Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Spyware / Virus Removal » Hey... Fixing Some Computers....
Register Calendar Gallery Mark Forums Read

Spyware / Virus Removal Spyware, virus, browser hijack and other malware removal.

Reply
 
Thread Tools Display Modes
  #1  
Old 02-11-2008, 01:36 AM
Raistlfiren's Avatar
Raistlfiren Raistlfiren is offline
Moderator
  
Join Date: Sep 2004
Location: 127.0.0.1
Posts: 427
Hey... Fixing Some Computers....
Hey Mobo,

I was working on two friends pcs that was filled with spyware and other crap. Anyway, I saw that is was the trojan - trojandownloader.xs. So I googled it and ran several different tests and programs. After rebooting the two pcs in safe mode I ran HiJack This, ComboFix, SDFix, and Spybot S&D. Which SDFix and ComboFix seem to work on the pcs and they seem to be running a lot bit smoother then when I got them. They actually run, which is kind of scary. By the way I am right now running a live virus scan from Kapersky. Then I told them to come back tomorrow with their pcs, too see if anything suspicious lures with the virus scan. Thanks for any help bro. I truely do appreciate it.

Anyway I was hoping you would take a look at these log files from the scans.
Here is one of the scans from the pc I will call DELL(Next will be of the COMPAQ) ->

HiJackThis Report :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:20 AM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\**jddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
E:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\**jddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - unifff.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {C866FA6B-F9EF-4876-A0F3-EA9FE5EA225D} - C:\WINDOWS\assembly\NativeImages1_v1.0.3705\Custom Marshalers\dobcpa.dll (file missing)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1202591687.dll (file missing)
O2 - BHO: (no name) - {fb612e5e-1dd1-11b2-9835-bdb57d8756c5} - C:\WINDOWS\uvevodkr.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [MP***e] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Console] wkssvc.exe
O4 - HKLM\..\Run: [ozihglir] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ozihglir.dll"
O4 - HKLM\..\Run: [drmsrv32] C:\DOCUME~1\KARILY~1\LOCALS~1\Temp\452c4a4hpc4a4a. exe
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [SpyAway] C:\Program Files\SpyAway\spyaway.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA7390] command /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1316] cmd /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9642] command /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3490] cmd /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3541] command /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6324] cmd /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3729] command /c del "C:\Program Files\BearShare\Logs\streams.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9514] cmd /c del "C:\Program Files\BearShare\Logs\streams.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3271] command /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5844] cmd /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5711] command /c del "C:\Program Files\webHancer\Programs\sporder.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6765] cmd /c del "C:\Program Files\webHancer\Programs\sporder.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6001] command /c del "C:\Program Files\webHancer\Programs\readme.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC27] cmd /c del "C:\Program Files\webHancer\Programs\readme.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA111] command /c del "C:\Program Files\whInstall\readme.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4114] cmd /c del "C:\Program Files\whInstall\readme.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2665] command /c del "C:\Program Files\whInstall\whAgent.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8561] cmd /c del "C:\Program Files\whInstall\whAgent.ini"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\RunOnce: [SpybotDeletingB1853] command /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8384] cmd /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6183] command /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2763] cmd /c del "C:\Program Files\BearShare\Logs\memory.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB912] command /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD524] cmd /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB159] command /c del "C:\Program Files\BearShare\Logs\streams.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3293] cmd /c del "C:\Program Files\BearShare\Logs\streams.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1871] command /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7643] cmd /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB598] command /c del "C:\Program Files\webHancer\Programs\sporder.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4484] cmd /c del "C:\Program Files\webHancer\Programs\sporder.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7795] command /c del "C:\Program Files\webHancer\Programs\readme.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9830] cmd /c del "C:\Program Files\webHancer\Programs\readme.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1287] command /c del "C:\Program Files\whInstall\readme.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8017] cmd /c del "C:\Program Files\whInstall\readme.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4621] command /c del "C:\Program Files\whInstall\whAgent.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3929] cmd /c del "C:\Program Files\whInstall\whAgent.ini"
O4 - HKLM\..\Policies\Explorer\Run: [xwivi77V5G] rundll32.exe "C:\WINDOWS\apshghwb.dll",DllCleanServer
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - Winlogon Notify: dobcpa - C:\WINDOWS\assembly\NativeImages1_v1.0.3705\Custom Marshalers\dobcpa.dll (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 16102 bytes

ComboFix Report :
ComboFix 08-02.11.1 - Kari Lynne 2008-02-11 0:21:13.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.325 [GMT -6:00]
Running from: E:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\ozihglir.dll
C:\Documents and Settings\Kari Lynne\Application Data\searchtoolbarcorp
C:\Documents and Settings\Kari Lynne\Application Data\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\Documents and Settings\Kari Lynne\Application Data\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\Documents and Settings\Kari Lynne\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\Kari Lynne\Application Data\WinAntiVirus Pro 2006\Logs\incmp.log
C:\Documents and Settings\Kari Lynne\Application Data\WinAntiVirus Pro 2006\Logs\update.log
C:\Documents and Settings\Kari Lynne\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
C:\Documents and Settings\Kari Lynne\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
C:\Documents and Settings\Kari Lynne\Start Menu\Programs\Startup\.protected
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\vsadd-in
C:\Program Files\vsadd-in\VSAdd-in.dll
C:\Program Files\WhenUSearch
C:\Program Files\WhenUSearch\search.dll
C:\Program Files\winantivirus pro 2006
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hot****.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\xwivi77V5Gwp.exe
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\file.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\uvevodkr.dll
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK


