Reallyhatesspyware

Thanks for the help! She seems satisfied with any results I've done to her computer, haha. Thanks again. Will make her surf more safely next time

Not sure what I'm supposed to be seeing. *Description according to her* "It's slower, but my computer isn't under complete attack anymore!"

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:53:42 AM, on 07/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\sessmgr.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user') O4 - Startup: IMVU.lnk = C:\Documents and Settings\Chris Woodward\Application Data\IMVUClient\IMVUClient.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Chris Woodward\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 8743 bytes

The Hijackthis Log was from after I rebooted her computer because of the MBAM log. Don't know if that means anything..just thought I'd tell ya

Sorry it took so long to respond miekie. Didn't get an email notification till tonight. Here is this MBAM log taken tonight. ________________________________________________________________________________ __ Malwarebytes' Anti-Malware 1.44 Database version: 3700 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 07/02/2010 1:42:46 AM mbam-log-2010-02-07 (01-42-46).txt Scan type: Quick Scan Objects scanned: 131459 Time elapsed: 8 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.FakeAV) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jittawte (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jicgiiyp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Chris Woodward\Local Settings\Temp\EQKg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris Woodward\Local Settings\Temp\sClw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris Woodward\Local Settings\Temporary Internet Files\Content.IE5\QPI4JMG9\eHbf2015c2V0100f080006Rba08fd69102Tf4497487201l0409K23261b0b318J0b0006010[1 ] (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris Woodward\Local Settings\Temporary Internet Files\Content.IE5\QPI4JMG9\eHbf2015c2V0100f080006Rba08fd69102Tf4497487201l0409Kbcc29e78318J0b0006010[1 ] (Trojan.FakeAlert) -> Quarantined and deleted successfully. ________________________________________________________________________________ __ And here is this Hijackthis log from tonight. ________________________________________________________________________________ __ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:49:10 AM, on 07/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\sessmgr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\RDSHOST.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user') O4 - Startup: IMVU.lnk = C:\Documents and Settings\Chris Woodward\Application Data\IMVUClient\IMVUClient.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Chris Woodward\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 7733 bytes

Helping my girlfriend fix her computer. Here is the Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:00:49 PM, on 04/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\RDSHOST.exe C:\WINDOWS\system32\sessmgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [jittawte] C:\Documents and Settings\Chris Woodward\Local Settings\Application Data\xpjmgj\mbyrsftav.exe O4 - HKCU\..\Run: [jicgiiyp] C:\Documents and Settings\Chris Woodward\Local Settings\Application Data\pmhoso\mskysftav.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user') O4 - Startup: IMVU.lnk = C:\Documents and Settings\Chris Woodward\Application Data\IMVUClient\IMVUClient.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Chris Woodward\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 7983 bytes

Nevermind about the MagicJack. Fixed that easily enough.

This process seems to have deleted one of my non-malware programs. "MagicJack", which is an plug-in internet phone. Is there anyway I can reinstall that? As it's not coming up in the normal re-installation process

