Jump to content

Onyxia

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral

About Onyxia

  • Birthday 11/28/1978

Contact Methods

  • MSN
    lil_mynx@msn.com
  • ICQ
    0

Profile Information

  • Location
    Hollister Florida
  1. Hi, Onyxia

    happy birthday

  2. Alright, I have the time now so I will get to work on it, it looks like alot of work that will take a long time but we will see, I just want you to know how much I appreciate all this and others should too it's a great service you do for those of us that can't afford the programs or programmers to do the job, your a hero to moms like me and anyone else who you help, thanks again and I'll post back in a few hours when I am done or later tonight which ever. Again and I can't express this enough Thank you. Onyxia XxXxXxXxX ( that's a lot of hugs )
  3. Wow you weren't kidding about it might take a while, some were in the 4 hour range lol, O.k. so here are the two reports you asked for . Also the computer has stopped locking up and seems to be getting done sooner but it is still slow and I have not tried the IMVU chat client yet because I was not sure if I should, I don't think that is where the bad files came from orignaly but I did not want to try until you gave the go ahead and I was thinking before doing any of that I needed to have some type of protection, please let me know what you think on this one, we have done so much work ( you more then me of course lol ) I just don't want to back slide here. You deserve an award for your kindness Thank you! Onyxia Opps almost forgot, Is there something I need to be doing with HJT do I need to be fixing files at the end? or just running the scans? -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Friday, April 24, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Friday, April 24, 2009 09:11:47 Records in database: 2074498 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ Scan statistics: Files scanned: 251893 Threat name: 7 Infected objects: 16 Suspicious objects: 0 Duration of the scan: 03:54:51 File name / Threat name / Threats count C:\Qoobox\Quarantine\C\Documents and Settings\Cierra\Application Data\sdra64.exe.vir Infected: Trojan-Spy.Win32.Zbot.gen 1 C:\Qoobox\Quarantine\C\Documents and Settings\Guest\Application Data\sdra64.exe.vir Infected: Trojan-Spy.Win32.Zbot.gen 1 C:\Qoobox\Quarantine\C\Documents and Settings\Liz Cardinale\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe.vir Infected: Packed.Win32.Tdss.c 1 C:\Qoobox\Quarantine\C\Documents and Settings\Nem\Application Data\sdra64.exe.vir Infected: Trojan-Spy.Win32.Zbot.gen 1 C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACbmlilrld.sys.vir Infected: Rootkit.Win32.Agent.iur 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\sdra64.exe.vir Infected: Trojan-Spy.Win32.Zbot.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACboscdjol.dll.vir Infected: Packed.Win32.Tdss.f 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACkwsivycm.dll.vir Infected: Packed.Win32.Tdss.f 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACoppfiqrg.dll.vir Infected: Packed.Win32.Tdss.f 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqyrudorx.dll.vir Infected: Packed.Win32.Tdss.f 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwulkdqjh.dll.vir Infected: Packed.Win32.Tdss.f 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000172.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000183.exe Infected: Packed.Win32.Tdss.c 1 The selected area was scanned. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:36:53 AM, on 4/24/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PRISMSVC.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Dell Wireless\PRISMCFG.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\java.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\qsb.exe" /autorun O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ? O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\TEMP\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1240274284718 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1240273345531 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE -- End of file - 6435 bytes
  4. O.k. I just did one more update and one more scan I figured why not then I'm off to bed now I am off to bed with great news there where no findings so I'm clean right??? Malwarebytes' Anti-Malware 1.36 Database version: 2035 Windows 5.1.2600 Service Pack 3 4/23/2009 9:17:08 PM mbam-log-2009-04-23 (21-17-08).txt Scan type: Quick Scan Objects scanned: 102139 Time elapsed: 5 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:19:39 PM, on 4/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PRISMSVC.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Dell Wireless\PRISMCFG.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\qsb.exe" /autorun O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ? O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\TEMP\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1240274284718 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1240273345531 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE -- End of file - 5833 bytes -= Does happy dance in a little precelebration =- I just can't thank you enough Onyxia
  5. Malwarebytes' Anti-Malware 1.36 Database version: 2033 Windows 5.1.2600 Service Pack 3 4/23/2009 8:58:42 PM mbam-log-2009-04-23 (20-58-42).txt Scan type: Quick Scan Objects scanned: 97628 Time elapsed: 6 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5c09e5-35c2-4847-9da2-77eaf4d4aa60} (Trojan.BHO.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{5e5c09e5-35c2-4847-9da2-77eaf4d4aa60} (Trojan.BHO.H) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\SYSTEM32\lvkneti.dll (Trojan.BHO.H) -> Delete on reboot. C:\WINDOWS\SYSTEM32\DRIVERS\weihbfcn.sys (Rootkit.Sentinel) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:03:10 PM, on 4/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PRISMSVC.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Dell Wireless\PRISMCFG.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\qsb.exe" /autorun O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ? O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\TEMP\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1240274284718 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1240273345531 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE -- End of file - 5889 bytes Thank you so much and sorry I did not post back sooner. Onyxia
  6. Hmmm I have got all the files in a folder ready to be zipped how ever I have another issue. it seems when all my trouble started I lost my ability to zip things now I have two trial versions of zips one being .rar and the other being Winzip I don't know if either of these will do so I figure if I pack the folder in each of these you can figure out which one to use but sadly this is all I have I hope in the end this too will be resolved. Also so that it would actually had to put the .bad folder in another folder named Infection.zip in order to have it named Infection.zip as well hope that is o.k. Onyxia ... ok maybe I won't use the .rar Upload failed. You are not permitted to upload this type of file O.o ... hope the winzip works out then... * Computer virus' are like misquotes ... only the one who created them actually gets why they where created and everyone else agrees they are a nuisance. *
  7. ( o.k. I am posting the rootrepeal but it seems to be having some issues it opens and I do as directed, checking all boxes then the C drive then scan I can see it start the scan and everything says " could not get file information... " as it scans then poof its gone and leaves this report in the folder ) ROOTREPEAL CRASH REPORT ------------------------- Exception Code: 0xc0000005 Exception Address: 0x0040e8ea Attempt to read from address: 0x00000014 ( Also when I first click and start it, it opens a error report that reads ) RootRepeal Error Could not read module file! Please contact the author! ( here is a pic of what it looks like while scanning before it crashies) ( Onyxia )
  8. ntbtlog.txt Service Pack 3 4 22 2009 11:17:49.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver weihbfcn.sys Loaded driver PCIIde.sys Loaded driver \WINDOWS\System32\Drivers\PCIIDEX.SYS Loaded driver intelide.sys Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver Mup.sys Loaded driver agp440.sys Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\System32\DRIVERS\ialmnt5.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\AGRSM.sys Loaded driver \SystemRoot\System32\Drivers\Modem.SYS Loaded driver \SystemRoot\system32\DRIVERS\Rtnicxp.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\Drivers\AFS2K.SYS Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\drivers\ALCXWDM.SYS Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\omci.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Did not load driver \SystemRoot\System32\DRIVERS\kbdhid.sys Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\DRIVERS\processr.sys Did not load driver \SystemRoot\System32\DRIVERS\p3.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\DRIVERS\USBSTOR.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\AegisP.sys Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Service Pack 3 4 22 2009 11:25:39.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver weihbfcn.sys Loaded driver PCIIde.sys Loaded driver \WINDOWS\System32\Drivers\PCIIDEX.SYS Loaded driver intelide.sys Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver Mup.sys Loaded driver agp440.sys Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\System32\DRIVERS\ialmnt5.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\AGRSM.sys Loaded driver \SystemRoot\System32\Drivers\Modem.SYS Loaded driver \SystemRoot\system32\DRIVERS\Rtnicxp.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\Drivers\AFS2K.SYS Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\drivers\ALCXWDM.SYS Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\omci.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Did not load driver \SystemRoot\System32\DRIVERS\kbdhid.sys Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\DRIVERS\processr.sys Did not load driver \SystemRoot\System32\DRIVERS\p3.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\DRIVERS\USBSTOR.SYS Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\AegisP.sys Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys
  9. JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Apr 22 07:51:00 2009 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002 Found and removed: Software\Classes\JavaPlugin.160_02 ------------------------------------ Finished reporting. DDS (Ver_09-03-16.01) - NTFSx86 Run by Liz Cardinale at 10:42:40.40 on Wed 04/22/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.71 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe svchost.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PRISMSVC.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Dell Wireless\PRISMCFG.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\TEMP\Desktop\dds.scr ============== Pseudo HJT Report =============== BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File BHO: : {5e5c09e5-35c2-4847-9da2-77eaf4d4aa60} - c:\windows\system32\lvkneti.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_9993303B90FE6C1D.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [Google Quick Search Box] "c:\program files\google\quick search box\qsb.exe" /autorun mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\temp\start menu\programs\imvu\Run IMVU.lnk IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1240274284718 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240273345531 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_9993303B90FE6C1D.dll Notify: igfxcui - igfxsrvc.dll Notify: PRISMAPI.DLL - PRISMAPI.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\temp\applic~1\mozilla\firefox\profiles\16guxzcg.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo ============= SERVICES / DRIVERS =============== R0 weihbfcn;weihbfcn;c:\windows\system32\drivers\weihbfcn.sys [2003-3-31 23424] R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2007-8-3 61529] =============== Created Last 30 ================ 2009-04-21 13:16 27,496 a------- c:\windows\system32\mucltui.dll.mui 2009-04-21 13:16 268,648 a------- c:\windows\system32\mucltui.dll 2009-04-21 07:21 <DIR> --d----- c:\docume~1\temp\applic~1\Malwarebytes 2009-04-21 07:20 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-04-21 07:20 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-21 07:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-04-21 07:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-04-21 06:46 <DIR> a-dshr-- C:\cmdcons 2009-04-20 23:52 552 a------- c:\windows\system32\d3d8caps.dat 2009-04-20 23:37 <DIR> --d----- C:\whyme43 2009-04-20 23:21 <DIR> --d----- C:\tree 2009-04-20 23:19 <DIR> --d----- C:\Combo 2009-04-20 19:43 161,792 a------- c:\windows\SWREG.exe 2009-04-20 19:43 98,816 a------- c:\windows\sed.exe 2009-04-20 13:23 <DIR> --d----- c:\program files\Trend Micro 2009-04-17 17:24 118 a------- c:\windows\system32\MRT.INI 2009-04-17 16:55 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll 2009-04-17 16:55 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-17 16:55 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll 2009-04-17 16:55 284,160 -c------ c:\windows\system32\dllcache\pdh.dll 2009-04-17 16:55 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe 2009-04-17 16:55 110,592 -c------ c:\windows\system32\dllcache\services.exe 2009-04-17 16:55 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll 2009-04-17 16:55 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll 2009-04-17 16:55 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll 2009-04-17 16:54 2,560 -------- c:\windows\system32\xpsp4res.dll 2009-04-17 16:54 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb 2009-04-17 16:54 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe 2009-04-04 10:24 <DIR> --d----- c:\docume~1\temp\applic~1\jjvoohnm 2009-03-29 02:24 55,640 a------- c:\windows\system32\drivers\avgntflt.sys 2009-03-26 22:54 <DIR> --d----- c:\docume~1\temp\applic~1\PC Tools 2009-03-26 22:49 <DIR> --d----- c:\program files\PC Tools AntiVirus 2009-03-26 22:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools ==================== Find3M ==================== 2009-04-21 00:07 106,496 a------- c:\windows\system32\urppbyq.dll 2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll 2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll 2009-02-20 14:09 78,336 -------- c:\windows\system32\ieencode.dll 2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll 2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll 2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll 2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll 2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys 2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe 2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe 2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe 2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe 2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll ============= FINISH: 10:43:26.70 =============== http://www.malwarebytes.org/forums/style_i...e_types/zip.gif Malwarebytes' Anti-Malware 1.36 Database version: 2026 Windows 5.1.2600 Service Pack 3 4/22/2009 11:00:37 AM mbam-log-2009-04-22 (11-00-37).txt Scan type: Quick Scan Objects scanned: 97104 Time elapsed: 6 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5c09e5-35c2-4847-9da2-77eaf4d4aa60} (Trojan.BHO.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{5e5c09e5-35c2-4847-9da2-77eaf4d4aa60} (Trojan.BHO.H) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\SYSTEM32\lvkneti.dll (Trojan.BHO.H) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05:29 AM, on 4/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PRISMSVC.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Dell Wireless\PRISMCFG.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: (no name) - {5E5C09E5-35C2-4847-9DA2-77EAF4D4AA60} - c:\windows\system32\lvkneti.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\qsb.exe" /autorun O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ? O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\TEMP\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1240274284718 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1240273345531 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE -- End of file - 6026 bytes ( I accidently over looked two steps and had to go back and redo them I hope this did not effect the order of things but after missing the steps I did go back and do them in order Thanks ever so much Onyxia ) Attach.zip Attach.zip
  10. HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:40:10 AM, on 4/21/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PRISMSVC.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: (no name) - {5E5C09E5-35C2-4847-9DA2-77EAF4D4AA60} - c:\windows\system32\lvkneti.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\qsb.exe" /autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ? O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\TEMP\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1240274284718 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1240273345531 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE -- End of file - 6354 bytes
  11. MBAM log file Malwarebytes' Anti-Malware 1.36 Database version: 2019 Windows 5.1.2600 Service Pack 3 4/21/2009 7:34:05 AM mbam-log-2009-04-21 (07-34-05).txt Scan type: Quick Scan Objects scanned: 96791 Time elapsed: 6 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 105 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 4 Files Infected: 27 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5c09e5-35c2-4847-9da2-77eaf4d4aa60} (Trojan.BHO.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{5e5c09e5-35c2-4847-9da2-77eaf4d4aa60} (Trojan.BHO.H) -> Delete on reboot. HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internet antivirus pro_is1 (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\TEMP\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\TEMP\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\TEMP\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\SYSTEM32\lvkneti.dll (Trojan.BHO.H) -> Delete on reboot. C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro Home Page.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Purchase License.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\TEMP\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\TEMP\Application Data\AdwareAlert\Log\2009 Mar 24 - 02_01_44 PM_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\TEMP\Application Data\AdwareAlert\Log\2009 Mar 26 - 06_06_21 PM_578.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\TEMP\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Liz Cardinale\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\Liz Cardinale\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACaetnowdd.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACahjbxfyb.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACbvfqrfsv.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACftkpupib.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACsqfheteo.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACnnupeqpx.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACptjgpuyr.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACqevpeton.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACqthxyqem.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACrlmydopm.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACsdpbarmn.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACssiiacxs.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACuidtgqyr.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACumisprgb.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACxexocecv.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\UACxvampqvy.log (Trojan.Agent) -> Quarantined and deleted successfully.