((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-11 00:25 . 2008-02-11 00:31 <DIR> d-------- C:\WINDOWS\system32\acespy
2008-02-11 00:25 . 2008-02-11 00:31 <DIR> d-------- C:\Program Files\p2pnetworks
2008-02-11 00:25 . 2008-02-11 00:31 <DIR> d-------- C:\Program Files\e-zshopper
2008-02-11 00:25 . 2008-02-11 00:31 <DIR> d-------- C:\Program Files\amsys
2008-02-11 00:25 . 2008-02-11 00:31 <DIR> d-------- C:\Program Files\akl
2008-02-11 00:25 . 2008-02-11 00:30 <DIR> d-------- C:\Program Files\Accoona
2008-02-11 00:24 . 2008-02-11 00:30 <DIR> d-------- C:\Program Files\3721
2008-02-10 23:01 . 2008-02-10 23:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-10 23:01 . 2008-02-10 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 14:33 . 2008-02-10 22:51 <DIR> d-------- C:\Program Files\SpyAway
2008-02-10 11:36 . 2008-02-10 11:36 4,960 --a------ C:\WINDOWS\system32\Se0zkN.syz
2008-02-09 19:18 . 2008-02-09 19:18 3,795,158 --a------ C:\WINDOWS\xwivi77V5G.exe
2008-02-09 19:17 . 2008-02-09 19:17 91,667 --a------ C:\WINDOWS\ytgtedih.exe
2008-02-09 19:17 . 2008-02-09 19:17 91,667 --a------ C:\WINDOWS\system32\**jddnvj.exe
2008-02-09 19:17 . 2008-02-10 19:18 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-09 16:02 . 2008-02-09 16:02 10,752 --a------ C:\WINDOWS\system32\worsock.dll
2008-02-09 16:02 . 2008-02-09 16:02 1 --a------ C:\WINDOWS\system32\rc.dat
2008-02-09 16:02 . 2008-02-09 16:02 1 --a------ C:\WINDOWS\system32\ps1.dat
2008-02-09 16:02 . 2008-02-09 16:02 1 --a------ C:\WINDOWS\system32\cs.dat
2008-02-09 15:16 . 2008-02-09 15:16 <DIR> d-------- C:\WINDOWS\gtvuckjt
2008-02-09 15:16 . 2008-02-09 15:16 177,152 --a------ C:\WINDOWS\apshghwb.dll
2008-02-09 15:14 . 2008-02-09 15:14 54,272 --a------ C:\WINDOWS\system32\unifff.dll
2008-02-09 15:14 . 2008-02-09 15:14 2 --a------ C:\2096316284
2008-02-08 21:41 . 2008-02-08 21:41 876,032 -r-hs---- C:\WINDOWS\wkssvc.exe
2008-02-04 23:52 . 2008-02-04 23:52 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-04 23:51 . 2008-02-04 23:51 <DIR> d-------- C:\Program Files\MSBuild
2008-02-04 23:46 . 2008-02-04 23:46 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-04 23:26 . 2008-02-04 23:26 <DIR> dr-h----- C:\MSOCache
2008-01-27 21:21 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-01-27 21:21 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-01-13 18:11 . 2008-01-13 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-11 06:26 31,744 ----a-w C:\WINDOWS\liqad.exe
2008-02-11 06:26 31,744 ----a-w C:\WINDOWS\fhfmm.exe
2008-02-11 06:26 31,232 ----a-w C:\WINDOWS\kvnab.dll
2008-02-11 06:26 30,464 ----a-w C:\WINDOWS\liqui-Uninstaller.exe
2008-02-11 06:26 28,928 ----a-w C:\WINDOWS\xadbrk.dll
2008-02-11 06:26 28,928 ----a-w C:\WINDOWS\pbsysie.dll
2008-02-11 06:26 28,928 ----a-w C:\WINDOWS\eventlowg.dll
2008-02-11 06:26 28,672 ----a-w C:\WINDOWS\liqad$.exe
2008-02-11 06:26 27,904 ----a-w C:\WINDOWS\xadbrk.exe
2008-02-11 06:26 27,136 ----a-w C:\WINDOWS\kvnab.exe
2008-02-11 06:26 23,552 ----a-w C:\WINDOWS\liqad.dll
2008-02-11 06:26 20,992 ----a-w C:\WINDOWS\liqui.exe
2008-02-11 06:26 19,968 ----a-w C:\WINDOWS\daxtime.dll
2008-02-11 06:26 19,712 ----a-w C:\WINDOWS\kkcomp$.exe
2008-02-11 06:26 19,200 ----a-w C:\WINDOWS\settn.dll
2008-02-11 06:26 17,408 ----a-w C:\WINDOWS\liqui.dll
2008-02-11 06:26 16,640 ----a-w C:\WINDOWS\fhfmm-Uninstaller.exe
2008-02-11 06:26 14,848 ----a-w C:\WINDOWS\xadbrk_.exe
2008-02-11 06:26 14,080 ----a-w C:\WINDOWS\cbinst$.exe
2008-02-11 06:26 13,568 ----a-w C:\WINDOWS\kkcomp.dll
2008-02-11 06:26 11,520 ----a-w C:\WINDOWS\kkcomp.exe
2008-02-11 06:26 11,520 ----a-w C:\WINDOWS\hcwprn.exe
2008-02-11 06:26 10,496 ----a-w C:\WINDOWS\kvnab$.exe
2008-02-11 06:25 31,488 ----a-w C:\WINDOWS\vxddsk.exe
2008-02-11 06:25 30,976 ----a-w C:\WINDOWS\hot****.exe
2008-02-11 06:25 29,696 ----a-w C:\WINDOWS\dp0.dll
2008-02-11 06:25 28,672 ----a-w C:\WINDOWS\wbeCheck.exe
2008-02-11 06:25 28,416 ----a-w C:\WINDOWS\adbar.dll
2008-02-11 06:25 27,392 ----a-w C:\WINDOWS\jd2002.dll
2008-02-11 06:25 23,808 ----a-w C:\WINDOWS\ngd.dll
2008-02-11 06:25 20,480 ----a-w C:\WINDOWS\aconti.exe
2008-02-11 06:25 19,200 ----a-w C:\WINDOWS\iexplorr23.dll
2008-02-11 06:25 15,872 ----a-w C:\WINDOWS\spredirect.dll
2008-02-11 06:25 15,104 ----a-w C:\WINDOWS\wbeInst$.exe
2008-02-11 06:25 12,800 ----a-w C:\WINDOWS\xxxvideo.exe
2008-02-11 06:25 12,800 ----a-w C:\WINDOWS\ie_32.exe
2008-02-11 06:24 27,904 ----a-w C:\WINDOWS\7search.dll
2008-02-11 06:24 26,368 ----a-w C:\WINDOWS\764.exe
2008-02-11 06:24 22,784 ----a-w C:\WINDOWS\wml.exe
2008-02-11 06:24 13,312 ----a-w C:\WINDOWS\flt.dll
2008-02-11 06:24 10,496 ----a-w C:\WINDOWS\pbar.dll
2008-02-11 06:03 --------- d-----w C:\Program Files\WinFixerFree
2008-02-11 06:03 --------- d-----w C:\Program Files\BearShare
2008-02-11 03:59 --------- d-----w C:\Program Files\Dell
