Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Malware problem

(New)
(!)

lancel's Avatar
lancel lancel is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
18-Aug-2007, 05:58 PM #1
Solved: Malware problem
At least I think it is. I keep getting pop ups and I'm getting download requests fron Winantispy 2007. Don't know what else to put in here but here's my hijack this log. Hope I did it right, not sure honestly.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:15 PM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\taskmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Lance\sdadlrow-t2.exe
C:\WINDOWS\g4356cbvy63.exe
C:\WINDOWS\System32\KB_963491.exe
C:\WINDOWS\System32\ocxloader.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\DOCUME~1\Lance\LOCALS~1\Temp\rsysinit.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Lance\LOCALS~1\Temp\18359\gm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\taskmgr.exe,
O1 - Hosts: 58.65.239.66 www.veryfastsearch.com
O1 - Hosts: 58.65.239.66 veryfastsearch.com127.0.0.1 www.trendmicro.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {142540F2-ABDD-41EF-93B1-2123308FF454} - \
O2 - BHO: (no name) - {18ADFA67-1F0A-458B-893E-245D895B9085} - C:\WINDOWS\shwol.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll
O2 - BHO: (no name) - {5B8A1879-70B1-4723-84EE-EED89EF3AAA7} - C:\WINDOWS\System32\mljgh.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: (no name) - {E25600A1-015A-4F11-B0FA-C098C26D7599} - C:\WINDOWS\System32\vtutu.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: NLogSink Class - {A4CD0C95-628E-4754-A4C5-022405B55FDE} - C:\WINDOWS\System32\logger.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
O4 - HKLM\..\Run: [nwiz] nwiz.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [svhost] C:\WINDOWS\twain_32.exe
O4 - HKLM\..\Run: [{21-14-42-2D-ZN}] C:\DOCUME~1\Lance\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [bantool] C:\Documents and Settings\Lance\sdadlrow-t2.exe
O4 - HKLM\..\Run: [{ZN}] C:\Documents and Settings\Lance\TISKY008.exe SKY008
O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
O4 - HKLM\..\Run: [Winmplayer] "C:\WINDOWS\System32\KB_963491.exe"
O4 - HKLM\..\Run: [ocxloader.exe] C:\WINDOWS\System32\ocxloader.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [ms] C:\DOCUME~1\Lance\LOCALS~1\Temp\18359\gm.exe
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Hjsdf9ui9jkeftdf] C:\DOCUME~1\Lance\LOCALS~1\Temp\svchots.exe
O4 - HKCU\..\Run: [XP restart system] C:\DOCUME~1\Lance\LOCALS~1\Temp\wnset.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Lance\TISKY008.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://chat3.cytron.com:8080/java/cr.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32DAB027-944D-4E5B-A04E-0C0297378F2E}: NameServer = 85.255.116.84,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A795F2A-951C-4DE2-BDCA-686A6668FC87}: NameServer = 85.255.116.84,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{69BDE57A-215F-466C-B0B6-B7D7434E70DD}: NameServer = 85.255.116.84,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{70DEFA87-767E-48A5-B03E-097365638F4D}: NameServer = 85.255.116.84,85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191
O20 - AppInit_DLLs: C
O20 - Winlogon Notify: fccawwx - fccawwx.dll (file missing)
O20 - Winlogon Notify: gebxvuv - gebxvuv.dll (file missing)
O20 - Winlogon Notify: mljgh - C:\WINDOWS\System32\mljgh.dll (file missing)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\System32\vtutu.dll (file missing)
O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\jqwr.dll
O21 - SSODL: mhETsXpnnY - {1422142E-BE88-BE84-B910-E9BC53A70CE9} - C:\WINDOWS\System32\kjcl.dll
O22 - SharedTaskScheduler: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\jqwr.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Windows Notification Service (Winnotify) - Unknown owner - C:\WINDOWS\System32\winntify.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10965 bytes
MFDnNC's Avatar
Member with 49,015 posts.
 
Join Date: Sep 2004
18-Aug-2007, 06:07 PM #2
You have a LOT of problems - be patient this will take a while - be sure to do ALL of what I post

========================
Download win32delfkil.exe: http://users.telenet.be/marcvn/tools/win32delfkil.exe
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil
Close all windows, open the win32delfkil folder and double click on fix.bat.

The computer will reboot automatically
====================

Please download FixWareout from one of these mirrors:
http://www.bleepingcomputer.com/file...Fixwareout.exe
http://downloads.subratam.org/Fixwareout.exe

Note: You must have an active Internet connection when running this fix, in order to download the Brute Force Uninstaller (BFU).

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.
============================

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sect...s/ComboFix.exe
or
http://download.bleepingcomputer.com...a/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/supe...freevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me regardless of what it finds with a new HijackThis log.

This will take some time!!!!!!!!
lancel's Avatar
lancel lancel is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
18-Aug-2007, 08:44 PM #3
K, did fixwareout and then reran hijack this. Though at the end of fixware out it didn't give me a message about downloading bruteforce, but it said it was complete.

Fixwareout log:

Username "Lance" - 2007-08-18 19:31:20 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdjgx.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.84 85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{32DAB027-944D-4E5B-A04E-0C0297378F2E}
"nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{4A795F2A-951C-4DE2-BDCA-686A6668FC87}
"nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{69BDE57A-215F-466C-B0B6-B7D7434E70DD}
"nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{70DEFA87-767E-48A5-B03E-097365638F4D}
"nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{32DAB027-944D-4E5B-A04E-0C0297378F2E}
"DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{69BDE57A-215F-466C-B0B6-B7D7434E70DD}
"DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{70DEFA87-767E-48A5-B03E-097365638F4D}
"DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{C7D0BAA6-E74C-4F5F-A151-0DF9DE9AC740}
"DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.

Could not flush the DNS Resolver Cache: Function failed during execution.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\Temp\kdjgx.ren 71233 2002-09-03

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="\"RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup\""
"nwiz"="nwiz.exe "
"BCMSMMSG"="BCMSMMSG.exe"
"PRISMSVR.EXE"="\"C:\\WINDOWS\\System32\\PRISMSVR.EXE\" /APPLY"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"svhost"="\"C:\\WINDOWS\\svhost.exe\""
"{21-14-42-2D-ZN}"="C:\\DOCUME~1\\Lance\\LOCALS~1\\Temp\\thinksnet.exe CHD003"
"Winmplayer"="\"C:\\WINDOWS\\System32\\KB_963491.exe\""
"SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup"
"startdrv"="C:\\WINDOWS\\Temp\\startdrv.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"Hjsdf9ui9jkeftdf"="C:\\DOCUME~1\\Lance\\LOCALS~1\\Temp\\svchots.exe"
"Fvsqnh"="\"C:\\Documents and Settings\\Lance\\Application Data\\M?crosoft.NET\\w?auboot.exe\""
"WinTouch"="C:\\Documents and Settings\\Lance\\Application Data\\WinTouch\\WinTouch.exe"
"SfKg6w"="C:\\Documents and Settings\\Lance\\Application Data\\Microsoft\\Windows\\pqukk.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»



Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38, on 2007-08-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
c:\windows\system32\notepad.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\System32\KB_963491.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Lance\Application Data\M?crosoft.NET\w?auboot.exe
C:\Documents and Settings\Lance\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Lance\Application Data\Microsoft\Windows\pqukk.exe
c:\progra~1\yahoo!\messen~1\ymsgr_tray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\docume~1\lance\locals~1\temp\!update.exe
c:\docume~1\lance\mydocu~1\fnts~1\winword.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
O4 - HKLM\..\Run: [nwiz] nwiz.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [{21-14-42-2D-ZN}] C:\DOCUME~1\Lance\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [Winmplayer] "C:\WINDOWS\System32\KB_963491.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [{ZN}] C:\Documents and Settings\Lance\TISKY008.exe SKY008
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Hjsdf9ui9jkeftdf] C:\DOCUME~1\Lance\LOCALS~1\Temp\svchots.exe
O4 - HKCU\..\Run: [Fvsqnh] "C:\Documents and Settings\Lance\Application Data\M?crosoft.NET\w?auboot.exe"
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Lance\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Lance\Application Data\Microsoft\Windows\pqukk.exe
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Lance\MYDOCU~1\FNTS~1\winword.exe" -vt yazb
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Lance\TISKY008.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://chat3.cytron.com:8080/java/cr.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - AppInit_DLLs: finger.dll
O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - (no file)
O21 - SSODL: mhETsXpnnY - {1422142E-BE88-BE84-B910-E9BC53A70CE9} - C:\WINDOWS\System32\kjcl.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Windows Notification Service (Winnotify) - Unknown owner - C:\WINDOWS\System32\winntify.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8114 bytes
MFDnNC's Avatar
Member with 49,015 posts.
 
