Thread: Hey... Fixing Some Computers....
View Single Post
  #2  
Old 02-11-2008, 02:41 AM
Raistlfiren's Avatar
Raistlfiren Raistlfiren is offline
Moderator
  
Join Date: Sep 2004
Location: 127.0.0.1
Posts: 427
This is the other pc.

HiJack This Report :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:01 AM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\**jddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://antispywareupdates.net/?aid=496.cacdc9d1cececa
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\WINDO WS\system32\**jddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {246453d2-1dd2-11b2-a6a2-fd50a24c36a3} - C:\WINDOWS\zehyfmlc.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll (file missing)
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - unifff.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1202599936.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MP***e] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MalwareWiped] C:\Program Files\MalwareWiped\MalwareWiped.exe /h
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Windows Console] wkssvc.exe
O4 - HKLM\..\Run: [jurypcbk] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jurypcbk.dll"
O4 - HKLM\..\Run: [drmsrv32] C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\452c4a4hpc4a4a. exe
O4 - HKLM\..\Run: [SpyAway] C:\Program Files\SpyAway\SpyAway.exe
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro
O4 - HKLM\..\RunOnce: [SpybotDeletingA7153] command /c del "c:\Program Files\PestCapture\PestCapture.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7993] cmd /c del "c:\Program Files\PestCapture\PestCapture.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9595] command /c del "c:\Program Files\PestCapture\PestCapture0.pc"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5441] cmd /c del "c:\Program Files\PestCapture\PestCapture0.pc"
O4 - HKLM\..\RunOnce: [SpybotDeletingA169] command /c del "c:\Program Files\PestCapture\Uninstall.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9579] cmd /c del "c:\Program Files\PestCapture\Uninstall.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3862] command /c del "C:\Program Files\AntiVermins\AntiVermins.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6664] cmd /c del "C:\Program Files\AntiVermins\AntiVermins.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9123] command /c del "C:\Program Files\AntiVermins\blacklist.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6136] cmd /c del "C:\Program Files\AntiVermins\blacklist.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5284] command /c del "C:\Program Files\AntiVermins\msvcp71.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2814] cmd /c del "C:\Program Files\AntiVermins\msvcp71.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5090] command /c del "C:\Program Files\AntiVermins\msvcr71.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9650] cmd /c del "C:\Program Files\AntiVermins\msvcr71.dll"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB706] command /c del "c:\Program Files\PestCapture\PestCapture.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5001] cmd /c del "c:\Program Files\PestCapture\PestCapture.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9260] command /c del "c:\Program Files\PestCapture\PestCapture0.pc"
O4 - HKCU\..\RunOnce: [SpybotDeletingD392] cmd /c del "c:\Program Files\PestCapture\PestCapture0.pc"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5332] command /c del "c:\Program Files\PestCapture\Uninstall.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1389] cmd /c del "c:\Program Files\PestCapture\Uninstall.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8574] command /c del "C:\Program Files\AntiVermins\AntiVermins.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8572] cmd /c del "C:\Program Files\AntiVermins\AntiVermins.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5760] command /c del "C:\Program Files\AntiVermins\blacklist.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1814] cmd /c del "C:\Program Files\AntiVermins\blacklist.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1370] command /c del "C:\Program Files\AntiVermins\msvcp71.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3897] cmd /c del "C:\Program Files\AntiVermins\msvcp71.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6490] command /c del "C:\Program Files\AntiVermins\msvcr71.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5759] cmd /c del "C:\Program Files\AntiVermins\msvcr71.dll"
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presar io&pf=laptop
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdcco...ad/tgctlsr.cab
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - Winlogon Notify: jkhhi - jkhhi.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 18257 bytes