2008-02-11 03:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 03:56 --------- d-----w C:\Program Files\CyberLink
2008-02-11 03:55 --------- d-----w C:\Program Files\Sonic
2008-02-11 03:54 --------- d-----w C:\Program Files\Save
2008-02-10 19:45 --------- d-----w C:\Program Files\AIM
2008-02-10 19:45 --------- d-----w C:\Documents and Settings\Kari Lynne\Application Data\Aim
2008-02-05 06:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-11 21:39 --------- d-----w C:\Documents and Settings\Kari Lynne\Application Data\AdobeUM
2006-11-21 02:45 937,155 --sh--w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\Custom Marshalers\apcbod.bak1
2006-11-13 07:27 104 --sh--w C:\WINDOWS\Config\cacsmvc.dll
2006-11-13 16:55 104 --sh--w C:\WINDOWS\Config\wvsr.dll
2006-11-17 16:40 104 --sh--w C:\WINDOWS\Cursors\pipa.dll
2006-11-17 17:02 104 --sh--w C:\WINDOWS\msagent\tuilsmvc.dll
2006-11-14 16:56 104 --sh--w C:\WINDOWS\Registration\vddawve.dll
2006-11-16 05:07 104 --sh--w C:\WINDOWS\system\bdrul.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6607E676-1BDE-4cb3-9913-4DC5EBCAE35E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C866FA6B-F9EF-4876-A0F3-EA9FE5EA225D}]
C:\WINDOWS\assembly\NativeImages1_v1.0.3705\Custom Marshalers\dobcpa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]
C:\Program Files\Helper\1202591687.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"Win_Fixer_Free"="C:\Program Files\WinFixerFree\UWinFX6.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-05-24 15:14 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 09:09 460784]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 15:46 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33 155648]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 23:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 23:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 23:10 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 01:48 36975]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 17:24 684032]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-06 00:54 98304]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdl r.exe" [2005-07-08 18:18 151552]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent .exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupda te.exe" [2006-01-11 12:05 212992]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKD etct.exe" [2006-11-07 13:49 1121280]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgen t.exe" [2005-09-26 10:26 110592]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray. exe" [2005-11-11 17:00 1005096]
"DellHelp"="C:\Dell\DellHelp\DellHelp.exe" [2004-04-01 15:51 1589248]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]
"MP***e"="c:\PROGRA~1\mcafee.com\mps\mscifapp. exe" [2006-03-30 12:31 296488]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-09 16:32 185632]
"Windows Console"="wkssvc.exe" [2008-02-08 21:41 876032 C:\WINDOWS\wkssvc.exe]
"WMDM PMSP Service"="C:\WINDOWS\system32\cssrss.exe" [ ]
"SpyAway"="C:\Program Files\SpyAway\spyaway.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"SpybotDeletingA7390"="command /c del C:\Program Files\BearShare\Logs\hosts-state.txt" [ ]
"SpybotDeletingC1316"="cmd /c del C:\Program Files\BearShare\Logs\hosts-state.txt" [ ]
"SpybotDeletingA9642"="command /c del C:\Program Files\BearShare\Logs\memory.txt" [ ]
"SpybotDeletingC3490"="cmd /c del C:\Program Files\BearShare\Logs\memory.txt" [ ]
"SpybotDeletingA3541"="command /c del C:\Program Files\BearShare\Logs\ordinal.txt" [ ]
"SpybotDeletingC6324"="cmd /c del C:\Program Files\BearShare\Logs\ordinal.txt" [ ]
"SpybotDeletingA3729"="command /c del C:\Program Files\BearShare\Logs\streams.txt" [ ]
"SpybotDeletingC9514"="cmd /c del C:\Program Files\BearShare\Logs\streams.txt" [ ]
"SpybotDeletingA3271"="command /c del C:\WINDOWS\wt\webdriver.dll" [ ]
"SpybotDeletingC5844"="cmd /c del C:\WINDOWS\wt\webdriver.dll" [ ]
"SpybotDeletingA5711"="command /c del C:\Program Files\webHancer\Programs\sporder.dll" [ ]
"SpybotDeletingC6765"="cmd /c del C:\Program Files\webHancer\Programs\sporder.dll" [ ]
"SpybotDeletingA6001"="command /c del C:\Program Files\webHancer\Programs\readme.txt" [ ]
"SpybotDeletingC27"="cmd /c del C:\Program Files\webHancer\Programs\readme.txt" [ ]
"SpybotDeletingA111"="command /c del C:\Program Files\whInstall\readme.txt" [ ]
"SpybotDeletingC4114"="cmd /c del C:\Program Files\whInstall\readme.txt" [ ]
"SpybotDeletingA2665"="command /c del C:\Program Files\whInstall\whAgent.ini" [ ]
"SpybotDeletingC8561"="cmd /c del C:\Program Files\whInstall\whAgent.ini" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-06 00:40:49 24576]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2006-09-04 16:36:00 315392]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 11:59:36 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]
"xwivi77V5G"= rundll32.exe "C:\WINDOWS\apshghwb.dll",DllCleanServer