Join Date: Sep 2004
18-Aug-2007, 08:57 PM #4
Keep going DO ALL OF IT!
lancel's Avatar
lancel lancel is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
18-Aug-2007, 10:34 PM #5
Fixwareout log:

Username "Lance" - 2007-08-18 19:31:20 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdjgx.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.84 85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{32DAB027-944D-4E5B-A04E-0C0297378F2E}
"nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{4A795F2A-951C-4DE2-BDCA-686A6668FC87}
"nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{69BDE57A-215F-466C-B0B6-B7D7434E70DD}
"nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{70DEFA87-767E-48A5-B03E-097365638F4D}
"nameserver"="85.255.116.84,85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{32DAB027-944D-4E5B-A04E-0C0297378F2E}
"DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{69BDE57A-215F-466C-B0B6-B7D7434E70DD}
"DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{70DEFA87-767E-48A5-B03E-097365638F4D}
"DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{C7D0BAA6-E74C-4F5F-A151-0DF9DE9AC740}
"DhcpNameServer"="85.255.116.84,85.255.112.191" <Value cleared.

Could not flush the DNS Resolver Cache: Function failed during execution.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\Temp\kdjgx.ren 71233 2002-09-03

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="\"RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup\""
"nwiz"="nwiz.exe "
"BCMSMMSG"="BCMSMMSG.exe"
"PRISMSVR.EXE"="\"C:\\WINDOWS\\System32\\PRISMSVR.EXE\" /APPLY"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"svhost"="\"C:\\WINDOWS\\svhost.exe\""
"{21-14-42-2D-ZN}"="C:\\DOCUME~1\\Lance\\LOCALS~1\\Temp\\thinksnet.exe CHD003"
"Winmplayer"="\"C:\\WINDOWS\\System32\\KB_963491.exe\""
"SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup"
"startdrv"="C:\\WINDOWS\\Temp\\startdrv.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"Hjsdf9ui9jkeftdf"="C:\\DOCUME~1\\Lance\\LOCALS~1\\Temp\\svchots.exe"
"Fvsqnh"="\"C:\\Documents and Settings\\Lance\\Application Data\\M?crosoft.NET\\w?auboot.exe\""
"WinTouch"="C:\\Documents and Settings\\Lance\\Application Data\\WinTouch\\WinTouch.exe"
"SfKg6w"="C:\\Documents and Settings\\Lance\\Application Data\\Microsoft\\Windows\\pqukk.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
lancel's Avatar
lancel lancel is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
18-Aug-2007, 10:34 PM #6
Combofix log:

ComboFix 07-08-14.4 - "Lance" 2007-08-18 20:04:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.59 [GMT -5:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\50745315.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\Lance\APPLIC~1.\mcroso~1.net
C:\DOCUME~1\Lance\APPLIC~1.\mcroso~1.net\w?auboot.exe
C:\DOCUME~1\Lance\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\Lance\APPLIC~1.\winantispyware 2007 free
C:\DOCUME~1\Lance\APPLIC~1.\winantispyware 2007 free\description.txt
C:\DOCUME~1\Lance\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\Lance\APPLIC~1\..\err.log
C:\DOCUME~1\Lance\APPLIC~1\Microsoft\25319.dat
C:\DOCUME~1\Lance\APPLIC~1\WinAntiSpyware 2006
C:\DOCUME~1\Lance\APPLIC~1\WinAntiSpyware 2006\Logs\update.log
C:\DOCUME~1\Lance\APPLIC~1\WinAntiSpyware 2007 Free\description.txt
C:\DOCUME~1\Lance\APPLIC~1\WinAntiSpyware 2007\Logs\update.log
C:\DOCUME~1\Lance\APPLIC~1\WinTouch\wintouch.cfg
C:\DOCUME~1\Lance\APPLIC~1\WinTouch\WinTouch.exe
C:\DOCUME~1\Lance\APPLIC~1\WinTouch\WTUninstaller.exe
C:\DOCUME~1\Lance\MYDOCU~1.\fnts~1
C:\DOCUME~1\Lance\MYDOCU~1.\fnts~1\?ymantec\
C:\DOCUME~1\Lance\MYDOCU~1.\fnts~1\winword.exe
C:\DOCUME~1\Lance\STARTM~1\Programs.\Outerinfo
C:\DOCUME~1\Lance\STARTM~1\Programs.\Outerinfo\Terms.lnk
C:\DOCUME~1\Lance\STARTM~1\Programs.\Outerinfo\Uninstall.lnk
C:\DOCUME~1\Lance\STARTM~1\Programs\Startup.\TA_Start.lnk
C:\Program Files\Common Files\microsoft shared\web folders\ibm00003.dll
C:\Program Files\Common Files\microsoft shared\web folders\ibm00004.dll
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\network monitor
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Program Files\TTC.dll
C:\Program Files\winantispyware 2007
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\0fc95ab4a51949060bc9e6b8\e1071d 7490054b427d2ec4bb\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\0fc95ab4a51949060bc9e6b8\e1071d 7490054b427d2ec4bb\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\0fc95ab4a51949060bc9e6b8\e1071d 7490054b427d2ec4bb\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\0fc95ab4a51949060bc9e6b8\e1071d 7490054b427d2ec4bb\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\0fc95ab4a51949060bc9e6b8\e1071d 7490054b427d2ec4bb\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\0fc95ab4a51949060bc9e6b8\e1071d 7490054b427d2ec4bb\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\5f61bace606c41905620e18a\d83ad8 df07774157a18f4f92\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\5f61bace606c41905620e18a\d83ad8 df07774157a18f4f92\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\5f61bace606c41905620e18a\d83ad8 df07774157a18f4f92\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\5f61bace606c41905620e18a\d83ad8 df07774157a18f4f92\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\5f61bace606c41905620e18a\d83ad8 df07774157a18f4f92\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\4721f80d6ff446f8a83feb89\5f61bace606c41905620e18a\d83ad8 df07774157a18f4f92\#name
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\brr
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\g4356cbvy63.exe
C:\WINDOWS\notedad.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\0_exception.nls
C:\WINDOWS\system32\ahui.dll
C:\WINDOWS\system32\append.dll
C:\WINDOWS\system32\arp.dll
C:\WINDOWS\system32\attrib.dll
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\B1\chkq22011.exe
C:\WINDOWS\system32\charmap.dll
C:\WINDOWS\system32\chkdsk.dll
C:\WINDOWS\system32\chkntfs.dll
C:\WINDOWS\system32\cisvc.dll
C:\WINDOWS\system32\ckcnv.dll
C:\WINDOWS\system32\cleanmgr.dll
C:\WINDOWS\system32\clipbrd.dll
C:\WINDOWS\system32\clipsrv.dll
C:\WINDOWS\system32\csrss.dll
C:\WINDOWS\system32\ctfmon.dll
C:\WINDOWS\system32\czgjcnx.dll
C:\WINDOWS\system32\dllhost.dll
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\drwtsn32.dll
C:\WINDOWS\system32\dvdplay.dll
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\evdcnlm.dll
C:\WINDOWS\system32\explorer.dll
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f10WtR\f10WtR1099.exe
C:\WINDOWS\system32\G1
C:\WINDOWS\system32\G1\by88.exe
C:\WINDOWS\system32\iexplorer.dll .dbt
C:\WINDOWS\system32\javaw.dll
C:\WINDOWS\system32\KB04080293.exe
C:\WINDOWS\system32\KB18428516.exe
C:\WINDOWS\system32\KB29665359.exe
C:\WINDOWS\system32\KB44105609.exe
C:\WINDOWS\system32\KB53321968.exe
C:\WINDOWS\system32\KB86265833.exe
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\ksys.sys
C:\WINDOWS\system32\kwinpmdt.exe
C:\WINDOWS\system32\l3acdb.dll
C:\WINDOWS\system32\logonui.dll
C:\WINDOWS\system32\lsass.dll
C:\WINDOWS\system32\mp43.exe
C:\WINDOWS\system32\msbind32.exe
C:\WINDOWS\system32\msdtc.dll
C:\WINDOWS\system32\mshta.dll
C:\WINDOWS\system32\msiexec.dll
C:\WINDOWS\system32\netdde.dll
C:\WINDOWS\system32\notepad.dll
C:\WINDOWS\system32\nslookup.dll
C:\WINDOWS\system32\ntoskrnl.dll
C:\WINDOWS\system32\ntvdm.dll
C:\WINDOWS\system32\ocxapi.dll
C:\WINDOWS\system32\ocxloader.exe
C:\WINDOWS\system32\ping.dll
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\qmopt.dll
C:\WINDOWS\system32\regsvr32.dll
C:\WINDOWS\system32\rundll32.dll
C:\WINDOWS\system32\services.dll
C:\WINDOWS\system32\smss.dll
C:\WINDOWS\system32\spoolsv.dll
C:\WINDOWS\system32\spupdsvc.dll
C:\WINDOWS\system32\stimon.dll
C:\WINDOWS\system32\svchost.dll
C:\WINDOWS\system32\syskey.dll
C:\WINDOWS\system32\taskmgr.dll
C:\WINDOWS\system32\tracert.dll
C:\WINDOWS\system32\user.dll
C:\WINDOWS\system32\userinit.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winlogon.dll
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\winspool.dll
C:\WINDOWS\system32\wintsvtr.exe
C:\WINDOWS\system32\wowexec.dll
C:\WINDOWS\system32\wuauclt.dll
C:\WINDOWS\system32\Y1
C:\WINDOWS\system32\Y2
C:\WINDOWS\uni_eh44.exe
C:\WINDOWS\uninst1014.exe
C:\WINDOWS\WebAssist.dll
C:\WINDOWS\wr.txt
C:\WINDOWS\xhelper.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_FOPN
-------\LEGACY_LANMANDRV
-------\LEGACY_NDNET1
-------\LEGACY_NTMLSVC
-------\LEGACY_POOF
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\LEGACY_WINNOTIFY
-------\ApiMon
-------\NDnet1
-------\NtmlSvc
-------\Winnotify


