Jump to content

MANDA

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. MANDA
    HI I POSTED MY HIJAK THIS LOG IN THE APPRORIATE SPOT BUT STILL HAVE HAD NO HELP. I RESPONDED TO MY OWN THREAD AND THEN SOMEONE WHO ISNT SOMEONE WHO HELPS OUT POSTED IN MY THREAD. I DONT KNOW HOW LONG IS THE AMOUNT OF TIME TO WAIT BEFORE ASKING AGAIN BUT I POSTED ON THE 10TH OF THIS MONTH ITS BEEN ABOUT 5 DAYS NOW. I KNOW THAT YOU ALL ARE SWAMPED WITH ISSUES JUST LIKE MINE AND DONT MIND PATIENTLY WAITING BUT WHO DO I ASK TO LOOK AT MY THREAD IF NO ONE HAS ASSISSTED ME IN 5 DAYS OR SHOULD I WAIT LONGER. I DONT WANNA BE TO PUSHY. I KNOW YOU ALL HAVE A LOT OF WORK ... THANK YOU FOR EVERYTHING YOU ALL DO.
  2. MANDA
    FOR THE PAST 2 DAYS I HAVE BEEN HAVING MANY POP UPS FROM AN ANTIVIRUS PRO THAT HAS BEEN DOWNLOADED TO MY COMPUTER SOME HOW. MY MCAFEE KEEPS PICKING UP THE VIRUS:ARTEMIS, VUNDO, AND GENERIC.DX I DONT KNOW WHAT TO DO BECAUSE IT WILL NOT REMOVE THEM. MALWAREBYTES .EXE HAS BEEN DELETED AND IM UNABLE TO DOWNLOAD IT AGAIN. IM ALSO GETTING POP UPS ON THE INTERENT TO DIFFERENT PORN SITES AND THINGS LIKE THAT. HERE IS MY HIJAK THIS LOG. PLEASE HELP ME!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:07:39 AM, on 11/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\Amanda\LOCALS~1\Temp\_A00FD899B5.exe C:\DOCUME~1\Amanda\LOCALS~1\Temp\ejq9vdp.exe C:\DOCUME~1\Amanda\LOCALS~1\Temp\mdm.exe C:\Documents and Settings\Amanda\Local Settings\Application Data\bmsggq\emunsysguard.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\McAfee\MSC\mcshell.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [kscdaglx] C:\Documents and Settings\Amanda\Local Settings\Application Data\bmsggq\emunsysguard.exe O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKLM\..\Run: [fovuzevevo] Rundll32.exe "gukehere.dll",s O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0 O4 - HKLM\..\Run: [fawiyumoz] Rundll32.exe "c:\windows\system32\guyubaha.dll",a O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\ntuser.dll,_IWMPEvents@0 O4 - HKCU\..\Run: [A00FD899B5.exe] C:\DOCUME~1\Amanda\LOCALS~1\Temp\_A00FD899B5.exe O4 - HKCU\..\Run: [backUp Windows 2009] C:\DOCUME~1\Amanda\LOCALS~1\Temp\ejq9vdp.exe O4 - HKCU\..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\DOCUME~1\Amanda\LOCALS~1\Temp\mdm.exe O4 - HKCU\..\Run: [kscdaglx] C:\Documents and Settings\Amanda\Local Settings\Application Data\bmsggq\emunsysguard.exe O4 - HKCU\..\Run: [fontatmgfx] rundll32.exe "C:\Documents and Settings\Amanda\Local Settings\Application Data\fontatmgfx\fontatmgfx.dll", DllInit O4 - S-1-5-18 Startup: AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: scandisk.dll (User 'SYSTEM') O4 - .DEFAULT Startup: AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe (User 'Default user') O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user') O4 - .DEFAULT Startup: scandisk.dll (User 'Default user') O4 - Startup: AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: scandisk.dll O4 - Global Startup: AntiVirus Plus.lnk = C:\WINDOWS\system32\rundll32.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E31D0C89-560C-40C7-8212-462ED91CF1ED}: NameServer = 77.74.48.113 O18 - Filter hijack: text/html - {6d9b3587-f751-4785-b21b-adb3418eedd5} - C:\WINDOWS\batmeter16.dll O20 - AppInit_DLLs: c:\windows\system32\guyubaha.dll,jiyazami.dll O20 - Winlogon Notify: __c003F1D - C:\WINDOWS\system32\__c003F1D.dat (file missing) O20 - Winlogon Notify: __c0098C4 - C:\WINDOWS\system32\__c0098C4.dat (file missing) O20 - Winlogon Notify: __c00A3FDB - C:\WINDOWS\system32\__c00A3FDB.dat (file missing) O20 - Winlogon Notify: __c00CC4E9 - C:\WINDOWS\system32\__c00CC4E9.dat (file missing) O21 - SSODL: gidumutuh - {6d8c948b-4f91-4b96-a369-21c93d315cd9} - c:\windows\system32\guyubaha.dll O22 - SharedTaskScheduler: kjaf83hfriunf3sf9sfinoi\sufh\87sefhuhdd - {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\mkw4se9xn4.dll (file missing) O22 - SharedTaskScheduler: gahurihor - {6d8c948b-4f91-4b96-a369-21c93d315cd9} - c:\windows\system32\guyubaha.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9637 bytes
  3. MANDA
    Its beyond me how I got around that. I left it on over night and when I woke up my computer was saying the same thing. Then I left and left the computer running and it must have restarted while I was gone. But as far as I know now its fine Im going to run another virus scan and see how that goes. Im also going to try and download Malwarebytes if that dont work I guess Im back where I started. I was a little concerned though because the ESET Online Scanner said it found 72 infections and Im not sure if thats what you had me fix or not. Thank you SOOOOOO much for your help though!! If I have any other issues I will let you know. Thank you thank you thank you!
  4. MANDA