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dobcpa]
C:\WINDOWS\assembly\NativeImages1_v1.0.3705\Custom Marshalers\dobcpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

S2 asc3550o;asc3550o;C:\WINDOWS\system32\drivers\asc3 550o.sys [2004-08-10 05:00]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-11 04:40:02 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (KARI-Kari Lynne).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 00:31:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\wml.exe 17664 bytes
C:\WINDOWS\xadbrk.dll 13824 bytes
C:\WINDOWS\xadbrk.exe 12544 bytes
C:\WINDOWS\xadbrk_.exe 15872 bytes
C:\WINDOWS\xxxvideo.exe 29184 bytes
C:\WINDOWS\kkcomp$.exe 11520 bytes
C:\WINDOWS\kkcomp.dll 21248 bytes
C:\WINDOWS\kkcomp.exe 32768 bytes
C:\WINDOWS\kvnab$.exe 32256 bytes
C:\WINDOWS\kvnab.dll 19200 bytes
C:\WINDOWS\kvnab.exe 12032 bytes
C:\WINDOWS\liqad$.exe 24832 bytes
C:\WINDOWS\liqad.dll 23552 bytes
C:\WINDOWS\liqad.exe 10752 bytes
C:\WINDOWS\liqui-Uninstaller.exe 32256 bytes
C:\WINDOWS\liqui.dll 14080 bytes
C:\WINDOWS\liqui.exe 10240 bytes
C:\WINDOWS\764.exe 8704 bytes
C:\WINDOWS\7search.dll 30464 bytes
C:\WINDOWS\absolute key logger.lnk 21760 bytes
C:\WINDOWS\aconti.exe 15872 bytes
C:\WINDOWS\aconti.ini 18688 bytes
C:\WINDOWS\aconti.log 16128 bytes
C:\WINDOWS\aconti.sdb 11776 bytes
C:\WINDOWS\acontidialer.txt 25600 bytes
C:\WINDOWS\adbar.dll 25856 bytes
C:\WINDOWS\cbinst$.exe 13056 bytes
C:\WINDOWS\pbar.dll 28672 bytes
C:\WINDOWS\pbsysie.dll 21504 bytes
C:\WINDOWS\dp0.dll 16896 bytes
C:\WINDOWS\eventlowg.dll 21248 bytes

scan completed successfully
hidden files: 31

************************************************** ************************
.
Completion time: 2008-02-11 0:34:52
ComboFix-quarantined-files.txt 2008-02-11 06:34:46
.
2008-01-14 09:09:06 --- E O F ---

SDFIX - After Reboot :

SDFix: Version 1.141

Run by Kari Lynne on Mon 02/11/2008 at 12:38 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
DP1112

Path:
\??\C:\WINDOWS\system32\Drivers\DP.sys

DP1112 - Deleted

Killing PID 808 '**jddnvj.exe'


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting...