After typing in SC query EVENTLOG ------------------------------------------------------------------ Microsoft Windows XP [Version 5.1.2600] © Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Stephen Reid>SC query EVENTLOG SERVICE_NAME: EVENTLOG TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 C:\Documents and Settings\Stephen Reid> ------------------------------------------------------------------------------------------------------------------------------------- Text after Scan ------------------------------------------------------------------------------------------------------------------------------------ ComboFix 09-09-22.02 - Stephen Reid 09/22/2009 16:47.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.328 [GMT -7:00] Running from: c:\documents and settings\Stephen Reid\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Stephen Reid\Desktop\cfscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "C:\hwdgqmcw.exe" "c:\program files\Common Files\fyno._sy" "c:\windows\qypyd.com" "c:\windows\sycapyvac.dat" file zipped: c:\windows\system32\nakuwiyi.dll file zipped: c:\windows\system32\rikosego.dll file zipped: c:\windows\system32\witiwegu.dll file zipped: c:\windows\system32\mfsdisk.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Stephen Reid\Application Data\mjusbsp c:\documents and settings\Stephen Reid\Application Data\mjusbsp\_911offline.html c:\documents and settings\Stephen Reid\Application Data\mjusbsp\_shuttingdown.html c:\documents and settings\Stephen Reid\Application Data\mjusbsp\ar00000\install.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\ar00000\magicJack.dll c:\documents and settings\Stephen Reid\Application Data\mjusbsp\ar00000\magicJackSplash.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\ar00000\mjsetup.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\ar00000\splash.gif c:\documents and settings\Stephen Reid\Application Data\mjusbsp\ar00000\WarningMJCouldNotStart.gif c:\documents and settings\Stephen Reid\Application Data\mjusbsp\big.skn c:\documents and settings\Stephen Reid\Application Data\mjusbsp\cdloader2.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\closeWindow.png c:\documents and settings\Stephen Reid\Application Data\mjusbsp\in00000\magicJack.dll c:\documents and settings\Stephen Reid\Application Data\mjusbsp\in00000\magicJackSplash.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\in00000\mjsetup.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\in00000\setup.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\in00000\splash.gif c:\documents and settings\Stephen Reid\Application Data\mjusbsp\in00000\WarningMJCouldNotStart.gif c:\documents and settings\Stephen Reid\Application Data\mjusbsp\Loader.gif c:\documents and settings\Stephen Reid\Application Data\mjusbsp\magicJack.dll c:\documents and settings\Stephen Reid\Application Data\mjusbsp\magicJack.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\magicJackLoader.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\magicJackSplash.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\mainBannerOffline.html c:\documents and settings\Stephen Reid\Application Data\mjusbsp\octvqe1_apiw.dll c:\documents and settings\Stephen Reid\Application Data\mjusbsp\SJHandsetMagicJack.dll c:\documents and settings\Stephen Reid\Application Data\mjusbsp\small.skn c:\documents and settings\Stephen Reid\Application Data\mjusbsp\st00000\magicJack.dll c:\documents and settings\Stephen Reid\Application Data\mjusbsp\st00000\magicJackSplash.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\st00000\mjsetup.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\st00000\splash.gif c:\documents and settings\Stephen Reid\Application Data\mjusbsp\st00000\WarningMJCouldNotStart.gif c:\documents and settings\Stephen Reid\Application Data\mjusbsp\TjIpSys.dll c:\documents and settings\Stephen Reid\Application Data\mjusbsp\TjVista.dll c:\documents and settings\Stephen Reid\Application Data\mjusbsp\ug00000\install.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\ug00000\magicJack.dll c:\documents and settings\Stephen Reid\Application Data\mjusbsp\ug00000\magicJackSplash.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\ug00000\setup.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\ug00000\splash.gif c:\documents and settings\Stephen Reid\Application Data\mjusbsp\ug00000\WarningMJCouldNotStart.gif c:\documents and settings\Stephen Reid\Application Data\mjusbsp\Upgrade\install1.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\Upgrade\install1.ini c:\documents and settings\Stephen Reid\Application Data\mjusbsp\Upgrade\setup1.exe c:\documents and settings\Stephen Reid\Application Data\mjusbsp\Upgrade\setup1.ini c:\documents and settings\Stephen Reid\Application Data\mjusbsp\WarningMJCouldNotStart.gif c:\documents and settings\Stephen Reid\Application Data\mjusbsp\WarningNoDeviceFound.gif c:\documents and settings\Stephen Reid\Application Data\mjusbsp\wroffline.html c:\documents and settings\Stephen Reid\Application Data\mjusbsp\wroffline1.html C:\hwdgqmcw.exe c:\program files\Common Files\fyno._sy c:\windows\qypyd.com c:\windows\sycapyvac.dat c:\windows\system32\nakuwiyi.dll c:\windows\system32\rikosego.dll c:\windows\system32\wawavara.dll c:\windows\system32\witiwegu.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_XVPWUN -------\Service_ezjqasr -------\Service_fyjxwqs -------\Service_xvpwun ((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 ))))))))))))))))))))))))))))))) . 2009-09-21 21:15 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-21 21:15 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-21 21:15 . 2009-09-21 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-21 21:07 . 2009-09-21 21:07 -------- d-----w- c:\documents and settings\Stephen Reid\Local Settings\Application Data\tjnet 2009-09-13 01:35 . 2009-09-13 01:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-09-12 22:39 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-12 22:39 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-12 22:39 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-12 22:39 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-12 22:39 . 2009-09-12 22:39 -------- d-----w- c:\program files\Avira 2009-09-12 22:39 . 2009-09-12 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-12 22:38 . 2009-09-12 22:38 -------- d-----w- c:\program files\Trend Micro 2009-09-12 21:56 . 2009-09-12 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard 2009-09-12 21:54 . 2009-09-17 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-09-12 21:54 . 2009-09-12 21:54 -------- d-----w- c:\program files\Common Files\iS3 2009-09-12 21:41 . 2009-09-12 21:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-09-12 21:40 . 2009-09-12 21:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-09-12 21:38 . 2009-09-12 21:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-09-12 21:20 . 2009-09-12 21:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-12 21:09 . 2009-09-12 21:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2009-09-12 20:31 . 2009-09-12 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-09-12 00:38 . 2009-09-18 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\myitlab 2009-09-10 22:01 . 2009-09-11 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-09 06:11 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-06 22:10 . 2009-09-06 22:10 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-09-04 18:25 . 2009-09-18 08:25 45 ----a-w- c:\documents and settings\Stephen Reid\jagex_runescape_preferences2.dat 2009-08-27 22:12 . 2009-09-11 03:59 -------- d-----w- c:\program files\Warcraft III . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-22 23:50 . 2009-04-20 17:33 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-22 23:43 . 2009-05-25 19:31 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\Skype 2009-09-22 23:05 . 2009-05-25 19:37 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\skypePM 2009-09-22 21:12 . 