 -c--a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
+ 2004-08-04 12:00:00 110,080 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll
+ 2004-08-04 12:00:00 501,248 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll
- 2008-04-29 02:30:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-29 04:07:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-08-04 12:00:00 10,752 -c--a-w C:\WINDOWS\system32\dllcache\clb.dll
+ 2005-07-26 04:39:43 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2005-07-26 04:39:43 498,688 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
+ 2007-12-05 06:28:22 10,240 ----a-w C:\WINDOWS\system32\ssiefr.EXE
+ 2007-12-05 06:28:56 232,760 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll
+ 2007-12-05 06:28:54 26,424 ----a-w C:\WINDOWS\system32\wrlzma.dll
+ 2007-12-05 06:28:52 612,152 ----a-w C:\WINDOWS\WRUninstall.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"SpySweeper"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-16 20:52 155648]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 14:46 135168]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42 1404928]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 14:54 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 23:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 23:05 127035]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20 50744]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 14:41 950272]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05 212992]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 19:19 143360]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28 196608]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 21:36 50688]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 03:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 03:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-16 20:52 155648]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 11:07 435120]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 05:40 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 11:10 312240]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 17:06 185896]
"combofix"="C:\WINDOWS\system32\CF32383.exe" [2004-08-04 05:00 388608]
"SpySweeper"="C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeperUI.exe" [2007-12-04 23:28 5081400]

C:\Documents and Settings\Singha Thepvongsa\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2007-11-14 09:30:45 3656]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-18 16:42:00 124400]
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-01-18 00:38:50 41041]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Singha Thepvongsa^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Singha Thepvongsa\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Singha Thepvongsa^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=C:\Documents and Settings\Singha Thepvongsa\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=C:\WINDOWS\pss\OneNote Table Of Contents.onetoc2Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-09-13 16:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
--a------ 2007-03-05 05:40 20480 C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
--a------ 2007-05-07 11:07 435120 C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2005-04-13 19:51 385024 C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-11-16 20:52 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-18 16:42 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-25 17:06 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
--a------ 2005-11-21 15:57 140880 C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=
"C:\\Program Files\\Java\\jdk1.6.0_03\\bin\\java.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\lxdicoms.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"C:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe"=
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Program Files\\Lexmark Fax Solutions\\faxctr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"= 43594:TCP:PkScape

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-04-26 08:38]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 08:38]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys [2008-02-02 23:36]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 05:00]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 04:07:45 C:\WINDOWS\Tasks\dfrg.job"
- C:\WINDOWS\system32\dfrg.msc
"2008-04-29 04:07:45 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 21:16:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-28 21:27:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-29 04:27:35
ComboFix2.txt 2008-04-29 02:44:13

Pre-Run: 48,072,622,080 bytes free
Post-Run: 48,065,933,312 bytes free

328 --- E O F --- 2008-04-19 10:08:31

#14 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 28 April 2008 - 10:50 PM

Part D of your instructions is still underway.