ComboFix Report :
ComboFix 08-02.11.1 - Olivia Shelton 2008-02-11 0:39:11.1 - NTFSx86 MINIMAL
Running from: E:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\jurypcbk.dll
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Program Files\3721
C:\Program Files\Accoona
C:\Program Files\akl
C:\Program Files\amsys
C:\Program Files\e-zshopper
C:\Program Files\p2pnetworks
C:\WINDOWS\PerfInfo
C:\WINDOWS\system32\acespy
C:\WINDOWS\zehyfmlc.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-11 00:16 . 2008-02-11 00:16 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-11 00:15 . 2008-02-11 00:28 <DIR> d-------- C:\SDFix
2008-02-11 00:09 . 2008-02-11 00:09 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-10 23:43 . 2008-02-10 23:44 <DIR> d-------- C:\ClamWinPortable
2008-02-10 23:31 . 2008-02-10 23:33 487 --a------ C:\WINDOWS\wininit.ini
2008-02-10 23:10 . 2008-02-10 23:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-10 23:10 . 2008-02-10 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 22:49 . 2005-04-29 23:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-10 22:49 . 2005-04-29 23:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-02-10 22:07 . 2008-02-10 22:07 1,494 --a------ C:\Ad-Ware Pro.lnk
2008-02-10 22:06 . 2008-02-10 22:06 <DIR> d-------- C:\WINDOWS\Ad-Ware Pro
2008-02-10 22:06 . 2008-02-10 22:06 <DIR> d-------- C:\Program Files\Ad-Ware Pro
2008-02-10 21:30 . 2008-02-11 00:31 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-10 21:30 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-10 21:30 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-10 21:30 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-10 21:30 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-10 21:29 . 2008-02-10 23:16 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-10 21:29 . 2008-02-10 21:29 <DIR> d-------- C:\Documents and Settings\Olivia Shelton\Application Data\PC Tools
2008-02-10 17:18 . 2008-02-10 17:19 <DIR> d-------- C:\Documents and Settings\Olivia Shelton\Application Data\eAcceleration
2008-02-10 17:17 . 2008-02-10 17:18 <DIR> d-------- C:\Program Files\eAcceleration
2008-02-10 16:27 . 2008-02-10 17:04 <DIR> d-------- C:\Program Files\SpyAway
2008-02-09 17:47 . 2008-02-09 17:47 10,752 --a------ C:\WINDOWS\system32\worsock.dll
2008-02-09 17:31 . 2008-02-11 00:27 <DIR> d-------- C:\WINDOWS\gwjfsluv
2008-02-09 17:31 . 2008-02-09 17:31 185,344 --a------ C:\WINDOWS\rsxqhsbm.dll
2008-02-09 17:31 . 2008-02-09 17:31 91,667 --a------ C:\WINDOWS\tydixkha.exe
2008-02-09 17:31 . 2008-02-09 17:31 36,864 --a------ C:\WINDOWS\jgnmjyrw.exe
2008-02-09 17:31 . 2008-02-10 23:32 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-09 17:31 . 2008-02-09 17:31 0 --a------ C:\WINDOWS\1rnrLjpcES.exe.bak
2008-02-09 17:30 . 2008-02-09 17:30 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-09 17:30 . 2008-02-09 17:30 13,312 --a------ C:\btde.exe
2008-02-09 17:30 . 2008-02-09 17:30 3,584 --a------ C:\ryvqkqv.exe
2008-02-09 17:30 . 2008-02-09 17:30 0 --a------ C:\166556076
2008-02-09 17:29 . 2008-02-09 17:30 58,368 --a------ C:\ykamvp.exe
2008-02-09 15:12 . 2008-02-09 15:12 4,218 --a------ C:\msn.com
2008-01-22 00:57 . 2008-02-10 22:09 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2008-01-22 00:57 . 2008-02-10 22:09 4 --a------ C:\WINDOWS\system32\9C7B6F
2008-01-22 00:56 . 2008-01-22 00:56 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2008-01-22 00:54 . 2008-01-22 00:58 <DIR> d-------- C:\Program Files\Rhapsody
2008-01-22 00:35 . 2008-01-22 00:38 <DIR> d-------- C:\Program Files\Winamp
2008-01-22 00:34 . 2008-01-22 00:34 <DIR> d-------- C:\Program Files\Shareaza
2008-01-22 00:34 . 2008-01-22 00:34 <DIR> d-------- C:\Documents and Settings\Olivia Shelton\Application Data\Talkback
2008-01-22 00:34 . 2008-01-22 00:34 <DIR> d-------- C:\Documents and Settings\Olivia Shelton\Application Data\Shareaza
2008-01-22 00:07 . 2008-01-22 00:11 <DIR> d-------- C:\Program Files\BitComet
2008-01-21 23:57 . 2008-01-21 23:57 <DIR> d-------- C:\Program Files\Azureus
2008-01-21 23:46 . 2008-01-21 23:46 <DIR> d-------- C:\Program Files\Picasa2
2008-01-21 23:46 . 2006-10-04 20:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-21 23:46 . 2006-10-04 20:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-21 23:43 . 2008-01-21 23:43 <DIR> d-------- C:\Program Files\K-Lite Pro
2008-01-21 23:42 . 2008-01-21 23:42 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-01-21 23:39 . 2008-02-08 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-01-21 23:31 . 2008-02-08 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-21 23:13 . 2008-01-22 00:23 <DIR> d-------- C:\Documents and Settings\Olivia Shelton\Application Data\FileVOoM
2008-01-21 23:12 . 2008-01-21 23:13 <DIR> d-------- C:\Program Files\FileVOoM Pro
2008-01-21 13:39 . 2008-01-21 13:51 <DIR> d-------- C:\Program Files\Windows Live
2008-01-21 13:39 . 2008-01-21 13:48 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-21 13:38 . 2008-01-21 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-10 22:32 --------- d-----w C:\Documents and Settings\Olivia Shelton\Application Data\AVG7