2009-06-22 21:12 88064 --sha-w- c:\windows\system32\majubilu.dll 2009-09-18 08:25 . 2009-04-04 08:33 37 ----a-w- c:\documents and settings\Stephen Reid\jagex_runescape_preferences.dat 2009-09-17 20:29 . 2006-02-16 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com 2009-09-16 02:27 . 2009-09-16 02:26 3296 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg 2009-09-16 02:26 . 2009-09-16 02:26 2464 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2009-09-11 09:24 . 2009-07-17 02:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-07 21:34 . 2009-09-07 21:34 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\Apple Computer 2009-09-07 21:34 . 2009-09-07 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-09-07 21:34 . 2009-09-07 21:33 -------- d-----w- c:\program files\iTunes 2009-09-07 21:33 . 2009-09-07 21:33 -------- d-----w- c:\program files\iPod 2009-09-07 21:33 . 2009-09-07 21:25 -------- d-----w- c:\program files\Common Files\Apple 2009-09-07 21:33 . 2009-09-07 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-07 21:33 . 2009-09-07 21:33 -------- d-----w- c:\program files\Bonjour 2009-09-07 21:32 . 2006-02-16 09:56 -------- d-----w- c:\program files\QuickTime 2009-09-07 21:26 . 2009-09-07 21:26 -------- d-----w- c:\program files\Apple Software Update 2009-09-07 21:25 . 2009-09-07 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-09-01 00:08 . 2009-05-04 11:18 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\HPAppData 2009-08-25 19:23 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-25 19:19 . 2009-08-22 23:25 -------- d-----w- c:\program files\Microsoft Games 2009-08-23 23:20 . 2009-08-23 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3 YPack Trial 2009-08-23 22:42 . 2009-08-23 22:32 -------- d-----w- c:\program files\PlaneShift Steel Blue 2009-08-23 22:34 . 2009-08-23 22:34 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\PlaneShift 2009-08-23 22:34 . 2009-08-23 22:34 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\CrystalSpace 2009-08-23 22:18 . 2009-08-23 22:18 -------- d-----w- c:\program files\Guild Wars 2009-08-22 23:28 . 2009-08-22 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3 XPack Trial 2009-08-22 20:57 . 2009-05-22 01:46 -------- d-----w- c:\program files\Common Files\LogiShrd 2009-08-05 09:11 . 2006-02-15 14:03 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 19:28 . 2009-05-30 07:58 -------- d-----w- c:\program files\PopCap Games 2009-07-29 19:26 . 2009-04-06 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo 2009-07-24 06:43 . 2009-07-24 06:28 25 ----a-w- c:\windows\popcinfot.dat 2009-07-20 10:45 . 2009-07-11 08:24 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-20 10:45 . 2009-07-11 08:24 189488 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-07-17 18:55 . 2006-02-15 14:02 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 17:08 . 2006-02-15 14:05 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-11 08:24 . 2009-07-11 08:24 139152 ----a-w- c:\documents and settings\Stephen Reid\Application Data\PnkBstrK.sys 2009-07-11 08:24 . 2009-07-11 08:24 794408 ----a-w- c:\windows\system32\pbsvc.exe 2009-07-11 08:24 . 2009-07-11 08:24 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-06-29 16:12 . 2006-02-15 14:04 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2006-02-15 14:02 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2006-02-15 14:02 17408 ------w- c:\windows\system32\corpol.dll 2009-06-25 18:36 . 2006-02-15 14:03 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2006-02-15 14:03 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2006-02-15 14:03 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2006-02-15 14:03 471552 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2006-02-15 14:03 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2006-02-15 14:03 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2006-02-15 14:03 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 18:36 . 2006-02-15 14:03 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2006-02-15 14:03 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2006-02-15 14:03 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2006-02-15 14:03 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2006-02-15 14:03 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 08:17 . 2006-02-15 14:04 59392 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:17 . 2006-02-15 14:03 56320 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:17 . 2006-02-15 14:03 168448 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:17 . 2006-02-15 14:03 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:17 . 2006-02-15 14:02 729600 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:17 . 2006-02-15 14:02 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-21 17:12 . 2009-06-21 17:12 49152 --sha-w- c:\windows\system32\fahisili.dll.tmp 2009-06-21 17:12 . 2009-06-21 17:12 49152 --sha-w- c:\windows\system32\hanelawi.dll.tmp . ((((((((((((((((((((((((((((( SnapShot@2009-09-21_23.56.08 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-22 23:53 . 2009-09-22 23:53 16384 c:\windows\temp\Perflib_Perfdata_7a8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\af49317e-6a14-4015-8442-b9c13b4491cf.exe" [2009-09-04 1994480] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "jidoridow"="c:\windows\system32\majubilu.dll" [2009-09-22 88064] "TFncKy"="TFncKy.exe" [bU] "TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203] "NDSTray.exe"="NDSTray.exe" [bU] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624] "CFSServ.exe"="CFSServ.exe" [bU] "vomiguheme"="fezijepa.dll" [bU] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{42ee3da9-7d44-4012-b3bf-85aa0a10e1c7}"= "c:\windows\system32\majubilu.dll" [2009-09-22 88064] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "minefivom"= {42ee3da9-7d44-4012-b3bf-85aa0a10e1c7} - c:\windows\system32\majubilu.dll [2009-09-22 88064] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\ijji\\ENGLISH\\u_gbound.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III - The WarChiefs Trial\\age3x.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56477:TCP"= 56477:TCP:Pando Media Booster "56477:UDP"= 56477:UDP:Pando Media Booster R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/12/2009 3:39 PM 108289] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?] S1 SASDIFSV;SASDIFSV;\??\c:\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> C:c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?] S3 mfsdisk;mfsdisk;c:\windows\system32\mfsdisk.sys [2/15/2006 7:03 AM 2304] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408] S4 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2/15/2006 7:04 AM 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs BtwSrv . Contents of the 'Scheduled Tasks' folder 2009-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Stephen Reid\Application Data\Mozilla\Firefox\Profiles\s3y4kzv2.default\ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Stephen Reid\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Stephen Reid\Application Data\Mozilla\Firefox\Profiles\s3y4kzv2.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-22 17:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(948) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(2360) c:\windows\system32\WININET.dll c:\windows\system32\majubilu.dll c:\windows\system32\TDispVol.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\PnkBstrA.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe c:\windows\ehome\ehmsas.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\windows\system32\TPSBattM.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2009-09-23 17:11 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-23 00:11 ComboFix2.txt 2009-09-22 20:26 ComboFix3.txt 2009-09-21 23:59 Pre-Run: 75,653,201,920 bytes free Post-Run: 75,580,739,584 bytes free Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 393 --- E O F --- 2009-09-14 10:00