((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))


2007-08-18 19:31 10,057 --a------ C:\dnsbak.reg
2007-08-18 19:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 19:09 2,007 --a------ C:\WINDOWS\system32\ielog.dll
2007-08-18 18:04 <DIR> d-------- C:\_backupD
2007-08-18 18:00 90,112 --a------ C:\WINDOWS\system32\regdacl.exe
2007-08-18 18:00 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2007-08-18 18:00 280,230 --a------ C:\win32delfkil.exe
2007-08-18 18:00 16,384 --a------ C:\WINDOWS\system32\restart.exe
2007-08-18 18:00 <DIR> d-------- C:\WINDOWS\system32\regdacl
2007-08-18 17:29 6,473 ---hs---- C:\WINDOWS\system32\xybeg.bak1
2007-08-18 17:26 298,080 --------- C:\WINDOWS\system32\gebyx.dll
2007-08-18 17:21 43,542 --a------ C:\WINDOWS\system32\wvutuss.dll
2007-08-18 16:58 15,360 --a------ C:\WINDOWS\ietemp.exe
2007-08-18 16:50 4,096 --a------ C:\WINDOWS\system32\compact.dll
2007-08-18 16:50 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-18 16:49 4,096 --a------ C:\WINDOWS\system32\wpabaln.dll
2007-08-18 16:49 4,096 --a------ C:\WINDOWS\system32\shutdown.dll
2007-08-18 16:49 4,096 --a------ C:\WINDOWS\system32\rexec.dll
2007-08-18 16:49 4,096 --a------ C:\WINDOWS\system32\nvudisp.dll
2007-08-18 16:49 4,096 --a------ C:\WINDOWS\system32\netsetup.dll
2007-08-18 16:48 4,096 --a------ C:\WINDOWS\system32\dosx.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\wupdmgr.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\write.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\winver.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\upnpcont.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\tscon.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\tourstart.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\swreg.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\SrchSTS.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\spider.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\spdwnwxp.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\sigverif.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\shadow.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\setup.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\sessmgr.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\savedump.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\runonce.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\regwiz.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\regini.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\rdshost.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\rdsaddin.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\rasphone.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\qmnielfg.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\pxinsa64.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\pathping.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\packager.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\odbcad32.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\nvsvc32.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\nvappbar.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\ntkrnlpa.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\magnify.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\lpr.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\logoff.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\locator.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\krnl386.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\KB44105609.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\help.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\gdi.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\find.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\fastopen.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\dwwin.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\dfrgfat.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\comp.dll
2007-08-18 16:47 4,096 --a------ C:\WINDOWS\system32\at.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\YPcservice.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\xpsp1hfm.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\wpnpinst.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\winhlp32.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\tsshutdn.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\tcpsvcs.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\swsc.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\SpoonUninstall.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\routemon.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\redir.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\pxhpinst.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\pxcpyi64.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\ping6.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\pentnt.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\netstat.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\nddeapir.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\mscdexnt.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\mnmsrvc.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\logagent.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\lnkstub.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\KB86265833.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\ipxroute.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\ftp.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\fontview.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\eudcedit.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\edlin.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\dpvsetup.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\dllhst3g.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\diskperf.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\diskpart.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\diantz.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\ddeshare.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\bootok.dll
2007-08-18 16:46 4,096 --a------ C:\WINDOWS\system32\autolfn.dll
2007-08-18 16:45 4,096 --a------ C:\WINDOWS\system32\wuauclt1.dll
2007-08-18 16:45 4,096 --a------ C:\WINDOWS\system32\wscript.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-18 20:13 6513 ---hs---- C:\WINDOWS\system32\xybeg.bak2
2007-08-18 17:03 4096 --a------ C:\WINDOWS\system32\cliconfg.dll
2007-08-18 01:32 --------- d-------- C:\Program Files\BearShare
2007-08-18 01:31 --------- d-------- C:\Program Files\BearFlix
2007-08-17 13:16 934400 --a------ C:\WINDOWS\system32\dllcache\kernel32.dll
2007-08-17 13:16 587264 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-17 01:55 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-16 13:30 --------- d-------- C:\Program Files\SBC LightSpeed Self Support Tool
2007-08-16 13:30 --------- d-------- C:\Program Files\QuickTime
2007-08-16 13:30 --------- d-------- C:\Program Files\Movie Maker
2007-08-16 13:30 --------- d-------- C:\Program Files\mIRC
2007-08-16 13:30 --------- d-------- C:\Program Files\Common Files\aolshare
2007-08-16 13:30 --------- d-------- C:\Program Files\Common Files\AOL
2007-08-16 13:30 --------- d-------- C:\Program Files\America Online 9.0
2007-08-10 18:30 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-10 18:30 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-06 21:20 --------- d-------- C:\Program Files\MSN Messenger
2007-07-26 03:37 879832 --a------ C:\WINDOWS\system32\drivers\VetEFile.1
2007-07-26 03:37 26787 --a------ C:\WINDOWS\system32\drivers\VetMonNT.1
2007-07-26 03:37 108360 --a------ C:\WINDOWS\system32\drivers\VetEBoot.1
2007-07-26 03:36 21031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.1
2007-07-26 03:36 15735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.1
2007-07-26 03:36 15478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.1
2007-07-26 03:36 --------- d-------- C:\Program Files\Yahoo!
2007-07-22 16:06 --------- d-------- C:\Program Files\Dexster
2007-07-22 16:06 --------- d-------- C:\Program Files\Astonsoft
2007-07-16 01:32 --------- d-------- C:\Program Files\dvd43
2007-07-16 01:05 --------- d-------- C:\Program Files\WinMX
2007-07-13 17:56 --------- d-------- C:\Program Files\Tunebite
2007-07-13 17:51 --------- d-------- C:\DOCUME~1\Lance\APPLIC~1\tunebite
2007-07-13 17:50 --------- d-------- C:\DOCUME~1\Lance\APPLIC~1\RTPlayer
2007-07-13 17:23 --------- d-------- C:\Program Files\Mp3 My Mp3 2.0
2007-07-13 16:24 4215160 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-08 19:37 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-07 06:36 --------- d-------- C:\DOCUME~1\Lance\APPLIC~1\Apple Computer
2007-07-01 18:45 --------- d-------- C:\Program Files\iTunes
2007-07-01 18:44 --------- d-------- C:\Program Files\iPod
2007-07-01 18:41 --------- d-------- C:\Program Files\Common Files\Apple
2007-01-30 23:04 3072 --------- C:\Program Files\Thumbs.db
2006-12-26 20:21 80129014 --a------ C:\Program Files\TMPScreeched - Dustin Diamond.wmv
2005-08-02 21:46:54 187,904 --sha-r C:\WINDOWS\TGFuY2U\asappsrv.dll
2005-08-02 21:58:38 293,888 --sha-r C:\WINDOWS\TGFuY2U\command.exe
2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\TGFuY2U\n3IRsZo.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{142540F2-ABDD-41EF-93B1-2123308FF454}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18ADFA67-1F0A-458B-893E-245D895B9085}]
2007-08-16 14:35 28160 --a------ C:\WINDOWS\shwol.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B8A1879-70B1-4723-84EE-EED89EF3AAA7}]
C:\WINDOWS\System32\mljgh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9072813-1664-4178-84B8-20287C16926D}]
2007-08-18 17:26 298080 --------- C:\WINDOWS\System32\gebyx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-18 17:21 43542 --a------ C:\WINDOWS\System32\wvutuss.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E25600A1-015A-4F11-B0FA-C098C26D7599}]
C:\WINDOWS\System32\vtutu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 17:16]
"nwiz"="nwiz.exe" [2003-10-06 17:16 C:\WINDOWS\system32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 07:59 C:\WINDOWS\BCMSMMSG.exe]
"PRISMSVR.EXE"="C:\WINDOWS\System32\PRISMSVR.exe" []
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-08-17 03:31]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-08-17 03:31]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"svhost"="C:\WINDOWS\svhost.exe" []
"Winmplayer"="C:\WINDOWS\System32\KB_963491.exe" [2007-08-17 12:11]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-07 14:08]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 19:13]
"Fvsqnh"="C:\Documents and Settings\Lance\Application Data\M?crosoft.NET\w?auboot.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"= C:\WINDOWS\System32\wvutuss.dll [2007-08-18 17:21 43542]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
"mhETsXpnnY"= {1422142E-BE88-BE84-B910-E9BC53A70CE9} - C:\WINDOWS\System32\kjcl.dll [2006-08-18 16:42 14848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccawwx]
fccawwx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxvuv]
gebxvuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyx]
C:\WINDOWS\System32\gebyx.dll 2007-08-18 17:26 298080 C:\WINDOWS\system32\gebyx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgh]
C:\WINDOWS\System32\mljgh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutu]
C:\WINDOWS\System32\vtutu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvutuss]
wvutuss.dll 2007-08-18 17:21 43542 C:\WINDOWS\system32\wvutuss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=finger.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lance^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Lance\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
"C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERROR ISO]
C:\DOCUME~1\Lance\APPLIC~1\Mfcdknob\inter up.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VGA META AMEN SEND]
C:\Documents and Settings\All Users\Application Data\axis heck vga meta\Jugs Obj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