    ComboFix 09-10-16.09 - Amanda 10/16/2009 22:50.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.211 [GMT -4:00] Running from: c:\documents and settings\Amanda\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Amanda\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "c:\documents and settings\Amanda\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-6553fc85-1aa086ce.zip" file zipped: c:\windows\system32\noyijoyo.dll file zipped: c:\windows\system32\suteniro.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Amanda\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-6553fc85-1aa086ce.zip c:\program files\Common Files\zuwi c:\program files\Common Files\zuwi\zuwia.lck c:\program files\Common Files\zuwi\zuwid\class-barrel c:\program files\Common Files\zuwi\zuwid\vocabulary c:\program files\Common Files\zuwi\zuwil.lck c:\program files\Common Files\zuwi\zuwim.lck c:\windows\system32\noyijoyo.dll c:\windows\system32\suteniro.dll . ((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 ))))))))))))))))))))))))))))))) . 2009-10-16 17:54 . 2009-10-16 17:54 -------- d-----w- c:\program files\ESET 2009-10-16 01:29 . 2009-10-16 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\83633831 2009-10-14 18:39 . 2009-10-14 18:39 -------- d-----w- c:\program files\Trend Micro 2009-10-14 17:05 . 2009-10-17 02:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-13 14:37 . 2009-10-13 14:37 -------- d-----w- c:\documents and settings\Amanda\Local Settings\Application Data\AIM 2009-09-20 03:32 . 2009-09-20 03:32 -------- d-sh--w- c:\documents and settings\Debbie\PrivacIE 2009-09-20 03:04 . 2009-09-20 03:04 -------- d-----w- c:\documents and settings\Debbie\Application Data\acccore 2009-09-20 03:02 . 2009-09-20 03:02 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\AOL OCP 2009-09-20 03:02 . 2009-09-20 03:02 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\AOL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-16 17:20 . 2006-12-09 02:44 -------- d-----w- c:\program files\iTunes 2009-10-16 17:20 . 2006-05-20 06:04 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-14 00:28 . 2008-12-16 01:42 -------- d-----w- c:\documents and settings\Debbie\Application Data\LimeWire 2009-09-29 21:39 . 2006-05-20 06:10 -------- d-----w- c:\program files\McAfee 2009-09-17 16:38 . 2006-05-20 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-15 00:47 . 2009-09-15 00:47 -------- d-----w- c:\documents and settings\Amanda\Application Data\Malwarebytes 2009-09-15 00:47 . 2009-09-15 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-14 00:03 . 2009-09-14 00:03 -------- d-----w- c:\documents and settings\Amanda\Application Data\McAfee 2009-09-11 14:18 . 2005-08-16 08:18 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2005-08-16 08:18 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08 . 2005-08-16 08:18 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 19:23 . 2006-12-17 03:52 -------- d-----w- c:\program files\AIM6 2009-08-27 19:22 . 2006-12-17 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-08-27 19:21 . 2006-12-17 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads 2009-08-26 08:00 . 2005-08-16 08:19 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-05 09:01 . 2005-08-16 08:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:13 . 2005-08-16 08:18 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2004-08-04 02:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-07-27 18:22 . 2006-05-27 22:19 96616 ----a-w- c:\documents and settings\Amanda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-25 22:45 . 2009-06-28 00:17 33061 ----a-w- c:\windows\king-uninstall.exe 2009-07-25 09:23 . 2009-06-10 23:28 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-21 14:35 . 2006-05-27 22:19 8404 --sha-w- c:\windows\system32\KGyGaAvL.sys 2007-03-10 18:23 . 2007-03-10 18:23 56 --sh--r- c:\windows\system32\399DCE404B.sys 2006-06-14 22:21 . 2006-06-14 22:21 56 --sh--r- c:\windows\system32\7FC3E94890.sys 2006-06-02 02:30 . 2006-05-27 22:19 88 --sh--r- c:\windows\system32\D438FE4D12.sys . ((((((((((((((((((((((((((((( SnapShot@2009-10-15_00.50.47 ))))))))))))))))))))))))))))))))))))))))) . - 2007-08-13 23:54 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll + 2007-08-13 23:54 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll - 2005-08-16 08:18 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll + 2005-08-16 08:18 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll + 2009-07-20 02:45 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll - 2009-07-20 02:45 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll + 2008-11-05 02:54 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll - 2008-11-05 02:54 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll + 2006-05-10 05:25 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll - 2006-05-10 05:25 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll + 2006-05-26 00:59 . 2009-10-17 01:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-05-26 00:59 . 2009-10-14 21:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-05-26 00:59 . 2009-10-17 01:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-05-26 00:59 . 2009-10-14 21:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-05-26 00:59 . 