Here you go pal ComboFix 09-09-22.01 - Stephen Reid 09/22/2009 13:12.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.241 [GMT -7:00] Running from: c:\documents and settings\Stephen Reid\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\biguhezex.inf c:\documents and settings\All Users\Application Data\dyhupypa.sys c:\documents and settings\All Users\Application Data\erih.bat c:\documents and settings\All Users\Application Data\ikoq.bat c:\documents and settings\All Users\Application Data\jymum.inf c:\documents and settings\All Users\Application Data\yxuhek.vbs c:\documents and settings\All Users\Application Data\zasuwas.bin c:\documents and settings\All Users\Documents\awavav._dl c:\documents and settings\All Users\Documents\cijoxoh.inf c:\documents and settings\All Users\Documents\ejepasa.dll c:\documents and settings\All Users\Documents\iqexydoby.inf c:\documents and settings\All Users\Documents\iqyhyzir.ban c:\documents and settings\All Users\Documents\niwunax.inf c:\documents and settings\All Users\Documents\umebejyd.bat c:\documents and settings\All Users\Documents\uxaqa.reg c:\documents and settings\Stephen Reid\Application Data\ekezono.vbs c:\documents and settings\Stephen Reid\Application Data\ekygak.vbs c:\documents and settings\Stephen Reid\Application Data\emyzedelyz.pif c:\documents and settings\Stephen Reid\Application Data\imomu.com c:\documents and settings\Stephen Reid\Application Data\kijanezuk.bin c:\documents and settings\Stephen Reid\Application Data\mojowy.com c:\documents and settings\Stephen Reid\Application Data\ukuc.sys c:\documents and settings\Stephen Reid\Application Data\ymuqad.dll c:\documents and settings\Stephen Reid\Cookies\sygisysyno._dl c:\documents and settings\Stephen Reid\Cookies\upysaqen.dl c:\documents and settings\Stephen Reid\Local Settings\Application Data\hokuwawy.inf c:\documents and settings\Stephen Reid\Local Settings\Application Data\ivawyjewe.bin c:\documents and settings\Stephen Reid\Local Settings\Application Data\jubynon.dl c:\documents and settings\Stephen Reid\Local Settings\Temporary Internet Files\akyxyxeji.dll c:\documents and settings\Stephen Reid\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat c:\documents and settings\Stephen Reid\Local Settings\Temporary Internet Files\ived.vbs c:\documents and settings\Stephen Reid\Local Settings\Temporary Internet Files\nacality.lib c:\documents and settings\Stephen Reid\Local Settings\Temporary Internet Files\nojagosuna.bat c:\documents and settings\Stephen Reid\Local Settings\Temporary Internet Files\obidyk.ban c:\documents and settings\Stephen Reid\Local Settings\Temporary Internet Files\orydu.bat c:\documents and settings\Stephen Reid\Local Settings\Temporary Internet Files\savynywyn.pif c:\documents and settings\Stephen Reid\Local Settings\Temporary Internet Files\suqotoj.bat c:\documents and settings\Stephen Reid\Local Settings\Temporary Internet Files\utap.pif c:\documents and settings\Stephen Reid\Local Settings\Temporary Internet Files\xekuki._sy c:\documents and settings\Stephen Reid\Local Settings\Temporary Internet Files\yzapyzanu.lib c:\program files\Common Files\depod.com c:\program files\Common Files\enyna.bat c:\program files\Common Files\fudoly.inf c:\program files\Common Files\lecypijafi.scr c:\program files\Common Files\oxyza.dl c:\program files\Common Files\uzijuda.dll c:\program files\Common Files\xixicu.sys c:\program files\Common Files\ycisobevus.sys c:\windows\aborujary.sys c:\windows\apucas.exe c:\windows\duqi.ban c:\windows\gupuc.scr c:\windows\hofuc.ban c:\windows\Installer\441c572.msi c:\windows\Installer\9bffb.msi c:\windows\osemokaqy.inf c:\windows\sofa.ban c:\windows\system32\18467.exe c:\windows\system32\41.exe c:\windows\system32\6334.exe c:\windows\system32\drivers\SKYNETsmykyorn.sys c:\windows\system32\fazibu.bat c:\windows\system32\fezijepa.dll c:\windows\system32\iniasd.txt c:\windows\system32\jakibise.dll c:\windows\system32\parodupa.dll c:\windows\system32\qubi.pif c:\windows\system32\SKYNETalihyxen.dat c:\windows\system32\SKYNETarowrhyg.dll c:\windows\system32\SKYNETpumihtvc.dat c:\windows\system32\SKYNETttquvppe.dll c:\windows\system32\tewohisowy.pif c:\windows\system32\yoharoyi.dll c:\windows\tycu.exe c:\windows\unaper.ban c:\windows\xacuze.reg . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_SKYNETqohmnmwx -------\Legacy_UACD.SYS -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} -------\Service_SKYNETqohmnmwx ((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 ))))))))))))))))))))))))))))))) . 2009-09-21 21:25 . 2009-09-21 21:25 11045 ----a-w- c:\windows\qypyd.com 2009-09-21 21:15 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-21 21:15 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-21 21:15 . 2009-09-21 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-21 21:07 . 2009-09-21 21:07 -------- d-----w- c:\documents and settings\Stephen Reid\Local Settings\Application Data\tjnet 2009-09-21 17:12 . 2009-09-21 17:12 49152 ----a-w- C:\hwdgqmcw.exe 2009-09-19 02:25 . 2009-09-22 04:57 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\mjusbsp 2009-09-13 01:35 . 2009-09-13 01:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-09-12 22:39 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-12 22:39 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-12 22:39 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-12 22:39 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-12 22:39 . 2009-09-12 22:39 -------- d-----w- c:\program files\Avira 2009-09-12 22:39 . 2009-09-12 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-12 22:38 . 2009-09-12 22:38 -------- d-----w- c:\program files\Trend Micro 2009-09-12 21:56 . 2009-09-12 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard 2009-09-12 21:54 . 2009-09-17 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-09-12 21:54 . 2009-09-12 21:54 -------- d-----w- c:\program files\Common Files\iS3 2009-09-12 21:48 . 2009-09-12 21:48 18565 ----a-w- c:\windows\sycapyvac.dat 2009-09-12 21:41 . 2009-09-12 21:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-09-12 21:40 . 2009-09-12 21:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-09-12 21:38 . 2009-09-12 21:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-09-12 21:20 . 2009-09-12 21:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-12 21:09 . 2009-09-12 21:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2009-09-12 20:31 . 2009-09-12 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-09-12 00:38 . 2009-09-18 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\myitlab 2009-09-10 22:01 . 2009-09-11 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-09 06:11 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-06 22:10 . 2009-09-06 22:10 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-09-04 18:25 . 2009-09-18 08:25 45 ----a-w- c:\documents and settings\Stephen Reid\jagex_runescape_preferences2.dat 2009-08-27 22:12 . 2009-09-11 03:59 -------- d-----w- c:\program files\Warcraft III 2009-08-23 23:20 . 2009-08-23 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3 YPack Trial 2009-08-23 23:18 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2009-08-23 22:34 . 2009-08-23 22:34 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\PlaneShift 2009-08-23 22:34 . 2009-08-23 22:34 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\CrystalSpace 2009-08-23 22:32 . 2009-08-23 22:42 -------- d-----w- c:\program files\PlaneShift Steel Blue 2009-08-23 22:18 . 2009-08-23 22:18 -------- d-----w- c:\program files\Guild Wars . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-22 20:15 . 2009-04-20 17:33 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-22 20:12 . 2009-05-25 19:31 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\Skype 2009-09-22 15:02 . 2009-05-25 19:37 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\skypePM 2009-09-22 09:12 . 2009-06-22 09:12 49664 --sha-w- c:\windows\system32\rikosego.dll 2009-09-22 09:12 . 2009-06-22 09:12 87552 --sha-w- c:\windows\system32\nakuwiyi.dll 2009-09-21 21:25 . 2009-09-21 21:25 11490 ----a-w- c:\program files\Common Files\fyno._sy 2009-09-21 21:14 . 2009-06-21 21:14 87552 ------w- c:\windows\system32\fevusota.dll 2009-09-18 08:25 . 