Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Missing Photos/Black Desktop/Phantom Use ...
Go to first new post Network, good; Internet, bad
Go to first new post Need Help
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Trojan:dos/alureon.E still here!
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: Computer seems to be FUBAR

Page 1 of 2 1 2
Reply  
Thread Tools
generalcatfish's Avatar
Computer Specs
Junior Member with 27 posts.
  
Join Date: Nov 2009
Experience: Intermediate
13-Nov-2009, 12:43 AM #1
Post Computer seems to be FUBAR
Windows XP
Intel Pentium 4 3.00GHz

I am posting this from my laptop because my PC is seriously messed up. A few days ago I got a nasty case of Adware, and ran several antispyware programs to rid myself of them. They included malwarebytes anti-malware and spybot S&D. Everything then appear normal, until a few days later when the symptoms came back and they seem to have done irreperable damage.
The symptoms include popups of fake security center alerts, audio ads, web redirects, and about everything you can think of. I ran my anti-malware programs again and it looks like the adware is gone, but I am not sure. But the main reason I am here s that my computer has been much worse for wear now.
I am having difficulty simply starting it up and running IE. Sometimes IE takes forever to load, sometimes it only makes it to the desktop, and sometimes it doesnt even load windows. Every time this happens I must hit the power switch to restart it*.
As I am seemly unable to start it properly, I am unable to provide a HJT report log. Is there a way for me to boot my PC in safe mode or something and copy HJT over via flashdrive and run it?
Thank you in advance for all help.

*(In case it is relevant, that is how I have been shutting down my computer for the past several months, ever since I installed a new video card I disconnected and reconnected several plugs and cabels seemingly in the same spots, however my PC lost the ability to shut down and simply rebooted itself each time. I elected to hit the kill switch right before the reboot. I don't know how relevant this is to my current problem, or if it even is, but it is slightly annoying as well.
(Also, I have a 900GB backup drive with much of my data stored on it, for what it's worth. I'd rather not have to reformat or anything like that.)
Register for free to hide this ad!
generalcatfish's Avatar
Computer Specs
Junior Member with 27 posts.
  
Join Date: Nov 2009
Experience: Intermediate
16-Nov-2009, 03:35 PM #2
UPDATE-

I've managed to get it working to a somewhat normal state. It still has frequent popups that I cant seem to rid myself of, but I've managed to run a HJT log for you guys to look over.

====
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:21 AM, on 11/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {405132A4-5DD1-4BA8-A181-95C8D435093A} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: C:\WINDOWS\system32\ssc.dll - {76EDE2E3-8EB5-4308-905B-301F654B2F61} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\a4hNpQwEG.exe" /runcleanupscript
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [geruvawuz] Rundll32.exe "c:\windows\system32\mezayuku.dll",a
O4 - HKCU\..\Run: [winhbt.exe] C:\DOCUME~1\TYLERC~1\LOCALS~1\Temp\winhbt.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.moviemistakes.com
O15 - Trusted Zone: www.weebls-stuff.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirements...qlabdetect.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146437535187
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A386B7A-704B-4DFA-9797-2EFE3CE5529D}: NameServer = 77.74.48.113
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: lotakine.dll c:\windows\system32\mezayuku.dll
O20 - Winlogon Notify: ssqrs - ssqrs.dll (file missing)
O20 - Winlogon Notify: tapivss - C:\WINDOWS\
O20 - Winlogon Notify: vturp - C:\WINDOWS\
O20 - Winlogon Notify: __c001B4BE - C:\WINDOWS\system32\__c001B4BE.dat
O21 - SSODL: diluvimaf - {146e4416-2fcd-4ff9-b27e-4bfe1119a187} - c:\windows\system32\mezayuku.dll
O22 - SharedTaskScheduler: gahurihor - {146e4416-2fcd-4ff9-b27e-4bfe1119a187} - c:\windows\system32\mezayuku.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 8323 bytes
====

It seems like the worst may be over, but I'll leave it to you experts to tell me that.
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
17-Nov-2009, 08:01 AM #3
Hello and welcome to TSG

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

1. Do you have any AntiVirus Software installed? Looking over your log it seems that you don't.

Anti-virus software is a program that detects; cleans and erases harmful virus files on a Computer; Web server or Network. Unchecked, virus files can unintentionally be forwarded to others and thereby spread infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software scans the computer memory and disk drives for malicious code. They alert the user if a virus is present and will clean; delete (or quarantine) infected files or directories.

If you have none installed Please download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
Please note the following if you decide on Antivir Personal Edition
Quote:
Avira AntiVir Personal - FREE Antivirus is only available for single computer use for home and non commercial use.
2) avast! 4.8 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.


It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.


2. Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

3. Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/comb...o-use-combofix

Please reply with:-
  • Combofix log
  • New HJT log
__________________
Teacher - Malware Removal University - You too could train to help others

Topics not replied to within 3 days will be removed from my Subscribed Threads List
generalcatfish's Avatar
Computer Specs
Junior Member with 27 posts.
  
Join Date: Nov 2009
Experience: Intermediate
17-Nov-2009, 05:40 PM #4
I followed the instuctions, but upon running combofix it doesnt seem to do anything. Task Manager shows it is running, but it hasnt displayed any windows at all. Is this normal?

edit-I renamed the file from combofix.exe to 123.exe, and it seems to be running ok now
Last edited by generalcatfish; 17-Nov-2009 at 05:53 PM..
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
17-Nov-2009, 06:36 PM #5
ok, post the logs when done
generalcatfish's Avatar
Computer Specs
Junior Member with 27 posts.
  
