Submit Your Article Forum Rules FAQ About Us
Search the forums:

Tech Support Team

Join Now!Nav Seperator FAQNav Seperator GalleryNav Seperator TutorialsNav Seperator BlogNav Seperator SearchNav Seperator Today's PostsNav Seperator Mark Forums ReadNav Seperator Navigation Right

Hello and Welcome to Tech Support Team! Before you can start posting and answering questions, you'll have to register. Registration is fast, simple and absolutely free! Feel free to browse through existing questions by choosing the forum you want to visit below.


Tech Support Team » Malware Removal & Security » Malware Removal » [SOLVED] Fake Trojan warning

Notices
Before creating a new thread, we ask that you please read our Removal guide first: Malware Removal Guide - Read Before Posting. We also advise you reading this thread before continuing: P2P programs - please remove before posting for help

NOTE: NEVER follow someone elses fix. Just because the symptoms may appear to be the same, it does NOT mean your system has the same malware infection. ALWAYS start a new thread so that a member of our Security Team can take you through the steps of cleaning your computer.

Reply
Page 1 of 2 1 2 >
Thread Tools
 
  #1 (permalink)   Top
Old 4th March 2009, 01:13 PM
KDR's Avatar
KDR KDR is offline
Newcomer
  
Join Date: Mar 2009, 13 posts.
Reputation: KDR is on a distinguished road
[SOLVED] Fake Trojan warning
Hi
My daughter was viewing a video stream when somehow her computer was infected, there was a flashing virus/trojan alert banner as well a red x in tray with a bubble popping up saying to run their software ....her browser kept opening with a link to use their software

I followed all the malware instructions and it appears to be gone

can someone check my logs to make sure?

Thanks

Malwarebytes' Anti-Malware 1.34
Database version: 1815
Windows 5.1.2600 Service Pack 3

3/3/2009 7:49:40 PM
mbam-log-2009-03-03 (19-49-40).txt

Scan type: Quick Scan
Objects scanned: 71968
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 32
Registry Values Infected: 3
Registry Data Items Infected: 7
Folders Infected: 12
Files Infected: 155

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.34
Database version: 1815
Windows 5.1.2600 Service Pack 3

3/3/2009 7:49:40 PM
mbam-log-2009-03-03 (19-49-40).txt

Scan type: Quick Scan
Objects scanned: 71968
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 32
Registry Values Infected: 3
Registry Data Items Infected: 7
Folders Infected: 12
Files Infected: 155

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)
Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 32
Registry Values Infected: 3
Registry Data Items Infected: 7
Folders Infected: 12
Files Infected: 155

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoe gg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoeg g.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\dff4d7c6-b5b1-7cc7-c224-08156df2bd73 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\ddufkeipsegxgpntz (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\5.0\User Agent\Post Platform\spamblockerutility 4.8.4 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoChangingWallpap er (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\activedesktop\NoChangingWallpa per (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Loader\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\me ssages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\im ages\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\me ssages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\4458\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\4458\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regsvr32.exe (Trojan.Agent) -> Quarantined and deleted successfully.


SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 03/03/2009 at 06:49 PM

Application Version : 4.25.1014

Core Rules Database Version : 3782
Trace Rules Database Version: 1739

Scan type : Quick Scan
Total Scan Time : 10:14:29

Memory items scanned : 699
Memory threats detected : 2
Registry items scanned : 587
Registry threats detected : 7
File items scanned : 50475
File threats detected : 5

Trojan.Dropper/Sys-NV
C:\WINDOWS\SYSTEM32\FRMWRK32.EXE
C:\WINDOWS\SYSTEM32\FRMWRK32.EXE

Adware.Vundo/Variant
C:\WINDOWS\SYSTEM32\TOFONNAWBDKR.DLL
C:\WINDOWS\SYSTEM32\TOFONNAWBDKR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{C57B06D9-C917-3542-7295-7E49EFFE630B}
HKCR\CLSID\{C57B06D9-C917-3542-7295-7E49EFFE630B}
HKCR\CLSID\{C57B06D9-C917-3542-7295-7E49EFFE630B}
HKCR\CLSID\{C57B06D9-C917-3542-7295-7E49EFFE630B}\InProcServer32
HKCR\CLSID\{C57B06D9-C917-3542-7295-7E49EFFE630B}\InProcServer32#ThreadingModel
HKU\S-1-5-21-4213829097-2215862961-3169665746-1008\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C57B06D9-C917-3542-7295-7E49EFFE630B}
C:\WINDOWS\SYSTEM32\_TOFONNAWBDKR.DLL