2009-04-04 08:33 37 ----a-w- c:\documents and settings\Stephen Reid\jagex_runescape_preferences.dat 2009-09-17 20:29 . 2006-02-16 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com 2009-09-16 02:27 . 2009-09-16 02:26 3296 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg 2009-09-16 02:26 . 2009-09-16 02:26 2464 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2009-09-11 09:24 . 2009-07-17 02:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-07 21:34 . 2009-09-07 21:34 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\Apple Computer 2009-09-07 21:34 . 2009-09-07 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-09-07 21:34 . 2009-09-07 21:33 -------- d-----w- c:\program files\iTunes 2009-09-07 21:33 . 2009-09-07 21:33 -------- d-----w- c:\program files\iPod 2009-09-07 21:33 . 2009-09-07 21:25 -------- d-----w- c:\program files\Common Files\Apple 2009-09-07 21:33 . 2009-09-07 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-07 21:33 . 2009-09-07 21:33 -------- d-----w- c:\program files\Bonjour 2009-09-07 21:32 . 2006-02-16 09:56 -------- d-----w- c:\program files\QuickTime 2009-09-07 21:26 . 2009-09-07 21:26 -------- d-----w- c:\program files\Apple Software Update 2009-09-07 21:25 . 2009-09-07 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-09-01 00:08 . 2009-05-04 11:18 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\HPAppData 2009-08-25 19:23 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-25 19:19 . 2009-08-22 23:25 -------- d-----w- c:\program files\Microsoft Games 2009-08-22 23:28 . 2009-08-22 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3 XPack Trial 2009-08-22 20:57 . 2009-05-22 01:46 -------- d-----w- c:\program files\Common Files\LogiShrd 2009-08-05 09:11 . 2006-02-15 14:03 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 19:28 . 2009-05-30 07:58 -------- d-----w- c:\program files\PopCap Games 2009-07-29 19:26 . 2009-04-06 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo 2009-07-24 06:43 . 2009-07-24 06:28 25 ----a-w- c:\windows\popcinfot.dat 2009-07-20 10:45 . 2009-07-11 08:24 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-20 10:45 . 2009-07-11 08:24 189488 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-07-17 18:55 . 2006-02-15 14:02 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 17:08 . 2006-02-15 14:05 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-11 08:24 . 2009-07-11 08:24 139152 ----a-w- c:\documents and settings\Stephen Reid\Application Data\PnkBstrK.sys 2009-07-11 08:24 . 2009-07-11 08:24 794408 ----a-w- c:\windows\system32\pbsvc.exe 2009-07-11 08:24 . 2009-07-11 08:24 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-06-29 16:12 . 2006-02-15 14:04 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2006-02-15 14:02 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2006-02-15 14:02 17408 ------w- c:\windows\system32\corpol.dll 2009-06-25 18:36 . 2006-02-15 14:03 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2006-02-15 14:03 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2006-02-15 14:03 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2006-02-15 14:03 471552 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2006-02-15 14:03 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2006-02-15 14:03 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2006-02-15 14:03 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 18:36 . 2006-02-15 14:03 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2006-02-15 14:03 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2006-02-15 14:03 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2006-02-15 14:03 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2006-02-15 14:03 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 08:17 . 2006-02-15 14:04 59392 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:17 . 2006-02-15 14:03 56320 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:17 . 2006-02-15 14:03 168448 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:17 . 2006-02-15 14:03 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:17 . 2006-02-15 14:02 729600 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:17 . 2006-02-15 14:02 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-21 17:12 . 2009-06-21 17:12 49152 --sha-w- c:\windows\system32\fahisili.dll.tmp 2009-06-21 17:12 . 2009-06-21 17:12 49152 --sha-w- c:\windows\system32\hanelawi.dll.tmp 2009-06-22 09:13 . 2009-06-22 09:13 49664 --sha-w- c:\windows\system32\witiwegu.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-21_23.56.08 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-22 20:20 . 2009-09-22 20:20 16384 c:\windows\temp\Perflib_Perfdata_230.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cea18b11-bc29-4514-88c0-181bbc858c9f}] 2009-06-22 09:13 49664 --sha-w- c:\windows\system32\witiwegu.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\af49317e-6a14-4015-8442-b9c13b4491cf.exe" [2009-09-04 1994480] "cdloader"="c:\documents and settings\Stephen Reid\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "jidoridow"="c:\windows\system32\nakuwiyi.dll" [2009-09-22 87552] "TFncKy"="TFncKy.exe" [bU] "TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203] "NDSTray.exe"="NDSTray.exe" [bU] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624] "CFSServ.exe"="CFSServ.exe" [bU] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{2faad82f-36d8-4d4c-9f9f-7e9650c7c6f1}"= "c:\windows\system32\nakuwiyi.dll" [2009-09-22 87552] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "relejogag"= {2faad82f-36d8-4d4c-9f9f-7e9650c7c6f1} - c:\windows\system32\nakuwiyi.dll [2009-09-22 87552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\ijji\\ENGLISH\\u_gbound.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III - The WarChiefs Trial\\age3x.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Stephen Reid\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56477:TCP"= 56477:TCP:Pando Media Booster "56477:UDP"= 56477:UDP:Pando Media Booster R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/12/2009 3:39 PM 108289] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?] S1 SASDIFSV;SASDIFSV;\??\c:\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> C:c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?] S2 ezjqasr;ezjqasr;c:\windows\system32\drivers\prcjjli.sys --> c:\windows\system32\drivers\prcjjli.sys [?] S2 fyjxwqs;fyjxwqs;c:\windows\system32\drivers\pbie.sys --> c:\windows\system32\drivers\pbie.sys [?] S3 mfsdisk;mfsdisk;c:\windows\system32\mfsdisk.sys [2/15/2006 7:03 AM 2304] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408] S4 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2/15/2006 7:04 AM 14336] S4 xvpwun;xvpwun;\??\c:\windows\system32\drivers\xjehpubegdv.sys --> c:\windows\system32\drivers\xjehpubegdv.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs BtwSrv . Contents of the 'Scheduled Tasks' folder 2009-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Stephen Reid\Application Data\Mozilla\Firefox\Profiles\s3y4kzv2.default\ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Stephen Reid\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Stephen Reid\Application Data\Mozilla\Firefox\Profiles\s3y4kzv2.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . - - - - ORPHANS REMOVED - - - - HKLM-Run-vomiguheme - fezijepa.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-22 13:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(948) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(1076) c:\windows\system32\WININET.dll c:\windows\system32\nakuwiyi.dll c:\windows\system32\TDispVol.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL c:\program files\SUPERAntiSpyware\SASSEH.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\PnkBstrA.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\windows\system32\TPSBattM.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\windows\system32\dllhost.exe c:\program files\iPod\bin\iPodService.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2009-09-22 13:26 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-22 20:26 ComboFix2.txt 2009-09-21 23:59 Pre-Run: 75,848,577,024 bytes free Post-Run: 75,687,084,032 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 428 --- E O F --- 2009-09-14 10:00