2009-10-14 21:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-10-16 20:44 . 2009-10-17 01:21 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe - 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll - 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2004-09-29 22:11 . 2009-06-24 16:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe + 2004-10-07 21:36 . 2009-06-24 16:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe + 2005-08-16 08:38 . 2009-06-24 02:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll - 2005-08-16 08:38 . 2007-01-02 20:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll + 2005-08-16 08:38 . 2009-06-24 02:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll - 2005-08-16 08:38 . 2007-01-02 20:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll - 2005-08-16 08:38 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe + 2005-08-16 08:38 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe - 2005-08-16 08:38 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe + 2005-08-16 08:38 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe + 2009-10-16 17:56 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB974455-IE8\xpshims.dll + 2009-10-16 17:56 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll + 2009-10-16 17:56 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll + 2009-10-16 17:50 . 2009-10-16 17:50 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3fc42f1e\System.Drawing.Design.dll + 2009-10-16 17:50 . 2009-10-16 17:50 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_702a6eb3\CustomMarshalers.dll + 2009-10-16 17:47 . 2009-10-16 17:47 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_6427612f\System.Drawing.Design.dll + 2009-10-16 17:46 . 2009-10-16 17:46 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_d9478ba4\CustomMarshalers.dll - 2005-08-16 08:38 . 2007-01-02 20:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe + 2005-08-16 08:38 . 2009-06-29 15:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe + 2005-08-16 08:19 . 2009-04-10 05:01 413544 c:\windows\system32\wmspdmod.dll + 2005-08-16 08:18 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll - 2005-08-16 08:18 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll + 2007-08-13 23:54 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll - 2007-08-13 23:54 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll - 2005-08-16 08:18 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll + 2005-08-16 08:18 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll + 2005-08-16 08:18 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll - 2005-08-16 08:18 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe + 2005-08-16 08:18 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe + 2009-04-10 05:01 . 2009-04-10 05:01 413544 c:\windows\system32\dllcache\wmspdmod.dll + 2006-05-10 05:25 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll + 2006-08-21 14:52 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll - 2006-08-21 14:52 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll + 2007-08-13 23:44 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll - 2007-08-13 23:44 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll - 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll + 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll + 2008-11-05 02:54 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll - 2008-11-05 02:54 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll + 2009-07-20 02:45 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll - 2009-07-20 02:45 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll - 2006-05-10 05:25 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll + 2006-05-10 05:25 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll + 2007-08-13 23:39 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2007-08-13 23:39 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe - 2007-08-13 23:39 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe - 2009-07-20 03:04 . 2009-07-20 03:04 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2009-07-20 03:04 . 2009-10-16 19:01 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat - 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll - 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2005-08-16 08:38 . 2009-06-24 01:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll - 2005-08-16 08:38 . 2004-07-19 22:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll + 2005-08-16 08:38 . 2009-06-24 02:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll - 2005-08-16 08:38 . 