Join Date: Nov 2009
Experience: Intermediate
17-Nov-2009, 06:41 PM #6
okay, here's the combofix log:
===
ComboFix 09-11-18.04 - GeneralCatfish 11/17/2009 14:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2016 [GMT -8:00]
Running from: c:\documents and settings\GeneralCatfish\Desktop\123.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\TYLERC~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\GeneralCatfish\Start Menu\Programs\Security Tool.lnk
c:\windows\jestertb.dll
c:\windows\system32\__c001B4BE.dat
c:\windows\system32\__c00F623C.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\bodalene.dll
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk
c:\windows\system32\drivers\H8SRTdxiqowqpuc.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\gaduvoma.dll
c:\windows\system32\h8srtcfg.dat
c:\windows\system32\H8SRTiyueeryqqh.dat
c:\windows\system32\h8srtmain.dll
c:\windows\system32\H8SRTnstaecfqtd.dll
c:\windows\system32\H8SRTpdkbwwdffh.dll
c:\windows\system32\h8srttmp.db
c:\windows\system32\H8SRTwpqlmdpbpy.dll
c:\windows\system32\H8SRTxnspwswrud.dll
c:\windows\system32\H8SRTxrsmkgrpuq.db
c:\windows\system32\hibunevo.dll
c:\windows\system32\hutikovu.dll
c:\windows\system32\IEDFix.exe
c:\windows\system32\lebenesa.dll
c:\windows\system32\lotakine.dll
c:\windows\system32\muhoyawa.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tadagagu.dll
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vmss
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\sdslzvox.job
c:\windows\Temp\tmp3.tmp
C:\xcrashdump.dat
----- BITS: Possible infected sites -----
hxxp://77.74.48.116
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys

((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 )))))))))))))))))))))))))))))))
.
2009-11-17 21:25 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-17 21:25 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-17 21:25 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-17 21:25 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-17 21:25 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-17 21:25 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-17 21:25 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-17 21:25 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-17 21:25 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-17 21:25 . 2009-11-17 21:25 -------- d-----w- c:\program files\Alwil Software
2009-11-17 05:41 . 2009-11-17 05:36 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-17 05:37 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-17 05:35 . 2009-11-17 05:35 640608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-17 05:35 . 2009-11-17 05:35 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-17 05:35 . 2009-11-17 05:35 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-17 05:35 . 2009-11-17 05:35 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-17 05:35 . 2009-11-17 05:35 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-17 05:35 . 2009-11-17 05:35 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-17 05:34 . 2009-11-17 05:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-17 05:34 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-17 05:33 . 2009-11-17 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-17 05:18 . 2009-11-17 05:18 76264 ----a-w- c:\documents and settings\GeneralCatfish\Application Data\CC\uninstall.exe
2009-11-17 05:18 . 2009-11-17 05:41 -------- d-----w- c:\documents and settings\GeneralCatfish\Application Data\CC
2009-11-16 19:25 . 2009-11-16 19:25 -------- d-----w- c:\program files\Trend Micro
2009-11-16 09:19 . 2009-11-16 09:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-15 13:57 . 2009-11-15 13:57 551424 ----a-w- c:\documents and settings\GeneralCatfish\Application Data\CC\agent.exe
2009-11-09 22:24 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 22:24 . 2009-11-11 20:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-09 22:24 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-09 21:36 . 2009-11-09 21:36 826 ----a-w- c:\windows\system32\wininit.dll
2009-11-04 03:01 . 2009-11-04 03:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-17 05:33 . 2005-01-28 19:07 -------- d-----w- c:\program files\Lavasoft
2009-11-16 19:38 . 2008-01-30 22:31 -------- d-----w- c:\program files\Steam
2009-11-12 06:34 . 2006-03-15 01:31 -------- d-----w- c:\program files\Better File Rename
2009-11-12 01:35 . 2008-09-13 06:41 -------- d-----w- c:\program files\City of Heroes
2009-11-11 03:04 . 2009-09-28 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-09 22:10 . 2009-05-21 16:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-06 06:31 . 2009-03-19 22:40 -------- d-----w- c:\program files\CoHTest
2009-11-04 03:27 . 2003-12-29 02:01 93760 ----a-w- c:\documents and settings\GeneralCatfish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-04 03:04 . 2009-09-28 19:35 -------- d-----w- c:\program files\Microsoft Works
2009-11-01 00:02 . 2004-12-29 18:44 -------- d-----w- c:\program files\LimeWire
2009-10-28 07:36 . 2009-09-15 06:47 0 ----a-w- c:\documents and settings\GeneralCatfish\ntuser.tmp
2009-10-01 13:52 . 2009-02-05 22:43 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-28 19:32 . 2009-09-28 19:32 -------- d-----w- c:\program files\Microsoft.NET
2009-09-28 19:28 . 2009-09-28 19:28 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-28 19:18 . 2009-09-28 19:18 -------- d-----w- c:\program files\FolderSize
2009-09-21 21:15 . 2009-09-21 21:15 -------- d-----w- c:\documents and settings\GeneralCatfish\Application Data\Malwarebytes
2009-09-21 21:15 . 2009-09-21 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 01:45 . 2009-09-16 01:45 15086 ----a-r- c:\documents and settings\GeneralCatfish\Application Data\Microsoft\Installer\{E4406BD5-1FEF-4489-A714-AEDBDB9C6678}\_8C4F28E4C012222A3FD3AC.exe
2009-09-16 01:45 . 2009-09-16 01:45 15086 ----a-r- c:\documents and settings\GeneralCatfish\Application Data\Microsoft\Installer\{E4406BD5-1FEF-4489-A714-AEDBDB9C6678}\_6FEFF9B68218417F98F549.exe
2009-09-16 01:45 . 2009-09-16 01:45 15086 ----a-r- c:\documents and settings\GeneralCatfish\Application Data\Microsoft\Installer\{E4406BD5-1FEF-4489-A714-AEDBDB9C6678}\_38E7ABF9A1E5B8A7494755.exe
2009-09-11 14:18 . 2003-03-31 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-02-07 01:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 21:58 . 2009-07-21 19:24 25 ----a-w- c:\windows\popcinfot.dat
2009-08-26 08:00 . 2003-03-31 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2005-04-24 16:51 . 2005-04-24 16:51 25993 --sha-w- c:\windows\system\ssvipat.tmp
2009-08-16 08:17 . 2009-08-16 08:17 520192 --sha-w- c:\windows\system32\bimefili.exe
2009-08-13 00:20 . 2009-08-13 00:20 61440 --sha-w- c:\windows\system32\miziwiva.dll
2009-08-17 21:17 . 2009-08-17 21:17 39424 --sha-w- c:\windows\system32\penipure.dll
2009-08-11 19:32 . 2009-08-11 19:32 397312 --sha-w- c:\windows\system32\piwinala.exe
2009-08-16 08:17 . 2009-08-16 08:17 60928 --sha-w- c:\windows\system32\razadupe.dll
2009-08-17 21:17 . 2009-08-17 21:17 45056 --sha-w- c:\windows\system32\sapawoma.dll
2009-08-17 05:13 . 2009-08-17 05:13 39424 --sha-w- c:\windows\system32\wiwuzoza.dll
2009-08-16 09:17 . 2009-08-16 09:17 60928 --sha-w- c:\windows\system32\yivilaje.dll
2009-08-17 05:13 . 2009-08-17 05:13 45056 --sha-w- c:\windows\system32\yunukino.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-26 155648]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-04-17 197856]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\a4hNpQwEG.exe" [2009-11-11 1312080]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
c:\documents and settings\GeneralCatfish\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=cbxt3usr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^My Essentials Wireless USB Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\My Essentials Wireless USB Utility.lnk
backup=c:\windows\pss\My Essentials Wireless USB Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
backup=c:\windows\pss\Office Startup.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Daily Weather Forecast
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=3 (0x3)
"WANMiniportService"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"NVSvc"=2 (0x2)
"Norton AntiVirus Server"=2 (0x2)
"NetSvc"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMon"=2 (0x2)
"DefWatch"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AOLService"=2 (0x2)
"AOL ACS"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\mIrc\\TechBOT\\TechBOTv1.0\\mirc.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\ScifienceStudios\\ChexQuest\\Legacy.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\piemanmoo\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127968127\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\piemanmoo\\source 2007 dedicated server\\srcds.exe"=
"c:\\HLServer\\orangebox\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\ultimate doom\\ultimate.bat"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2 demo\\left4dead2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Western Digital\\WD Drive Manager\\WDBtnMgrUI.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\Program Files\\America Online 9.0a\\shellrestart.exe"=
[HKLM\~\services\\antiSpywareApp\\ver2_0_32_1\\AOLSP Scheduler.exe"=]
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\FolderSize\\FolderSizeSvc.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"4662:TCP"= 4662:TCP:*isabled:4662
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/16/2009 9:37 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/17/2009 1:25 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/17/2009 1:25 PM 20560]
R2 cbxt3krn;YAMAHA CBX Driver;c:\windows\system32\drivers\cbxt3krn.sys [2/17/2008 1:29 PM 9760]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 3:17 AM 1179232]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 9:51 AM 25824]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 2:22 PM 102400]
S1 cyydlzpq;cyydlzpq;\??\c:\windows\system32\drivers\cyydlzpq.sys --> c:\windows\system32\drivers\cyydlzpq.sys [?]
S3 OMAWGU(Belkin Corporation);My Essential G USB Adapter(Belkin Corporation);c:\windows\system32\drivers\OMAWGU.sys [1/16/2008 2:03 PM 408064]
S3 PLCMP532;PLCMP532 NDIS Protocol Driver; [x]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [10/25/2007 9:50 AM 26656]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 12:19 PM 23064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [3/22/2009 3:46 PM 11520]
S4 Plnsprregudk;Plnsprregudk; [x]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/8/2007 2:59 PM 24652]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-11-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 05:35]
2009-11-11 c:\windows\Tasks\Virus-Update.job
- c:\virus_updates\Virus-Update.bat [2003-12-23 23:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: 1
Trusted Zone: google.com\www
Trusted Zone: moviemistakes.com\www
Trusted Zone: weebls-stuff.com\www
TCP: {9A386B7A-704B-4DFA-9797-2EFE3CE5529D} = 77.74.48.113
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
.
- - - - ORPHANS REMOVED - - - -
BHO-{1b1f623c-f18d-4023-8f2f-c5d8d6de4482} - jukabama.dll
BHO-{76EDE2E3-8EB5-4308-905B-301F654B2F61} - (no file)
HKLM-Run-17906427 - c:\documents and settings\All Users\Application Data\17906427\17906427.exe
HKLM-Run-geruvawuz - c:\windows\system32\hibunevo.dll
HKLM-Run-ruhawedera - wewusigo.dll
SharedTaskScheduler-{54cc2684-f888-4242-866b-da4a608e3a1c} - c:\windows\system32\rumerubo.dll
SharedTaskScheduler-{3fe658a4-e696-4a05-b1eb-6c8cbb449b66} - c:\windows\system32\hibunevo.dll
SSODL-poguhimef-{54cc2684-f888-4242-866b-da4a608e3a1c} - c:\windows\system32\rumerubo.dll
SSODL-benalafod-{3fe658a4-e696-4a05-b1eb-6c8cbb449b66} - c:\windows\system32\hibunevo.dll
Notify-ssqrs - ssqrs.dll
Notify-tapivss - (no file)
Notify-vturp - (no file)