  12. o.k. great work. I didn't have to go in safe mode this time and the restore point installed so here is the new combofix post and on to the next step. Thank you again Onyxia ComboFix 09-04-21.A2 - Liz Cardinale 04/21/2009 6:56.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.83 [GMT -4:00] Running from: c:\documents and settings\TEMP\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\TEMP\Desktop\CFscript.txt.txt * Created a new restore point FILE :: c:\documents and settings\Administrator\hpothb07.dat c:\documents and settings\All Users\hpothb07.dat c:\documents and settings\Cierra\hpothb07.dat c:\documents and settings\Default User\hpothb07.dat c:\documents and settings\Guest\hpothb07.dat c:\documents and settings\Liz Cardinale\hpothb07.dat c:\documents and settings\Nem\hpothb07.dat c:\documents and settings\TEMP\hpothb07.dat c:\documents and settings\TEMP\Start Menu\Programs\IMVU\Run IMVU.lnk c:\program files\Common Files\InternetAntivirusPro.exe c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll c:\windows\system32\drivers\npf.sys c:\windows\system32\lvkneti.dll c:\windows\SYSTEM32\orqss.tmp c:\windows\SYSTEM32\urppbyq.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\32788R22FWJFW.0.tmp c:\32788r22fwjfw.0.tmp\License\Curl - license.txt c:\32788r22fwjfw.0.tmp\License\dumphive-license.txt c:\32788r22fwjfw.0.tmp\License\EXTRACT.TXT c:\32788r22fwjfw.0.tmp\License\FI - license.txt c:\32788r22fwjfw.0.tmp\License\mtee.txt.txt c:\32788r22fwjfw.0.tmp\License\pv_5_2_2.zip c:\32788r22fwjfw.0.tmp\License\streamtools.zip c:\32788r22fwjfw.0.tmp\License\UnxUtilsDist.html c:\32788r22fwjfw.0.tmp\License\Zip - license.txt c:\32788r22fwjfw.0.tmp\N_\14300 c:\32788r22fwjfw.0.tmp\N_\19233 c:\32788r22fwjfw.0.tmp\N_\22241 c:\32788r22fwjfw.0.tmp\N_\25201 c:\32788r22fwjfw.0.tmp\N_\30504 c:\32788r22fwjfw.0.tmp\N_\N c:\32788r22fwjfw.0.tmp\pev.cfexe c:\32788r22fwjfw.0.tmp\pev.exe c:\32788r22fwjfw.0.tmp\Policies.dat c:\32788r22fwjfw.0.tmp\Prep.cmd c:\32788r22fwjfw.0.tmp\Prep.inf c:\32788r22fwjfw.0.tmp\psexec.cfexe c:\32788r22fwjfw.0.tmp\Purity.dat c:\32788r22fwjfw.0.tmp\pv.cfexe c:\32788r22fwjfw.0.tmp\pv.exe c:\32788r22fwjfw.0.tmp\RCLink c:\32788r22fwjfw.0.tmp\REGDACL.sed c:\32788r22fwjfw.0.tmp\RegDo.sed c:\32788r22fwjfw.0.tmp\region.dat c:\32788r22fwjfw.0.tmp\RegScan.cmd c:\32788r22fwjfw.0.tmp\Resident.txt c:\32788r22fwjfw.0.tmp\restore_pt.vbs c:\32788r22fwjfw.0.tmp\RestoreO4.bat c:\32788r22fwjfw.0.tmp\Rkey.cmd c:\32788r22fwjfw.0.tmp\rogues.dat c:\32788r22fwjfw.0.tmp\run2.sed c:\32788r22fwjfw.0.tmp\safeboot.dat c:\32788r22fwjfw.0.tmp\safeboot.def.dat c:\32788r22fwjfw.0.tmp\safeboot.def.vista.dat c:\32788r22fwjfw.0.tmp\SafeBootRepair.bat c:\32788r22fwjfw.0.tmp\sed.cfexe c:\32788r22fwjfw.0.tmp\SetEnvmt.bat c:\32788r22fwjfw.0.tmp\setpath.cfexe c:\32788r22fwjfw.0.tmp\SF.exe c:\32788r22fwjfw.0.tmp\sfx.cmd c:\32788r22fwjfw.0.tmp\SnapShot.cmd c:\32788r22fwjfw.0.tmp\SRestore.cmd c:\32788r22fwjfw.0.tmp\srizbi.md5 c:\32788r22fwjfw.0.tmp\SuppScan.cmd c:\32788r22fwjfw.0.tmp\svc_wht.dat c:\32788r22fwjfw.0.tmp\SvcDrv.vbs c:\32788r22fwjfw.0.tmp\svchost.dat c:\32788r22fwjfw.0.tmp\svchost.vista.dat c:\32788r22fwjfw.0.tmp\swreg.exe c:\32788r22fwjfw.0.tmp\swsc.cfexe c:\32788r22fwjfw.0.tmp\swxcacls.cfexe c:\32788r22fwjfw.0.tmp\system_ini.dat c:\32788r22fwjfw.0.tmp\tail.cfexe c:\32788r22fwjfw.0.tmp\toolbar.sed c:\32788r22fwjfw.0.tmp\unzip.cfexe c:\32788r22fwjfw.0.tmp\Update-CF.cmd c:\32788r22fwjfw.0.tmp\vistareg.dat c:\32788r22fwjfw.0.tmp\w2kreg.dat c:\32788r22fwjfw.0.tmp\xpreg.dat c:\32788r22fwjfw.0.tmp\zDomain.dat c:\32788r22fwjfw.0.tmp\zhsvc.dat c:\32788r22fwjfw.0.tmp\zip.cfexe C:\32788R22FWJFW.1.tmp c:\32788r22fwjfw.1.tmp\License\Curl - license.txt c:\32788r22fwjfw.1.tmp\License\dumphive-license.txt c:\32788r22fwjfw.1.tmp\License\EXTRACT.TXT c:\32788r22fwjfw.1.tmp\License\FI - license.txt c:\32788r22fwjfw.1.tmp\License\mtee.txt.txt c:\32788r22fwjfw.1.tmp\License\pv_5_2_2.zip c:\32788r22fwjfw.1.tmp\License\streamtools.zip c:\32788r22fwjfw.1.tmp\License\UnxUtilsDist.html c:\32788r22fwjfw.1.tmp\License\Zip - license.txt c:\32788r22fwjfw.1.tmp\N_\11600 c:\32788r22fwjfw.1.tmp\N_\19948 c:\32788r22fwjfw.1.tmp\N_\20471 c:\32788r22fwjfw.1.tmp\N_\29394 c:\32788r22fwjfw.1.tmp\N_\31949 c:\32788r22fwjfw.1.tmp\N_\32424 c:\32788r22fwjfw.1.tmp\N_\5371 c:\32788r22fwjfw.1.tmp\N_\N c:\32788r22fwjfw.1.tmp\pev.cfexe c:\32788r22fwjfw.1.tmp\pev.exe c:\32788r22fwjfw.1.tmp\Policies.dat c:\32788r22fwjfw.1.tmp\Prep.cmd c:\32788r22fwjfw.1.tmp\Prep.inf c:\32788r22fwjfw.1.tmp\psexec.cfexe c:\32788r22fwjfw.1.tmp\Purity.dat c:\32788r22fwjfw.1.tmp\pv.cfexe c:\32788r22fwjfw.1.tmp\pv.exe c:\32788r22fwjfw.1.tmp\RCLink c:\32788r22fwjfw.1.tmp\REGDACL.sed c:\32788r22fwjfw.1.tmp\RegDo.sed c:\32788r22fwjfw.1.tmp\region.dat c:\32788r22fwjfw.1.tmp\RegScan.cmd c:\32788r22fwjfw.1.tmp\Resident.txt c:\32788r22fwjfw.1.tmp\restore_pt.vbs c:\32788r22fwjfw.1.tmp\RestoreO4.bat c:\32788r22fwjfw.1.tmp\Rkey.cmd c:\32788r22fwjfw.1.tmp\rogues.dat c:\32788r22fwjfw.1.tmp\run2.sed c:\32788r22fwjfw.1.tmp\safeboot.dat c:\32788r22fwjfw.1.tmp\safeboot.def.dat c:\32788r22fwjfw.1.tmp\safeboot.def.vista.dat c:\32788r22fwjfw.1.tmp\SafeBootRepair.bat c:\32788r22fwjfw.1.tmp\sed.cfexe c:\32788r22fwjfw.1.tmp\SetEnvmt.bat c:\32788r22fwjfw.1.tmp\setpath.cfexe c:\32788r22fwjfw.1.tmp\SF.exe c:\32788r22fwjfw.1.tmp\sfx.cmd c:\32788r22fwjfw.1.tmp\SnapShot.cmd c:\32788r22fwjfw.1.tmp\SRestore.cmd c:\32788r22fwjfw.1.tmp\srizbi.md5 c:\32788r22fwjfw.1.tmp\SuppScan.cmd c:\32788r22fwjfw.1.tmp\svc_wht.dat c:\32788r22fwjfw.1.tmp\SvcDrv.vbs c:\32788r22fwjfw.1.tmp\svchost.dat c:\32788r22fwjfw.1.tmp\svchost.vista.dat c:\32788r22fwjfw.1.tmp\swreg.exe c:\32788r22fwjfw.1.tmp\swsc.cfexe c:\32788r22fwjfw.1.tmp\swxcacls.cfexe c:\32788r22fwjfw.1.tmp\system_ini.dat c:\32788r22fwjfw.1.tmp\tail.cfexe c:\32788r22fwjfw.1.tmp\toolbar.sed c:\32788r22fwjfw.1.tmp\unzip.cfexe c:\32788r22fwjfw.1.tmp\Update-CF.cmd c:\32788r22fwjfw.1.tmp\vistareg.dat c:\32788r22fwjfw.1.tmp\w2kreg.dat c:\32788r22fwjfw.1.tmp\xpreg.dat c:\32788r22fwjfw.1.tmp\zDomain.dat c:\32788r22fwjfw.1.tmp\zhsvc.dat c:\32788r22fwjfw.1.tmp\zip.cfexe C:\32788R22FWJFW.2.tmp c:\32788r22fwjfw.2.tmp\License\Curl - license.txt c:\32788r22fwjfw.2.tmp\License\dumphive-license.txt c:\32788r22fwjfw.2.tmp\License\EXTRACT.TXT c:\32788r22fwjfw.2.tmp\License\FI - license.txt c:\32788r22fwjfw.2.tmp\License\mtee.txt.txt c:\32788r22fwjfw.2.tmp\License\pv_5_2_2.zip c:\32788r22fwjfw.2.tmp\License\streamtools.zip c:\32788r22fwjfw.2.tmp\License\UnxUtilsDist.html c:\32788r22fwjfw.2.tmp\License\Zip - license.txt c:\32788r22fwjfw.2.tmp\N_\18983 c:\32788r22fwjfw.2.tmp\N_\2043 c:\32788r22fwjfw.2.tmp\N_\26796 c:\32788r22fwjfw.2.tmp\N_\28378 c:\32788r22fwjfw.2.tmp\N_\32757 c:\32788r22fwjfw.2.tmp\N_\N c:\32788r22fwjfw.2.tmp\pev.cfexe c:\32788r22fwjfw.2.tmp\pev.exe c:\32788r22fwjfw.2.tmp\Policies.dat c:\32788r22fwjfw.2.tmp\Prep.cmd c:\32788r22fwjfw.2.tmp\Prep.inf c:\32788r22fwjfw.2.tmp\psexec.cfexe c:\32788r22fwjfw.2.tmp\Purity.dat c:\32788r22fwjfw.2.tmp\pv.cfexe c:\32788r22fwjfw.2.tmp\RCLink c:\32788r22fwjfw.2.tmp\REGDACL.sed c:\32788r22fwjfw.2.tmp\RegDo.sed c:\32788r22fwjfw.2.tmp\region.dat c:\32788r22fwjfw.2.tmp\RegScan.cmd c:\32788r22fwjfw.2.tmp\Resident.txt c:\32788r22fwjfw.2.tmp\restore_pt.vbs c:\32788r22fwjfw.2.tmp\RestoreO4.bat c:\32788r22fwjfw.2.tmp\Rkey.cmd c:\32788r22fwjfw.2.tmp\rogues.dat c:\32788r22fwjfw.2.tmp\run2.sed c:\32788r22fwjfw.2.tmp\safeboot.dat c:\32788r22fwjfw.2.tmp\safeboot.def.dat c:\32788r22fwjfw.2.tmp\safeboot.def.vista.dat c:\32788r22fwjfw.2.tmp\SafeBootRepair.bat c:\32788r22fwjfw.2.tmp\sed.cfexe c:\32788r22fwjfw.2.tmp\SetEnvmt.bat c:\32788r22fwjfw.2.tmp\setpath.cfexe c:\32788r22fwjfw.2.tmp\SF.exe c:\32788r22fwjfw.2.tmp\sfx.cmd c:\32788r22fwjfw.2.tmp\SnapShot.cmd c:\32788r22fwjfw.2.tmp\SRestore.cmd c:\32788r22fwjfw.2.tmp\srizbi.md5 c:\32788r22fwjfw.2.tmp\SuppScan.cmd c:\32788r22fwjfw.2.tmp\svc_wht.dat c:\32788r22fwjfw.2.tmp\SvcDrv.vbs c:\32788r22fwjfw.2.tmp\svchost.dat c:\32788r22fwjfw.2.tmp\svchost.vista.dat c:\32788r22fwjfw.2.tmp\swreg.exe c:\32788r22fwjfw.2.tmp\swsc.cfexe c:\32788r22fwjfw.2.tmp\swxcacls.cfexe c:\32788r22fwjfw.2.tmp\system_ini.dat c:\32788r22fwjfw.2.tmp\tail.cfexe c:\32788r22fwjfw.2.tmp\toolbar.sed c:\32788r22fwjfw.2.tmp\unzip.cfexe c:\32788r22fwjfw.2.tmp\Update-CF.cmd c:\32788r22fwjfw.2.tmp\vistareg.dat c:\32788r22fwjfw.2.tmp\w2kreg.dat c:\32788r22fwjfw.2.tmp\xpreg.dat c:\32788r22fwjfw.2.tmp\zDomain.dat c:\32788r22fwjfw.2.tmp\zhsvc.dat