R0 Nhuo60;Nhuo60;C:\WINDOWS\System32\drivers\Nhuo60.sys
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\System32\DRIVERS\BCMSM.sys
R3 P16X;Creative SB Live! Series (WDM);C:\WINDOWS\System32\drivers\P16X.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\System32\drivers\npf.sys
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\System32\DRIVERS\RimSerial.sys
S3 SMC2862W;SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\System32\DRIVERS\2862WICB.sys
S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\System32\drivers\tbhsd.sys


Contents of the 'Scheduled Tasks' folder
2007-08-05 23:34:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-19 01:00:00 C:\WINDOWS\Tasks\C9992350956B3D98.job - c:\docume~1\lance\applic~1\mfcdknob\upload each tick.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 20:13:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\Nhuo60.sys

scan completed successfully
hidden files: 2

**************************************************************************

Completion time: 2007-08-18 20:14:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-18 20:14

--- E O F ---
lancel's Avatar
lancel lancel is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
18-Aug-2007, 10:38 PM #7
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/18/2007 at 09:15 PM

Application Version : 3.9.1008

Core Rules Database Version : 3289
Trace Rules Database Version: 1300

Scan type : Custom Scan
Total Scan Time : 00:55:47

Memory items scanned : 338
Memory threats detected : 5
Registry items scanned : 4393
Registry threats detected : 47
File items scanned : 42892
File threats detected : 512