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-17 14:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ŘP*]
"DisplayName"="?\13?\13"
"DeviceDesc"="?\13?\13"
"ProviderName"=""
"MFG"="???\\"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\?\13\\DriverFil es\\.INF"
"DeviceInstanceIds"=multi:"08449.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1180)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\WD\WD Anywhere Backup\MemeoBackup.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-11-17 14:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-17 22:34
Pre-Run: 7,458,717,696 bytes free
Post-Run: 11,495,374,848 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 452F400695F071926242A9336B90C062
===
generalcatfish's Avatar
Computer Specs
Junior Member with 27 posts.
  
Join Date: Nov 2009
Experience: Intermediate
17-Nov-2009, 06:43 PM #7
(30k character limit per post)
And here's the HJT uninstal list: (this was made before combofix was run)

===
Ad-Aware
Ad-Aware
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11.5
ADS Tech Master Installer V3.5
AirLink101 Powerline Utility
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
ATI Control Panel
ATI Display Driver
ATI DVD Decoder 2.1.0.1
ATI Multimedia Center 8.1.0.0
ATI Remote Wonder 1.4
avast! Antivirus
CD LabelMaker
ChexQuest
City of Villains/City of Heroes (remove only)
Cool MP3 Converter V1.82
DAO
Data Lifeguard Diagnostic for Windows
DivX Codec
Enable S3 for USB Device
EPSON Printer Software
EVGA Display Driver
Flash Decompiler
Folder Size for Windows
Fraps
GCFScape 1.7.2
Glycerine
Glycerine
Half-Life Dedicated Server Update Tool
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HydraVision
Intel Application Accelerator RAID Edition
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Flash MX 2004
Magellan RoadMate Manager North America
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Project 98
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Mids' Hero/Villain Designer
mIRC
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
My Essentials Wireless USB Utility
MyDVD
Network Play System (Patching)
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
oggcodecs 0.71.0946
OpenAL
PortalConsoleSaver
PowerDVD
QuickTime
Realtek AC'97 Audio
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shockwave
ShowBiz
SmartSoft Video Converter
Source SDK
Source SDK Base - Orange Box
Steam
Symantec AntiVirus Client
System Requirements Lab
System Requirements Lab
Team Fortress 2
Team Fortress 2 Dedicated Server
TeamSpeak 2 RC2
The Sims Art Studio
The Sims File Cop
The Sims Make A Date
The Sims Vacation
TI Connect 1.6
Ulead Straight-to-Disc SDK
Ultimate Doom
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
VDMSound 2.0.4
Ventrilo Client
VERITAS DLA
VERITAS RecordNow DX
VERITAS RecordNow DX Update Manager
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
VTFEdit 1.2.5
WD Anywhere Backup
WD Drive Manager (x86)
WildTangent Web Driver
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.2 final uninstall
YAMAHA CBX Driver
YouTube Downloader 2.5.3
===