c:\32788r22fwjfw.2.tmp\zip.cfexe c:\documents and settings\Administrator\hpothb07.dat c:\documents and settings\All Users\hpothb07.dat c:\documents and settings\Cierra\hpothb07.dat c:\documents and settings\Default User\hpothb07.dat c:\documents and settings\Guest\hpothb07.dat c:\documents and settings\Liz Cardinale\Application Data\FunWebProducts c:\documents and settings\Liz Cardinale\Application Data\FunWebProducts\Data\Liz Cardinale\avatar.dat c:\documents and settings\Liz Cardinale\Application Data\Internet Antivirus Pro c:\documents and settings\Liz Cardinale\Application Data\Internet Antivirus Pro\db\config.cfg c:\documents and settings\Liz Cardinale\Application Data\Internet Antivirus Pro\db\Urls.inf c:\documents and settings\Liz Cardinale\Application Data\Internet Antivirus Pro\settings.ini c:\documents and settings\Liz Cardinale\Application Data\Internet Antivirus Pro\uill.ini c:\documents and settings\Liz Cardinale\Application Data\Internet Antivirus Pro\unins000.exe c:\documents and settings\Liz Cardinale\Application Data\Internet Antivirus Pro\Uninstall Internet Antivirus Pro.lnk c:\documents and settings\Liz Cardinale\hpothb07.dat c:\documents and settings\Liz Cardinale\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe c:\documents and settings\Nem\hpothb07.dat c:\documents and settings\TEMP\hpothb07.dat c:\program files\Common Files\InternetAntivirusPro.exe c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll c:\windows\system32\drivers\npf.sys c:\windows\SYSTEM32\orqss.tmp c:\windows\system32\lvkneti.dll . . . . failed to delete c:\windows\SYSTEM32\urppbyq.dll . . . . failed to delete . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DP1112 -------\Legacy_ITGRDENGINE -------\Legacy_NPF -------\Service_DP1112 -------\Service_ITGrdEngine -------\Service_npf ((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 ))))))))))))))))))))))))))))))) . 8002-01-01 05:37 . 8002-01-01 05:37 -------- d-----w c:\documents and settings\Nem\Application Data\jjvoohnm 8002-01-01 05:37 . 8002-01-01 05:37 -------- d-----w c:\documents and settings\Nem\Local Settings\Application Data\jjvoohnm 8002-01-01 05:05 . 8002-01-01 05:05 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\jjvoohnm 8002-01-01 05:05 . 8002-01-01 05:05 -------- d-----w c:\documents and settings\NetworkService\Application Data\jjvoohnm 2009-04-21 03:52 . 2009-04-21 03:52 552 ----a-w c:\windows\system32\d3d8caps.dat 2009-04-21 03:37 . 2009-04-21 03:37 -------- d-----w C:\whyme43 2009-04-21 03:21 . 2009-04-21 03:33 -------- d-----w C:\tree 2009-04-21 03:19 . 2009-04-21 03:20 -------- d-----w C:\Combo 2009-04-21 00:38 . 2009-04-21 00:38 127 ----a-w c:\documents and settings\TEMP\Local Settings\Application Data\fusioncache.dat 2009-04-20 17:23 . 2009-04-20 17:23 -------- d-----w c:\program files\Trend Micro 2009-04-17 21:24 . 2009-04-17 21:24 118 ----a-w c:\windows\system32\MRT.INI 2009-04-17 20:55 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-17 20:55 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-17 20:55 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-17 20:55 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-17 20:55 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-17 20:55 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-17 20:55 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-17 20:55 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-17 20:55 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-17 20:54 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-17 20:54 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-17 20:54 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-04 14:24 . 2009-04-04 14:24 -------- d-----w c:\documents and settings\TEMP\Local Settings\Application Data\jjvoohnm 2009-04-04 14:24 . 2009-04-04 14:24 -------- d-----w c:\documents and settings\TEMP\Application Data\jjvoohnm 2009-04-01 19:56 . 2009-04-01 19:56 -------- d-----w c:\documents and settings\Cierra\Local Settings\Application Data\Google 2009-03-29 11:59 . 2009-03-29 11:59 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Mozilla 2009-03-29 11:59 . 2009-03-29 11:59 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Identities 2009-03-29 11:58 . 2009-03-29 11:58 -------- d-----w c:\documents and settings\Guest\Application Data\Windows Desktop Search 2009-03-29 11:57 . 2009-03-29 11:57 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Google 2009-03-29 06:24 . 2009-02-13 15:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-03-28 17:45 . 2009-03-28 17:45 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-03-27 23:23 . 2009-03-27 23:23 -------- d-----w c:\documents and settings\Nem\Application Data\PC Tools 2009-03-27 23:22 . 2009-03-27 23:22 -------- d-----w c:\documents and settings\Nem\Local Settings\Application Data\Google 2009-03-27 02:54 . 2009-03-27 02:54 -------- d-----w c:\documents and settings\TEMP\Application Data\PC Tools 2009-03-27 02:49 . 2009-03-29 06:03 -------- d-----w c:\program files\PC Tools AntiVirus 2009-03-27 02:49 . 2009-03-29 06:03 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools 2009-03-26 23:19 . 2009-03-29 05:59 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-26 23:16 . 2009-03-27 01:40 -------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-03-26 23:13 . 2009-03-26 23:13 -------- d-----w c:\documents and settings\TEMP\Local Settings\Application Data\Google 2009-03-25 22:13 . 2009-03-25 22:13 -------- d-----w c:\documents and settings\Cierra\Local Settings\Application Data\jjvoohnm 2009-03-25 22:13 . 2009-03-25 22:13 -------- d-----w c:\documents and settings\Cierra\Application Data\jjvoohnm 2009-03-24 18:01 . 2009-03-24 18:02 -------- d-----w c:\documents and settings\TEMP\Application Data\AdwareAlert 2009-03-24 17:35 . 2009-03-24 17:35 -------- d-----w c:\documents and settings\Administrator\Application Data\Windows Search 2009-03-22 19:10 . 2009-03-22 19:10 -------- d-----w c:\program files\WinPcap . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 5254-07-29 19:55 . 2009-01-11 16:01 -------- d-----w c:\documents and settings\TEMP\Application Data\Gtek 5254-07-29 19:55 . 2005-05-21 00:20 -------- d--h--w c:\documents and settings\Liz Cardinale\Application Data\GTek 5254-07-29 19:55 . 2005-05-21 00:20 -------- d--ha-w c:\documents and settings\All Users\Application Data\GTek 5254-07-29 19:54 . 2006-08-22 22:49 -------- d-----w c:\program files\Brother 5254-07-29 19:54 . 2004-05-10 19:16 -------- d--h--w c:\program files\InstallShield Installation Information 5254-07-29 19:54 . 2004-05-10 18:50 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-21 04:07 . 2003-03-31 12:00 106496 ----a-w c:\windows\SYSTEM32\urppbyq.dll 2009-04-21 03:29 . 2009-03-24 17:32 78440 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-17 22:56 . 2004-05-10 19:12 -------- d-----w c:\program files\Java 2009-04-17 22:43 . 2004-05-13 19:41 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-28 16:14 . 2009-01-11 16:01 78440 ----a-w c:\documents and settings\TEMP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-27 19:15 . 2004-06-13 20:15 -------- d-----w c:\program files\Google 2009-03-26 22:43 . 2004-05-21 15:50 -------- d-----w c:\program files\PerfectNav 2009-03-26 21:58 . 2008-12-29 04:33 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-03-22 12:31 . 2009-03-16 19:10 -------- d-sh--w c:\documents and settings\Cierra\Application Data\lowsec 2009-03-22 09:59 . 2009-03-11 05:38 -------- d-sh--w c:\documents and settings\Nem\Application Data\lowsec 2009-03-13 19:22 . 2009-01-14 01:19 -------- d-----w c:\documents and settings\Cierra\Application Data\IMVU 2009-03-09 09:19 . 2009-01-03 15:36 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll 2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\SYSTEM32\pdh.dll 2009-03-03 00:18 . 2003-03-31 12:00 826368 ----a-w c:\windows\SYSTEM32\wininet.dll 2009-02-20 18:09 . 2004-08-04 07:56 78336 ------w c:\windows\SYSTEM32\ieencode.dll 2009-02-20 17:45 . 2009-01-14 01:17 -------- d-----w c:\documents and settings\Cierra\Application Data\IMVUClient 2009-02-09 12:10 . 2003-03-31 12:00 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll 2009-02-09 12:10 . 2003-03-31 12:00 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll 2009-02-09 12:10 . 2003-03-31 12:00 617472 ----a-w c:\windows\SYSTEM32\advapi32.dll 2009-02-09 12:10 . 