2008-02-10 11:15 --------- d-----w C:\Program Files\Lx_cats
2008-02-09 23:50 --------- d-----w C:\Program Files\LimeWire
2008-02-08 07:29 --------- d-----w C:\Documents and Settings\Olivia Shelton\Application Data\LimeWire
2008-02-04 21:43 7,656 ----a-w C:\Documents and Settings\Olivia Shelton\Application Data\wklnhst.dat
2008-01-28 04:34 --------- d-----w C:\Documents and Settings\Olivia Shelton\Application Data\Image Zone Express
2008-01-22 06:13 --------- d-----w C:\Program Files\Google
2008-01-11 03:28 --------- d-----w C:\Program Files\Easy Internet signup
2007-12-11 05:24 --------- d-----w C:\Documents and Settings\Olivia Shelton\Application Data\Apple Computer
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58F07DD3-924D-4141-BC74-299F523A95F1}]
C:\WINDOWS\pxwma.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2006-08-23 11:22 1191936]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 09:29 50736]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgen t.exe" [2005-03-23 16:33 126976]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-15 23:14 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2005-10-27 18:44 3887104]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\ Flash\FlashUtil9d.exe" [2007-06-11 14:04 190696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 11:00 339968]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 16:11 794624]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 06:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 06:11 692316]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 17:04 278528]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 14:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 15:01 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwat cher.exe" [2004-10-14 14:54 253952]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-28 09:41 180269]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdl r.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent .exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupda te.exe" [2006-01-11 12:05 212992]
"MP***e"="c:\PROGRA~1\mcafee.com\mps\mscifapp. exe" [2005-05-24 16:50 274432]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgen t.exe" [2005-03-23 16:33 126976]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MskD etct.exe" [2005-03-23 15:47 1111040]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray. exe" [2005-04-05 14:41 950272]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [2008-01-16 08:24 579072]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-21 23:37 29744]
"lxdcmon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" [ ]
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 17:32 20480]
"LXDCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\LXDCtime.dll" [2007-01-22 16:05 102400]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-02-23 13:10 35328]
"SpyAway"="C:\Program Files\SpyAway\SpyAway.exe" [2008-02-10 16:27 286227]
"SoftwareStation"="C:\Program Files\eAcceleration\Station\station.exe" [2007-05-08 18:12 136904]
"StopSignSsTsMon"="C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll" [ ]
"StopSignSsSsMon"="C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [ ]
"webscan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [ ]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"SDFix"="C:\SDFix\RunThis.bat /second" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"StopSignSsSsMon"="C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [ ]
"SpybotDeletingA7153"="command /c del c:\Program Files\PestCapture\PestCapture.exe" [ ]
"SpybotDeletingC7993"="cmd /c del c:\Program Files\PestCapture\PestCapture.exe" [ ]
"SpybotDeletingA9595"="command /c del c:\Program Files\PestCapture\PestCapture0.pc" [ ]
"SpybotDeletingC5441"="cmd /c del c:\Program Files\PestCapture\PestCapture0.pc" [ ]
"SpybotDeletingA169"="command /c del c:\Program Files\PestCapture\Uninstall.exe" [ ]
"SpybotDeletingC9579"="cmd /c del c:\Program Files\PestCapture\Uninstall.exe" [ ]
"SpybotDeletingA3862"="command /c del C:\Program Files\AntiVermins\AntiVermins.url" [ ]
"SpybotDeletingC6664"="cmd /c del C:\Program Files\AntiVermins\AntiVermins.url" [ ]
"SpybotDeletingA9123"="command /c del C:\Program Files\AntiVermins\blacklist.txt" [ ]
"SpybotDeletingC6136"="cmd /c del C:\Program Files\AntiVermins\blacklist.txt" [ ]
"SpybotDeletingA5284"="command /c del C:\Program Files\AntiVermins\msvcp71.dll" [ ]
"SpybotDeletingC2814"="cmd /c del C:\Program Files\AntiVermins\msvcp71.dll" [ ]
"SpybotDeletingA5090"="command /c del C:\Program Files\AntiVermins\msvcr71.dll" [ ]
"SpybotDeletingC9650"="cmd /c del C:\Program Files\AntiVermins\msvcr71.dll" [ ]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]
"SDFix"="C:\SDFix\RunThis.bat /second" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw. exe" [2007-10-23 07:27 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-21 23:31:51 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhi]
jkhhi.dll