#15 brandon99337

brandon99337

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 29 April 2008 - 10:03 AM

Here is the Kaspersky Report... Also attached is the report in HTML...easier to read ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT 2008-04-29 08:55 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 29/04/2008 Kaspersky Anti-Virus database records: 730108 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ H:\ Scan Statistics: Total number of scanned objects: 151586 Number of viruses found: 41 Number of infected objects: 130 Number of suspicious objects: 0 Duration of the scan process: 02:05:02 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped C:\Documents and Settings\All Users\Documents\address.WAB Object is locked skipped C:\Documents and Settings\All Users\Documents\desktop.ini Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\ OT-ServiceDogs.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Al7bar .tk FTA Satellite Television Community, Audio-Video and more!.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\ASL Browser.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Assistance Dog Equipment.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\AuthPro Login, password protection and membership management automation for your website.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\blockbuster.com - Movies Landing.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Brandons Random Straw Science Experiment.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Cochlear Americas.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Dell\Dell Auction.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Dell\Dell.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Dell\Gigabuys.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Dell\Support.Dell.com.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\DentalPlans.com Member's Area Home.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Desktop.ini Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Etch A Sketch Flash Game.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Forward and Back Buttons in JavaScript.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Future-FTA - Powered by vBulletin.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\GSN - The Network For Games.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Hilary-Duff.Net [Juicy Fruit] - Your #1 source for Hilary Duff!!.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\http--www.hapo.org-.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Inkdeals.com Inkjet Cartridges and Laser Toners for your printing needs.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Invision Free.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Javascripts by Java-Scripts.net Free javascripts, tutorials, examples, and resources.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Key Bank - Online Banking.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\KSD Parent Portal.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Lemonade Stand Game.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Links\Customize Links.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Links\Free Hotmail.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Links\home.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Links\RealPlayer.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Links\Windows Marketplace.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Links\Windows Media.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Links\Windows.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Links\www.msn.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Make animations and create cartoons with four basic shapes - Aniboom’s Shapeshifter.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\MealTime Online - Sign In.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\memolink.com.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Microsoft Websites\IE Add-on site.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Microsoft Websites\IE site on Microsoft.com.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Microsoft Websites\Marketplace.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Microsoft Websites\Microsoft At Home.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Microsoft Websites\Microsoft At Work.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Microsoft Websites\Welcome to IE7.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\MIS Business Administration Center.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\MSN.com.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\MusiCountry.com Hilary Duff - Hilary Duff Most Wanted (The Collector's Signature Edition + Free Wristband).url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\My Address Book.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\My Calendar.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\My Favorite Stuff-Birthday Gifts-(Ex.Mikaela).url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\NFL Pool -.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Paintball Sponso.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Project Entropia.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Radio Station Guide.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\RealPlayer Home Page.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Runescape Clan Admin.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Runescapes Evil Omen -- Main Page.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Self-auditory rehabilitation materials.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Sign Language.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Sorenson VRS.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\South Eastern Washington Service Center of the Deaf and Hard of Hearing.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\SuperPages.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\T-CYSA Home.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Central\E-Mail & More.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Central\Help and Support.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Central\Home.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Central\Latest Internet Products.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Central\More From Verizon.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Central\Music, Games & Video.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Central\My Account.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Central\My Web Space.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Central\Resource Center.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Central\Verizon Central.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Central.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Links\About Verizon.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Links\Broadband Guide.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Links\DSL Welcome page.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Links\Home.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Links\Internet Security Center.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Links\More From Verizon.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Links\MSN Premium.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Links\Music, Games & Video.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Links\Search.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Links\SuperPages.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Links\Switching Tips.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Verizon Links\Verizon Wireless.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\VivaTRU™ Welcome -Affiliate Site.