ComboFix Log ComboFix 09-09-16.05 - xxxxxx 09/21/2009 16:52.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.439 [GMT -7:00] Running from: c:\documents and settings\xxxxxxx\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-3868997124-911790988-508925577-500 c:\recycler\S-1-5-21-3868997124-911790988-508925577-500\desktop.ini c:\recycler\S-1-5-21-3868997124-911790988-508925577-500\INFO2 c:\windows\Install.txt c:\windows\kb913800.exe c:\windows\system32\cru629.dat c:\windows\system32\Install.txt c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds c:\windows\system32\lowsec\user.ds.lll c:\windows\system32\sdra64.exe . ((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 ))))))))))))))))))))))))))))))) . 2009-09-21 23:14 . 2009-09-21 23:14 0 ----a-w- c:\windows\system32\6334.exe 2009-09-21 22:14 . 2009-09-21 22:14 0 ----a-w- c:\windows\system32\18467.exe 2009-09-21 21:25 . 2009-09-21 21:25 17821 ----a-w- c:\windows\gupuc.scr 2009-09-21 21:25 . 2009-09-21 21:25 13589 ----a-w- c:\program files\Common Files\xixicu.sys 2009-09-21 21:25 . 2009-09-21 21:25 11045 ----a-w- c:\windows\qypyd.com 2009-09-21 21:25 . 2009-09-21 21:25 10041 ----a-w- c:\program files\Common Files\lecypijafi.scr 2009-09-21 21:15 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-21 21:15 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-21 21:15 . 2009-09-21 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-21 21:14 . 2009-09-21 21:14 0 ----a-w- c:\windows\system32\41.exe 2009-09-21 21:14 . 2009-09-21 21:14 43 ----a-w- c:\windows\system32\SKYNETpumihtvc.dat 2009-09-21 21:07 . 2009-09-21 21:07 -------- d-----w- c:\documents and settings\Stephen Reid\Local Settings\Application Data\tjnet 2009-09-21 17:12 . 2009-09-21 17:12 49152 ----a-w- C:\hwdgqmcw.exe 2009-09-19 02:25 . 2009-09-21 06:17 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\mjusbsp 2009-09-13 01:35 . 2009-09-13 01:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-09-12 22:39 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-12 22:39 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-12 22:39 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-12 22:39 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-12 22:39 . 2009-09-12 22:39 -------- d-----w- c:\program files\Avira 2009-09-12 22:39 . 2009-09-12 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-12 22:38 . 2009-09-12 22:38 -------- d-----w- c:\program files\Trend Micro 2009-09-12 21:56 . 2009-09-12 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard 2009-09-12 21:54 . 2009-09-17 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-09-12 21:54 . 2009-09-12 21:54 -------- d-----w- c:\program files\Common Files\iS3 2009-09-12 21:48 . 2009-09-12 21:48 12851 ----a-w- c:\windows\system32\tewohisowy.pif 2009-09-12 21:48 . 2009-09-12 21:48 18565 ----a-w- c:\windows\sycapyvac.dat 2009-09-12 21:48 . 2009-09-12 21:48 10784 ----a-w- c:\windows\aborujary.sys 2009-09-12 21:48 . 2009-09-12 21:48 10009 ----a-w- c:\program files\Common Files\uzijuda.dll 2009-09-12 21:41 . 2009-09-12 21:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-09-12 21:40 . 2009-09-12 21:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-09-12 21:38 . 2009-09-12 21:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-09-12 21:20 . 2009-09-12 21:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-12 21:09 . 2009-09-12 21:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2009-09-12 21:03 . 2009-09-12 21:03 18297 ----a-w- c:\program files\Common Files\enyna.bat 2009-09-12 21:03 . 2009-09-12 21:03 17514 ----a-w- c:\program files\Common Files\ycisobevus.sys 2009-09-12 21:03 . 2009-09-12 21:03 16053 ----a-w- c:\windows\tycu.exe 2009-09-12 21:03 . 2009-09-12 21:03 15949 ----a-w- c:\windows\apucas.exe 2009-09-12 21:03 . 2009-09-12 21:03 14000 ----a-w- c:\windows\system32\fazibu.bat 2009-09-12 21:03 . 2009-09-12 21:03 13136 ----a-w- c:\windows\xacuze.reg 2009-09-12 21:03 . 2009-09-12 21:03 12125 ----a-w- c:\documents and settings\Stephen Reid\Local Settings\Application Data\ivawyjewe.bin 2009-09-12 21:03 . 2009-09-12 21:03 11047 ----a-w- c:\windows\system32\qubi.pif 2009-09-12 21:03 . 2009-09-12 21:03 10592 ----a-w- c:\program files\Common Files\depod.com 2009-09-12 20:31 . 2009-09-12 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-09-12 00:38 . 2009-09-18 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\myitlab 2009-09-10 22:01 . 2009-09-11 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-09 06:11 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-06 22:10 . 2009-09-06 22:10 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-09-04 18:25 . 2009-09-18 08:25 45 ----a-w- c:\documents and settings\Stephen Reid\jagex_runescape_preferences2.dat 2009-08-27 22:12 . 2009-09-11 03:59 -------- d-----w- c:\program files\Warcraft III 2009-08-23 23:20 . 2009-08-23 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3 YPack Trial 2009-08-23 23:18 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2009-08-23 22:34 . 2009-08-23 22:34 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\PlaneShift 2009-08-23 22:34 . 2009-08-23 22:34 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\CrystalSpace 2009-08-23 22:32 . 2009-08-23 22:42 -------- d-----w- c:\program files\PlaneShift Steel Blue 2009-08-23 22:18 . 2009-08-23 22:18 -------- d-----w- c:\program files\Guild Wars . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-21 23:50 . 2009-05-25 19:31 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\Skype 2009-09-21 21:25 . 2009-09-21 21:25 19654 ----a-w- c:\documents and settings\Stephen Reid\Application Data\mojowy.com 2009-09-21 21:25 . 2009-09-21 21:25 18205 ----a-w- c:\documents and settings\Stephen Reid\Application Data\ukuc.sys 2009-09-21 21:25 . 2009-09-21 21:25 17986 ----a-w- c:\program files\Common Files\fudoly.inf 2009-09-21 21:25 . 2009-09-21 21:25 17220 ----a-w- c:\program files\Common Files\oxyza.dl 2009-09-21 21:25 . 2009-09-21 21:25 11490 ----a-w- c:\program files\Common Files\fyno._sy 2009-09-21 21:14 . 2009-08-10 09:53 1036226 ----a-w- c:\windows\system32\SKYNETalihyxen.dat 2009-09-21 21:14 . 2009-06-21 21:14 87552 ------w- c:\windows\system32\fevusota.dll 2009-09-21 21:14 . 2009-06-21 21:14 36864 --sha-w- c:\windows\system32\parodupa.dll 2009-09-21 21:13 . 2009-05-25 19:37 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\skypePM 2009-09-18 08:25 . 2009-04-04 08:33 37 ----a-w- c:\documents and settings\Stephen Reid\jagex_runescape_preferences.dat 2009-09-17 20:29 . 2006-02-16 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com 2009-09-17 19:08 . 2009-04-20 17:33 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-16 02:27 . 2009-09-16 02:26 3296 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg 2009-09-16 02:26 . 2009-09-16 02:26 2464 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2009-09-12 21:48 . 2009-09-12 21:48 12079 ----a-w- c:\documents and settings\All Users\Application Data\yxuhek.vbs 2009-09-12 21:48 . 2009-09-12 21:48 10112 ----a-w- c:\documents and settings\Stephen Reid\Application Data\emyzedelyz.pif 2009-09-12 21:48 . 2009-09-12 21:48 14213 ----a-w- c:\documents and settings\Stephen Reid\Application Data\kijanezuk.bin 2009-09-12 21:48 . 2009-09-12 21:48 10466 ----a-w- c:\documents and settings\All Users\Application Data\dyhupypa.sys 2009-09-12 21:03 . 2009-09-12 21:03 18670 ----a-w- c:\documents and settings\Stephen Reid\Application Data\imomu.com 2009-09-12 21:03 . 2009-09-12 21:03 18631 ----a-w- c:\documents and settings\Stephen Reid\Application Data\ymuqad.dll 2009-09-12 21:03 . 2009-09-12 21:03 13495 ----a-w- c:\documents and settings\All Users\Application Data\ikoq.bat 2009-09-12 21:03 . 2009-09-12 21:03 13187 ----a-w- c:\documents and settings\All Users\Application Data\erih.bat 2009-09-12 21:03 . 2009-09-12 21:03 12643 ----a-w- c:\documents and settings\All Users\Application Data\zasuwas.bin 2009-09-12 21:03 . 2009-09-12 21:03 11876 ----a-w- c:\documents and settings\Stephen Reid\Application Data\ekezono.vbs 2009-09-12 21:03 . 2009-09-12 21:03 10668 ----a-w- c:\documents and settings\Stephen Reid\Application Data\ekygak.vbs 2009-09-11 09:24 . 2009-07-17 02:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-07 21:34 . 2009-09-07 21:34 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\Apple Computer 2009-09-07 21:34 . 2009-09-07 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-09-07 21:34 . 2009-09-07 21:33 -------- d-----w- c:\program files\iTunes 2009-09-07 21:33 . 2009-09-07 21:33 -------- d-----w- c:\program files\iPod 2009-09-07 21:33 . 2009-09-07 21:25 -------- d-----w- c:\program files\Common Files\Apple 2009-09-07 21:33 . 2009-09-07 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-07 21:33 . 2009-09-07 21:33 -------- d-----w- c:\program files\Bonjour 2009-09-07 21:32 . 