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 21:52:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-11 04:19:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-09 06:45:48 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2005-04-30 05:52:52 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 00:44:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????3?4?2?5??????? ???B?????????????hLC? ??????
LXDCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-11 0:48:35
ComboFix-quarantined-files.txt 2008-02-11 06:48:07
.
2008-01-10 04:21:53 --- E O F ---

SDFix Report :

SDFix: Version 1.141

Run by Olivia Shelton on Mon 02/11/2008 at 12:20 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
4fdw

Path:
\??\C:\WINDOWS\system32\4fdw.dll

4fdw - Deleted

Killing PID 1336 '**jddnvj.exe'


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\D.EXE - Deleted
C:\WINDOWS\gwjfsluv\1.png - Deleted
C:\WINDOWS\gwjfsluv\2.png - Deleted
C:\WINDOWS\gwjfsluv\3.png - Deleted
C:\WINDOWS\gwjfsluv\4.png - Deleted
C:\WINDOWS\gwjfsluv\5.png - Deleted
C:\WINDOWS\gwjfsluv\6.png - Deleted
C:\WINDOWS\gwjfsluv\7.png - Deleted
C:\WINDOWS\gwjfsluv\8.png - Deleted
C:\WINDOWS\gwjfsluv\9.png - Deleted
C:\WINDOWS\gwjfsluv\bottom-rc.gif - Deleted
C:\WINDOWS\gwjfsluv\config.png - Deleted
C:\WINDOWS\gwjfsluv\content.png - Deleted
C:\WINDOWS\gwjfsluv\download.gif - Deleted
C:\WINDOWS\gwjfsluv\frame-bg.gif - Deleted
C:\WINDOWS\gwjfsluv\frame-bottom-left.gif - Deleted
C:\WINDOWS\gwjfsluv\frame-h1bg.gif - Deleted
C:\WINDOWS\gwjfsluv\head.png - Deleted
C:\WINDOWS\gwjfsluv\icon.png - Deleted
C:\WINDOWS\gwjfsluv\indexwp.html - Deleted
C:\WINDOWS\gwjfsluv\main.css - Deleted
C:\WINDOWS\gwjfsluv\memory-prots.png - Deleted
C:\WINDOWS\gwjfsluv\net.png - Deleted
C:\WINDOWS\gwjfsluv\pc.gif - Deleted
C:\WINDOWS\gwjfsluv\pc-mag.gif - Deleted
C:\WINDOWS\gwjfsluv\poloska1.png - Deleted
C:\WINDOWS\gwjfsluv\poloska2.png - Deleted
C:\WINDOWS\gwjfsluv\poloska3.png - Deleted
C:\WINDOWS\gwjfsluv\promowp1.html - Deleted
C:\WINDOWS\gwjfsluv\promowp2.html - Deleted
C:\WINDOWS\gwjfsluv\promowp3.html - Deleted
C:\WINDOWS\gwjfsluv\promowp4.html - Deleted
C:\WINDOWS\gwjfsluv\promowp5.html - Deleted
C:\WINDOWS\gwjfsluv\reg.png - Deleted
C:\WINDOWS\gwjfsluv\repair.png - Deleted
C:\WINDOWS\gwjfsluv\scr-1.png - Deleted
C:\WINDOWS\gwjfsluv\scr-2.png - Deleted
C:\WINDOWS\gwjfsluv\start.png - Deleted
C:\WINDOWS\gwjfsluv\styles.css - Deleted
C:\WINDOWS\gwjfsluv\top-rc.gif - Deleted
C:\WINDOWS\gwjfsluv\vline.gif - Deleted
C:\WINDOWS\gwjfsluv\wp.png - Deleted
C:\WINDOWS\system32\acespy\systune.exe - Deleted
C:\WINDOWS\system32\acespy\__acelog.ndx - Deleted
C:\Program Files\3721\helper.dll - Deleted
C:\Program Files\3721\assist\asbar.dll - Deleted
C:\Program Files\Accoona\ASearchAssist.dll - Deleted
C:\Program Files\akl\akl.dll - Deleted
C:\Program Files\akl\akl.exe - Deleted
C:\Program Files\akl\curlog.htm - Deleted
C:\Program Files\akl\keylog.txt - Deleted
C:\Program Files\akl\readme.txt - Deleted
C:\Program Files\akl\uninstall.exe - Deleted