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\VivaTru™ Welcome to the Gift of VIVA, the Gift of Life!.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Autos.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Biz & Money.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Careers.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Computing.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Entertainment.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Family.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Games.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Health.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Living.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Local.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Multimedia.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Music.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\News and Media.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Shopping.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Sports.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Spotlight.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Teens.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Web Channels\Travel.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\Welcome to MSN.com.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\West At Home Agent.url Object is locked skipped C:\Documents and Settings\All Users\Documents\Favorites\westell Connection Summary.url Object is locked skipped C:\Documents and Settings\All Users\Documents\marlis super show bratz center.ppt Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\PS2Trial.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\PSLite.wpl Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini Object is locked skipped C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Application Data\Earthlink\6.0\brandonduh@earthlink.net\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Application Data\Webroot\Spy Sweeper\Logs\080428211340.ses Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/000060.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/000080.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.y skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/000080.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.y skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/000080.exe Infected: not-a-virus:AdWare.Win32.AdBand.y skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/b02FdUe1065.exe Infected: Trojan-Downloader.Win32.VB.awj skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/b104.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/b143.exe Infected: Trojan-Downloader.Win32.Agent.dlx skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/sockins32.dll Infected: not-a-virus:AdWare.Win32.BHO.aqo skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/winself.exe Infected: Trojan.Win32.DNSChanger.cjd skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.bvd skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/Yazzle1552OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip/backups/Yazzle1552OinUninstaller.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped C:\Documents and Settings\Brandon Thepvongsa\Desktop\SDFix\backups\backups.zip ZIP: infected - 18 skipped C:\Documents and Settings\Brandon Thepvongsa\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini.inuse Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Local Settings\History\History.IE5\MSHist012008042820080429\index.dat Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Local Settings\temp\~DFA4B5.tmp Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Local Settings\temp\~DFDA33.tmp Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Local Settings\temp\~DFDA58.tmp Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Local Settings\temp\~DFE644.tmp Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Local Settings\Temporary Internet Files\Content.IE5\2EY2R4TI\bibbyPierce[1].flv Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Local Settings\Temporary Internet Files\Content.IE5\GFBQ2Y26\kiddPaul[1].flv Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\Local Settings\Temporary Internet Files\Content.IE5\W31JMB01\std_8d20f021c45f8e7d9531c1fa91dd1bc0[1].mp3 Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\ntuser.dat Object is locked skipped C:\Documents and Settings\Brandon Thepvongsa\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Mikaela Thepvongsa\Local Settings\Temp\AntiPhishing\FDE76B9D-4657-4B28-AE87-04EFD23D4EB6.dat Object is locked skipped C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe/WISE0057.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe/WISE0058.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe/WISE0059.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe/WISE0060.BIN/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe/WISE0060.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe/WISE0060.BIN/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe/WISE0060.BIN/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.370 skipped C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe/WISE0060.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe/WISE0060.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe/WISE0060.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe/WISE0061.BIN Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k skipped C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe/WISE0062.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe WiseSFX: infected - 12 skipped C:\Documents and Settings\Mikaela Thepvongsa\My Documents\My Downloads\waterfalls2free.exe WiseSFXDropper: infected - 12 skipped C:\Documents and Settings\Nancy Thepvongsa\Local Settings\Temp\AntiPhishing\FDE76B9D-4657-4B28-AE87-04EFD23D4EB6.dat Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS01865829-B216-44F2-8109-6797B565B585.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS023EACB4-3789-4517-AFF3-5C7C92324A93.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0663FFCF-B009-4766-85D9-D34B4CD18E0E.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS07465357-D249-447C-B64D-F69C3CFA91E5.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS07EA8A2E-0122-4149-8086-CAE0E257F492.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0C6AC6F3-83D6-4933-8A49-D61B0D9280D6.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS11A5B155-AB8B-4824-B9D6-BAD1A92331F6.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1394811C-F0E1-4921-9EDE-4CFF286935A9.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS14793888-81D8-4BE3-983B-F15744D71E43.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS14E0E7F0-07C6-4072-B62E-2E777EE74291.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS14FA584C-9BA8-4588-B478-3C6397C11178.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS216FE393-3DD3-415E-8C72-A18A4CD8CAD8.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS24AE9170-CC8F-4BB2-8D78-DB6A84AD4716.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS25697E75-D2F8-4A7C-B964-F4AD2046DB99.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS27792D51-1CE5-43D4-97C1-E42121237007.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS29039B50-5A22-47D8-9E1D-BA846592D2F4.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS29D3889E-676B-4CB6-BB34-3F3224EDA2BA.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2B6400C7-3E1F-474E-8700-A6D5B4FB645E.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2D2C8A93-C3DE-4228-AF65-5DAA306BF1B3.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2DE32610-50A5-49D2-BBD8-8B8ACC493230.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS325F78AC-8DC6-4505-A3C7-395B4E69E17D.