2006-02-16 09:56 -------- d-----w- c:\program files\QuickTime 2009-09-07 21:26 . 2009-09-07 21:26 -------- d-----w- c:\program files\Apple Software Update 2009-09-07 21:25 . 2009-09-07 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-09-01 00:08 . 2009-05-04 11:18 -------- d-----w- c:\documents and settings\Stephen Reid\Application Data\HPAppData 2009-08-25 19:23 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-25 19:19 . 2009-08-22 23:25 -------- d-----w- c:\program files\Microsoft Games 2009-08-22 23:28 . 2009-08-22 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3 XPack Trial 2009-08-22 20:57 . 2009-05-22 01:46 -------- d-----w- c:\program files\Common Files\LogiShrd 2009-08-10 09:53 . 2009-08-10 09:53 20480 ------w- c:\windows\system32\SKYNETarowrhyg.dll 2009-08-10 09:53 . 2009-08-10 09:53 70656 ----a-w- c:\windows\system32\drivers\SKYNETsmykyorn.sys 2009-08-10 09:53 . 2009-08-10 09:53 44544 ------w- c:\windows\system32\SKYNETttquvppe.dll 2009-08-05 09:11 . 2006-02-15 14:03 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 19:28 . 2009-05-30 07:58 -------- d-----w- c:\program files\PopCap Games 2009-07-29 19:26 . 2009-04-06 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo 2009-07-24 10:34 . 2006-02-18 15:00 -------- d-----w- c:\program files\GemMaster 2009-07-24 06:43 . 2009-07-24 06:28 25 ----a-w- c:\windows\popcinfot.dat 2009-07-24 06:27 . 2009-07-24 06:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2009-07-20 10:45 . 2009-07-11 08:24 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-20 10:45 . 2009-07-11 08:24 189488 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-07-17 18:55 . 2006-02-15 14:02 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 17:08 . 2006-02-15 14:05 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-11 08:24 . 2009-07-11 08:24 139152 ----a-w- c:\documents and settings\Stephen Reid\Application Data\PnkBstrK.sys 2009-07-11 08:24 . 2009-07-11 08:24 794408 ----a-w- c:\windows\system32\pbsvc.exe 2009-07-11 08:24 . 2009-07-11 08:24 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-06-29 16:12 . 2006-02-15 14:04 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2006-02-15 14:02 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2006-02-15 14:02 17408 ------w- c:\windows\system32\corpol.dll 2009-06-25 18:36 . 2006-02-15 14:03 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2006-02-15 14:03 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2006-02-15 14:03 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2006-02-15 14:03 471552 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2006-02-15 14:03 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2006-02-15 14:03 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2006-02-15 14:03 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 18:36 . 2006-02-15 14:03 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2006-02-15 14:03 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2006-02-15 14:03 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2006-02-15 14:03 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2006-02-15 14:03 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 08:17 . 2006-02-15 14:04 59392 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:17 . 2006-02-15 14:03 56320 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:17 . 2006-02-15 14:03 168448 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:17 . 2006-02-15 14:03 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:17 . 2006-02-15 14:02 729600 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:17 . 2006-02-15 14:02 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-21 17:12 . 2009-06-21 17:12 49152 --sha-w- c:\windows\system32\fahisili.dll 2009-06-21 17:12 . 2009-06-21 17:12 49152 --sha-w- c:\windows\system32\hanelawi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\af49317e-6a14-4015-8442-b9c13b4491cf.exe" [2009-09-04 1994480] "cdloader"="c:\documents and settings\Stephen Reid\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "jidoridow"="c:\windows\system32\fevusota.dll" [2009-09-21 87552] "TFncKy"="TFncKy.exe" [bU] "TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203] "NDSTray.exe"="NDSTray.exe" [bU] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624] "CFSServ.exe"="CFSServ.exe" [bU] "vomiguheme"="fahisili.dll" - c:\windows\system32\fahisili.dll [2009-06-21 49152] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{3c72b957-1a9d-489b-8599-9bb96c15d007}"= "c:\windows\system32\fevusota.dll" [2009-09-21 87552] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "hevamulaj"= {3c72b957-1a9d-489b-8599-9bb96c15d007} - c:\windows\system32\fevusota.dll [2009-09-21 87552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli fahisili.dll hanelawi.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\ijji\\ENGLISH\\u_gbound.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\rundll32.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III - The WarChiefs Trial\\age3x.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Stephen Reid\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\WINDOWS\\system32\\lsass.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56477:TCP"= 56477:TCP:Pando Media Booster "56477:UDP"= 56477:UDP:Pando Media Booster R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/12/2009 3:39 PM 108289] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?] S1 SASDIFSV;SASDIFSV;\??\c:\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> C:c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?] S2 ezjqasr;ezjqasr;c:\windows\system32\drivers\prcjjli.sys --> c:\windows\system32\drivers\prcjjli.sys [?] S2 fyjxwqs;fyjxwqs;c:\windows\system32\drivers\pbie.sys --> c:\windows\system32\drivers\pbie.sys [?] S3 mfsdisk;mfsdisk;c:\windows\system32\mfsdisk.sys [2/15/2006 7:03 AM 2304] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408] S4 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2/15/2006 7:04 AM 14336] S4 xvpwun;xvpwun;\??\c:\windows\system32\drivers\xjehpubegdv.sys --> c:\windows\system32\drivers\xjehpubegdv.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs BtwSrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea8bdd27-a4ac-11de-9936-00038a000015}] \Shell\AutoRun\command - E:\autorun.exe \Shell\phone\command - E:\autorun.exe . Contents of the 'Scheduled Tasks' folder 2009-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Stephen Reid\Application Data\Mozilla\Firefox\Profiles\s3y4kzv2.default\ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Stephen Reid\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Stephen Reid\Application Data\Mozilla\Firefox\Profiles\s3y4kzv2.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . - - - - ORPHANS REMOVED - - - - BHO-{cea18b11-bc29-4514-88c0-181bbc858c9f} - dumibimo.dll Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Toolbar-SITEguard - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKU-Default-Run-AntiSpyware Service - c:\windows\TEMP\x5q48rt7d.exe AddRemove-Power Saver - c:\windows\IsUninst.exe -fc:\program files\TOSHIBA\Power Saver\Uninst.isu AddRemove-{20B30DC1-E423-4939-B51D-05C58B0F9BBB} - c:\program files\HP\Digital Imaging\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}\setup\hpzscr01.exe -datfile hposcr21.dat AddRemove-Warcraft III - c:\windows\War3Unin.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-21 16:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SKYNETqohmnmwx] "imagepath"="\systemroot\system32\drivers\SKYNETsmykyorn.sys" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SKYNETqohmnmwx] @DACL=(02 0000) "start"=dword:00000004 "type"=dword:00000001 "group"="file system" "imagepath"=expand:"\\systemroot\\system32\\drivers\\SKYNETsmykyorn.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(764) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'lsass.exe'(820) c:\windows\system32\fahisili.dll c:\windows\system32\hanelawi.dll c:\windows\system32\wininet.dll - - - - - - - > 'explorer.exe'(5388) c:\windows\system32\WININET.dll c:\windows\system32\fahisili.dll c:\windows\system32\fevusota.dll c:\windows\system32\TDispVol.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\PnkBstrA.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\windows\system32\TPSBattM.exe c:\program files\TOSHIBA\ConfigFree\CFSServ.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\windows\system32\dllhost.exe c:\program files\iPod\bin\iPodService.exe c:\windows\ehome\ehmsas.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2009-09-21 16:59 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-21 23:59 Pre-Run: 74,675,957,760 bytes free Post-Run: 75,889,446,912 bytes free Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 415 --- E O F --- 2009-09-14 10:00