Unclassified.Unknown Origin
HKU\S-1-5-21-4213829097-2215862961-3169665746-1008\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

Adware.Vundo/Variant-MSFake
C:\WINDOWS\SETUP1.EXE

Rogue.FakeAlert/Wallpaper
C:\WINDOWS\S





hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:41 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL.com - Welcome to AOL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe" /run
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201928937963
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--

Hope I did this right, by the way last year Howard helped me with adoginhispen
at that time I was registered as kr4614 and did a great job

Thanks and thanks for being there
Reply With Quote
  #2 (permalink)   Top
Old 7th March 2009, 01:38 AM
KDR's Avatar
KDR KDR is offline
Newcomer
  
Join Date: Mar 2009, 13 posts.
Reputation: KDR is on a distinguished road
has anyone had a chance to look at these logs..did I not submit them right? any way i understand if you are busy, I just was worried my thread would expire

Thanks
Reply With Quote
  #3 (permalink)   Top
Old 7th March 2009, 08:08 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Sorry for the delay. Your thread somehow got by without being noticed by me.

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

  • Double click on RSIT.exe to run.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
  • log.txt <will be maximized and info.txt <will be minimized
  • Please post the contents of both logs in the next reply.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #4 (permalink)   Top
Old 7th March 2009, 09:20 PM
KDR's Avatar
KDR KDR is offline
Newcomer
  
Join Date: Mar 2009, 13 posts.
Reputation: KDR is on a distinguished road
RSIT
here you go!

Thanks EF!

Logfile of random's system information tool 1.05 (written by random/random)
Run by Compaq_Administrator at 2009-03-07 16:05:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 169 GB (73%) free of 230 GB
Total RAM: 958 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:47 PM, on 3/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL.com - Welcome to AOL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe" /run
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201928937963
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 13795 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Security Scan for Compaq_Administrator.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
Yahoo! IE Suggest - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll [2007-02-23 140840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-03 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll [2009-01-03 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-03 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-03 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-04-01 352256]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-03 251504]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-12-16 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-07 16010240]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"nwiz"=nwiz.exe /install []
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe /run []
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-03-21 1191936]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-30 185896]
"DISCover"=C:\Program Files\DISC\DISCover.exe [2007-10-30 1095256]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"SmartRAM"=C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe [2007-10-29 662016]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-02-06 177472]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.e xe [2009-02-05 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-03 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]
""= []
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-12-16 3528440]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-02-17 1830128]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoResolveSearch"=
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:EnabledISCover Stream Hub"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Blubster\Blubster.exe"="C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealP layer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Prog ram Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled :Veoh Web Player "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-03-07 16:05:36 ----D---- C:\rsit
2009-03-03 20:27:39 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-03 20:27:39 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-03 20:27:39 ----A---- C:\WINDOWS\system32\java.exe
2009-03-03 19:34:31 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2009-03-03 19:34:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-03 19:34:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-03 08:23:10 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-03 08:22:59 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-03 08:22:59 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2009-03-03 08:22:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-03 07:21:39 ----D---- C:\Program Files\CCleaner
2009-03-01 20:54:02 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-03-01 20:53:59 ----D---- C:\Program Files\Alwil Software
2009-03-01 14:39:01 ----A---- C:\WINDOWS\system32\bkvdzbtzvsjshari.exe
2009-02-25 03:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-12 03:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