Service asc3550o - Deleted after Reboot

Normal Mode:
Checking Files:

Trojan Files Found:

C:\209631~1 - Deleted
C:\WINDOWS\gtvuckjt\1.png - Deleted
C:\WINDOWS\gtvuckjt\2.png - Deleted
C:\WINDOWS\gtvuckjt\3.png - Deleted
C:\WINDOWS\gtvuckjt\4.png - Deleted
C:\WINDOWS\gtvuckjt\5.png - Deleted
C:\WINDOWS\gtvuckjt\6.png - Deleted
C:\WINDOWS\gtvuckjt\7.png - Deleted
C:\WINDOWS\gtvuckjt\8.png - Deleted
C:\WINDOWS\gtvuckjt\9.png - Deleted
C:\WINDOWS\gtvuckjt\bottom-rc.gif - Deleted
C:\WINDOWS\gtvuckjt\config.png - Deleted
C:\WINDOWS\gtvuckjt\content.png - Deleted
C:\WINDOWS\gtvuckjt\download.gif - Deleted
C:\WINDOWS\gtvuckjt\frame-bg.gif - Deleted
C:\WINDOWS\gtvuckjt\frame-bottom-left.gif - Deleted
C:\WINDOWS\gtvuckjt\frame-h1bg.gif - Deleted
C:\WINDOWS\gtvuckjt\head.png - Deleted
C:\WINDOWS\gtvuckjt\icon.png - Deleted
C:\WINDOWS\gtvuckjt\indexwp.html - Deleted
C:\WINDOWS\gtvuckjt\main.css - Deleted
C:\WINDOWS\gtvuckjt\memory-prots.png - Deleted
C:\WINDOWS\gtvuckjt\net.png - Deleted
C:\WINDOWS\gtvuckjt\pc.gif - Deleted
C:\WINDOWS\gtvuckjt\pc-mag.gif - Deleted
C:\WINDOWS\gtvuckjt\poloska1.png - Deleted
C:\WINDOWS\gtvuckjt\poloska2.png - Deleted
C:\WINDOWS\gtvuckjt\poloska3.png - Deleted
C:\WINDOWS\gtvuckjt\promowp1.html - Deleted
C:\WINDOWS\gtvuckjt\promowp2.html - Deleted
C:\WINDOWS\gtvuckjt\promowp3.html - Deleted
C:\WINDOWS\gtvuckjt\promowp4.html - Deleted
C:\WINDOWS\gtvuckjt\promowp5.html - Deleted
C:\WINDOWS\gtvuckjt\reg.png - Deleted
C:\WINDOWS\gtvuckjt\repair.png - Deleted
C:\WINDOWS\gtvuckjt\scr-1.png - Deleted
C:\WINDOWS\gtvuckjt\scr-2.png - Deleted
C:\WINDOWS\gtvuckjt\start.png - Deleted
C:\WINDOWS\gtvuckjt\styles.css - Deleted
C:\WINDOWS\gtvuckjt\top-rc.gif - Deleted
C:\WINDOWS\gtvuckjt\vline.gif - Deleted
C:\WINDOWS\gtvuckjt\wp.png - Deleted
C:\WINDOWS\system32\acespy\systune.exe - Deleted
C:\WINDOWS\system32\acespy\__acelog.ndx - Deleted
C:\Program Files\3721\helper.dll - Deleted
C:\Program Files\3721\assist\asbar.dll - Deleted
C:\Program Files\Accoona\ASearchAssist.dll - Deleted
C:\Program Files\akl\akl.dll - Deleted
C:\Program Files\akl\akl.exe - Deleted
C:\Program Files\akl\curlog.htm - Deleted
C:\Program Files\akl\keylog.txt - Deleted
C:\Program Files\akl\readme.txt - Deleted
C:\Program Files\akl\uninstall.exe - Deleted
C:\Program Files\akl\unsetup.dat - Deleted
C:\Program Files\akl\unsetup.exe - Deleted
C:\Program Files\amsys\awmsg.dat - Deleted
C:\Program Files\amsys\guid.dat - Deleted
C:\Program Files\amsys\ijl15.dll - Deleted
C:\Program Files\amsys\mfc42.dll - Deleted
C:\Program Files\amsys\msvcrt.dll - Deleted
C:\Program Files\amsys\unins000.dat - Deleted
C:\Program Files\amsys\unis000.exe - Deleted
C:\Program Files\amsys\winam.dat - Deleted
C:\Program Files\e-zshopper\BarLcher.dll - Deleted
C:\Program Files\p2pnetworks\amp2pl.exe - Deleted
C:\WINDOWS\764.exe - Deleted
C:\WINDOWS\7search.dll - Deleted
C:\WINDOWS\absolute key logger.lnk - Deleted
C:\WINDOWS\aconti.exe - Deleted
C:\WINDOWS\aconti.ini - Deleted
C:\WINDOWS\aconti.log - Deleted
C:\WINDOWS\aconti.sdb - Deleted
C:\WINDOWS\acontidialer.txt - Deleted
C:\WINDOWS\adbar.dll - Deleted
C:\WINDOWS\cbinst$.exe - Deleted
C:\WINDOWS\daxtime.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\dp0.dll - Deleted
C:\WINDOWS\eventlowg.dll - Deleted
C:\WINDOWS\fhfmm.exe - Deleted
C:\WINDOWS\fhfmm-Uninstaller.exe - Deleted
C:\WINDOWS\flt.dll - Deleted
C:\WINDOWS\hcwprn.exe - Deleted
C:\WINDOWS\hot****.exe - Deleted
C:\WINDOWS\ie_32.exe - Deleted
C:\WINDOWS\iexplorr23.dll - Deleted
C:\WINDOWS\jd2002.dll - Deleted
C:\WINDOWS\kkcomp$.exe - Deleted
C:\WINDOWS\kkcomp.dll - Deleted
C:\WINDOWS\kkcomp.exe - Deleted
C:\WINDOWS\kvnab$.exe - Deleted
C:\WINDOWS\kvnab.dll - Deleted
C:\WINDOWS\kvnab.exe - Deleted
C:\WINDOWS\liqad$.exe - Deleted
C:\WINDOWS\liqad.dll - Deleted
C:\WINDOWS\liqad.exe - Deleted
C:\WINDOWS\liqui.dll - Deleted
C:\WINDOWS\liqui.exe - Deleted
C:\WINDOWS\liqui-Uninstaller.exe - Deleted
C:\WINDOWS\ngd.dll - Deleted
C:\WINDOWS\pbar.dll - Deleted
C:\WINDOWS\pbsysie.dll - Deleted
C:\WINDOWS\settn.dll - Deleted
C:\WINDOWS\spredirect.dll - Deleted
C:\WINDOWS\system32\ace16win.dll - Deleted
C:\WINDOWS\system32\cmds.txt - Deleted
C:\WINDOWS\system32\cs.dat - Deleted
C:\WINDOWS\system32\ESHOPEE.exe - Deleted
C:\WINDOWS\system32\msole32.exe - Deleted
C:\WINDOWS\system32\ps1.dat - Deleted
C:\WINDOWS\system32\rc.dat - Deleted
C:\WINDOWS\system32\**jddnvj.exe - Deleted
C:\WINDOWS\system32\unifff.dll - Deleted
C:\WINDOWS\system32\vxddsk.exe - Deleted
C:\WINDOWS\system32\wml.exe - Deleted
C:\WINDOWS\vxddsk.exe - Deleted
C:\WINDOWS\wbeCheck.exe - Deleted
C:\WINDOWS\wbeInst$.exe - Deleted
C:\WINDOWS\wkssvc.exe - Deleted
C:\WINDOWS\wml.exe - Deleted
C:\WINDOWS\xadbrk.dll - Deleted
C:\WINDOWS\xadbrk.exe - Deleted
C:\WINDOWS\xadbrk_.exe - Deleted
C:\WINDOWS\xxxvideo.exe - Deleted
C:\WINDOWS\system32\drivers\asc3550o.sys - Deleted