MBAM Log ------------------------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.41 Database version: 2839 Windows 5.1.2600 Service Pack 2 9/21/2009 4:35:53 PM mbam-log-2009-09-21 (16-35-53).txt Scan type: Quick Scan Objects scanned: 112363 Time elapsed: 1 hour(s), 17 minute(s), 15 second(s) Memory Processes Infected: 3 Memory Modules Infected: 4 Registry Keys Infected: 11 Registry Values Infected: 21 Registry Data Items Infected: 20 Folders Infected: 8 Files Infected: 77 Memory Processes Infected: C:\WINDOWS\system32\winupdate.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\Program Files\AdvancedVirusRemover\PAVRM.exe (Rogue.AdvancedVirusRemover) -> Unloaded process successfully. C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Unloaded process successfully. Memory Modules Infected: c:\WINDOWS\system32\fevusota.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> Delete on reboot. \\?\globalroot\systemroot\system32\SKYNETvcbvqpyr.dll (Trojan.FakeAlert) -> Delete on reboot. c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{3c72b957-1a9d-489b-8599-9bb96c15d007} (Trojan.Vundo.H) -> Delete on reboot. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antiviruspro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AVR (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jidoridow (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{3c72b957-1a9d-489b-8599-9bb96c15d007} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\hevamulaj (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advanced virus remover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advanced virus remover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vomiguheme (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fevusota.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\fevusota.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.FakeAlert) -> Data: c:\windows\system32\cru629.dat -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.FakeAlert) -> Data: system32\cru629.dat -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\12106714 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\AdvancedVirusRemover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully. C:\Program Files\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. C:\Program Files\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\data (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Start Menu\Programs\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\system32\fevusota.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> Delete on reboot. \\?\globalroot\systemroot\system32\SKYNETvcbvqpyr.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\ddbpu.exe (Rootkit.Agent) -> Quarantined and deleted successfully. C:\ileede.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\kqjopjiq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\mdnsq.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\ruptbvv.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bisepufi.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\eventlog.dll (Trojan.Sirefef) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fifiteko.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kri746.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\logevent.dll (Trojan.Sirefef) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nzfiu3h78di.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winupdate.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wmdtc.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\UACviuotfunlm.sys (Trojan.TDSS.T) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\nkjnravsej.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HACMB1BS\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KY0D4B2P\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KY0D4B2P\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KY0D4B2P\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KY0D4B2P\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\R7W1YWYT\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UHCQNW8X\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\12106714\12106714 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\12106714\pc12106714ins (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\AdvancedVirusRemover\PAVRM.exe (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.cfg (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\AVEngn.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\htmlayout.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\pthreadVC2.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\Uninstall.exe (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\wscui.cpl (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\data\daily.cvd (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\danigudu.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Desktop\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Start Menu\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully. C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\UACvakomqrgfv.sys (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dumibimo.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\UACmyktuwehwe.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Local Settings\Temp\tmpwr2 (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Local Settings\Temp\tmpwr3 (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Local Settings\Temp\tmpwr4 (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Local Settings\Temp\tmpwr5 (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Local Settings\Temp\tmpwr6 (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Cookies\lajyxyli.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Local Settings\Temporary Internet Files\zehydybore.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Stephen Reid\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\rhjdpc.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\vhlyrkv.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\joxa.exe (Trojan.Dropper) -> Quarantined and deleted successfully. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------

I got combofix to run, along with Malwarebytes. Malwarebytes removed a lot of the infections, but if I run the scan again there are a few infections (which were the same ones as last time) that still show up. What should I do now?

I apologize My computer came under serious attack and I could not access the internet until now. I'll post more information later.

Still unresponsive. Would there be any other factors that wouldn't allow it to run?