======List of files/folders modified in the last 1 months======

2009-03-07 16:05:24 ----D---- C:\WINDOWS\Prefetch
2009-03-07 16:02:38 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\skypePM
2009-03-07 15:52:28 ----D---- C:\WINDOWS\Temp
2009-03-07 15:52:07 ----AD---- C:\WINDOWS
2009-03-07 15:51:32 ----D---- C:\WINDOWS\system32\Lang
2009-03-07 15:50:47 ----D---- C:\WINDOWS\Registration
2009-03-07 15:49:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-07 15:49:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-06 18:02:30 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-06 18:00:01 ----D---- C:\Program Files\Norton Security Scan
2009-03-04 06:44:20 ----SHD---- C:\Config.Msi
2009-03-03 20:29:30 ----SHD---- C:\WINDOWS\Installer
2009-03-03 20:27:39 ----D---- C:\WINDOWS\system32
2009-03-03 20:27:26 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-03 20:23:00 ----D---- C:\Program Files\Java
2009-03-03 20:21:45 ----D---- C:\Program Files
2009-03-03 20:21:42 ----SD---- C:\WINDOWS\Tasks
2009-03-03 20:21:01 ----HD---- C:\WINDOWS\inf
2009-03-03 20:21:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-03 20:21:01 ----D---- C:\WINDOWS\system32\drivers
2009-03-03 20:19:40 ----D---- C:\Program Files\AIM
2009-03-03 20:19:35 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Aim
2009-03-03 20:13:59 ----D---- C:\Program Files\LimeWire
2009-03-03 19:50:00 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-03 08:22:02 ----D---- C:\Program Files\Common Files
2009-03-03 08:14:17 ----D---- C:\WINDOWS\Debug
2009-03-03 08:14:16 ----D---- C:\WINDOWS\Minidump
2009-03-03 07:08:44 ----D---- C:\Program Files\HP Games
2009-03-01 22:18:58 ----D---- C:\WINDOWS\system32\config
2009-03-01 20:42:09 ----D---- C:\Program Files\Mozilla Firefox
2009-03-01 20:15:52 ----D---- C:\Program Files\Trend Micro
2009-03-01 20:15:40 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-02-24 21:29:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-16 19:43:19 ----D---- C:\Program Files\Safari
2009-02-12 03:03:05 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-09 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-19 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-25 1149888]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-03 245504]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-09 11008]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-03 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-23 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-03 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
Let me know when you have time

Thanks again
Reply With Quote
  #5 (permalink)   Top
Old 8th March 2009, 04:15 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Suspicious files to scan

Please go to VirSCAN.org FREE on-line scan service
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.
Code:
C:\WINDOWS\system32\bkvdzbtzvsjshari.exe
2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Click on the Upload button.
This will perform a scan across multiple different virus scanning engines.
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
Important: Wait for all of the scanning engines to complete.
5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
6. Paste the contents of the Clipboard in your next reply.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #6 (permalink)   Top
Old 9th March 2009, 12:12 PM
KDR's Avatar
KDR KDR is offline
Newcomer
  
Join Date: Mar 2009, 13 posts.
Reputation: KDR is on a distinguished road
ok I followed the instructions for VirSCAN, and it keeps saying error cannot find file to upload

I tried several times

Thanks
Reply With Quote
  #7 (permalink)   Top
Old 9th March 2009, 12:18 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #8 (permalink)   Top
Old 9th March 2009, 12:40 PM
KDR's Avatar
KDR KDR is offline
Newcomer
  
Join Date: Mar 2009, 13 posts.
Reputation: KDR is on a distinguished road
sorry, I was able to to get it to run
However I couldn't find clipboard co I copied and pasted to notepad ...says nothing found