2003-03-31 12:00 401408 ----a-w c:\windows\SYSTEM32\rpcss.dll 2009-02-09 11:13 . 2003-03-31 12:00 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys 2009-02-07 23:02 . 2002-08-29 01:04 2066048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe 2009-02-06 11:11 . 2003-03-31 12:00 110592 ----a-w c:\windows\SYSTEM32\services.exe 2009-02-06 11:08 . 2003-03-31 12:00 2189056 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe 2009-02-06 10:39 . 2003-03-31 12:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe 2009-02-03 19:59 . 2003-03-31 12:00 56832 ----a-w c:\windows\SYSTEM32\secur32.dll 2009-01-06 20:30 . 2004-05-13 18:37 78440 -c--a-w c:\documents and settings\Liz Cardinale\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2004-05-31 19:43 . 2004-05-31 19:43 136 -c--a-w c:\documents and settings\Liz Cardinale\Local Settings\Application Data\fusioncache.dat 2004-05-10 19:28 . 2009-01-14 01:03 40080 ----a-w c:\documents and settings\Cierra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2004-05-10 19:28 . 2009-01-07 19:51 40080 ----a-w c:\documents and settings\Nem\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2004-05-10 19:28 . 2004-11-13 00:20 40080 -c--a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-04-21_04.18.23 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-21 11:08 . 2009-04-21 11:08 16384 c:\windows\temp\Perflib_Perfdata_154.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E5C09E5-35C2-4847-9DA2-77EAF4D4AA60}] 2003-03-31 12:00 106496 ----a-w c:\windows\system32\lvkneti.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-05-10 77824] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\qsb.exe" [2009-03-26 68592] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 54472] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2007-8-3 921707] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL] 2006-10-12 13:42 450649 ----a-r c:\windows\SYSTEM32\PRISMAPI.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Broadband Networking.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk backup=c:\windows\pss\Microsoft Broadband Networking.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Liz Cardinale^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe] path=c:\documents and settings\Liz Cardinale\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"= "c:\\StubInstaller.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "59110:TCP"= 59110:TCP:Pando Media Booster "59110:UDP"= 59110:UDP:Pando Media Booster S0 weihbfcn;weihbfcn;c:\windows\system32\drivers\weihbfcn.sys [2003-03-31 23424] S2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.EXE [2006-10-12 61529] . Contents of the 'Scheduled Tasks' folder 2005-07-01 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-05-13 22:38] . . ------- Supplementary Scan ------- . IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\TEMP\Start Menu\Programs\IMVU\Run IMVU.lnk Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\TEMP\Application Data\Mozilla\Firefox\Profiles\16guxzcg.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-21 07:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\PRISMAPI.DLL - - - - - - - > 'explorer.exe'(3868) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SYSTEM32\brss01a.exe c:\program files\LSI SoftModem\agrsmsvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\SYSTEM32\PRISMSVR.exe c:\windows\SYSTEM32\searchindexer.exe . ************************************************************************** . Completion time: 2009-04-21 7:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-21 11:13 ComboFix2.txt 2009-04-21 04:22 Pre-Run: 60,496,400,384 bytes free Post-Run: 60,693,856,256 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 473 --- E O F --- 2009-04-17 21:25
  13. Whooooh! yay now we are talking ! Pardon the excitement but I took your advice on changing the file name and after changing it several times over an 8 an a half hour period, restarting a dozen times or so it finely ran, though I had a little trouble and I am not sure what the effect will be as in safe mode my computer will not connect to the net and my restore point is not working and when I down loaded it and tried to place it in the combofix file as instructed it would not work, there was no restore point don't know how bad that is but hay I finely got combofix to run oh and don't rename the file tree it makes you change it to have numbers and letters >.< odd anyway I think this is where I now post the report.... Also I am sure it deleted several hundred files O_O but what ever works right ok so here is the file . I will be on at 6am EST tomorrow and all day awaiting the results as I plain on doing nothing more on the computer until I am told what to else needs doing Thank you again and again for your help. Onyxia ComboFix 09-04-18.01 - Administrator 04/21/2009 0:02.1 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.138 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\gerrrrrrr.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Start Menu\Programs\Startup\ChkDisk.lnk c:\documents and settings\Cierra\Application Data\sdra64.exe c:\documents and settings\Guest\Application Data\sdra64.exe c:\documents and settings\Nem\Application Data\Internet Antivirus Pro c:\documents and settings\Nem\Application Data\Internet Antivirus Pro\db\config.cfg c:\documents and settings\Nem\Application Data\sdra64.exe c:\documents and settings\Nem\Start Menu\Programs\Startup\ChkDisk.lnk c:\documents and settings\TEMP\Application Data\Internet Antivirus Pro c:\documents and settings\TEMP\Application Data\Internet Antivirus Pro\db\config.cfg c:\program files\FunWebProducts c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\Internet Explorer\msimg32.dll c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\3.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\3.bin\F3BROVLY.DLL c:\program files\MyWebSearch\bar\3.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\3.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\3.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\3.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\3.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\3.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\3.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\3.bin\F3SHLLVW.DLL c:\program files\MyWebSearch\bar\3.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\3.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\3.bin\M3HTML.DLL c:\program files\MyWebSearch\bar\3.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\3.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\3.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\3.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Avatar\COMMON\avatar.htm c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\common-x.css c:\program files\MyWebSearch\bar\Avatar\COMMON\common.css c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\include.js c:\program files\MyWebSearch\bar\Avatar\COMMON\index.htm c:\program files\MyWebSearch\bar\Avatar\COMMON\loader.htm c:\program files\MyWebSearch\bar\Avatar\COMMON\loading.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\logo.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\max_def.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\min_def.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\noflash.htm c:\program files\MyWebSearch\bar\Avatar\COMMON\res_def.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.swf c:\program files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif c:\program files\MyWebSearch\bar\Avatar\COMMON\window.ico c:\program files\MyWebSearch\bar\Cache\08EB37D8.bin c:\program files\MyWebSearch\bar\Cache\08EB397E.bin c:\program files\MyWebSearch\bar\Cache\08EB4620.bin c:\program files\MyWebSearch\bar\Cache\08EB4788.bin c:\program files\MyWebSearch\bar\Cache\23F8BCE3 c:\program files\MyWebSearch\bar\Cache\23F8C0AC c:\program files\MyWebSearch\bar\Cache\23F8C2DF.bin c:\program files\MyWebSearch\bar\Cache\23F8C475.bin c:\program files\MyWebSearch\bar\Cache\23F8C5DC.bin c:\program files\MyWebSearch\bar\Cache\23F8C7FF.bin c:\program files\MyWebSearch\bar\Cache\23F8C8CA.bin c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search2 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\windows\MSAGENT\cvmsksdi.bak1 c:\windows\MSAGENT\cvmsksdi.bak2 c:\windows\MSAGENT\cvmsksdi.ini c:\windows\patch.exe c:\windows\system32\comrepl.exe c:\windows\system32\drivers\fad.sys c:\windows\system32\drivers\UACbmlilrld.sys c:\windows\system32\f3PSSavr.scr c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds c:\windows\system32\mcrh.tmp c:\windows\system32\mtyxojse.ini c:\windows\system32\sdra64.exe c:\windows\system32\UACbhulfbab.dat c:\windows\system32\UACboscdjol.