and the new HJT log:

===
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:37 PM, on 11/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\a4hNpQwEG.exe" /runcleanupscript
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.moviemistakes.com
O15 - Trusted Zone: www.weebls-stuff.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146437535187
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A386B7A-704B-4DFA-9797-2EFE3CE5529D}: NameServer = 77.74.48.113
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 8297 bytes
===
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
17-Nov-2009, 07:53 PM #8
Please update me on how system is running after doing the following.

Please go to Virus Total <http://www.virustotal.com/> or Jotti
and upload c:\documents and settings\GeneralCatfish\Application Data\Microsoft\Installer\{E4406BD5-1FEF-4489-A714-AEDBDB9C6678}\_8C4F28E4C012222A3FD3AC.exe
 for scanning.

For Virus Total
1. Please copy and paste c:\documents and settings\GeneralCatfish\Application Data\Microsoft\Installer\{E4406BD5-1FEF-4489-A714-AEDBDB9C6678}\_8C4F28E4C012222A3FD3AC.exe
 in the text box next to the Browse button.
2. Click on Send File.

For Jotti
1. Please copy and paste c:\documents and settings\GeneralCatfish\Application Data\Microsoft\Installer\{E4406BD5-1FEF-4489-A714-AEDBDB9C6678}\_8C4F28E4C012222A3FD3AC.exe
 in the text box next to the Browse button.
2. Click on Submit.


Please post back the results of the scan in your next post.





Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present
  • O15 - Trusted Zone: www.moviemistakes.com <http://www.moviemistakes.com/>
    O15 - Trusted Zone: www.weebls-stuff.com <http://www.weebls-stuff.com/>
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9A386B7A-704B-4DFA-9797-2EFE3CE5529D}: NameServer = 77.74.48.113

Once selected close all windows except HJT an click on Fix Checked

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code:
    File::
c:\windows\system\ssvipat.tmp
c:\windows\system32\bimefili.exe
c:\windows\system32\miziwiva.dll
c:\windows\system32\penipure.dll
c:\windows\system32\piwinala.exe
c:\windows\system32\razadupe.dll
c:\windows\system32\sapawoma.dll
c:\windows\system32\wiwuzoza.dll
c:\windows\system32\yivilaje.dll
c:\windows\system32\yunukino.dll
c:\windows\Tasks\Virus-Update.job


DDS::
Trusted Zone: 1
Trusted Zone: google.com\www
Trusted Zone: moviemistakes.com\www
Trusted Zone: weebls-stuff.com\www
TCP: {9A386B7A-704B-4DFA-9797-2EFE3CE5529D} = 77.74.48.113
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please reply with:-
  • Combofix log
  • New HJT log
  • Virus Total/Jotti results
  • Update on how things are running
__________________
Teacher - Malware Removal University - You too could train to help others

Topics not replied to within 3 days will be removed from my Subscribed Threads List
generalcatfish's Avatar
Computer Specs
Junior Member with 27 posts.
  
Join Date: Nov 2009
Experience: Intermediate
17-Nov-2009, 08:03 PM #9
okay, running these steps as we speak. First, here are the results for the VirusTotal scan:

===
a-squared 4.5.0.41 2009.11.17 -
AhnLab-V3 5.0.0.2 2009.11.17 -
AntiVir 7.9.1.70 2009.11.17 -
Antiy-AVL 2.0.3.7 2009.11.17 -
Authentium 5.2.0.5 2009.11.17 -
Avast 4.8.1351.0 2009.11.17 -
AVG 8.5.0.425 2009.11.17 -
BitDefender 7.2 2009.11.18 -
CAT-QuickHeal 10.00 2009.11.17 -
ClamAV 0.94.1 2009.11.17 -
Comodo 2970 2009.11.17 -
DrWeb 5.0.0.12182 2009.11.17 -
eSafe 7.0.17.0 2009.11.17 -
eTrust-Vet 35.1.7125 2009.11.17 -
F-Prot 4.5.1.85 2009.11.17 -
Fortinet 3.120.0.0 2009.11.17 -
GData 19 2009.11.18 -
Ikarus T3.1.1.74.0 2009.11.17 -
Jiangmin 11.0.800 2009.11.17 -
K7AntiVirus 7.10.898 2009.11.17 -
Kaspersky 7.0.0.125 2009.11.17 -
McAfee 5805 2009.11.17 -
McAfee+Artemis 5805 2009.11.17 -
McAfee-GW-Edition 6.8.5 2009.11.17 -
Microsoft 1.5202 2009.11.17 -
NOD32 4615 2009.11.17 -
Norman 6.03.02 2009.11.17 -
nProtect 2009.1.8.0 2009.11.17 -
Panda 10.0.2.2 2009.11.17 -
PCTools 7.0.3.5 2009.11.17 -
Prevx 3.0 2009.11.18 -
Rising 22.22.01.08 2009.11.17 -
Sophos 4.47.0 2009.11.18 -
Sunbelt 3.2.1858.2 2009.11.17 -
Symantec 1.4.4.12 2009.11.17 -
TheHacker 6.5.0.2.072 2009.11.18 -
TrendMicro 9.0.0.1003 2009.11.17 -
VBA32 3.12.12.0 2009.11.17 -
ViRobot 2009.11.17.2041 2009.11.17 -
VirusBuster 5.0.21.0 2009.11.17 -
Additional information
File size: 15086 bytes
MD5...: 5237c4c8e4d4264de3ed654cc354f3eb
SHA1..: 9693ab85ad9ed1f7e22493724b72ec6c21536d2b
SHA256: a2a95764e6f9c9fb959758776933a28d9c59a3a8ce5f7c8abc4b28c675b0106b
ssdeep: 384:j49c6uzGIT76pHC5Dv9LlKkdYx+Vwrj3kZcY:kZmGlMLU+VU3BY

PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Windows Icon (50.0%)
MPEG Video (37.4%)
MacBinary 2 header (12.5%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
===
generalcatfish's Avatar
Computer Specs
Junior Member with 27 posts.
  