2008-04-13 16:09 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll + 2009-10-16 17:56 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB974455-IE8\wininet.dll + 2009-10-16 17:56 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll + 2009-10-16 17:56 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe + 2009-10-16 17:56 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB974455-IE8\occache.dll + 2009-10-16 17:56 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll + 2009-10-16 17:56 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll + 2009-10-16 17:56 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB974455-IE8\iepeers.dll + 2009-10-16 17:56 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll + 2009-10-16 17:56 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe + 2009-10-16 17:50 . 2009-10-16 17:50 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_43f3405f\System.Drawing.dll + 2009-10-16 17:47 . 2009-10-16 17:47 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_3704c93d\System.Drawing.dll + 2009-10-15 01:03 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll + 2005-08-16 08:18 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll - 2005-08-16 08:18 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll - 2005-08-16 08:18 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll + 2005-08-16 08:18 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll + 2005-08-16 08:18 . 2009-08-29 08:08 5940224 c:\windows\system32\mshtml.dll - 2007-08-13 23:34 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll + 2007-08-13 23:34 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll + 2006-05-10 05:25 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll - 2006-05-10 05:25 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll + 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll + 2009-04-15 09:33 . 2009-08-05 00:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe - 2009-04-15 09:33 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe + 2009-04-15 09:33 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe - 2009-02-07 23:02 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe + 2009-02-07 23:02 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe + 2009-04-15 09:33 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe - 2009-04-15 09:33 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe + 2006-05-19 15:06 . 2009-08-29 08:08 5940224 c:\windows\system32\dllcache\mshtml.dll - 2008-11-05 02:54 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll + 2008-11-05 02:54 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll + 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll - 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll - 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll - 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2005-08-16 08:38 . 2009-06-29 15:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll - 2005-08-16 08:38 . 2007-01-02 20:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll - 2005-08-16 08:38 . 2007-12-17 11:59 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll + 2005-08-16 08:38 . 2009-06-24 02:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll + 2005-08-16 08:38 . 2009-06-24 02:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll - 2005-08-16 08:38 . 2007-12-17 11:58 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll + 2005-08-16 08:38 . 2009-06-29 15:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll - 2005-08-16 08:38 . 2007-01-02 20:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll + 2009-10-16 17:56 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB974455-IE8\urlmon.dll + 2009-10-16 17:56 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll + 2009-10-16 17:56 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB974455-IE8\iertutil.dll + 2009-04-15 09:33 . 2009-08-05 00:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe - 2009-04-15 09:33 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2009-04-15 09:33 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2009-02-07 23:02 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2009-02-07 23:02 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2009-04-15 09:33 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2009-04-15 09:33 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2009-10-16 17:50 . 2009-10-16 17:50 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_27662470\System.dll + 2009-10-16 17:50 . 2009-10-16 17:50 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f6afbd9f\System.Xml.dll + 2009-10-16 17:50 . 2009-10-16 17:50 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_70eaeca5\System.Windows.Forms.dll + 2009-10-16 17:50 . 2009-10-16 17:50 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_d575b84f\System.Design.dll + 2009-10-16 17:50 . 2009-10-16 17:50 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a060592d\mscorlib.dll + 2009-10-16 17:46 . 2009-10-16 17:46 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_b5f28db4\System.dll + 2009-10-16 17:47 . 2009-10-16 17:47 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_06d80f0b\System.Xml.dll + 2009-10-16 17:47 . 2009-10-16 17:47 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_98b97a53\System.Windows.Forms.dll + 2009-10-16 17:46 . 2009-10-16 17:46 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_f255ba26\System.Design.dll + 2009-10-16 17:46 . 