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\FINGER.DLL
C:\WINDOWS\SYSTEM32\FINGER.DLL
C:\QOOBOX\QUARANTINE\C\WINDOWS\B104.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AHUI.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\APPEND.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ARP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ATTRIB.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CHARMAP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CHKDSK.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CHKNTFS.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CISVC.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CKCNV.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CLEANMGR.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CLIPBRD.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CLIPSRV.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CSRSS.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CTFMON.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DLLHOST.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRWTSN32.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DVDPLAY.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EXPLORER.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JAVAW.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LOGONUI.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LSASS.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MSDTC.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MSHTA.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MSIEXEC.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NETDDE.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NOTEPAD.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NSLOOKUP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NTOSKRNL.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NTVDM.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PING.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\REGSVR32.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RUNDLL32.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SERVICES.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SMSS.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SPOOLSV.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SPUPDSVC.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\STIMON.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SVCHOST.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SYSKEY.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TASKMGR.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TRACERT.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\USER.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\USERINIT.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINLOGON.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINSPOOL.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINTSVTR.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WOWEXEC.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WUAUCLT.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0152673.VBS
C:\WINDOWS\SYSTEM32\ACCWIZ.DLL
C:\WINDOWS\SYSTEM32\ACTMOVIE.DLL
C:\WINDOWS\SYSTEM32\ALG.DLL
C:\WINDOWS\SYSTEM32\ASUNINST.DLL
C:\WINDOWS\SYSTEM32\AT.DLL
C:\WINDOWS\SYSTEM32\ATMADM.DLL
C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
C:\WINDOWS\SYSTEM32\AUTOCONV.DLL
C:\WINDOWS\SYSTEM32\AUTOFMT.DLL
C:\WINDOWS\SYSTEM32\AUTOLFN.DLL
C:\WINDOWS\SYSTEM32\BOOTOK.DLL
C:\WINDOWS\SYSTEM32\BOOTVRFY.DLL
C:\WINDOWS\SYSTEM32\CACLS.DLL
C:\WINDOWS\SYSTEM32\CALC.DLL
C:\WINDOWS\SYSTEM32\CIDAEMON.DLL
C:\WINDOWS\SYSTEM32\CLICONFG.DLL
C:\WINDOWS\SYSTEM32\CLSPACK.DLL
C:\WINDOWS\SYSTEM32\CMD.DLL
C:\WINDOWS\SYSTEM32\CMDL32.DLL
C:\WINDOWS\SYSTEM32\CMMON32.DLL
C:\WINDOWS\SYSTEM32\CMSTP.DLL
C:\WINDOWS\SYSTEM32\COMP.DLL
C:\WINDOWS\SYSTEM32\COMPACT.DLL
C:\WINDOWS\SYSTEM32\CONIME.DLL
C:\WINDOWS\SYSTEM32\CONTROL.DLL
C:\WINDOWS\SYSTEM32\CONVERT.DLL
C:\WINDOWS\SYSTEM32\CSCRIPT.DLL
C:\WINDOWS\SYSTEM32\DCOMCNFG.DLL
C:\WINDOWS\SYSTEM32\DDESHARE.DLL
C:\WINDOWS\SYSTEM32\DEBUG.DLL
C:\WINDOWS\SYSTEM32\DEFRAG.DLL
C:\WINDOWS\SYSTEM32\DFRGFAT.DLL
C:\WINDOWS\SYSTEM32\DFRGNTFS.DLL
C:\WINDOWS\SYSTEM32\DIANTZ.DLL
C:\WINDOWS\SYSTEM32\DISKPART.DLL
C:\WINDOWS\SYSTEM32\DISKPERF.DLL
C:\WINDOWS\SYSTEM32\DLLHST3G.DLL
C:\WINDOWS\SYSTEM32\DMADMIN.DLL
C:\WINDOWS\SYSTEM32\DMREMOTE.DLL
C:\WINDOWS\SYSTEM32\DOSKEY.DLL
C:\WINDOWS\SYSTEM32\DOSX.DLL
C:\WINDOWS\SYSTEM32\DPLAYSVR.DLL
C:\WINDOWS\SYSTEM32\DPNSVR.DLL
C:\WINDOWS\SYSTEM32\DPVSETUP.DLL
C:\WINDOWS\SYSTEM32\DRWATSON.DLL
C:\WINDOWS\SYSTEM32\DUMPHIVE.DLL
C:\WINDOWS\SYSTEM32\DUMPREP.DLL
C:\WINDOWS\SYSTEM32\DVDUPGRD.DLL
C:\WINDOWS\SYSTEM32\DWDSRNGT.DLL
C:\WINDOWS\SYSTEM32\DWWIN.DLL
C:\WINDOWS\SYSTEM32\DXDIAG.DLL
C:\WINDOWS\SYSTEM32\EDLIN.DLL
C:\WINDOWS\SYSTEM32\ESENTUTL.DLL
C:\WINDOWS\SYSTEM32\EUDCEDIT.DLL
C:\WINDOWS\SYSTEM32\EVENTVWR.DLL
C:\WINDOWS\SYSTEM32\EXE2BIN.DLL
C:\WINDOWS\SYSTEM32\EXPAND.DLL
C:\WINDOWS\SYSTEM32\EXTRAC32.DLL
C:\WINDOWS\SYSTEM32\FASTOPEN.DLL
C:\WINDOWS\SYSTEM32\FC.DLL
C:\WINDOWS\SYSTEM32\FIND.DLL
C:\WINDOWS\SYSTEM32\FINDSTR.DLL
C:\WINDOWS\SYSTEM32\FIXMAPI.DLL
C:\WINDOWS\SYSTEM32\FONTVIEW.DLL
C:\WINDOWS\SYSTEM32\FORCEDOS.DLL
C:\WINDOWS\SYSTEM32\FREECELL.DLL
C:\WINDOWS\SYSTEM32\FSUTIL.DLL
C:\WINDOWS\SYSTEM32\FTP.DLL
C:\WINDOWS\SYSTEM32\GDI.DLL
C:\WINDOWS\SYSTEM32\GRPCONV.DLL
C:\WINDOWS\SYSTEM32\HELP.DLL
C:\WINDOWS\SYSTEM32\HOSTNAME.DLL
C:\WINDOWS\SYSTEM32\IE4UINIT.DLL
C:\WINDOWS\SYSTEM32\IEXPRESS.DLL
C:\WINDOWS\SYSTEM32\IMAPI.DLL
C:\WINDOWS\SYSTEM32\IPCONFIG.DLL
C:\WINDOWS\SYSTEM32\IPSEC6.DLL
C:\WINDOWS\SYSTEM32\IPV6.DLL
C:\WINDOWS\SYSTEM32\IPXROUTE.DLL
C:\WINDOWS\SYSTEM32\JAVA.DLL
C:\WINDOWS\SYSTEM32\JAVAWS.DLL
C:\WINDOWS\SYSTEM32\JDBGMGR.DLL
C:\WINDOWS\SYSTEM32\JVIEW.DLL
C:\WINDOWS\SYSTEM32\KB04080293.DLL
C:\WINDOWS\SYSTEM32\KB18428516.DLL
C:\WINDOWS\SYSTEM32\KB29665359.DLL
C:\WINDOWS\SYSTEM32\KB44105609.DLL
C:\WINDOWS\SYSTEM32\KB53321968.DLL
C:\WINDOWS\SYSTEM32\KB86265833.DLL
C:\WINDOWS\SYSTEM32\KB_963491.DLL
C:\WINDOWS\SYSTEM32\KEYSTONE.DLL
C:\WINDOWS\SYSTEM32\KRNL386.DLL
C:\WINDOWS\SYSTEM32\KWINPMDT.DLL
C:\WINDOWS\SYSTEM32\LABEL.DLL
C:\WINDOWS\SYSTEM32\LIGHTS.DLL
C:\WINDOWS\SYSTEM32\LNKSTUB.DLL
C:\WINDOWS\SYSTEM32\LOCATOR.DLL
C:\WINDOWS\SYSTEM32\LODCTR.DLL
C:\WINDOWS\SYSTEM32\LOGAGENT.DLL
C:\WINDOWS\SYSTEM32\LOGOFF.DLL
C:\WINDOWS\SYSTEM32\LPQ.DLL
C:\WINDOWS\SYSTEM32\LPR.DLL
C:\WINDOWS\SYSTEM32\MAGNIFY.DLL
C:\WINDOWS\SYSTEM32\MAKECAB.DLL
C:\WINDOWS\SYSTEM32\MAPISRVR.DLL
C:\WINDOWS\SYSTEM32\MEM.DLL
C:\WINDOWS\SYSTEM32\MIGPWD.DLL
C:\WINDOWS\SYSTEM32\MMC.DLL
C:\WINDOWS\SYSTEM32\MNMSRVC.DLL
C:\WINDOWS\SYSTEM32\MP43.DLL
C:\WINDOWS\SYSTEM32\MPLAY32.DLL
C:\WINDOWS\SYSTEM32\MPNOTIFY.DLL
C:\WINDOWS\SYSTEM32\MRINFO.DLL
C:\WINDOWS\SYSTEM32\MRT.DLL
C:\WINDOWS\SYSTEM32\MSBIND32.DLL
C:\WINDOWS\SYSTEM32\MSCDEXNT.DLL
C:\WINDOWS\SYSTEM32\MSG.DLL
C:\WINDOWS\SYSTEM32\MSHEARTS.DLL
C:\WINDOWS\SYSTEM32\MSPAINT.DLL
C:\WINDOWS\SYSTEM32\MSSWCHX.DLL
C:\WINDOWS\SYSTEM32\MSTINIT.DLL
C:\WINDOWS\SYSTEM32\MSTSC.DLL
C:\WINDOWS\SYSTEM32\NARRATOR.DLL
C:\WINDOWS\SYSTEM32\NBTSTAT.DLL
C:\WINDOWS\SYSTEM32\NDDEAPIR.DLL
C:\WINDOWS\SYSTEM32\NET.DLL
C:\WINDOWS\SYSTEM32\NET1.DLL
C:\WINDOWS\SYSTEM32\NETSETUP.DLL
C:\WINDOWS\SYSTEM32\NETSH.DLL
C:\WINDOWS\SYSTEM32\NETSTAT.DLL
C:\WINDOWS\SYSTEM32\NLSFUNC.DLL
C:\WINDOWS\SYSTEM32\NTKRNLPA.DLL
C:\WINDOWS\SYSTEM32\NTSD.DLL
C:\WINDOWS\SYSTEM32\NVAPPBAR.DLL
C:\WINDOWS\SYSTEM32\NVSVC32.DLL
C:\WINDOWS\SYSTEM32\NVUDISP.DLL
C:\WINDOWS\SYSTEM32\NWIZ.DLL
C:\WINDOWS\SYSTEM32\OCXLOADER.DLL
C:\WINDOWS\SYSTEM32\ODBCAD32.DLL
C:\WINDOWS\SYSTEM32\OSK.DLL
C:\WINDOWS\SYSTEM32\PACKAGER.DLL
C:\WINDOWS\SYSTEM32\PATHPING.DLL
C:\WINDOWS\SYSTEM32\PENTNT.DLL
C:\WINDOWS\SYSTEM32\PERFMON.DLL
C:\WINDOWS\SYSTEM32\PING6.DLL
C:\WINDOWS\SYSTEM32\PRINT.DLL
C:\WINDOWS\SYSTEM32\PROCESS.DLL
C:\WINDOWS\SYSTEM32\PROGMAN.DLL
C:\WINDOWS\SYSTEM32\PROQUOTA.DLL
C:\WINDOWS\SYSTEM32\PROUNSTL.DLL
C:\WINDOWS\SYSTEM32\PXCPYA64.DLL
C:\WINDOWS\SYSTEM32\PXCPYI64.DLL
C:\WINDOWS\SYSTEM32\PXHPINST.DLL
C:\WINDOWS\SYSTEM32\PXINSA64.DLL
C:\WINDOWS\SYSTEM32\PXINSI64.DLL
C:\WINDOWS\SYSTEM32\QAPPSRV.DLL
C:\WINDOWS\SYSTEM32\QMNIELFG.DLL
C:\WINDOWS\SYSTEM32\QPROCESS.DLL
C:\WINDOWS\SYSTEM32\QWINSTA.DLL
C:\WINDOWS\SYSTEM32\RASAUTOU.DLL
C:\WINDOWS\SYSTEM32\RASDIAL.DLL
C:\WINDOWS\SYSTEM32\RASPHONE.DLL
C:\WINDOWS\SYSTEM32\RCIMLBY.DLL
C:\WINDOWS\SYSTEM32\RCP.DLL
C:\WINDOWS\SYSTEM32\RDPCLIP.DLL
C:\WINDOWS\SYSTEM32\RDSADDIN.DLL
C:\WINDOWS\SYSTEM32\RDSHOST.DLL
C:\WINDOWS\SYSTEM32\RECOVER.DLL
C:\WINDOWS\SYSTEM32\REDIR.DLL
C:\WINDOWS\SYSTEM32\REG.DLL
C:\WINDOWS\SYSTEM32\REGEDT32.DLL
C:\WINDOWS\SYSTEM32\REGINI.DLL
C:\WINDOWS\SYSTEM32\REGWIZ.DLL
C:\WINDOWS\SYSTEM32\REPLACE.DLL
C:\WINDOWS\SYSTEM32\RESET.DLL
C:\WINDOWS\SYSTEM32\REXEC.DLL
C:\WINDOWS\SYSTEM32\ROUTE.DLL
C:\WINDOWS\SYSTEM32\ROUTEMON.DLL
C:\WINDOWS\SYSTEM32\RSH.DLL
C:\WINDOWS\SYSTEM32\RSM.DLL
C:\WINDOWS\SYSTEM32\RSMSINK.DLL
C:\WINDOWS\SYSTEM32\RSMUI.DLL
C:\WINDOWS\SYSTEM32\RSVP.DLL
C:\WINDOWS\SYSTEM32\RTCSHARE.DLL
C:\WINDOWS\SYSTEM32\RUNAS.DLL
C:\WINDOWS\SYSTEM32\RUNONCE.DLL
C:\WINDOWS\SYSTEM32\RWINSTA.DLL
C:\WINDOWS\SYSTEM32\SAVEDUMP.DLL
C:\WINDOWS\SYSTEM32\SC.DLL
C:\WINDOWS\SYSTEM32\SCARDSVR.DLL
C:\WINDOWS\SYSTEM32\SDBINST.DLL
C:\WINDOWS\SYSTEM32\SESSMGR.DLL
C:\WINDOWS\SYSTEM32\SETHC.DLL
C:\WINDOWS\SYSTEM32\SETUP.DLL
C:\WINDOWS\SYSTEM32\SETVER.DLL
C:\WINDOWS\SYSTEM32\SHADOW.DLL
C:\WINDOWS\SYSTEM32\SHARE.DLL
C:\WINDOWS\SYSTEM32\SHMGRATE.DLL
C:\WINDOWS\SYSTEM32\SHRPUBW.DLL
C:\WINDOWS\SYSTEM32\SHUTDOWN.DLL
C:\WINDOWS\SYSTEM32\SIGVERIF.DLL
C:\WINDOWS\SYSTEM32\SKEYS.DLL
C:\WINDOWS\SYSTEM32\SMLOGSVC.DLL
C:\WINDOWS\SYSTEM32\SNDREC32.DLL
C:\WINDOWS\SYSTEM32\SNDVOL32.DLL
C:\WINDOWS\SYSTEM32\SOL.DLL
C:\WINDOWS\SYSTEM32\SORT.DLL
C:\WINDOWS\SYSTEM32\SPDWNWXP.DLL
C:\WINDOWS\SYSTEM32\SPIDER.DLL
C:\WINDOWS\SYSTEM32\SPOONUNINSTALL.DLL
C:\WINDOWS\SYSTEM32\SPRECOVR.DLL
C:\WINDOWS\SYSTEM32\SPRESTRT.DLL
C:\WINDOWS\SYSTEM32\SRCHSTS.DLL
C:\WINDOWS\SYSTEM32\SUBST.DLL
C:\WINDOWS\SYSTEM32\SWREG.DLL
C:\WINDOWS\SYSTEM32\SWSC.DLL
C:\WINDOWS\SYSTEM32\SWXCACLS.DLL
C:\WINDOWS\SYSTEM32\SYNCAPP.DLL
C:\WINDOWS\SYSTEM32\SYSEDIT.DLL
C:\WINDOWS\SYSTEM32\SYSOCMGR.DLL
C:\WINDOWS\SYSTEM32\SYSTRAY.DLL
C:\WINDOWS\SYSTEM32\TASKMAN.DLL
C:\WINDOWS\SYSTEM32\TCMSETUP.DLL
C:\WINDOWS\SYSTEM32\TCPSVCS.DLL
C:\WINDOWS\SYSTEM32\TELNET.DLL
C:\WINDOWS\SYSTEM32\TFTP.DLL
C:\WINDOWS\SYSTEM32\TOURSTART.DLL
C:\WINDOWS\SYSTEM32\TRACERT6.DLL
C:\WINDOWS\SYSTEM32\TSCON.DLL
C:\WINDOWS\SYSTEM32\TSCUPGRD.DLL
C:\WINDOWS\SYSTEM32\TSDISCON.DLL
C:\WINDOWS\SYSTEM32\TSKILL.DLL
C:\WINDOWS\SYSTEM32\TSSHUTDN.DLL
C:\WINDOWS\SYSTEM32\UNLODCTR.DLL
C:\WINDOWS\SYSTEM32\UPNPCONT.DLL
C:\WINDOWS\SYSTEM32\UPS.DLL
C:\WINDOWS\SYSTEM32\USRMLNKA.DLL
C:\WINDOWS\SYSTEM32\USRPRBDA.DLL
C:\WINDOWS\SYSTEM32\USRSHUTA.DLL
C:\WINDOWS\SYSTEM32\UTILMAN.DLL
C:\WINDOWS\SYSTEM32\UWDF.DLL
C:\WINDOWS\SYSTEM32\VSSADMIN.DLL
C:\WINDOWS\SYSTEM32\VSSVC.DLL
C:\WINDOWS\SYSTEM32\W32TM.DLL
C:\WINDOWS\SYSTEM32\WDFMGR.DLL
C:\WINDOWS\SYSTEM32\WEXTRACT.DLL
C:\WINDOWS\SYSTEM32\WIAACMGR.DLL
C:\WINDOWS\SYSTEM32\WINCHAT.DLL
C:\WINDOWS\SYSTEM32\WINHLP32.DLL
C:\WINDOWS\SYSTEM32\WINMINE.DLL
C:\WINDOWS\SYSTEM32\WINMSD.DLL
C:\WINDOWS\SYSTEM32\WINVER.DLL
C:\WINDOWS\SYSTEM32\WJVIEW.DLL
C:\WINDOWS\SYSTEM32\WMPSTUB.DLL
C:\WINDOWS\SYSTEM32\WOWDEB.DLL
C:\WINDOWS\SYSTEM32\WPABALN.DLL
C:\WINDOWS\SYSTEM32\WPNPINST.DLL
C:\WINDOWS\SYSTEM32\WRITE.DLL
C:\WINDOWS\SYSTEM32\WSCRIPT.DLL
C:\WINDOWS\SYSTEM32\WUAUCLT1.DLL
C:\WINDOWS\SYSTEM32\WUPDMGR.DLL
C:\WINDOWS\SYSTEM32\XCOPY.DLL
C:\WINDOWS\SYSTEM32\XPSP1HFM.DLL
C:\WINDOWS\SYSTEM32\YPCSERVICE.DLL
C:\WINDOWS\TGFUY2U\N3IRSZO.VBS