Join Date: Nov 2009
Experience: Intermediate
17-Nov-2009, 08:19 PM #10
Now, here's the combofix log:

===ComboFix 09-11-18.04 - GeneralCatfish 11/17/2009 16:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2017 [GMT -8:00]
Running from: c:\documents and settings\GeneralCatfish\Desktop\123.exe
Command switches used :: c:\documents and settings\GeneralCatfish\Desktop\CFScript.txt
AV: avast! antivirus 4.8.0 [VPS 091023-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system\ssvipat.tmp"
"c:\windows\system32\bimefili.exe"
"c:\windows\system32\miziwiva.dll"
"c:\windows\system32\penipure.dll"
"c:\windows\system32\piwinala.exe"
"c:\windows\system32\razadupe.dll"
"c:\windows\system32\sapawoma.dll"
"c:\windows\system32\wiwuzoza.dll"
"c:\windows\system32\yivilaje.dll"
"c:\windows\system32\yunukino.dll"
"c:\windows\Tasks\Virus-Update.job"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system\ssvipat.tmp
c:\windows\system32\bimefili.exe
c:\windows\system32\miziwiva.dll
c:\windows\system32\penipure.dll
c:\windows\system32\piwinala.exe
c:\windows\system32\razadupe.dll
c:\windows\system32\sapawoma.dll
c:\windows\system32\wiwuzoza.dll
c:\windows\system32\yivilaje.dll
c:\windows\system32\yunukino.dll
c:\windows\Tasks\Virus-Update.job
.
((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.
2009-11-17 21:25 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-17 21:25 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-17 21:25 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-17 21:25 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-17 21:25 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-17 21:25 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-17 21:25 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-17 21:25 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-17 21:25 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-17 21:25 . 2009-11-17 21:25 -------- d-----w- c:\program files\Alwil Software
2009-11-17 05:41 . 2009-11-17 05:36 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-17 05:37 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-17 05:35 . 2009-11-17 05:35 640608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-17 05:35 . 2009-11-17 05:35 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-17 05:35 . 2009-11-17 05:35 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-17 05:35 . 2009-11-17 05:35 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-17 05:35 . 2009-11-17 05:35 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-17 05:35 . 2009-11-17 05:35 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-17 05:34 . 2009-11-17 05:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-17 05:34 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-17 05:33 . 2009-11-17 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-17 05:18 . 2009-11-17 05:18 76264 ----a-w- c:\documents and settings\GeneralCatfish\Application Data\CC\uninstall.exe
2009-11-17 05:18 . 2009-11-17 05:41 -------- d-----w- c:\documents and settings\GeneralCatfish\Application Data\CC
2009-11-16 19:25 . 2009-11-16 19:25 -------- d-----w- c:\program files\Trend Micro
2009-11-16 09:19 . 2009-11-16 09:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-15 13:57 . 2009-11-15 13:57 551424 ----a-w- c:\documents and settings\GeneralCatfish\Application Data\CC\agent.exe
2009-11-09 22:24 . 2009-11-17 22:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-09 21:36 . 2009-11-09 21:36 826 ----a-w- c:\windows\system32\wininit.dll
2009-11-04 03:01 . 2009-11-04 03:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 00:01 . 2008-01-30 22:31 -------- d-----w- c:\program files\Steam
2009-11-17 22:55 . 2009-05-21 16:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-17 22:52 . 2005-01-28 19:07 -------- d-----w- c:\program files\Lavasoft
2009-11-17 22:52 . 2005-01-28 19:07 -------- d-----w- c:\documents and settings\GeneralCatfish\Application Data\Lavasoft
2009-11-12 06:34 . 2006-03-15 01:31 -------- d-----w- c:\program files\Better File Rename
2009-11-12 01:35 . 2008-09-13 06:41 -------- d-----w- c:\program files\City of Heroes
2009-11-11 03:04 . 2009-09-28 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-06 06:31 . 2009-03-19 22:40 -------- d-----w- c:\program files\CoHTest
2009-11-04 03:27 . 2003-12-29 02:01 93760 ----a-w- c:\documents and settings\GeneralCatfish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-04 03:04 . 2009-09-28 19:35 -------- d-----w- c:\program files\Microsoft Works
2009-11-01 00:02 . 2004-12-29 18:44 -------- d-----w- c:\program files\LimeWire
2009-10-28 07:36 . 2009-09-15 06:47 0 ----a-w- c:\documents and settings\GeneralCatfish\ntuser.tmp
2009-10-01 13:52 . 2009-02-05 22:43 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-28 19:32 . 2009-09-28 19:32 -------- d-----w- c:\program files\Microsoft.NET
2009-09-28 19:28 . 2009-09-28 19:28 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-28 19:18 . 2009-09-28 19:18 -------- d-----w- c:\program files\FolderSize
2009-09-21 21:15 . 2009-09-21 21:15 -------- d-----w- c:\documents and settings\GeneralCatfish\Application Data\Malwarebytes
2009-09-21 21:15 . 2009-09-21 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 01:45 . 2009-09-16 01:45 15086 ----a-r- c:\documents and settings\GeneralCatfish\Application Data\Microsoft\Installer\{E4406BD5-1FEF-4489-A714-AEDBDB9C6678}\_8C4F28E4C012222A3FD3AC.exe
2009-09-16 01:45 . 2009-09-16 01:45 15086 ----a-r- c:\documents and settings\GeneralCatfish\Application Data\Microsoft\Installer\{E4406BD5-1FEF-4489-A714-AEDBDB9C6678}\_6FEFF9B68218417F98F549.exe
2009-09-16 01:45 . 2009-09-16 01:45 15086 ----a-r- c:\documents and settings\GeneralCatfish\Application Data\Microsoft\Installer\{E4406BD5-1FEF-4489-A714-AEDBDB9C6678}\_38E7ABF9A1E5B8A7494755.exe
2009-09-11 14:18 . 2003-03-31 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-02-07 01:05 916480 ------w- c:\windows\system32\wininet.dll
2009-08-27 21:58 . 2009-07-21 19:24 25 ----a-w- c:\windows\popcinfot.dat
2009-08-26 08:00 . 2003-03-31 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-26 155648]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-04-17 197856]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\a4hNpQwEG.exe" [2009-11-11 1312080]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
c:\documents and settings\GeneralCatfish\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=cbxt3usr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^My Essentials Wireless USB Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\My Essentials Wireless USB Utility.lnk
backup=c:\windows\pss\My Essentials Wireless USB Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
backup=c:\windows\pss\Office Startup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=3 (0x3)
"WANMiniportService"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"NVSvc"=2 (0x2)
"Norton AntiVirus Server"=2 (0x2)
"NetSvc"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMon"=2 (0x2)
"DefWatch"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AOLService"=2 (0x2)
"AOL ACS"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\mIrc\\TechBOT\\TechBOTv1.0\\mirc.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\ScifienceStudios\\ChexQuest\\Legacy.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\piemanmoo\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127968127\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\piemanmoo\\source 2007 dedicated server\\srcds.exe"=
"c:\\HLServer\\orangebox\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\ultimate doom\\ultimate.bat"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Western Digital\\WD Drive Manager\\WDBtnMgrUI.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\Program Files\\America Online 9.0a\\shellrestart.exe"=
[HKLM\~\services\\antiSpywareApp\\ver2_0_32_1\\AOLSP Scheduler.exe"=]
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\FolderSize\\FolderSizeSvc.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"4662:TCP"= 4662:TCP:*isabled:4662
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/16/2009 9:37 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/17/2009 1:25 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/17/2009 1:25 PM 20560]
R2 cbxt3krn;YAMAHA CBX Driver;c:\windows\system32\drivers\cbxt3krn.sys [2/17/2008 1:29 PM 9760]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 9:51 AM 25824]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 2:22 PM 102400]
S1 cyydlzpq;cyydlzpq;\??\c:\windows\system32\drivers\cyydlzpq.sys --> c:\windows\system32\drivers\cyydlzpq.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 3:17 AM 1179232]
S3 OMAWGU(Belkin Corporation);My Essential G USB Adapter(Belkin Corporation);c:\windows\system32\drivers\OMAWGU.sys [1/16/2008 2:03 PM 408064]
S3 PLCMP532;PLCMP532 NDIS Protocol Driver; [x]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [10/25/2007 9:50 AM 26656]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 12:19 PM 23064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [3/22/2009 3:46 PM 11520]
S4 Plnsprregudk;Plnsprregudk; [x]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/8/2007 2:59 PM 24652]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2009-11-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 05:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-17 16:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ŘP*]
"DisplayName"="?\13?\13"
"DeviceDesc"="?\13?\13"
"ProviderName"=""
"MFG"="???\\"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\?\13\\DriverFil es\\.INF"
"DeviceInstanceIds"=multi:"08449.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-11-17 16:16
ComboFix-quarantined-files.txt 2009-11-18 00:15
ComboFix2.txt 2009-11-17 22:34
Pre-Run: 14,435,815,424 bytes free
Post-Run: 14,419,681,280 bytes free
- - End Of File - - 0682661538EF194FC4E17F42A4536136
===