Folder C:\Program Files\3721 - Removed
Folder C:\Program Files\Accoona - Removed
Folder C:\Program Files\akl - Removed
Folder C:\Program Files\amsys - Removed
Folder C:\Program Files\e-zshopper - Removed
Folder C:\Program Files\p2pnetworks - Removed
Folder C:\WINDOWS\system32\acespy - Removed


Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 01:00:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000001c4
"TracesSuccessful"=dword:0000001a

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 25 Dec 2005 56 A.SHR --- "C:\i386\EB45ED61D8.sys"
Sun 25 Dec 2005 2,828 A.SH. --- "C:\i386\KGyGaAvL.sys"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 29 Mar 2006 1,118,051 A..H. --- "C:\Program Files\WinFixerFree\dcres.sys"
Wed 29 Mar 2006 244,578 A..H. --- "C:\Program Files\WinFixerFree\wsres.sys"
Mon 13 Nov 2006 104 ..SH. --- "C:\WINDOWS\Config\cacsmvc.dll"
Mon 13 Nov 2006 104 ..SH. --- "C:\WINDOWS\Config\wvsr.dll"
Fri 17 Nov 2006 104 ..SH. --- "C:\WINDOWS\Cursors\pipa.dll"
Fri 17 Nov 2006 104 ..SH. --- "C:\WINDOWS\msagent\tuilsmvc.dll"
Tue 14 Nov 2006 104 ..SH. --- "C:\WINDOWS\Registration\vddawve.dll"
Wed 15 Nov 2006 104 ..SH. --- "C:\WINDOWS\system\bdrul.dll"
Thu 7 Feb 2008 56 ..SHR --- "C:\WINDOWS\system32\EB45ED61D8.sys"
Thu 7 Feb 2008 3,766 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 13 Mar 2006 406,504 ..SH. --- "C:\WINDOWS\system32\orutv.tmp"
Mon 20 Nov 2006 915,676 A.SH. --- "C:\WINDOWS\system32\orutv.tmp2"
Mon 20 Nov 2006 937,155 ..SH. --- "C:\WINDOWS\assembly\NativeImages1_v1.0.3705\Custo mMarshalers\apcbod.bak1"
Sun 8 Apr 2007 8 A..H. --- "C:\Documents and Settings\Kari Lynne\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
Mon 9 Apr 2007 8 A..H. --- "C:\Documents and Settings\Kari Lynne\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
Sun 15 Apr 2007 8 A..H. --- "C:\Documents and Settings\Kari Lynne\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
Sun 15 Apr 2007 8 A..H. --- "C:\Documents and Settings\Kari Lynne\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "

Finished!
Reply With Quote
Posted


  #2  
Old 02-11-2008, 01:41 AM
Raistlfiren's Avatar
Raistlfiren Raistlfiren is offline
Moderator
  
Join Date: Sep 2004
Location: 127.0.0.1
Posts: 427
This is the other pc.

HiJack This Report :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:01 AM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\**jddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://antispywareupdates.net/?aid=496.cacdc9d1cececa
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\WINDO WS\system32\**jddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {246453d2-1dd2-11b2-a6a2-fd50a24c36a3} - C:\WINDOWS\zehyfmlc.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll (file missing)
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - unifff.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1202599936.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MP***e] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MalwareWiped] C:\Program Files\MalwareWiped\MalwareWiped.exe /h
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Windows Console] wkssvc.exe
O4 - HKLM\..\Run: [jurypcbk] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jurypcbk.dll"
O4 - HKLM\..\Run: [drmsrv32] C:\DOCUME~1\OLIVIA~1\LOCALS~1\Temp\452c4a4hpc4a4a. exe
O4 - HKLM\..\Run: [SpyAway] C:\Program Files\SpyAway\SpyAway.exe
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro
O4 - HKLM\..\RunOnce: [SpybotDeletingA7153] command /c del "c:\Program Files\PestCapture\PestCapture.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7993] cmd /c del "c:\Program Files\PestCapture\PestCapture.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9595] command /c del "c:\Program Files\PestCapture\PestCapture0.pc"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5441] cmd /c del "c:\Program Files\PestCapture\PestCapture0.pc"
O4 - HKLM\..\RunOnce: [SpybotDeletingA169] command /c del "c:\Program Files\PestCapture\Uninstall.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9579] cmd /c del "c:\Program Files\PestCapture\Uninstall.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3862] command /c del "C:\Program Files\AntiVermins\AntiVermins.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6664] cmd /c del "C:\Program Files\AntiVermins\AntiVermins.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9123] command /c del "C:\Program Files\AntiVermins\blacklist.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6136] cmd /c del "C:\Program Files\AntiVermins\blacklist.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5284] command /c del "C:\Program Files\AntiVermins\msvcp71.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2814] cmd /c del "C:\Program Files\AntiVermins\msvcp71.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5090] command /c del "C:\Program Files\AntiVermins\msvcr71.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9650] cmd /c del "C:\Program Files\AntiVermins\msvcr71.dll"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB706] command /c del "c:\Program Files\PestCapture\PestCapture.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5001] cmd /c del "c:\Program Files\PestCapture\PestCapture.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9260] command /c del "c:\Program Files\PestCapture\PestCapture0.pc"
O4 - HKCU\..\RunOnce: [SpybotDeletingD392] cmd /c del "c:\Program Files\PestCapture\PestCapture0.pc"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5332] command /c del "c:\Program Files\PestCapture\Uninstall.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1389] cmd /c del "c:\Program Files\PestCapture\Uninstall.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8574] command /c del "C:\Program Files\AntiVermins\AntiVermins.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8572] cmd /c del "C:\Program Files\AntiVermins\AntiVermins.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5760] command /c del "C:\Program Files\AntiVermins\blacklist.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1814] cmd /c del "C:\Program Files\AntiVermins\blacklist.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1370] command /c del "C:\Program Files\AntiVermins\msvcp71.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3897] cmd /c del "C:\Program Files\AntiVermins\msvcp71.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6490] command /c del "C:\Program Files\AntiVermins\msvcr71.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5759] cmd /c del "C:\Program Files\AntiVermins\msvcr71.dll"
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presar io&pf=laptop
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdcco...ad/tgctlsr.cab
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - Winlogon Notify: jkhhi - jkhhi.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 18257 bytes