File Name : bkvdzbtzvsjshari.exe
File Size : 48267 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a56f926009219a9254046776cb8c05d9
SHA1 : 3b4e6aea66b6d3b37cdf11303c56a4c9aec6f924
Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2009/03/09 07:13:45 (CDT)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090309180419 2009-03-09 - 5.330
AhnLab V3 2009.03.09.02 2009.03.09 2009-03-09 - 2.657
AntiVir 7.9.0.107 7.1.2.138 2009-03-09 - 2.022
Antiy 2.0.18 20090309.2212869 2009-03-09 - 0.132
Authentium 5.1.1 200903081655 2009-03-08 - 1.271
AVAST! 3.0.1 090308-0 2009-03-08 - 0.008
AVG 7.5.52.442 270.11.9/1991 2009-03-09 - 1.971
BitDefender 7.81008.2772681 7.24071 2009-03-09 - 2.745
CA (VET) 9.0.0.143 31.6.6386 2009-03-07 - 4.072
ClamAV 0.94.2 9080 2009-03-07 - 0.029
Comodo 3.8 1037 2009-03-08 - 0.914
CP Secure 1.1.0.715 2009.03.09 2009-03-09 - 7.267
Dr.Web 4.44.0.9170 2009.03.09 2009-03-09 - 4.195
F-Prot 4.4.4.56 20090308 2009-03-08 - 1.142
F-Secure 5.51.6100 2009.03.09.02 2009-03-09 - 0.180
Fortinet 2.81-3.117 10.136 2009-03-09 - 0.184
GData 19.3779/19.253 20090309 2009-03-09 - 3.328
Ikarus T3.1.01.45 2009.03.09.72401 2009-03-09 - 3.962
JiangMin 11.0.706 2009.03.09 2009-03-09 - 1.614
Kaspersky 5.5.10 2009.03.09 2009-03-09 - 0.129
KingSoft 2009.2.5.15 2009.3.9.18 2009-03-09 - 2.549
McAfee 5.3.00 5547 2009-03-08 - 2.817
Microsoft 1.4405 2009.03.09 2009-03-09 - 4.693
mks_vir 2.01 2009.03.09 2009-03-09 - 2.731
Norman 6.00.06 6.00.00 2009-03-06 - 8.007
nProtect 20090309.03 3298746 2009-03-09 - 6.140
Panda 9.05.01 2009.03.08 2009-03-08 - 2.004
Quick Heal 10.00 2009.03.09 2009-03-09 - 0.944
Rising 20.0 21.20.02.00 2009-03-09 - 0.862
Sophos 2.84.1 4.39 2009-03-09 - 2.104
Sunbelt 5031 5031 2009-03-08 - 2.682
Symantec 1.3.0.24 20090308.003 2009-03-08 - 0.051
The Hacker 6.3.2.7 v00277 2009-03-09 - 0.923
Trend Micro 8.700-1004 5.886.03 2009-03-08 - 0.054
VBA32 3.12.10.1 20090308.1636 2009-03-08 - 2.255
ViRobot 20090307 2009.03.07 2009-03-07 - 0.600
VirusBuster 4.5.11.10 10.102.3/969050 2009-03-08 - 1.359
Note: this file has been scanned before. Therefore, this file's

Thanks
Reply With Quote
  #9 (permalink)   Top
Old 9th March 2009, 12:59 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Do you have any idea what that file might be?

Please see the above reply in post #7
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #10 (permalink)   Top
Old 9th March 2009, 01:02 PM
KDR's Avatar
KDR KDR is offline
Newcomer
  
Join Date: Mar 2009, 13 posts.
Reputation: KDR is on a distinguished road
I have no idea I just copied and pasted to virscan...I am runnig combo fix now
Reply With Quote
  #11 (permalink)   Top
Old 9th March 2009, 01:13 PM
KDR's Avatar
KDR KDR is offline
Newcomer
  
Join Date: Mar 2009, 13 posts.
Reputation: KDR is on a distinguished road
ok here is the combo fix log

ComboFix 09-03-06.02 - Compaq_Administrator 2009-03-09 7:51:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.551 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090308-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kmd.exe
c:\program files\Mozilla Firefox\components\2df22a17-9e7e-83be-5ac4-ad7c356bd055.dll
c:\windows\system32\init32.exe
c:\windows\system32\kmd.exe
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf

.
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-07 17:05 . 2009-03-07 17:06 <DIR> d-------- C:\rsit
2009-03-03 20:34 . 2009-03-03 20:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 20:34 . 2009-03-03 20:34 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-03-03 20:34 . 2009-03-03 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-03 20:34 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 20:34 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-03 09:23 . 2009-03-03 09:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-03 09:22 . 2009-03-03 09:23 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-03 09:22 . 2009-03-03 09:22 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-03 09:22 . 2009-03-03 09:22 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2009-03-03 08:39 . 2009-03-09 07:52 5,219 --a------ c:\windows\system32\iassarnl.dat
2009-03-03 08:39 . 2009-03-09 07:52 1,496 --a------ c:\windows\system32\netawi.dat
2009-03-03 08:39 . 2009-03-09 07:51 0 --a------ c:\windows\system32\mapistlb.dat
2009-03-03 08:21 . 2009-03-03 08:21 <DIR> d-------- c:\program files\CCleaner
2009-03-02 19:54 . 2009-03-09 07:51 5,251 --a------ c:\windows\system32\wshbeh.dat
2009-03-02 19:54 . 2009-03-09 07:47 394 --a------ c:\windows\system32\ir50_ec.dat
2009-03-02 19:54 . 2009-03-09 07:51 80 --a------ c:\windows\system32\catsrvur.dat
2009-03-02 19:54 . 2009-03-09 07:51 0 --a------ c:\windows\system32\msreplf0.dat
2009-03-01 21:53 . 2009-03-01 21:53 <DIR> d-------- c:\program files\Alwil Software
2009-03-01 17:48 . 2008-04-13 19:12 26,112 --a------ c:\windows\system32\dllcache\userinit.exe
2009-03-01 15:39 . 2009-03-03 08:55 48,267 --a------ c:\windows\system32\bkvdzbtzvsjshari.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-08 23:00 --------- d-----w c:\program files\Norton Security Scan
2009-03-08 02:42 --------- d-----w c:\program files\Java
2009-03-07 22:42 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-07 22:02 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\skypePM
2009-03-07 00:02 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-04 02:27 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-04 02:19 --------- d-----w c:\program files\AIM
2009-03-04 02:19 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Aim
2009-03-04 02:13 --------- d-----w c:\program files\LimeWire
2009-03-03 13:08 --------- d-----w c:\program files\HP Games
2009-03-02 02:15 --------- d-----w c:\program files\Trend Micro
2009-03-02 02:15 --------- d-----w c:\documents and settings\All Users\Application Data\Trend Micro
2009-02-17 01:43 --------- d-----w c:\program files\Safari
2009-02-07 02:28 --------- d-----w c:\program files\Blubster
2009-01-18 07:19 --------- d-----w c:\program files\Veoh Networks
2009-01-17 03:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-12 17:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 17:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-10-26 02:17 4,538 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2008-09-08 21:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090820080 909\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ir 50_ec]
@="{F7937358-78EC-51E4-7162-0C60C5697BC6}"
[HKEY_CLASSES_ROOT\CLSID\{F7937358-78EC-51E4-7162-0C60C5697BC6}]
2008-04-13 19:11 126976 --a------ c:\windows\system32\ir50_ec.dIl

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-30 185896]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SmartRAM"="c:\program files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-03 148888]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-07 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2006-01-24 c:\windows\system32\nwiz.exe]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-05-04 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-05-04 36903]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Compaq_Administrator\Application Data\iolo\

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-01 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2009-03-01 20560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-03-08 c:\windows\Tasks\Norton Security Scan for Compaq_Administrator.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HPBootOp - c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe


.
------- Supplementary Scan -------
.
uStart Page = yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESAR IO&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mStart Page = yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO &pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*Yahoo!
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 07:55:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\GTGina.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-09 7:57:36
ComboFix-quarantined-files.txt 2009-03-09 12:57:16
ComboFix2.txt 2008-02-04 22:23:31

Pre-Run: 176,207,740,928 bytes free
Post-Run: 176,634,425,344 bytes free

179 --- E O F --- 2009-02-25 09:02:30
Reply With Quote
  #12 (permalink)   Top
Old 9th March 2009, 01:23 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
If it says this file has already been scanned please choose to scan it again.

Please go to VirusTotal.com
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy the file path in the below Code box:
Code:
c:\windows\system32\dllcache\userinit.exe
2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Next click Send File
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
This will perform a scan across multiple different virus scanning engines.
Important: Wait for all of the scanning engines to complete.
5. Copy and then Paste the link to the results in the next reply.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #13 (permalink)   Top
Old 9th March 2009, 01:31 PM
KDR's Avatar
KDR KDR is offline
Newcomer
  
Join Date: Mar 2009, 13 posts.
Reputation: KDR is on a distinguished road
ok here it is

Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Portuguęs | Italiano | | | Magyar | Deutsch | Česky | Polski | Espańol
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File userinit.exe received on 03.09.2009 14:27:26 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/39 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.09 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.107 2009.03.09 -
Authentium 5.1.0.4 2009.03.08 -
Avast 4.8.1335.0 2009.03.09 -
AVG 8.0.0.237 2009.03.09 -
BitDefender 7.2 2009.03.09 -
CAT-QuickHeal 10.00 2009.03.09 -
ClamAV 0.94.1 2009.03.06 -
Comodo 1037 2009.03.08 -
DrWeb 4.44.0.09170 2009.03.09 -
eSafe 7.0.17.0 2009.03.08 -
eTrust-Vet 31.6.6386 2009.03.06 -
F-Prot 4.4.4.56 2009.03.08 -
F-Secure 8.0.14470.0 2009.03.09 -
Fortinet 3.117.0.0 2009.03.09 -
GData 19 2009.03.09 -
Ikarus T3.1.1.45.0 2009.03.09 -
K7AntiVirus 7.10.664 2009.03.09 -
Kaspersky 7.0.0.125 2009.03.09 -
McAfee 5547 2009.03.08 -
McAfee+Artemis 5547 2009.03.08 -
Microsoft 1.4405 2009.03.09 -
NOD32 3919 2009.03.09 -
Norman 6.00.06 2009.03.06 -
nProtect 2009.1.8.0 2009.03.09 -
Panda 10.0.0.10 2009.03.09 -
PCTools 4.4.2.0 2009.03.09 -
Prevx1 V2 2009.03.09 -
Rising 21.20.02.00 2009.03.09 -
SecureWeb-Gateway 6.7.6 2009.03.09 -
Sophos 4.39.0 2009.03.09 -
Sunbelt 3.2.1858.2 2009.03.08 -
Symantec 1.4.4.12 2009.03.09 -
TheHacker 6.3.2.7.277 2009.03.09 -
TrendMicro 8.700.0.1004 2009.03.09 -
VBA32 3.12.10.1 2009.03.09 -
ViRobot 2009.3.9.1641 2009.03.09 -
VirusBuster 4.5.11.0 2009.03.08 -
Additional information
File size: 26112 bytes
MD5...: a93aee1928a9d7ce3e16d24ec7380f89
SHA1..: 513f8bdf67a5a9e09803cfb61f590b39f2683853
SHA256: 944cd2135e171af338352568aa7fe1b8004733a4281395ad67 23e0cf43d5f53f
SHA512: b4df088a96dda785b1a2edb32ef72554fb8000d01a29668f0d a0614f6100c8ea
59c31790d5248e551543efd36684b12b687df55cbeaa36b8c3 1decf686980f42
ssdeep: 768:0RMJi8jDLIDSAaQFxfftjaLacmkLGKOq:0RMJbDMDSA7Fx ffJaLaSLG9q

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x54ad
timedatestamp.....: 0x480251a8 (Sun Apr 13 18:32:08 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x520e 0x5400 5.95 099b53205ad3f1c3b853a5310d08a9b1
.data 0x7000 0x14c 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf
.rsrc 0x8000 0xb50 0xc00 3.27 bac832e39f87c4f5f640e5d5c6a1c2fc

( 9 imports )
> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
> CRYPT32.dll: CryptProtectData
> WINSPOOL.DRV: SpoolerInit
> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken
> NETAPI32.dll: DsGetDcNameW, NetApiBufferFree
> WLDAP32.dll: -, -, -, -, -, -
> msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit
> KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW

( 0 exports )

ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=a93aee1928a9d7ce3e16d24ec7380f89' target='_blank'>http://www.threatexpert.com/report.aspx?md5=a93aee1928a9d7ce3e16d24ec7380f89</a>


ATTENTION: VirusTotal is
Thanks EF
Reply With Quote
  #14 (permalink)   Top
Old 9th March 2009, 01:38 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

File::
c:\windows\system32\iassarnl.dat
c:\windows\system32\netawi.dat
c:\windows\system32\mapistlb.dat
c:\windows\system32\wshbeh.dat
c:\windows\system32\ir50_ec.dat
c:\windows\system32\catsrvur.dat
c:\windows\system32\msreplf0.dat
c:\windows\system32\bkvdzbtzvsjshari.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ir50_ec]

[-HKEY_CLASSES_ROOT\CLSID\{F7937358-78EC-51E4-7162-0C60C5697BC6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #15 (permalink)   Top
Old 9th March 2009, 02:08 PM
KDR's Avatar
KDR KDR is offline
Newcomer
  
Join Date: Mar 2009, 13 posts.
Reputation: KDR is on a distinguished road
ok here is the combo fix