and a new HJT file:

===Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:47 PM, on 11/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\a4hNpQwEG.exe" /runcleanupscript
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirements...qlabdetect.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146437535187
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 7883 bytes
===

So far, it seems like my computer is back to it's old glory, but i'll wait until i get the all-clear first
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
17-Nov-2009, 08:53 PM #11
Quote:
So far, it seems like my computer is back to it's old glory, but i'll wait until i get the all-clear first
I will get you to do an online scan(which will take ages) before we do any all clean. I would be sad to have missed one and it all to start again.

First, lets to a couple of little jobs.

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 17.
  • Go to Java Site
  • Click to Download Java SE Runtime Environment (JRE) 6 Update 17
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u17-windows-i586.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE) listed below in the code box.
    Code:
    J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

Next I recommend that you go into add/remove programs and uninstall the following:-
  • Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    WildTangent Web Driver

You appear to have Symantec on your system / and or left overs. If this is something you do not need or use please also uninstall the following while in add/remove programs.
  • LiveUpdate 1.80 (Symantec Corporation)
    Symantec AntiVirus Client

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply

Please reply with:-
  • Kaspersky report
  • New HJT log
__________________
Teacher - Malware Removal University - You too could train to help others

Topics not replied to within 3 days will be removed from my Subscribed Threads List
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
17-Nov-2009, 08:53 PM #12
Oh and how is the shutting down problem going?
generalcatfish's Avatar
Computer Specs
Junior Member with 27 posts.
  
Join Date: Nov 2009
Experience: Intermediate
19-Nov-2009, 01:41 AM #13
online scan report:
===
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, November 18, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, November 18, 2009 18:39:48
Records in database: 3234407
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 422748
Threats found: 39
Infected objects found: 137
Suspicious objects found: 3
Scan duration: 08:15:32