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\GEBYX.DLL
C:\WINDOWS\SYSTEM32\GEBYX.DLL
HKLM\Software\Classes\CLSID\{5B8A1879-70B1-4723-84EE-EED89EF3AAA7}
HKCR\CLSID\{5B8A1879-70B1-4723-84EE-EED89EF3AAA7}
HKCR\CLSID\{5B8A1879-70B1-4723-84EE-EED89EF3AAA7}\InprocServer32
HKCR\CLSID\{5B8A1879-70B1-4723-84EE-EED89EF3AAA7}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\MLJGH.DLL
HKLM\Software\Classes\CLSID\{A9072813-1664-4178-84B8-20287C16926D}
HKCR\CLSID\{A9072813-1664-4178-84B8-20287C16926D}
HKCR\CLSID\{A9072813-1664-4178-84B8-20287C16926D}\InprocServer32
HKCR\CLSID\{A9072813-1664-4178-84B8-20287C16926D}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}
HKCR\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}
HKCR\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}\InprocServer32
HKCR\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B8A1879-70B1-4723-84EE-EED89EF3AAA7}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9072813-1664-4178-84B8-20287C16926D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{ C84D8A0A-E708-42B6-90CA-9C30956A87C6}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\gebyx
HKCR\CLSID\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\WVUTUSS.DLL
C:\WINDOWS\SYSTEM32\WVUTUSS.DLL