ComboFix 09-03-06.02 - Compaq_Administrator 2009-03-09 8:53:54.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.535 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090308-0] *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\bkvdzbtzvsjshari.exe
c:\windows\system32\catsrvur.dat
c:\windows\system32\iassarnl.dat
c:\windows\system32\ir50_ec.dat
c:\windows\system32\mapistlb.dat
c:\windows\system32\msreplf0.dat
c:\windows\system32\netawi.dat
c:\windows\system32\wshbeh.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bkvdzbtzvsjshari.exe
c:\windows\system32\catsrvur.dat
c:\windows\system32\iassarnl.dat
c:\windows\system32\ir50_ec.dat
c:\windows\system32\mapistlb.dat
c:\windows\system32\msreplf0.dat
c:\windows\system32\netawi.dat
c:\windows\system32\wshbeh.dat

.
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-07 17:05 . 2009-03-07 17:06 <DIR> d-------- C:\rsit
2009-03-03 20:34 . 2009-03-03 20:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 20:34 . 2009-03-03 20:34 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-03-03 20:34 . 2009-03-03 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-03 20:34 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 20:34 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-03 09:23 . 2009-03-03 09:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-03 09:22 . 2009-03-03 09:23 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-03 09:22 . 2009-03-03 09:22 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-03 09:22 . 2009-03-03 09:22 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2009-03-03 08:21 . 2009-03-03 08:21 <DIR> d-------- c:\program files\CCleaner
2009-03-01 21:53 . 2009-03-01 21:53 <DIR> d-------- c:\program files\Alwil Software
2009-03-01 17:48 . 2008-04-13 19:12 26,112 --a------ c:\windows\system32\dllcache\userinit.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-08 23:00 --------- d-----w c:\program files\Norton Security Scan
2009-03-08 02:42 --------- d-----w c:\program files\Java
2009-03-07 22:42 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-07 22:02 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\skypePM
2009-03-07 00:02 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-04 02:19 --------- d-----w c:\program files\AIM
2009-03-04 02:19 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Aim
2009-03-04 02:13 --------- d-----w c:\program files\LimeWire
2009-03-03 13:08 --------- d-----w c:\program files\HP Games
2009-03-02 02:15 --------- d-----w c:\program files\Trend Micro
2009-03-02 02:15 --------- d-----w c:\documents and settings\All Users\Application Data\Trend Micro
2009-02-17 01:43 --------- d-----w c:\program files\Safari
2009-02-07 02:28 --------- d-----w c:\program files\Blubster
2009-01-18 07:19 --------- d-----w c:\program files\Veoh Networks
2008-10-26 02:17 4,538 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2008-09-08 21:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090820080 909\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-09_ 7.56.18.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-09 13:57:24 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2c8.dat
+ 2009-03-09 13:57:24 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-30 185896]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SmartRAM"="c:\program files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-03 148888]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-07 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2006-01-24 c:\windows\system32\nwiz.exe]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-05-04 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-05-04 36903]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Compaq_Administrator\Application Data\iolo\

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-01 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2009-03-01 20560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2009-03-08 c:\windows\Tasks\Norton Security Scan for Compaq_Administrator.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Supplementary Scan -------
.
uStart Page = yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESAR IO&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mStart Page = yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO &pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*Yahoo!
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 09:00:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\GTGina.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-03-09 9:03:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-09 14:03:39
ComboFix2.txt 2009-03-09 12:57:37
ComboFix3.txt 2008-02-04 22:23:31

Pre-Run: 176,614,543,360 bytes free
Post-Run: 176,598,429,696 bytes free

195 --- E O F --- 2009-02-25 09:02:30
Thanks again EF!!
Reply With Quote
  #16 (permalink)   Top
Old 9th March 2009, 02:13 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Looks OK but I'm still concerned about this entry:

Quote:
2009-03-01 17:48 . 2008-04-13 19:12 26,112 --a------ c:\windows\system32\dllcache\userinit.exe
Before you begin the SDFix instructions you should copy these instructions in a Notepad file and save them to your desktop or print them for easy reference. Much of SDFix will be done in Safe mode and you will be unable to access this web page after booting into Safe mode.

Download SDFix by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

* Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
* A window will now open showing SDFix being extracted into the C:\SDFix folder.
* Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions.
* DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

When your computer has started in safe mode, and you see the desktop, close all open Windows.

* Click on the Start button, click on the Run menu option, and type the following text from the Code Box into the Open: field then click the OK button.