C:\Program Files\akl\unsetup.dat - Deleted
C:\Program Files\akl\unsetup.exe - Deleted
C:\Program Files\amsys\awmsg.dat - Deleted
C:\Program Files\amsys\guid.dat - Deleted
C:\Program Files\amsys\ijl15.dll - Deleted
C:\Program Files\amsys\mfc42.dll - Deleted
C:\Program Files\amsys\msvcrt.dll - Deleted
C:\Program Files\amsys\unins000.dat - Deleted
C:\Program Files\amsys\unis000.exe - Deleted
C:\Program Files\amsys\winam.dat - Deleted
C:\Program Files\e-zshopper\BarLcher.dll - Deleted
C:\Program Files\p2pnetworks\amp2pl.exe - Deleted
C:\d.exe - Deleted
C:\WINDOWS\764.exe - Deleted
C:\WINDOWS\7search.dll - Deleted
C:\WINDOWS\absolute key logger.lnk - Deleted
C:\WINDOWS\aconti.exe - Deleted
C:\WINDOWS\aconti.ini - Deleted
C:\WINDOWS\aconti.log - Deleted
C:\WINDOWS\aconti.sdb - Deleted
C:\WINDOWS\acontidialer.txt - Deleted
C:\WINDOWS\adbar.dll - Deleted
C:\WINDOWS\cbinst$.exe - Deleted
C:\WINDOWS\daxtime.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\dp0.dll - Deleted
C:\WINDOWS\eventlowg.dll - Deleted
C:\WINDOWS\fhfmm.exe - Deleted
C:\WINDOWS\fhfmm-Uninstaller.exe - Deleted
C:\WINDOWS\flt.dll - Deleted
C:\WINDOWS\hcwprn.exe - Deleted
C:\WINDOWS\hot****.exe - Deleted
C:\WINDOWS\ie_32.exe - Deleted
C:\WINDOWS\iexplorr23.dll - Deleted
C:\WINDOWS\jd2002.dll - Deleted
C:\WINDOWS\kkcomp$.exe - Deleted
C:\WINDOWS\kkcomp.dll - Deleted
C:\WINDOWS\kkcomp.exe - Deleted
C:\WINDOWS\kvnab$.exe - Deleted
C:\WINDOWS\kvnab.dll - Deleted
C:\WINDOWS\kvnab.exe - Deleted
C:\WINDOWS\liqad$.exe - Deleted
C:\WINDOWS\liqad.dll - Deleted
C:\WINDOWS\liqad.exe - Deleted
C:\WINDOWS\liqui.dll - Deleted
C:\WINDOWS\liqui.exe - Deleted
C:\WINDOWS\liqui-Uninstaller.exe - Deleted
C:\WINDOWS\ngd.dll - Deleted
C:\WINDOWS\pbar.dll - Deleted
C:\WINDOWS\pbsysie.dll - Deleted
C:\WINDOWS\settn.dll - Deleted
C:\WINDOWS\spredirect.dll - Deleted
C:\WINDOWS\system32\ace16win.dll - Deleted
C:\WINDOWS\system32\cmds.txt - Deleted
C:\WINDOWS\system32\conf.dat - Deleted
C:\WINDOWS\system32\cs.dat - Deleted
C:\WINDOWS\system32\ESHOPEE.exe - Deleted
C:\WINDOWS\system32\msole32.exe - Deleted
C:\WINDOWS\system32\ps1.dat - Deleted
C:\WINDOWS\system32\rc.dat - Deleted
C:\WINDOWS\system32\**jddnvj.exe - Deleted
C:\WINDOWS\system32\unifff.dll - Deleted
C:\WINDOWS\system32\vxddsk.exe - Deleted
C:\WINDOWS\system32\wml.exe - Deleted
C:\WINDOWS\vxddsk.exe - Deleted
C:\WINDOWS\wbeCheck.exe - Deleted
C:\WINDOWS\wbeInst$.exe - Deleted
C:\WINDOWS\wkssvc.exe - Deleted
C:\WINDOWS\wml.exe - Deleted
C:\WINDOWS\xadbrk.dll - Deleted
C:\WINDOWS\xadbrk.exe - Deleted
C:\WINDOWS\xadbrk_.exe - Deleted
C:\WINDOWS\xxxvideo.exe - Deleted
C:\WINDOWS\system32\4fdw.dll - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 00:57:50
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 23 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 22 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc261 2ebcefc90e7dee4c276ee95e\BIT6.tmp"
Mon 8 Oct 2007 14,449,128 A..H. --- "C:\Documents and Settings\All Users\Application Data\Google Updater\cache\BIT25C.tmp"

Finished!
Reply With Quote