Trojan.Downloader-SP2F/Resident
C:\WINDOWS\SYSTEM32\KJCL.DLL
C:\WINDOWS\SYSTEM32\KJCL.DLL

Trojan.Downloader-Gen/WinUpd-Fake
C:\WINDOWS\SYSTEM32\KB_963491.EXE
C:\WINDOWS\SYSTEM32\KB_963491.EXE
[Winmplayer] C:\WINDOWS\SYSTEM32\KB_963491.EXE

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{E25600A1-015A-4F11-B0FA-C098C26D7599}
HKCR\CLSID\{E25600A1-015A-4F11-B0FA-C098C26D7599}
HKCR\CLSID\{E25600A1-015A-4F11-B0FA-C098C26D7599}\InprocServer32
HKCR\CLSID\{E25600A1-015A-4F11-B0FA-C098C26D7599}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VTUTU.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E25600A1-015A-4F11-B0FA-C098C26D7599}

Trojan.DCOM Server
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad# DCOM Server 25319

Adware.Tracking Cookie
C:\Documents and Settings\Lance\Cookies\lance@server.iad.liveperson[1].txt
C:\Documents and Settings\Lance\Cookies\lance@adserve.webtoolcafe[1].txt
C:\Documents and Settings\Lance\Cookies\lance@ad.yieldmanager[1].txt
C:\Documents and Settings\Lance\Cookies\lance@atdmt[2].txt
C:\Documents and Settings\Lance\Cookies\lance@advertising[2].txt
C:\Documents and Settings\Lance\Cookies\lance@adecn[1].txt
C:\Documents and Settings\Lance\Cookies\lance@fastclick[2].txt
C:\Documents and Settings\Lance\Cookies\lance@www.hqthefilmsxxx[1].txt
C:\Documents and Settings\Lance\Cookies\lance@aff.primaryads[1].txt
C:\Documents and Settings\Lance\Cookies\lance@adopt.euroclick[2].txt
C:\Documents and Settings\Lance\Cookies\lance@adbrite[2].txt
C:\Documents and Settings\Lance\Cookies\lance@go.winantivirus[1].txt
C:\Documents and Settings\Lance\Cookies\lance@tacoda[2].txt
C:\Documents and Settings\Lance\Cookies\lance@clicksor[1].txt
C:\Documents and Settings\Lance\Cookies\lance@winantivirus[1].txt
C:\Documents and Settings\Lance\Cookies\lance@questionmarket[2].txt
C:\Documents and Settings\Lance\Cookies\lance@mediaplex[1].txt
C:\Documents and Settings\Lance\Cookies\lance@go.winantispyware[2].txt
C:\Documents and Settings\Lance\Cookies\lance@publishers.clickbooth[1].txt
C:\Documents and Settings\Lance\Cookies\lance@67.15.239[1].txt
C:\Documents and Settings\Lance\Cookies\lance@winantispyware[2].txt
C:\Documents and Settings\Lance\Cookies\lance@perf.overture[1].txt
C:\Documents and Settings\Lance\Cookies\lance@www.burstnet[2].txt
C:\Documents and Settings\Lance\Cookies\lance@ad.outerinfo[1].txt
C:\Documents and Settings\Lance\Cookies\lance@rotator.adjuggler[1].txt
C:\Documents and Settings\Lance\Cookies\lance@adopt.specificclick[1].txt
C:\Documents and Settings\Lance\Cookies\lance@login.tracking101[1].txt
C:\Documents and Settings\Lance\Cookies\lance@interclick[2].txt
C:\Documents and Settings\Lance\Cookies\lance@statse.webtrendslive[1].txt
C:\Documents and Settings\Lance\Cookies\lance@enhance[1].txt
C:\Documents and Settings\Lance\Cookies\lance@findwhat[2].txt
C:\Documents and Settings\Lance\Cookies\lance@pro-market[1].txt
C:\Documents and Settings\Lance\Cookies\lance@67.15.239[2].txt
C:\Documents and Settings\Lance\Cookies\lance@ads.adbrite[1].txt
C:\Documents and Settings\Lance\Cookies\lance@rotator.its.adjuggler[1].txt
C:\Documents and Settings\Lance\Cookies\lance@zedo[1].txt
C:\Documents and Settings\Lance\Cookies\lance@casalemedia[2].txt
C:\Documents and Settings\Lance\Cookies\lance@canepmedia[2].txt
C:\Documents and Settings\Lance\Cookies\lance@realmedia[2].txt
C:\Documents and Settings\Lance\Cookies\lance@0[2].txt
C:\Documents and Settings\Lance\Cookies\lance@ex=0_[2].txt
C:\Documents and Settings\Lance\Cookies\lance@ex=0_[3].txt
C:\Documents and Settings\Lance\Cookies\lance@exitexchange[2].txt
C:\Documents and Settings\Lance\Cookies\lance@ads.pointroll[1].txt
C:\Documents and Settings\Lance\Cookies\lance@doubleclick[1].txt
C:\Documents and Settings\Lance\Cookies\lance@ads.realtechnetwork[1].txt
C:\Documents and Settings\Lance\Cookies\lance@creative.adsrevenue[1].txt
C:\Documents and Settings\Lance\Cookies\lance@specificclick[2].txt
C:\Documents and Settings\Lance\Cookies\lance@entrepreneur[1].txt
C:\Documents and Settings\Lance\Cookies\lance@overture[1].txt
C:\Documents and Settings\Lance\Cookies\lance@ads.maxecpm[2].txt
C:\Documents and Settings\Lance\Cookies\lance@bluestreak[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.adnetinteractive[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.creafi[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.directanetworks[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.iconadserver[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adopt.euroclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adopt.specificclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adrevolver[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adrevolver[3].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.addynamix[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.glispa[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads3.think-adz[2].txt
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt
C:\Documents and Settings\Guest\Cookies\guest@anad.tacoda[1].txt
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[2].txt
C:\Documents and Settings\Guest\Cookies\guest@clicksor[1].txt
C:\Documents and Settings\Guest\Cookies\guest@cpvfeed[2].txt
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-mh.hitbox[1].txt
C:\Documents and Settings\Guest\Cookies\guest@enhance[2].txt
C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[2].txt
C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@reduxads.valuead[2].txt
C:\Documents and Settings\Guest\Cookies\guest@specificclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@tacoda[2].txt
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[2].txt
C:\Documents and Settings\Guest\Cookies\guest@tremor.adbureau[2].txt
C:\Documents and Settings\Guest\Cookies\guest@winantispyware[2].txt
C:\Documents and Settings\LocalService\Cookies\system@go.winantispyware



(more below)
lancel's Avatar
lancel lancel is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
18-Aug-2007, 10:38 PM #8
[1].txt
C:\Documents and Settings\LocalService\Cookies\system@winantispyware[2].txt

Adware.Mirar/NetNucleus
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#SystemComponent
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#Installer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files#C:\WINDOWS\System32\WinATS.dll
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#CODEBASE
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#INF
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion#LastModified
C:\WINDOWS\Downloaded Program Files\WinATS.inf
C:\DOCUMENTS AND SETTINGS\LANCE\MY DOCUMENTS\UNINSTALLER.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP769\A0142491.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP772\A0143611.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP772\A0143633.DLL

Adware.ClickSpring/Yazzle
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#Disp layName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#Unin stallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#Help Link
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#Publ isher
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE.VIR

Trojan.Vundo
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#Asynchronous
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#DllName
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#Impersonate
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#Startup
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#Logoff

Adware.ZenoSearch-NVON
C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\TEMP\THINKSNET.EXE
C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\AA9J1RYP\THINKSNET[1].EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DWDSRNGT.EXE.VIR

Adware.WebBuying Assistant-Installer
C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\TEMP\UF254.EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\G1\BY88.EXE.VIR

Trojan.ZenoSearch
C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\3DN3YVNX\DT[1].EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KWINPMDT.EXE.VIR

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6M3Z3WWF\WINANTISPYWARE2007FREEINSTALL[1].EXE
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\GH6V89AB\WINANTISPYWARE2007FREEINSTALL[1].EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NETINSTALLER.EXE .VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0155682.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0155695.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0155697.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UWA7P_0001_N91M0809NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\UWA7P_0001_N91M0809NETINSTALLER.EXE