Code:
C:\SDFix\RunThis.bat
* SDFix window will open containing some brief info and a disclaimer on the use of the tool.
* Type Y on your keyboard and then press Enter to begin the cleanup process.
* It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
* Copy and paste the contents of the results file Report.txt in your next reply.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #17 (permalink)   Top
Old 9th March 2009, 02:25 PM
KDR's Avatar
KDR KDR is offline
Newcomer
  
Join Date: Mar 2009, 13 posts.
Reputation: KDR is on a distinguished road
I have to work I will do it tonight

Thanks again EF!!
Reply With Quote
  #18 (permalink)   Top
Old 10th March 2009, 01:22 AM
KDR's Avatar
KDR KDR is offline
Newcomer
  
Join Date: Mar 2009, 13 posts.
Reputation: KDR is on a distinguished road
Hi EF, sorry about that but I have a very nasty employer that I am going to fire this week

anyway here you go


SDFix: Version 1.240
Run by Compaq_Administrator on Mon 03/09/2009 at 08:03 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 20:08:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\Temp\_av_proI.tm~a02264
C:\WINDOWS\Temp\_av_proI.tm~a02264\setup.lok 0 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\DISC\\DiscStreamHub.exe"="C:\\Program Files\\DISC\\DiscStreamHub.exe:*:EnabledISCover Stream Hub"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:Re alPlayer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"="C:\\P rogram Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe:*:Enabl ed:Veoh Web Player "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Tue 19 Sep 2006 211 A.SHR --- "C:\BOOT.BAK"
Sat 14 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 10 Sep 2008 55,296 ...H. --- "C:\Documents and Settings\Compaq_Administrator\My Documents\~WRL0002.tmp"
Thu 11 Sep 2008 55,808 ...H. --- "C:\Documents and Settings\Compaq_Administrator\My Documents\~WRL0004.tmp"
Mon 28 Apr 2008 27,136 ...H. --- "C:\Documents and Settings\Compaq_Administrator\My Documents\~WRL1672.tmp"
Thu 11 Sep 2008 55,808 ...H. --- "C:\Documents and Settings\Compaq_Administrator\My Documents\~WRL3288.tmp"
Tue 7 Feb 2006 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Mon 19 Dec 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Wed 27 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Compaq_Administrator\Application Data\U3\temp\Launchpad Removal.exe"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\INSTPH.DLL"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\INSTPH.DLL"

Finished!
Reply With Quote
  #19 (permalink)   Top
Old 10th March 2009, 01:28 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
No problem.

Looks OK now.

  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.
.

The above procedure will:
  • Delete:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.


----------

Download OTCleanIt.exe and save it to your Desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it yourself.


----------

Use the Secunia Software Inspector to check for out of date software.
  • Click Start Now
  • Check the box next to Enable thorough system inspection.
  • Click Start
  • Allow the scan to finish and scroll down to see if any updates are needed.
  • Update anything listed.


----------

Go to Microsoft Windows Update and get all critical security updates. (you will need to use Internet Explorer to do this)

Please either enable Automatic Updates under Start > Control Panel > Automatic Updates, or get into the habit of checking for Windows updates regularly.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out So how did I get infected in the first place? By Tony Klein for tips and free tools to help keep you safe in the future.

Also see this Maintenance Guide for free cleaning and maintenance tools to help keep your computer running smooth.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #20 (permalink)   Top
Old 10th March 2009, 02:13 AM
KDR's Avatar
KDR KDR is offline
Newcomer
  
Join Date: Mar 2009, 13 posts.
Reputation: KDR is on a distinguished road
ok, EF Thanks so much ...like I said you guys are great

Thanks again so much!!!
Reply With Quote
Reply
Page 1 of 2 1 2 >

Only registered members can participate in forum threads. You must register or log in to contribute.


« Previous Thread | Next Thread »
Thread Tools

Forum Jump


All times are GMT. The time now is 09:40 PM.

Contact Us - Tech Support Team - Terms of Service - Top


Member Login
Forgot Password?



Post A Question!
Useful Links
Main Menu
Home
Forum Rules
FAQ
About Us
Welcome Pack
Search the forums
TST Mobile
Contact Us
Send Message

These are the 8 most used thread tags
Tag Cloud
geforce modem monitor no ring response no signal nvidia soft modem win7
Copyright © Tech Support Team, Inc. All rights reserved.
TechSupportTeam.org is an Privacy Policy and Legal Powered by vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.