File name / Threat / Threats count
C:\2.js Suspicious: Trojan-Downloader.JS.gen 1
C:\AVG7QT.DAT Infected: Trojan.Win32.Qhost.r 1
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051005220924.zip Infected: Trojan.Win32.Qhost.r 1
C:\Documents and Settings\GeneralCatfish\Application Data\Sun\Java\Deployment\cache\6.0\16\78fcee10-7fb0243b Infected: Trojan-Downloader.Java.OpenConnection.at 1
C:\Documents and Settings\GeneralCatfish\Application Data\Sun\Java\Deployment\cache\6.0\34\4e8812a2-4ec4cc99 Infected: Trojan-Downloader.Java.OpenStream.y 1
C:\Documents and Settings\GeneralCatfish\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-147b168e Infected: Trojan-Downloader.Java.OpenConnection.at 1
C:\Documents and Settings\GeneralCatfish\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-4b4e04ec-33765435.class Infected: Trojan-Downloader.Java.OpenStream.y 1
C:\Documents and Settings\GeneralCatfish\Desktop\laptop stuff\homeirc\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
C:\Documents and Settings\GeneralCatfish\Desktop\laptop stuff\homeirc.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
C:\Documents and Settings\GeneralCatfish\Desktop\laptop stuff\TechBOTv1.0\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
C:\Documents and Settings\GeneralCatfish\Desktop\laptop stuff\testbot\C-Techbot\TechBOT\TechBOTv1.0\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
C:\Documents and Settings\GeneralCatfish\Desktop\laptop stuff\testbot\TechBOT\TechBOTv1.0\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
C:\Documents and Settings\GeneralCatfish\Desktop\laptop stuff\testbot\TechBOT\TechBOTv1.0 (good so far)\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
C:\Documents and Settings\GeneralCatfish\Desktop\laptop stuff\testbot\TechBOT\TESTBOT\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
C:\mIrc\TechBOT\TechBOTv1.0\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bimefili.exe.vir Infected: Trojan.Win32.FakeAV.ab 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTnstaecfqtd.dll.vir Infected: Packed.Win32.TDSS.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTpdkbwwdffh.dll.vir Infected: Packed.Win32.TDSS.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTwpqlmdpbpy.dll.vir Infected: Packed.Win32.TDSS.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTxnspwswrud.dll.vir Infected: Packed.Win32.TDSS.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\__c001B4BE.dat.vir Infected: Trojan-Downloader.Win32.Clopack.il 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00F623C.exe.vir Infected: Trojan-Downloader.Win32.NSIS.ac 1
C:\Qoobox\Quarantine\[4]-Submit_2009-11-17_16.07.15.zip Infected: Trojan.Win32.FraudPack.zux 1
C:\System Volume Information\_restore{86B58358-4476-494B-BF24-11D4B4398217}\RP1002\A0482279.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{86B58358-4476-494B-BF24-11D4B4398217}\RP1002\A0482280.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{86B58358-4476-494B-BF24-11D4B4398217}\RP1002\A0482281.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{86B58358-4476-494B-BF24-11D4B4398217}\RP1002\A0482282.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{86B58358-4476-494B-BF24-11D4B4398217}\RP1003\A0482309.exe Infected: Trojan-Downloader.Win32.NSIS.ac 1
C:\System Volume Information\_restore{86B58358-4476-494B-BF24-11D4B4398217}\RP1003\A0482566.exe Infected: Trojan.Win32.FakeAV.ab 1
C:\System Volume Information\_restore{86B58358-4476-494B-BF24-11D4B4398217}\RP1003\A0482569.exe Infected: Trojan.Win32.FraudPack.zux 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\2.js Suspicious: Trojan-Downloader.JS.gen 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\AVG7QT.DAT Infected: Trojan.Win32.Qhost.r 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051005220924.zip Infected: Trojan.Win32.Qhost.r 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0000.VBN Infected: Trojan.Java.ClassLoader.c 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0000.VBN Infected: Exploit.Java.ByteVerify 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0000.VBN Infected: Trojan.Java.ClassLoader.Dummy.a 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.v 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00B40000.VBN Infected: Trojan.JS.Offiz 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01040000.VBN Infected: Trojan.JS.Offiz 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03280000.VBN Infected: Trojan-Downloader.Win32.ConHook.b 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03280001.VBN Infected: Trojan-Downloader.Win32.Small.akz 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04400000.VBN Infected: Trojan-Dropper.Win32.Small.wn 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\044C0000.VBN Infected: Trojan.JS.Offiz 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04700000.VBN Infected: Trojan.Win32.LowZones.df 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04980000.VBN Infected: Exploit.HTML.Mht 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04A40000.VBN Infected: Exploit.HTML.Mht 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04A80000.VBN Infected: Trojan.Win32.Small.ef 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B80000.VBN Infected: Exploit.Java.ByteVerify 2
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B80000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D40000.VBN Infected: Trojan.Java.ClassLoader.Dummy.d 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04D40001.VBN Infected: Exploit.Java.ByteVerify 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E80000.VBN Infected: Exploit.Java.ByteVerify 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04F40000.VBN Infected: Trojan-Downloader.Win32.ConHook.b 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04FC0000.VBN Infected: Trojan.JS.Offiz 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05040000.VBN Infected: Trojan-Dropper.Win32.Small.wn 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\050C0000.VBN Infected: Trojan-Downloader.Java.OpenStream.y 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05180000.VBN Infected: Worm.Win32.VB.an 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05340000.VBN Infected: Trojan.Win32.Small.ef 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05500000.VBN Infected: P2P-Worm.Win32.Krepper.c 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\055C0000.VBN Infected: Trojan.Win32.Dialer.hk 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\055C0001.VBN Infected: Trojan.Win32.Dialer.hk 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\055C0002.VBN Infected: Trojan.Win32.Dialer.hk 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05680000.VBN Infected: Trojan.Win32.Crypt.o 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05780000.VBN Infected: Trojan.Win32.Crypt.o 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\058C0000.VBN Infected: Trojan.Win32.Crypt.o 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F00000.VBN Infected: Trojan-Downloader.Java.OpenStream.y 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\060C0000.VBN Infected: Trojan.Win32.Dialer.hk 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\060C0001.VBN Infected: Trojan.Win32.Dialer.hk 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06100000.VBN Infected: Trojan.Win32.Dialer.hk 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06140000.VBN Infected: Trojan.Win32.Dialer.hk 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06140001.VBN Infected: Trojan.Win32.Dialer.hk 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06140002.VBN Infected: Trojan.Win32.Dialer.hk 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06140003.VBN Infected: Trojan.Win32.Dialer.hk 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06180000.VBN Infected: Trojan.Win32.Dialer.hk 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06200000.VBN Infected: Trojan.Win32.Dialer.hk 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\062C0000.VBN Infected: Trojan.Win32.Dialer.hk 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06340000.VBN Infected: Trojan.Win32.Dialer.hk 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06380000.VBN Infected: Trojan.Java.ClassLoader.c 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06380000.VBN Infected: Exploit.Java.ByteVerify 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06380000.VBN Infected: Trojan.Java.ClassLoader.Dummy.a 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06380000.VBN Infected: Trojan-Downloader.Java.OpenConnection.v 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06780000.VBN Infected: Exploit.HTML.Mht 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06880000.VBN Infected: Exploit.HTML.Mht 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06900000.VBN Infected: Trojan.Java.Femad 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06980000.VBN Infected: Trojan.Java.ClassLoader.c 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06980001.VBN Infected: Exploit.Java.ByteVerify 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0000.VBN Infected: Trojan.Java.ClassLoader.Dummy.a 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00000.VBN Infected: Trojan.Java.ClassLoader.c 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00000.VBN Infected: Exploit.Java.ByteVerify 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00000.VBN Infected: Trojan.Java.ClassLoader.Dummy.a 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00000.VBN Infected: Trojan-Downloader.Java.OpenConnection.v 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00001.VBN Infected: Trojan.Java.Femad 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07800000.VBN Infected: Backdoor.Win32.Optix.Pro.i 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80000.VBN Infected: Trojan-Downloader.Win32.Ani.c 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07AC0000.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B00000.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B00001.VBN Infected: Trojan.Java.ClassLoader.Dummy.d 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B00002.VBN Infected: Exploit.Java.ByteVerify 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B80000.VBN Infected: Trojan-Downloader.Win32.Ani.c 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B80001.VBN Infected: Trojan-Downloader.Win32.Ani.c 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D40000.VBN Infected: Exploit.Java.ByteVerify 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D40001.VBN Infected: Trojan-Downloader.Win32.Ani.c 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D40002.VBN Infected: Trojan-Downloader.Java.OpenConnection.aj 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07DC0000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aj 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07E40000.VBN Infected: Trojan-Clicker.HTML.Agent.a 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08040000.VBN Infected: Trojan-Downloader.Win32.Ani.c 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08080000.VBN Infected: Trojan-Downloader.Win32.Ani.c 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A040001.VBN Infected: Worm.Win32.VB.an 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C7C0000.VBN Infected: Trojan-Downloader.Win32.Agent.acd 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D000001.VBN Infected: Exploit.Java.ByteVerify 2
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D000001.VBN Infected: Trojan.Java.Femad 2
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D000001.VBN Infected: Trojan.Win32.Revop.e 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DF80000.VBN Infected: Trojan-Downloader.Win32.ConHook.w 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E700001.VBN Infected: Exploit.Java.ByteVerify 2
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E700001.VBN Infected: Trojan.Java.Femad 2
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E700001.VBN Infected: Trojan.Win32.Revop.e 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E700003.VBN Infected: Trojan.Java.ClassLoader.z 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E700003.VBN Infected: Trojan.Java.ClassLoader.ak 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E700003.VBN Infected: Trojan-Downloader.Java.OpenConnection.v 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SWP2HGL3\dogma[1].exe Infected: Packed.Win32.TDSS.z 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YHS9YBYX\33t[3].htm Suspicious: Trojan-Downloader.JS.gen 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\GeneralCatfish\Application Data\Sun\Java\Deployment\cache\6.0\16\78fcee10-7fb0243b Infected: Trojan-Downloader.Java.OpenConnection.at 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\GeneralCatfish\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-147b168e Infected: Trojan-Downloader.Java.OpenConnection.at 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\GeneralCatfish\Desktop\laptop stuff\homeirc\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\GeneralCatfish\Desktop\laptop stuff\homeirc.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\GeneralCatfish\Desktop\laptop stuff\TechBOTv1.0\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\GeneralCatfish\Desktop\laptop stuff\testbot\C-Techbot\TechBOT\TechBOTv1.0\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\GeneralCatfish\Desktop\laptop stuff\testbot\TechBOT\TechBOTv1.0\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\GeneralCatfish\Desktop\laptop stuff\testbot\TechBOT\TechBOTv1.0 (good so far)\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\GeneralCatfish\Desktop\laptop stuff\testbot\TechBOT\TESTBOT\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\mIrc\TechBOT\TechBOTv1.0\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
E:\My WD_Backup\Memeo\My WD_Backup\C_\WINDOWS\system32\drivers\etc\hosts Infected: Trojan.Win32.Qhost.r 1
Selected area has been scanned.
generalcatfish's Avatar
Computer Specs
Junior Member with 27 posts.
  