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS32B5F70B-602B-4DA2-BBAF-002E52727250.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS340A85CE-6652-411E-B0D0-2A9F0A5DD34F.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3528E205-2C13-4101-863B-3FDA64024BD0.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS35E95DFA-2A42-4CC0-8830-E003CA8C856A.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS36BC9F0F-7526-406E-97D6-3B7B154AE56C.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS397260E1-7549-4C65-B561-DE292A4049F8.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3BBEF0F3-7198-45F1-A7B8-2674DF63B1A8.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS43CB4A76-C8E4-42C4-85A4-CFF8B8B14168.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4A4AFFB9-B807-4BE0-B3D5-6829928DFD41.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4EE05A67-0D5E-4D94-9490-027A13EBABCC.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS51765978-0FBB-4F78-A18A-7A79450CC71C.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5288CCF9-AA1E-40A2-BBFC-434EDF8AEFBD.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS55016400-4E21-4BB5-A2A1-669EBF7D127A.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS589EE625-8A63-4BEA-B0F6-476205EE4DE7.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5D88C448-92BE-4B25-8AA9-8B167340FB75.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5ED6682A-D9FB-459F-8D31-491E68CF267E.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6333DFC9-FE4E-4767-8428-840F4A156E8C.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS647DA1CB-E16F-49C5-A052-D54E1489E38E.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS656D7F63-B620-49DB-8044-FA1DC676468D.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS66F6EF5C-8746-4F2F-8CFE-47265CD1954E.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS676F5A7E-7BD7-44A0-A17F-5EAF23FB7AB8.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS682391DC-35A6-4A8C-913E-97963F21E2DC.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS69871923-4FDA-45B0-BD84-CF3FA7D67789.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6E21B167-D03A-4F24-9407-621522E64657.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS71A04D7E-0A26-4CC3-9844-580869FC6C98.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS789B9FC8-551A-4EF5-89A9-5294AD2E253F.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7B22932B-DD2F-45C2-A84B-908A803DF7A2.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7DF8D371-EAD9-4C91-BD8A-9A1D5AE60C3F.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7EECF37C-B5C2-4A2D-AFCE-379BA1B094DD.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7FC7BDD1-11DD-41A6-90B3-02697580D054.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS80C4476D-6FC6-4ADB-A650-779D90D51CF5.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS82C7FF19-4F0F-4568-A1E9-F79E02454815.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS83DAE52C-B71C-487F-AD68-176DE29776C3.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS87833E03-FE67-47DA-A754-85F16286E459.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS87BD60B6-1BC9-40F3-9189-F1C4D7FFEB89.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS87CE2B85-4040-48B4-B0DB-FCEC2AFC852C.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B5047B8-F9EF-4742-B95E-96D9CDCF68F2.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8DFA67BA-D593-42CE-A4CB-8F8A07CF3B74.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS93A8B1ED-7F6F-48AF-BF05-D2D7A1354A9C.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS951A058C-49FD-4804-9284-8EB0169E9D56.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS999F9B2A-0DD0-4B5C-B22D-A2E7597A8159.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9C18A750-967A-48B7-A2C4-B82D45AA8862.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9C7C0AEC-FE43-4433-8110-7910585C8A83.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA1D1F7BF-0D87-4F6C-86EB-202BD67E7DDB.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSADBC7979-7172-4EAE-BD2E-BD8856B723B0.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB52718EF-9F6A-43D0-842A-999978C26A38.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB9B8755C-D9BA-4557-9C54-382C427A9F99.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC20FFEAD-D3E3-41D1-9D18-AE0B06E07C67.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC98E592E-235F-41AB-844A-196C0E380535.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCE3FAA45-A867-44C9-A7E2-598FE66BD724.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCE538308-B18D-4F4C-AC5A-F5F9DAB6F3CF.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD438A01B-C2DE-42C5-9FE0-4678D7341063.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD48ADA54-C863-4EFE-AC7C-2331EBFDE917.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD8369311-D05F-4932-94F3-5E8C7B097287.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE0ACC2C5-0506-4790-A19A-FF1B8805AD71.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE120230A-70C4-4AB9-9D0E-D2E54CFB86E2.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE1D07B1F-EDCE-4F85-99DE-A7C5011BD525.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE4846AEB-4A6E-4AE2-BB84-F6EA72A675BF.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE6DE45AB-AD4D-49D0-ADA9-33DE4D2C2999.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE8975F0F-5435-4D6E-BAB3-C9F450F0C416.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE8B78D62-25D9-4BCE-A43A-219D3BDB9737.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEACB9603-2E72-4173-89FB-BDF0A349C5F1.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSED4D4421-0907-496D-B83D-155E6FC689A4.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEEFB00BC-FB61-4F6C-B227-AD178DF33F12.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF2F781A5-48F9-4C29-B7CF-161A6D5AAD0C.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF3E3DC0C-950D-471E-8F52-D4F4B1BD713B.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF84C1148-1DAF-4BB5-9E76-D517DEF8383A.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF96F24EB-AFEA-4E59-8994-857D69EE280A.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFB5BC88D-48CD-42C4-800F-9A937BE06E65.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFF05EF74-9FB8-441A-A84B-CDB52331C3EA.tmp Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\temp\Perflib_Perfdata_dc.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Singha Thepvongsa\My Documents\Downloads\OregonTrail-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped C:\Program Files\Common Files\Verizon Online\ConnMgr\VZLog Object is locked skipped C:\Program Files\EarthLink TotalAccess\Spyware Blocker\Masters\Masters.const Object is locked skipped C:\Program Files\EarthLink TotalAccess\Spyware Blocker\Masters\Masters.mst Object is locked skipped C:\Program Files\EarthLink TotalAccess\Spyware Blocker\Masters.base Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_91.trc Object is locked skipped C:\Program Files\Windows Media Player\rteqepranek.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped C:\QooBox\Quarantine\C\Program Files\SoftwareOnline\soproc.exe.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ae skipped C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: not-virus:Hoax.Win32.Renos.bvd skipped C:\QooBox\Quarantine\C\WINDOWS\system32\aevtrfag.dll.vir Infected: Packed.Win32.Monder.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\cxclivkg.dll.vir Infected: Packed.Win32.Monder.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fkdyekiq.dll.vir Infected: Packed.Win32.Monder.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hbtdvjht.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped C:\QooBox\Quarantine\C\WINDOWS\system32\iifeBRLF.dll.vir Infected: Packed.Win32.Monder.