Trojan.Downloader-Gen/IEUPD
C:\DOCUMENTS AND SETTINGS\LANCE\DESKTOP\IEUPDR2.EXE

Adware.ClickSpring/Outer Info Network
C:\DOCUMENTS AND SETTINGS\LANCE\DESKTOP\OIUNINSTALLER.EXE

Trojan.Rootkit-TnCore/Installer
C:\DOCUMENTS AND SETTINGS\LANCE\INSTALL.EXE

Adware.ZenoSearch
C:\DOCUMENTS AND SETTINGS\LANCE\TISKY008.EXE
C:\QOOBOX\QUARANTINE\C\DOCUME~1\LANCE\STARTM~1\PROGRAMS\STARTUP\TA_START.LN K.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0151642.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0151643.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0155709.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0155710.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0156699.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0156700.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP789\A0157722.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP789\A0157723.LNK

Trojan.Downloader-LDCore
C:\DOCUMENTS AND SETTINGS\LANCE\USER10.EXE

Trojan.LanMan/Rootkit
C:\PROGRAM FILES\YAHOO!\YPSR\QUARANTINE\PPQ74.TMP
C:\PROGRAM FILES\YAHOO!\YPSR\QUARANTINE\PPQ75.TMP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0153660.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0153662.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0153668.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0155659.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0155661.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0155663.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0155701.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0155703.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0155705.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0156692.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0156693.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0156696.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0157711.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP788\A0157712.EXE
C:\WINDOWS\SYSTEM32\QMNIELFG.EXE

Adware.ClickSpring
C:\QooBox\Quarantine\C\DOCUME~1\Lance\APPLIC~1\MCROSO~1.NET\WAUBOO~1.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CZGJCNX.DLL.VIR

Worm.Sober Variant
C:\QOOBOX\QUARANTINE\C\DOCUME~1\LANCE\MYDOCU~1\FNTS~1\WINWORD.EXE.VIR

Trojan.IBM/Shell
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\IBM00003.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\IBM00004.DLL.VIR

Unclassified.Unknown Origin
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\TTC.DLL.VIR
C:\WINDOWS\TGFUY2U\COMMAND.EXE

Trojan.Downloader-Gen/Win
C:\QOOBOX\QUARANTINE\C\WINDOWS\RETADPU77.EXE.VIR

Unclassified.Unknown Origin/System
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EVDCNLM.DLL.VIR

Trojan.Net-K163
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KSYS.SYS.VIR

Trojan.Downloader-Gen/OCXApi
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OCXAPI.DLL.VIR

Trojan.Downloader-YAY
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP704\A0120544.EXE

Adware.WhenU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP732\A0128022.EXE

Adware.AdSponsor/ISM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP745\A0132210.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP745\A0132211.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP746\A0132221.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP746\A0132222.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP747\A0132564.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP747\A0132565.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP752\A0135241.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP753\A0136022.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP753\A0136023.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP753\A0136024.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP783\A0147646.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP783\A0147647.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0151672.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0151674.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0151675.EXE

Trojan.Downloader-Stera/WinSoftware
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP769\A0141467.EXE

Trojan.WinAntiSpyware 2007
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP769\A0142454.EXE

Trojan.TagASaurus
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0150650.EXE

Trojan.Downloader-ClickSpring/NDrv
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP787\A0151637.DLL

Trojan.Downloader-MSDCom32
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DB3FDFCD-1EAA-4A29-99CE-1249C7CA5080}\RP789\A0158731.DLL
C:\_BACKUPD\JQWR.DLL

Trojan.Downloader-Twain/Fake
C:\WINDOWS\AVSHLEXT.EXE
C:\WINDOWS\IETEMP.EXE
C:\WINDOWS\INRES.EXE
C:\WINDOWS\PCDLIB32.EXE
C:\WINDOWS\SHWOL.EXE
C:\WINDOWS\TWAIN.EXE
C:\WINDOWS\TWAIN_32.EXE
C:\WINDOWS\UNICOWS.EXE
C:\WINDOWS\VMMREG32.EXE
C:\WINDOWS\WEBASSIST.EXE
C:\WINDOWS\XHELPER.EXE

Trojan.Downloader-IEUpdater/Fake
C:\WINDOWS\IE_UPDATE3R.EXE

Trojan.RK-MountVol/AI
C:\WINDOWS\SYSTEM32\MOUNTVOL.DLL

Adware.Adservs
C:\WINDOWS\TGFUY2U\ASAPPSRV.DLL



New hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:36 PM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {142540F2-ABDD-41EF-93B1-2123308FF454} - \
O2 - BHO: (no name) - {18ADFA67-1F0A-458B-893E-245D895B9085} - C:\WINDOWS\shwol.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
O4 - HKLM\..\Run: [nwiz] nwiz.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Fvsqnh] "C:\Documents and Settings\Lance\Application Data\M?crosoft.NET\w?auboot.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://chat3.cytron.com:8080/java/cr.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - AppInit_DLLs: finger.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fccawwx - fccawwx.dll (file missing)
O20 - Winlogon Notify: gebxvuv - gebxvuv.dll (file missing)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\System32\vtutu.dll (file missing)
O20 - Winlogon Notify: wvutuss - wvutuss.dll (file missing)
O21 - SSODL: mhETsXpnnY - {1422142E-BE88-BE84-B910-E9BC53A70CE9} - C:\WINDOWS\System32\kjcl.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 7730 bytes
MFDnNC's Avatar
Member with 49,015 posts.
 
Join Date: Sep 2004
18-Aug-2007, 10:45 PM #9
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: (no name) - {142540F2-ABDD-41EF-93B1-2123308FF454} - \

O2 - BHO: (no name) - {18ADFA67-1F0A-458B-893E-245D895B9085} - C:\WINDOWS\shwol.dll

O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"

O4 - HKCU\..\Run: [Fvsqnh] "C:\Documents and Settings\Lance\Application Data\M?crosoft.NET\w?auboot.exe"

O20 - AppInit_DLLs: finger.dll

O20 - Winlogon Notify: fccawwx - fccawwx.dll (file missing)

O20 - Winlogon Notify: gebxvuv - gebxvuv.dll (file missing)

O20 - Winlogon Notify: vtutu - C:\WINDOWS\System32\vtutu.dll (file missing)

O20 - Winlogon Notify: wvutuss - wvutuss.dll (file missing)

O21 - SSODL: mhETsXpnnY - {1422142E-BE88-BE84-B910-E9BC53A70CE9} - C:\WINDOWS\System32\kjcl.dll (file missing)

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following line(s) one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM32\finger.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new hijack log from normal NOT safe mode



How are things on the PC???????????
lancel's Avatar
lancel lancel is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
18-Aug-2007, 11:20 PM #10
Went into safe mode to delete the file and it gave me an error at the end so I'm not sure if it deleted the file. Though I did go in and remove the temporary internet files like you said and here's the latest highjack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:07 PM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\progra~1\yahoo!\messen~1\ymsgr_tray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
O4 - HKLM\..\Run: [nwiz] nwiz.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://chat3.cytron.com:8080/java/cr.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: mhETsXpnnY - {1422142E-BE88-BE84-B910-E9BC53A70CE9} - C:\WINDOWS\System32\kjcl.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 7080 bytes
MFDnNC's Avatar
Member with 49,015 posts.
 
Join Date: Sep 2004
19-Aug-2007, 10:49 AM #11
Fix this

O21 - SSODL: mhETsXpnnY - {1422142E-BE88-BE84-B910-E9BC53A70CE9} - C:\WINDOWS\System32\kjcl.dll (file missing)

How are things on the PC - Boot - post a new log
lancel's Avatar
lancel lancel is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
19-Aug-2007, 03:03 PM #12
Systems going much faster and I have no more download request from Winantispy so that's great. Fixed the 021 file, rebooted and did another log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:01, on 2007-08-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\progra~1\yahoo!\messen~1\ymsgr_tray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
O4 - HKLM\..\Run: [nwiz] nwiz.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://chat3.cytron.com:8080/java/cr.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 7129 bytes
MFDnNC's Avatar
Member with 49,015 posts.
 
Join Date: Sep 2004
19-Aug-2007, 06:51 PM #13
Clean
If you feel its is fixed mark it solved via Thread Tools above

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

This clears infected restore points and sets a new, clean one.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