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACkpmetabt.log c:\windows\system32\UACkwsivycm.dll c:\windows\system32\UACoppfiqrg.dll c:\windows\system32\UACqyrudorx.dll c:\windows\system32\UACwulkdqjh.dll c:\windows\system32\UACxjakvqks.log c:\windows\system32\UACybgwrhfo.log c:\windows\system32\lvkneti.dll . . . . failed to delete . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_ZOQTJZHT -------\Service_zoqtjzht ((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 ))))))))))))))))))))))))))))))) . 8002-01-01 05:37 . 8002-01-01 05:37 -------- d-----w c:\documents and settings\Nem\Application Data\jjvoohnm 8002-01-01 05:37 . 8002-01-01 05:37 -------- d-----w c:\documents and settings\Nem\Local Settings\Application Data\jjvoohnm 8002-01-01 05:05 . 8002-01-01 05:05 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\jjvoohnm 2009-04-21 03:52 . 2009-04-21 03:52 552 ----a-w c:\windows\system32\d3d8caps.dat 2009-04-21 03:37 . 2009-04-21 03:37 -------- d-----w C:\whyme43 2009-04-21 03:21 . 2009-04-21 03:33 -------- d-----w C:\tree 2009-04-21 03:19 . 2009-04-21 03:20 -------- d-----w C:\Combo 2009-04-21 03:16 . 2009-04-21 03:17 -------- d-----w C:\32788R22FWJFW.2.tmp 2009-04-21 01:56 . 2009-04-21 01:58 -------- d-----w C:\32788R22FWJFW.1.tmp 2009-04-21 00:38 . 2009-04-21 00:38 127 ----a-w c:\documents and settings\TEMP\Local Settings\Application Data\fusioncache.dat 2009-04-20 23:39 . 2009-04-20 23:42 -------- d-----w C:\32788R22FWJFW.0.tmp 2009-04-20 17:23 . 2009-04-20 17:23 -------- d-----w c:\program files\Trend Micro 2009-04-17 21:24 . 2009-04-17 21:24 118 ----a-w c:\windows\system32\MRT.INI 2009-04-17 20:55 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-17 20:55 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-17 20:55 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-17 20:55 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-17 20:55 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-17 20:55 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-17 20:55 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-17 20:55 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-17 20:55 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-17 20:54 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-17 20:54 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-17 20:54 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-04 14:24 . 2009-04-04 14:24 -------- d-----w c:\documents and settings\TEMP\Local Settings\Application Data\jjvoohnm 2009-04-04 14:24 . 2009-04-04 14:24 -------- d-----w c:\documents and settings\TEMP\Application Data\jjvoohnm 2009-04-01 19:56 . 2009-04-01 19:56 -------- d-----w c:\documents and settings\Cierra\Local Settings\Application Data\Google 2009-03-29 11:59 . 2009-03-29 11:59 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Mozilla 2009-03-29 11:59 . 2009-03-29 11:59 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Identities 2009-03-29 11:58 . 2009-03-29 11:58 -------- d-----w c:\documents and settings\Guest\Application Data\Windows Desktop Search 2009-03-29 11:57 . 2009-03-29 11:57 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Google 2009-03-29 06:24 . 2009-02-13 15:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-03-28 17:45 . 2009-03-28 17:45 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-03-27 23:23 . 2009-03-27 23:23 -------- d-----w c:\documents and settings\Nem\Application Data\PC Tools 2009-03-27 23:22 . 2009-03-27 23:22 -------- d-----w c:\documents and settings\Nem\Local Settings\Application Data\Google 2009-03-27 02:54 . 2009-03-27 02:54 -------- d-----w c:\documents and settings\TEMP\Application Data\PC Tools 2009-03-27 02:49 . 2009-03-29 06:03 -------- d-----w c:\program files\PC Tools AntiVirus 2009-03-27 02:49 . 2009-03-29 06:03 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools 2009-03-26 23:19 . 2009-03-29 05:59 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-26 23:16 . 2009-03-27 01:40 -------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-03-26 23:13 . 2009-03-26 23:13 -------- d-----w c:\documents and settings\TEMP\Local Settings\Application Data\Google 2009-03-25 22:13 . 2009-03-25 22:13 -------- d-----w c:\documents and settings\Cierra\Local Settings\Application Data\jjvoohnm 2009-03-25 22:13 . 2009-03-25 22:13 -------- d-----w c:\documents and settings\Cierra\Application Data\jjvoohnm 2009-03-24 18:01 . 2009-03-24 18:02 -------- d-----w c:\documents and settings\TEMP\Application Data\AdwareAlert 2009-03-24 17:35 . 2009-03-24 17:35 -------- d-----w c:\documents and settings\Administrator\Application Data\Windows Search 2009-03-22 19:10 . 2009-03-22 19:10 -------- d-----w c:\program files\WinPcap . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 5254-07-29 19:55 . 2009-01-11 16:01 -------- d-----w c:\documents and settings\TEMP\Application Data\Gtek 5254-07-29 19:55 . 2005-05-21 00:20 -------- d--ha-w c:\documents and settings\All Users\Application Data\GTek 5254-07-29 19:54 . 2006-08-22 22:49 -------- d-----w c:\program files\Brother 5254-07-29 19:54 . 2004-05-10 19:16 -------- d--h--w c:\program files\InstallShield Installation Information 5254-07-29 19:54 . 2004-05-10 18:50 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-21 04:07 . 2003-03-31 12:00 106496 ----a-w c:\windows\SYSTEM32\urppbyq.dll 2009-04-21 03:29 . 2009-03-24 17:32 78440 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-17 22:56 . 2004-05-10 19:12 -------- d-----w c:\program files\Java 2009-04-17 22:43 . 2004-05-13 19:41 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-28 16:14 . 2009-01-11 16:01 78440 ----a-w c:\documents and settings\TEMP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-27 19:15 . 2004-06-13 20:15 -------- d-----w c:\program files\Google 2009-03-26 22:43 . 2004-05-21 15:50 -------- d-----w c:\program files\PerfectNav 2009-03-26 21:58 . 2008-12-29 04:33 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-03-22 12:31 . 2009-03-16 19:10 -------- d-sh--w c:\documents and settings\Cierra\Application Data\lowsec 2009-03-22 09:59 . 2009-03-11 05:38 -------- d-sh--w c:\documents and settings\Nem\Application Data\lowsec 2009-03-13 19:22 . 2009-01-14 01:19 -------- d-----w c:\documents and settings\Cierra\Application Data\IMVU 2009-03-09 09:19 . 2009-01-03 15:36 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll 2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\SYSTEM32\pdh.dll 2009-03-03 00:18 . 2003-03-31 12:00 826368 ----a-w c:\windows\SYSTEM32\wininet.dll 2009-02-20 18:09 . 2004-08-04 07:56 78336 ------w c:\windows\SYSTEM32\ieencode.dll 2009-02-20 17:45 . 2009-01-14 01:17 -------- d-----w c:\documents and settings\Cierra\Application Data\IMVUClient 2009-02-09 12:10 . 2003-03-31 12:00 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll 2009-02-09 12:10 . 2003-03-31 12:00 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll 2009-02-09 12:10 . 2003-03-31 12:00 617472 ----a-w c:\windows\SYSTEM32\advapi32.dll 2009-02-09 12:10 . 2003-03-31 12:00 401408 ----a-w c:\windows\SYSTEM32\rpcss.dll 2009-02-09 11:13 . 2003-03-31 12:00 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys 2009-02-07 23:02 . 2002-08-29 01:04 2066048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe 2009-02-06 11:11 . 2003-03-31 12:00 110592 ----a-w c:\windows\SYSTEM32\services.exe 2009-02-06 11:08 . 2003-03-31 12:00 2189056 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe 2009-02-06 10:39 . 2003-03-31 12:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe 2009-02-03 19:59 . 2003-03-31 12:00 56832 ----a-w c:\windows\SYSTEM32\secur32.dll 2009-01-03 08:44 . 2009-01-03 01:14 2086700 ----a-w c:\program files\Common Files\InternetAntivirusPro.exe 2006-01-06 18:31 . 2006-01-06 18:31 346 -c-ha-w c:\documents and settings\Liz Cardinale\hpothb07.dat 2006-01-06 18:31 . 2006-01-06 18:31 0 -c-ha-w c:\documents and settings\Guest\hpothb07.dat 2006-01-06 18:31 . 2009-03-24 17:32 0 ---ha-w c:\documents and settings\Administrator\hpothb07.dat 2006-01-06 18:31 . 2009-01-14 01:03 0 ---ha-w c:\documents and settings\Cierra\hpothb07.dat 2006-01-06 18:31 . 