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\kmrpkqha.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nngnncrc.dll.vir Infected: Packed.Win32.Monder.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\pmkkevry.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped C:\QooBox\Quarantine\C\WINDOWS\system32\pnVes06\pnVes061083.exe.vir Infected: Trojan-Downloader.Win32.VB.ebf skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vqgfxcne.dll.vir Infected: Packed.Win32.Monder.gen skipped C:\QooBox\Quarantine\catchme2008-04-28_192805.17.zip/ssqNHxwx.dll Infected: Packed.Win32.Monder.gen skipped C:\QooBox\Quarantine\catchme2008-04-28_192805.17.zip ZIP: infected - 1 skipped C:\QooBox\Quarantine\catchme2008-04-28_210439.70.zip/clbdriver.sys Infected: Rootkit.Win32.Agent.aii skipped C:\QooBox\Quarantine\catchme2008-04-28_210439.70.zip/clbdll.dll Infected: Trojan-Downloader.Win32.Small.uzg skipped C:\QooBox\Quarantine\catchme2008-04-28_210439.70.zip ZIP: infected - 2 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0128275.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0128277.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0128278.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0128281.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP353\A0128404.exe Infected: not-a-virus:AdWare.Win32.AdBand.y skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0128459.dll Infected: not-a-virus:AdWare.Win32.MyWay.v skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133482.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133516.old Infected: Trojan-Downloader.Win32.Small.ixt skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133525.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133525.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133526.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133526.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133526.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133526.exe NSIS: infected - 3 skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133527.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133528.exe Infected: Trojan-Downloader.Win32.Agent.dlx skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133529.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133531.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.y skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133531.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.y skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133531.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133532.exe Infected: Trojan-Downloader.Win32.VB.awj skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133533.dll Infected: not-a-virus:AdWare.Win32.BHO.aqo skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133534.exe Infected: not-virus:Hoax.Win32.Renos.bvd skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133536.exe Infected: Trojan.Win32.DNSChanger.cjd skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133544.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133546.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.y skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133546.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.y skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133546.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133547.exe Infected: Trojan-Downloader.Win32.VB.awj skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133548.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133548.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133548.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133548.exe NSIS: infected - 3 skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133549.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133550.exe Infected: Trojan-Downloader.Win32.Agent.dlx skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133552.dll Infected: not-a-virus:AdWare.Win32.BHO.aqo skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133556.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133557.exe Infected: Trojan.Win32.DNSChanger.cjd skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133558.exe Infected: not-virus:Hoax.Win32.Renos.bvd skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133561.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0133561.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP355\A0133610.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.ae skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP355\A0133613.exe Infected: not-virus:Hoax.Win32.Renos.bvd skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP355\A0133614.dll Infected: Packed.Win32.Monder.gen skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP355\A0133615.dll Infected: Packed.Win32.Monder.gen skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP355\A0133616.dll Infected: Packed.Win32.Monder.gen skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP355\A0133617.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP355\A0133618.dll Infected: Packed.Win32.Monder.gen skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP355\A0133619.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP355\A0133620.dll Infected: Packed.Win32.Monder.gen skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP355\A0133621.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP355\A0133622.dll Infected: Packed.Win32.Monder.gen skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP356\A0133729.exe Infected: Trojan-Downloader.Win32.VB.ebf skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP356\change.log Object is locked skipped C:\VundoFix Backups\ahuucbiu.exe.bad Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\VundoFix Backups\awvts.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.la skipped C:\VundoFix Backups\hmamskud.exe.bad Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\VundoFix Backups\pnoseehi.exe.bad Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\VundoFix Backups\qerhpsgc.exe.bad Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\VundoFix Backups\rbeeegtj.exe.bad Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\VundoFix Backups\rlfwydee.exe.bad Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\VundoFix Backups\sexxnsbt.exe.bad Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\VundoFix Backups\spvuyswn.exe.bad Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\VundoFix Backups\ssdnjwlf.exe.bad Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\VundoFix Backups\sxpymmih.exe.bad Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\VundoFix Backups\yobttqcr.exe.bad Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped C:\WINDOWS\Downloaded Program Files\vzbb.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\aycqlayw.exe Infected: Trojan.Win32.Agent.aoy skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CBGN6JC1\update[1].upd Infected: Trojan-Downloader.Win32.Small.uzg skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I1TLVEXG\1[1].exe Infected: not-a-virus:FraudTool.Win32.AntiSpySpider.c skipped C:\WINDOWS\system32\dktmvnnk.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\WINDOWS\system32\gllnmicj.exe Infected: Trojan.Win32.Agent.aoy skipped C:\WINDOWS\system32\gyfrbamj.exe Infected: Trojan.Win32.Agent.aoy skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\mgpqcmvt.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\WINDOWS\system32\raruvwlh.exe Infected: Trojan.Win32.Agent.aoy skipped C:\WINDOWS\system32\reqiemqs.exe Infected: Trojan.Win32.Agent.aoy skipped C:\WINDOWS\system32\sodknaek.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\xbcvhmmx.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

Attached Files


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users