Join Date: Nov 2009
Experience: Intermediate
19-Nov-2009, 01:41 AM #14
and HJT log:
===
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:47 PM, on 11/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\Program Files\Glycerine\Glycerine.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\a4hNpQwEG.exe" /runcleanupscript
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirements...qlabdetect.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146437535187
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 8579 bytes
===

and the shutdown problem's the same as ever. I think it's actualy a hardware issue, and I probably plugged something in the wrong spot where it should have been. I'm just too lazy to open it up and play trial-and-error to find out where each plug goes. Oh well, no biggie.
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
19-Nov-2009, 03:32 AM #15
Well Kaspersky certainly found a few things!

Please empty this folder/ and or delete it since you no longer use Symantec
  • E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine

Download and Run OTM.exe

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code:
:Files
C:\2.js Suspicious: 
C:\AVG7QT.DAT 
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051005220924.zip 
C:\Documents and Settings\GeneralCatfish\Application Data\Sun\Java\Deployment\cache\6.0\16\78fcee10-7fb0243b 
C:\Documents and Settings\GeneralCatfish\Application Data\Sun\Java\Deployment\cache\6.0\34\4e8812a2-4ec4cc99 
C:\Documents and Settings\GeneralCatfish\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-147b168e 
C:\Documents and Settings\GeneralCatfish\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-4b4e04ec-33765435.class 
E:\My WD_Backup\Memeo\My WD_Backup\C_\2.js 
E:\My WD_Backup\Memeo\My WD_Backup\C_\AVG7QT.DAT 
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051005220924.zip 
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SWP2HGL3\dogma[1].exe 
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YHS9YBYX\33t[3].htm 
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\GeneralCatfish\Application Data\Sun\Java\Deployment\cache\6.0\16\78fcee10-7fb0243b 
E:\My WD_Backup\Memeo\My WD_Backup\C_\Documents and Settings\GeneralCatfish\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-147b168e 
E:\My WD_Backup\Memeo\My WD_Backup\C_\WINDOWS\system32\drivers\etc\hosts 

:Commands

[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTM.exe, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM.exe


Please reply with:-
  • OTM log
  • New HJT log
__________________
Teacher - Malware Removal University - You too could train to help others

Topics not replied to within 3 days will be removed from my Subscribed Threads List
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 12:01 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.