2009-01-11 16:01 0 ---ha-w c:\documents and settings\TEMP\hpothb07.dat 2006-01-06 18:31 . 2009-01-07 19:51 0 ---ha-w c:\documents and settings\Nem\hpothb07.dat 2006-01-06 18:31 . 2006-01-06 18:31 164 -c-ha-w c:\documents and settings\All Users\hpothb07.dat 2006-01-06 18:31 . 2006-01-06 18:31 0 -c-ha-w c:\documents and settings\Default User\hpothb07.dat 2004-05-10 19:28 . 2009-01-14 01:03 40080 ----a-w c:\documents and settings\Cierra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2004-05-10 19:28 . 2009-01-07 19:51 40080 ----a-w c:\documents and settings\Nem\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2004-05-10 19:28 . 2004-11-13 00:20 40080 -c--a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2006-04-04 17:00 . 2006-04-04 17:00 659852 -csh--w c:\windows\SYSTEM32\orqss.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E5C09E5-35C2-4847-9DA2-77EAF4D4AA60}] 2003-03-31 12:00 106496 ----a-w c:\windows\system32\lvkneti.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-05-10 77824] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\qsb.exe" [2009-03-26 68592] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 54472] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2007-8-3 921707] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL] 2006-10-12 13:42 450649 ----a-r c:\windows\SYSTEM32\PRISMAPI.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Broadband Networking.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk backup=c:\windows\pss\Microsoft Broadband Networking.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Liz Cardinale^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe] path=c:\documents and settings\Liz Cardinale\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] 2003-08-13 15:27 28672 -c--a-w c:\windows\System32\DSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2004-11-02 13:59 126976 ----a-w c:\windows\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2004-11-02 14:03 155648 ----a-w c:\windows\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM] 2003-09-04 01:12 221184 -c--a-w c:\program files\Intel\Modem Event Monitor\IntelMEM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2004-05-10 19:19 77824 ----a-w c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"= "c:\\StubInstaller.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "59110:TCP"= 59110:TCP:Pando Media Booster "59110:UDP"= 59110:UDP:Pando Media Booster R2 DP1112;DP1112; [x] R2 ITGrdEngine;Guard Service; [x] S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064] S2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.EXE [2006-10-12 61529] . Contents of the 'Scheduled Tasks' folder 2005-07-01 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-05-13 22:38] . - - - - ORPHANS REMOVED - - - - BHO-{ABC42510-9B22-41c1-9DCD-8182A2D07C63} - c:\windows\system32\iehelper.dll BHO-{CDBD4782-BDBD-4AF1-88E6-890F0FC7BCFE} - c:\windows\msagent\idsksmvc.dll HKCU-Run-system tool - c:\windows\sysguard.exe HKCU-Run-AdwareAlert - c:\program files\AdwareAlert\AdwareAlert.exe Notify-idsksmvc - c:\windows\msagent\idsksmvc.dll MSConfigStartUp-AIM - c:\program files\AIM\aim.exe MSConfigStartUp-alchem - c:\windows\alchem.exe MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe MSConfigStartUp-ccRegVfy - c:\program files\Common Files\Symantec Shared\ccRegVfy.exe MSConfigStartUp-DellSupport - c:\program files\Dell Support\DSAgnt.exe MSConfigStartUp-dla - c:\windows\system32\dla\tfswctrl.exe MSConfigStartUp-enstoj - c:\windows\enstoj.exe MSConfigStartUp-mmtask - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe MSConfigStartUp-msnappau - c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL MSConfigStartUp-NAV CfgWiz - c:\progra~1\NORTON~1\Cfgwiz.exe MSConfigStartUp-ntjrgvqnvmr - c:\windows\System32\atywsq.exe MSConfigStartUp-PCMService - c:\program files\Dell\Media Experience\PCMService.exe MSConfigStartUp-PCShield - c:\windows\system32\sfg_086a.dll MSConfigStartUp-poluvwb - c:\windows\poluvwb.exe MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe MSConfigStartUp-Spyware Begone - c:\freescan\freescan.exe MSConfigStartUp-Spyware Doctor - c:\program files\Spyware Doctor\swdoctor.exe MSConfigStartUp-StorageGuard - c:\program files\Common Files\Sonic\Update Manager\sgtray.exe MSConfigStartUp-ViewMgr - c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe MSConfigStartUp-zzzHPSETUP - D:\Setup.exe . ------- Supplementary Scan ------- . IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\TEMP\Start Menu\Programs\IMVU\Run IMVU.lnk Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\TEMP\Application Data\Mozilla\Firefox\Profiles\16guxzcg.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-21 00:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] @DACL=(02 0000) @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\PRISMAPI.DLL - - - - - - - > 'explorer.exe'(1092) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SYSTEM32\brss01a.exe c:\program files\LSI SoftModem\agrsmsvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\SYSTEM32\PRISMSVR.exe c:\windows\SYSTEM32\searchindexer.exe . ************************************************************************** . Completion time: 2009-04-21 0:22 - machine was rebooted [Liz Cardinale] ComboFix-quarantined-files.txt 2009-04-21 04:22 Pre-Run: 60,197,969,920 bytes free Post-Run: 60,532,862,976 bytes free Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 414 --- E O F --- 2009-04-17 21:25
  14. I was hopping the above information I posted from a report off of avira after scanning my computer would help you to help me fix what is wrong in my computer. My computer does boot up so until it stops booting on its own I don't think I can use the rescue one you had recommended, so I installed avira personal in hopes something could be done, currently ( while waiting for a reply ) I am attempting to run scans and take down each virus it detects, I tried this once before to see if I could remove each by hand but for someone that is not a tech you can imagine what a long and tedious, imposable task this is lol but you can't blame one for trying, how ever my attempts to remove them all failed as they just came back every time I deleted them also you should know that in the end when it is done scanning and the window pops up asking the four questions : move to quarantine, copy to quarantine, ignore, delete. I have tried each to see if I could get rid of the problem but again the same ones keep returning >.< three that say they are windows files, So I have taken screen shots of these as well seeings you can't get a report from this portion of the scan. If you need any of this info I am more then willing to post it. Anyway I wanted to get an update up so that you knew I was still here waiting and having difficulty's again thank you for all that you do here. Onyxia
  15. O.k. I think I have a different version of Avira then you suggested it asks at the end to end or see the report before so I had copied the report and am pasting it here now, I hope this is o.k. because I don't know anyone around here with a computer and we live out in the sticks if there isn't anything you can do with this report my friend says when he gets hope ( which is 4 hours away ) he will send me a burned CD of the rescue Avira but until then this is what I have for you. Thank you Onyxia Avira AntiVir Personal Report file date: Friday, April 17, 2009 21:40 Scanning for 1355927 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : PURPLENURPLE Version information: BUILD.DAT : 9.0.0.387 17962 Bytes 3/24/2009 11:04:00 AVSCAN.EXE : 9.0.3.3 464641 Bytes 2/24/2009 16:13:26 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 14:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 15:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 14:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 16:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 00:33:26 ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 4/16/2009 01:00:56 ANTIVIR3.VDF : 7.1.3.72 20992 Bytes 4/17/2009 01:00:56 Engineversion : 8.2.0.148 AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/2009 21:36:42 AESCRIPT.DLL : 8.1.1.75 373113 Bytes 4/18/2009 01:01:06 AESCN.DLL : 8.1.1.10 127348 Bytes 4/18/2009 01:01:05 AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 22:24:41 AEPACK.DLL : 8.1.3.14 397685 Bytes 4/18/2009 01:01:04 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 00:01:56 