ComboFix Report :
ComboFix 08-02.11.1 - Olivia Shelton 2008-02-11 0:39:11.1 - NTFSx86 MINIMAL
Running from: E:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\jurypcbk.dll
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Program Files\3721
C:\Program Files\Accoona
C:\Program Files\akl
C:\Program Files\amsys
C:\Program Files\e-zshopper
C:\Program Files\p2pnetworks
C:\WINDOWS\PerfInfo
C:\WINDOWS\system32\acespy
C:\WINDOWS\zehyfmlc.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-11 00:16 . 2008-02-11 00:16 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-11 00:15 . 2008-02-11 00:28 <DIR> d-------- C:\SDFix
2008-02-11 00:09 . 2008-02-11 00:09 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-10 23:43 . 2008-02-10 23:44 <DIR> d-------- C:\ClamWinPortable
2008-02-10 23:31 . 2008-02-10 23:33 487 --a------ C:\WINDOWS\wininit.ini
2008-02-10 23:10 . 2008-02-10 23:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-10 23:10 . 2008-02-10 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 22:49 . 2005-04-29 23:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-10 22:49 . 2005-04-29 23:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-02-10 22:07 . 2008-02-10 22:07 1,494 --a------ C:\Ad-Ware Pro.lnk
2008-02-10 22:06 . 2008-02-10 22:06 <DIR> d-------- C:\WINDOWS\Ad-Ware Pro
2008-02-10 22:06 . 2008-02-10 22:06 <DIR> d-------- C:\Program Files\Ad-Ware Pro
2008-02-10 21:30 . 2008-02-11 00:31 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-10 21:30 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-10 21:30 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-10 21:30 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-10 21:30 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-10 21:29 . 2008-02-10 23:16 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-10 21:29 . 2008-02-10 21:29 <DIR> d-------- C:\Documents and Settings\Olivia Shelton\Application Data\PC Tools
2008-02-10 17:18 . 2008-02-10 17:19 <DIR> d-------- C:\Documents and Settings\Olivia Shelton\Application Data\eAcceleration
2008-02-10 17:17 . 2008-02-10 17:18 <DIR> d-------- C:\Program Files\eAcceleration
2008-02-10 16:27 . 2008-02-10 17:04 <DIR> d-------- C:\Program Files\SpyAway
2008-02-09 17:47 . 2008-02-09 17:47 10,752 --a------ C:\WINDOWS\system32\worsock.dll
2008-02-09 17:31 . 2008-02-11 00:27 <DIR> d-------- C:\WINDOWS\gwjfsluv
2008-02-09 17:31 . 2008-02-09 17:31 185,344 --a------ C:\WINDOWS\rsxqhsbm.dll
2008-02-09 17:31 . 2008-02-09 17:31 91,667 --a------ C:\WINDOWS\tydixkha.exe
2008-02-09 17:31 . 2008-02-09 17:31 36,864 --a------ C:\WINDOWS\jgnmjyrw.exe
2008-02-09 17:31 . 2008-02-10 23:32 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-09 17:31 . 2008-02-09 17:31 0 --a------ C:\WINDOWS\1rnrLjpcES.exe.bak
2008-02-09 17:30 . 2008-02-09 17:30 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-09 17:30 . 2008-02-09 17:30 13,312 --a------ C:\btde.exe
2008-02-09 17:30 . 2008-02-09 17:30 3,584 --a------ C:\ryvqkqv.exe
2008-02-09 17:30 . 2008-02-09 17:30 0 --a------ C:\166556076
2008-02-09 17:29 . 2008-02-09 17:30 58,368 --a------ C:\ykamvp.exe
2008-02-09 15:12 . 2008-02-09 15:12 4,218 --a------ C:\msn.com
2008-01-22 00:57 . 2008-02-10 22:09 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2008-01-22 00:57 . 2008-02-10 22:09 4 --a------ C:\WINDOWS\system32\9C7B6F
2008-01-22 00:56 . 2008-01-22 00:56 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2008-01-22 00:54 . 2008-01-22 00:58 <DIR> d-------- C:\Program Files\Rhapsody
2008-01-22 00:35 . 2008-01-22 00:38 <DIR> d-------- C:\Program Files\Winamp
2008-01-22 00:34 . 2008-01-22 00:34 <DIR> d-------- C:\Program Files\Shareaza
2008-01-22 00:34 . 2008-01-22 00:34 <DIR> d-------- C:\Documents and Settings\Olivia Shelton\Application Data\Talkback
2008-01-22 00:34 . 2008-01-22 00:34 <DIR> d-------- C:\Documents and Settings\Olivia Shelton\Application Data\Shareaza
2008-01-22 00:07 . 2008-01-22 00:11 <DIR> d-------- C:\Program Files\BitComet
2008-01-21 23:57 . 2008-01-21 23:57 <DIR> d-------- C:\Program Files\Azureus
2008-01-21 23:46 . 2008-01-21 23:46 <DIR> d-------- C:\Program Files\Picasa2
2008-01-21 23:46 . 2006-10-04 20:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-21 23:46 . 2006-10-04 20:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-21 23:43 . 2008-01-21 23:43 <DIR> d-------- C:\Program Files\K-Lite Pro
2008-01-21 23:42 . 2008-01-21 23:42 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-01-21 23:39 . 2008-02-08 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-01-21 23:31 . 2008-02-08 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-21 23:13 . 2008-01-22 00:23 <DIR> d-------- C:\Documents and Settings\Olivia Shelton\Application Data\FileVOoM
2008-01-21 23:12 . 2008-01-21 23:13 <DIR> d-------- C:\Program Files\FileVOoM Pro
2008-01-21 13:39 . 2008-01-21 13:51 <DIR> d-------- C:\Program Files\Windows Live
2008-01-21 13:39 . 2008-01-21 13:48 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-21 13:38 . 2008-01-21 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-10 22:32 --------- d-----w C:\Documents and Settings\Olivia Shelton\Application Data\AVG7
2008-02-10 11:15 --------- d-----w C:\Program Files\Lx_cats
2008-02-09 23:50 --------- d-----w C:\Program Files\LimeWire
2008-02-08 07:29 --------- d-----w C:\Documents and Settings\Olivia Shelton\Application Data\LimeWire
2008-02-04 21:43 7,656 ----a-w C:\Documents and Settings\Olivia Shelton\Application Data\wklnhst.dat
2008-01-28 04:34 --------- d-----w C:\Documents and Settings\Olivia Shelton\Application Data\Image Zone Express
2008-01-22 06:13 --------- d-----w C:\Program Files\Google
2008-01-11 03:28 --------- d-----w C:\Program Files\Easy Internet signup
2007-12-11 05:24 --------- d-----w C:\Documents and Settings\Olivia Shelton\Application Data\Apple Computer
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58F07DD3-924D-4141-BC74-299F523A95F1}]
C:\WINDOWS\pxwma.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2006-08-23 11:22 1191936]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 09:29 50736]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgen t.exe" [2005-03-23 16:33 126976]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-15 23:14 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2005-10-27 18:44 3887104]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\ Flash\FlashUtil9d.exe" [2007-06-11 14:04 190696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 11:00 339968]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 16:11 794624]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 06:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 06:11 692316]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 17:04 278528]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 14:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 15:01 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwat cher.exe" [2004-10-14 14:54 253952]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-28 09:41 180269]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdl r.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent .exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupda te.exe" [2006-01-11 12:05 212992]
"MP***e"="c:\PROGRA~1\mcafee.com\mps\mscifapp. exe" [2005-05-24 16:50 274432]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgen t.exe" [2005-03-23 16:33 126976]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MskD etct.exe" [2005-03-23 15:47 1111040]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray. exe" [2005-04-05 14:41 950272]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [2008-01-16 08:24 579072]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-21 23:37 29744]
"lxdcmon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" [ ]
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 17:32 20480]
"LXDCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\LXDCtime.dll" [2007-01-22 16:05 102400]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-02-23 13:10 35328]
"SpyAway"="C:\Program Files\SpyAway\SpyAway.exe" [2008-02-10 16:27 286227]
"SoftwareStation"="C:\Program Files\eAcceleration\Station\station.exe" [2007-05-08 18:12 136904]
"StopSignSsTsMon"="C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll" [ ]
"StopSignSsSsMon"="C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [ ]
"webscan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [ ]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"SDFix"="C:\SDFix\RunThis.bat /second" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"StopSignSsSsMon"="C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [ ]
"SpybotDeletingA7153"="command /c del c:\Program Files\PestCapture\PestCapture.exe" [ ]
"SpybotDeletingC7993"="cmd /c del c:\Program Files\PestCapture\PestCapture.exe" [ ]
"SpybotDeletingA9595"="command /c del c:\Program Files\PestCapture\PestCapture0.pc" [ ]
"SpybotDeletingC5441"="cmd /c del c:\Program Files\PestCapture\PestCapture0.pc" [ ]
"SpybotDeletingA169"="command /c del c:\Program Files\PestCapture\Uninstall.exe" [ ]
"SpybotDeletingC9579"="cmd /c del c:\Program Files\PestCapture\Uninstall.exe" [ ]
"SpybotDeletingA3862"="command /c del C:\Program Files\AntiVermins\AntiVermins.url" [ ]
"SpybotDeletingC6664"="cmd /c del C:\Program Files\AntiVermins\AntiVermins.url" [ ]
"SpybotDeletingA9123"="command /c del C:\Program Files\AntiVermins\blacklist.txt" [ ]
"SpybotDeletingC6136"="cmd /c del C:\Program Files\AntiVermins\blacklist.txt" [ ]
"SpybotDeletingA5284"="command /c del C:\Program Files\AntiVermins\msvcp71.dll" [ ]
"SpybotDeletingC2814"="cmd /c del C:\Program Files\AntiVermins\msvcp71.dll" [ ]
"SpybotDeletingA5090"="command /c del C:\Program Files\AntiVermins\msvcr71.dll" [ ]
"SpybotDeletingC9650"="cmd /c del C:\Program Files\AntiVermins\msvcr71.dll" [ ]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]
"SDFix"="C:\SDFix\RunThis.bat /second" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw. exe" [2007-10-23 07:27 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-21 23:31:51 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhi]
jkhhi.dll