AEHEUR.DLL : 8.1.0.119 1724791 Bytes 4/18/2009 01:01:03 AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 00:01:56 AEGEN.DLL : 8.1.1.36 340341 Bytes 4/18/2009 01:00:58 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 18:32:40 AECORE.DLL : 8.1.6.9 176500 Bytes 4/18/2009 01:00:57 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 18:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 14:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 18:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 14:32:09 AVARKT.DLL : 9.0.0.1 292609 Bytes 2/9/2009 11:52:24 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 14:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 19:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 12:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 14:32:10 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 15:45:45 RCTEXT.DLL : 9.0.35.0 87297 Bytes 3/11/2009 19:55:12 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +GAME,-HIDDENEXT,+JOKE,-PHISH, Start of the scan: Friday, April 17, 2009 21:40 Starting search for hidden objects. The repair notes were written to the file 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\AVSCAN-20090418-120611-FD35E0F0.avp'. c:\windows\system32\drivers\uacbmlilrld.sys [iNFO] The file is not visible. [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '4a4cfad0.qua'! c:\windows\temp\uac1373.tmp [iNFO] The file is not visible. [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to '4a4cfad3.qua'! c:\windows\temp\uac1577.tmp [iNFO] The file is not visible. [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49ae99c4.qua'! c:\windows\system32\sdra64.exe [iNFO] The file is not visible. [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [iNFO] No SpecVir entry was found! c:\windows\system32\uacaetnowdd.log [iNFO] The file is not visible. c:\windows\system32\uacahjbxfyb.log [iNFO] The file is not visible. c:\windows\system32\uacbhulfbab.dat [iNFO] The file is not visible. c:\windows\system32\uacboscdjol.dll [iNFO] The file is not visible. [DETECTION] Is the TR/PCK.Tdss.F.2164 Trojan [iNFO] No SpecVir entry was found! c:\windows\system32\uacbvfqrfsv.log [iNFO] The file is not visible. c:\windows\system32\uacftkpupib.log [iNFO] The file is not visible. c:\windows\system32\uacinit.dll [iNFO] The file is not visible. c:\windows\system32\uackpmetabt.log [iNFO] The file is not visible. c:\windows\system32\uackwsivycm.dll [iNFO] The file is not visible. [DETECTION] Is the TR/Alureon.BF Trojan [iNFO] No SpecVir entry was found! c:\windows\system32\uacnnupeqpx.log [iNFO] The file is not visible. c:\windows\system32\uacoppfiqrg.dll [iNFO] The file is not visible. [DETECTION] Is the TR/PCK.Tdss.F.2060 Trojan [iNFO] No SpecVir entry was found! c:\windows\system32\uacptjgpuyr.log [iNFO] The file is not visible. c:\windows\system32\uacqevpeton.log [iNFO] The file is not visible. c:\windows\system32\uacqthxyqem.log [iNFO] The file is not visible. c:\windows\system32\uacqyrudorx.dll [iNFO] The file is not visible. [DETECTION] Is the TR/PCK.Tdss.F.2061 Trojan [iNFO] No SpecVir entry was found! c:\windows\system32\uacrlmydopm.log [iNFO] The file is not visible. c:\windows\system32\uacsdpbarmn.log [iNFO] The file is not visible. c:\windows\system32\uacsqfheteo.log [iNFO] The file is not visible. c:\windows\system32\uacssiiacxs.log [iNFO] The file is not visible. c:\windows\system32\uacuidtgqyr.log [iNFO] The file is not visible. c:\windows\system32\uacumisprgb.log [iNFO] The file is not visible. c:\windows\system32\uacwulkdqjh.dll [iNFO] The file is not visible. [DETECTION] Is the TR/PCK.Tdss.F.2062 Trojan [iNFO] No SpecVir entry was found! c:\windows\system32\uacxexocecv.log [iNFO] The file is not visible. c:\windows\system32\uacxvampqvy.log [iNFO] The file is not visible. c:\windows\system32\uacybgwrhfo.log [iNFO] The file is not visible. c:\windows\system32\lowsec\local.ds [iNFO] The file is not visible. c:\windows\system32\lowsec\user.ds [iNFO] The file is not visible. c:\windows\temp\uac1894.tmp [iNFO] The file is not visible. [DETECTION] Contains recognition pattern of the RKIT/TDss.eyj.66 root kit [iNFO] No SpecVir entry was found! c:\windows\temp\uac1d95.tmp [iNFO] The file is not visible. [DETECTION] Contains recognition pattern of the RKIT/TDss.eyj.65 root kit [iNFO] No SpecVir entry was found! c:\windows\temp\uac240d.tmp [iNFO] The file is not visible. [DETECTION] Is the TR/TDss.ror Trojan [iNFO] No SpecVir entry was found! c:\windows\temp\uac3265.tmp [iNFO] The file is not visible. [DETECTION] Is the TR/Alureon.BF Trojan [iNFO] No SpecVir entry was found! c:\windows\temp\uac6220.tmp [iNFO] The file is not visible. [DETECTION] Is the TR/TDss.66048 Trojan [iNFO] No SpecVir entry was found! c:\windows\temp\uac77f0.tmp [iNFO] The file is not visible. [DETECTION] Is the TR/TDss.66048 Trojan [iNFO] No SpecVir entry was found! c:\windows\temp\uac7b07.tmp [iNFO] The file is not visible. [DETECTION] Is the TR/TDss.66048 Trojan [iNFO] No SpecVir entry was found! c:\windows\temp\uac99cf.tmp [iNFO] The file is not visible. c:\windows\temp\uac9ba3.tmp [iNFO] The file is not visible. [DETECTION] Is the TR/TDss.66048 Trojan [iNFO] No SpecVir entry was found! c:\windows\temp\uacba9.tmp [iNFO] The file is not visible. [DETECTION] Is the TR/TDss.66048 Trojan [iNFO] No SpecVir entry was found! c:\windows\temp\uacc95a.tmp [iNFO] The file is not visible. c:\windows\temp\uacfba.tmp [iNFO] The file is not visible. c:\windows\system32\lowsec [iNFO] The directory is not visible. c:\documents and settings\all users\application data\pc tools\pc tools antivirus\temp\wdmain11.chm385\img\uaccent.gif [iNFO] The file is not visible. c:\documents and settings\all users\application data\pc tools\pc tools antivirus\temp\wdmain11.chm670\img\uaccent.gif [iNFO] The file is not visible. c:\documents and settings\all users\application data\pc tools\pc tools antivirus\temp\wdmain11.chm725\img\uaccent.gif [iNFO] The file is not visible. c:\documents and settings\all users\application data\pc tools\pc tools antivirus\temp\wdmain11.chm755\img\uaccent.gif [iNFO] The file is not visible. c:\documents and settings\cierra\local settings\temp\uac189d.tmp [iNFO] The file is not visible. [DETECTION] Is the TR/PCK.Tdss.F.1738 Trojan [iNFO] No SpecVir entry was found! c:\documents and settings\cierra\local settings\temp\uac1be8.tmp [iNFO] The file is not visible. [DETECTION] Is the TR/PCK.Tdss.F.1712 Trojan [iNFO] No SpecVir entry was found! c:\documents and settings\nem\local settings\temp\nsd106.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\nem\local settings\temp\nsf1ee.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\nem\local settings\temp\nsf6.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\nem\local settings\temp\nslfb.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\nem\local settings\temp\nsm177.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\nem\local settings\temp\nsp1dc.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\nem\local settings\temp\nss1e8.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\nem\local settings\temp\nsv57.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\temp\local settings\temp\uacf56b.tmp [iNFO] The file is not visible. c:\documents and settings\temp\local settings\temp\nsc15.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\temp\local settings\temp\nsm1d.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\temp\local settings\temp\nsn1b.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\temp\local settings\temp\nsq11.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\temp\local settings\temp\nss1d.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\temp\local settings\temp\nsw12.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\temp\local settings\temp\nsx27.tmp\uac.dll [iNFO] The file is not visible. c:\documents and settings\temp\local settings\temp\nsy37.tmp\uac.dll [iNFO] The file is not visible. End of the scan: Saturday, April 18, 2009 12:06 Used time: 14:25:46 Hour(s) The scan has been done completely. 0 Scanned directories 67 Files were scanned 20 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 3 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 47 Files not concerned 0 Archives were scanned 0 Warnings 3 Notes 252860 Objects were scanned with rootkit scan 72 Hidden objects were found
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.