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 21:52:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-11 04:19:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-09 06:45:48 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2005-04-30 05:52:52 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 00:44:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????3?4?2?5??????? ???B?????????????hLC? ??????
LXDCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-11 0:48:35
ComboFix-quarantined-files.txt 2008-02-11 06:48:07
.
2008-01-10 04:21:53 --- E O F ---

SDFix Report :

SDFix: Version 1.141

Run by Olivia Shelton on Mon 02/11/2008 at 12:20 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
4fdw

Path:
\??\C:\WINDOWS\system32\4fdw.dll

4fdw - Deleted

Killing PID 1336 '**jddnvj.exe'


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\D.EXE - Deleted
C:\WINDOWS\gwjfsluv\1.png - Deleted
C:\WINDOWS\gwjfsluv\2.png - Deleted
C:\WINDOWS\gwjfsluv\3.png - Deleted
C:\WINDOWS\gwjfsluv\4.png - Deleted
C:\WINDOWS\gwjfsluv\5.png - Deleted
C:\WINDOWS\gwjfsluv\6.png - Deleted
C:\WINDOWS\gwjfsluv\7.png - Deleted
C:\WINDOWS\gwjfsluv\8.png - Deleted
C:\WINDOWS\gwjfsluv\9.png - Deleted
C:\WINDOWS\gwjfsluv\bottom-rc.gif - Deleted
C:\WINDOWS\gwjfsluv\config.png - Deleted
C:\WINDOWS\gwjfsluv\content.png - Deleted
C:\WINDOWS\gwjfsluv\download.gif - Deleted
C:\WINDOWS\gwjfsluv\frame-bg.gif - Deleted
C:\WINDOWS\gwjfsluv\frame-bottom-left.gif - Deleted
C:\WINDOWS\gwjfsluv\frame-h1bg.gif - Deleted
C:\WINDOWS\gwjfsluv\head.png - Deleted
C:\WINDOWS\gwjfsluv\icon.png - Deleted
C:\WINDOWS\gwjfsluv\indexwp.html - Deleted
C:\WINDOWS\gwjfsluv\main.css - Deleted
C:\WINDOWS\gwjfsluv\memory-prots.png - Deleted
C:\WINDOWS\gwjfsluv\net.png - Deleted
C:\WINDOWS\gwjfsluv\pc.gif - Deleted
C:\WINDOWS\gwjfsluv\pc-mag.gif - Deleted
C:\WINDOWS\gwjfsluv\poloska1.png - Deleted
C:\WINDOWS\gwjfsluv\poloska2.png - Deleted
C:\WINDOWS\gwjfsluv\poloska3.png - Deleted
C:\WINDOWS\gwjfsluv\promowp1.html - Deleted
C:\WINDOWS\gwjfsluv\promowp2.html - Deleted
C:\WINDOWS\gwjfsluv\promowp3.html - Deleted
C:\WINDOWS\gwjfsluv\promowp4.html - Deleted
C:\WINDOWS\gwjfsluv\promowp5.html - Deleted
C:\WINDOWS\gwjfsluv\reg.png - Deleted
C:\WINDOWS\gwjfsluv\repair.png - Deleted
C:\WINDOWS\gwjfsluv\scr-1.png - Deleted
C:\WINDOWS\gwjfsluv\scr-2.png - Deleted
C:\WINDOWS\gwjfsluv\start.png - Deleted
C:\WINDOWS\gwjfsluv\styles.css - Deleted
C:\WINDOWS\gwjfsluv\top-rc.gif - Deleted
C:\WINDOWS\gwjfsluv\vline.gif - Deleted
C:\WINDOWS\gwjfsluv\wp.png - Deleted
C:\WINDOWS\system32\acespy\systune.exe - Deleted
C:\WINDOWS\system32\acespy\__acelog.ndx - Deleted
C:\Program Files\3721\helper.dll - Deleted
C:\Program Files\3721\assist\asbar.dll - Deleted
C:\Program Files\Accoona\ASearchAssist.dll - Deleted
C:\Program Files\akl\akl.dll - Deleted
C:\Program Files\akl\akl.exe - Deleted
C:\Program Files\akl\curlog.htm - Deleted
C:\Program Files\akl\keylog.txt - Deleted
C:\Program Files\akl\readme.txt - Deleted
C:\Program Files\akl\uninstall.exe - Deleted
C:\Program Files\akl\unsetup.dat - Deleted
C:\Program Files\akl\unsetup.exe - Deleted
C:\Program Files\amsys\awmsg.dat - Deleted
C:\Program Files\amsys\guid.dat - Deleted
C:\Program Files\amsys\ijl15.dll - Deleted
C:\Program Files\amsys\mfc42.dll - Deleted
C:\Program Files\amsys\msvcrt.dll - Deleted
C:\Program Files\amsys\unins000.dat - Deleted
C:\Program Files\amsys\unis000.exe - Deleted
C:\Program Files\amsys\winam.dat - Deleted
C:\Program Files\e-zshopper\BarLcher.dll - Deleted
C:\Program Files\p2pnetworks\amp2pl.exe - Deleted
C:\d.exe - Deleted
C:\WINDOWS\764.exe - Deleted
C:\WINDOWS\7search.dll - Deleted
C:\WINDOWS\absolute key logger.lnk - Deleted
C:\WINDOWS\aconti.exe - Deleted
C:\WINDOWS\aconti.ini - Deleted
C:\WINDOWS\aconti.log - Deleted
C:\WINDOWS\aconti.sdb - Deleted
C:\WINDOWS\acontidialer.txt - Deleted
C:\WINDOWS\adbar.dll - Deleted
C:\WINDOWS\cbinst$.exe - Deleted
C:\WINDOWS\daxtime.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\dp0.dll - Deleted
C:\WINDOWS\eventlowg.dll - Deleted
C:\WINDOWS\fhfmm.exe - Deleted
C:\WINDOWS\fhfmm-Uninstaller.exe - Deleted
C:\WINDOWS\flt.dll - Deleted
C:\WINDOWS\hcwprn.exe - Deleted
C:\WINDOWS\hot****.exe - Deleted
C:\WINDOWS\ie_32.exe - Deleted
C:\WINDOWS\iexplorr23.dll - Deleted
C:\WINDOWS\jd2002.dll - Deleted
C:\WINDOWS\kkcomp$.exe - Deleted
C:\WINDOWS\kkcomp.dll - Deleted
C:\WINDOWS\kkcomp.exe - Deleted
C:\WINDOWS\kvnab$.exe - Deleted
C:\WINDOWS\kvnab.dll - Deleted
C:\WINDOWS\kvnab.exe - Deleted
C:\WINDOWS\liqad$.exe - Deleted
C:\WINDOWS\liqad.dll - Deleted
C:\WINDOWS\liqad.exe - Deleted
C:\WINDOWS\liqui.dll - Deleted
C:\WINDOWS\liqui.exe - Deleted
C:\WINDOWS\liqui-Uninstaller.exe - Deleted
C:\WINDOWS\ngd.dll - Deleted
C:\WINDOWS\pbar.dll - Deleted
C:\WINDOWS\pbsysie.dll - Deleted
C:\WINDOWS\settn.dll - Deleted
C:\WINDOWS\spredirect.dll - Deleted
C:\WINDOWS\system32\ace16win.dll - Deleted
C:\WINDOWS\system32\cmds.txt - Deleted
C:\WINDOWS\system32\conf.dat - Deleted
C:\WINDOWS\system32\cs.dat - Deleted
C:\WINDOWS\system32\ESHOPEE.exe - Deleted
C:\WINDOWS\system32\msole32.exe - Deleted
C:\WINDOWS\system32\ps1.dat - Deleted
C:\WINDOWS\system32\rc.dat - Deleted
C:\WINDOWS\system32\**jddnvj.exe - Deleted
C:\WINDOWS\system32\unifff.dll - Deleted
C:\WINDOWS\system32\vxddsk.exe - Deleted
C:\WINDOWS\system32\wml.exe - Deleted
C:\WINDOWS\vxddsk.exe - Deleted
C:\WINDOWS\wbeCheck.exe - Deleted
C:\WINDOWS\wbeInst$.exe - Deleted
C:\WINDOWS\wkssvc.exe - Deleted
C:\WINDOWS\wml.exe - Deleted
C:\WINDOWS\xadbrk.dll - Deleted
C:\WINDOWS\xadbrk.exe - Deleted
C:\WINDOWS\xadbrk_.exe - Deleted
C:\WINDOWS\xxxvideo.exe - Deleted
C:\WINDOWS\system32\4fdw.dll - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 00:57:50
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 23 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 22 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc261 2ebcefc90e7dee4c276ee95e\BIT6.tmp"
Mon 8 Oct 2007 14,449,128 A..H. --- "C:\Documents and Settings\All Users\Application Data\Google Updater\cache\BIT25C.tmp"

Finished!
Reply With Quote