2009-10-16 17:46 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_89cb1009\mscorlib.dll + 2009-10-16 17:49 . 2009-10-16 17:49 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - 2008-06-10 07:08 . 2008-06-10 07:08 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - 2008-06-10 07:08 . 2008-06-10 07:08 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2009-10-16 17:49 . 2009-10-16 17:49 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - 2009-07-20 01:36 . 2009-07-20 01:36 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll + 2009-10-16 17:45 . 2009-10-16 17:45 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll + 2009-10-16 17:51 . 2009-10-02 15:01 25198016 c:\windows\system32\MRT.exe + 2007-08-13 23:54 . 2009-08-29 08:08 11069440 c:\windows\system32\ieframe.dll + 2008-11-05 02:53 . 2009-08-29 08:08 11069440 c:\windows\system32\dllcache\ieframe.dll + 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp + 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\1806a8.msp + 2009-10-16 17:56 . 2009-07-19 22:48 11067392 c:\windows\ie8updates\KB974455-IE8\ieframe.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-05 39408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] c:\documents and settings\Amanda\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 139776] c:\documents and settings\Debbie\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 139776] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Motorola\\iDEN WebJAL\\WebJAL.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\AIM6\\aolsoftware.exe"= "c:\\Program Files\\McAfee\\VirusScan\\mcods.exe"= "c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"= "c:\\Program Files\\McAfee\\MSC\\mcmscsvc.exe"= "c:\\Program Files\\McAfee\\MSM\\McSmtFwk.exe"= "c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 5:17 PM 24652] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-10-16 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-08 01:26] 2009-10-17 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-08 01:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://ie.search.msn.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com mWindow Title = Windows Internet Explorer provided by Comcast uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-16 22:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2009-10-17 23:05 ComboFix-quarantined-files.txt 2009-10-17 03:03 ComboFix2.txt 2009-10-16 17:48 ComboFix3.txt 2009-10-15 01:15 Pre-Run: 16,788,529,152 bytes free Post-Run: 16,742,084,608 bytes free 336 --- E O F --- 2009-10-16 17:57 Upload was successful
  5. MANDA
    I was able to run the ComboFix with the code you gave me. I was able to get the log but I dont know how to find the zip file that I had to send to that link. I was also able to do the ESET Online Scanner. I have both logs. COMBOFIX LOG {after code} ComboFix 09-10-14.04 - Amanda 10/16/2009 13:13.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.195 [GMT -4:00] Running from: c:\documents and settings\Amanda\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Amanda\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "c:\documents and settings\All Users\Application Data\kekiqasety.dat" "c:\documents and settings\Amanda\Application Data\jesimuboq.dat" "c:\documents and settings\Amanda\Application Data\loqu.dll" "c:\documents and settings\Amanda\Application Data\tawib.dll" "c:\documents and settings\Amanda\Local Settings\Application Data\hygiza.scr" "c:\documents and settings\Amanda\Local Settings\Application Data\uhivol.scr" "c:\program files\Common Files\lilano.pif" "c:\windows\azygagazy.com" "c:\windows\dytojo.com" "c:\windows\labojuju.com" file zipped: c:\windows\is-K6BIJ.exe file zipped: c:\windows\knpiqba.exe file zipped: c:\windows\system32\jijuwajo.dll file zipped: c:\windows\system32\kimulizi.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\17475428 c:\documents and settings\All Users\Application Data\17475428\17475428.exe c:\documents and settings\All Users\Application Data\40021007 c:\documents and settings\All Users\Application Data\40021007\40021007.bat c:\documents and settings\All Users\Application Data\kekiqasety.dat c:\documents and settings\Amanda\Application Data\jesimuboq.dat c:\documents and settings\Amanda\Application Data\loqu.dll c:\documents and settings\Amanda\Application Data\tawib.dll c:\documents and settings\Amanda\Desktop\Security Tool.lnk c:\documents and settings\Amanda\Local Settings\Application Data\hygiza.scr c:\documents and settings\Amanda\Local Settings\Application Data\uhivol.scr c:\program files\Common Files\lilano.pif c:\program files\Common Files\Symantec Shared\bak c:\program files\Common Files\Symantec Shared\bak\ccApp.exe c:\program files\iTunes\bak c:\program files\iTunes\bak\iTunesHelper.exe c:\program files\Norton SystemWorks\Norton AntiVirus\bak c:\program files\Norton SystemWorks\Norton AntiVirus\bak\navapw32.exe c:\program files\QuickTime\bak c:\program files\QuickTime\bak\qttask.exe c:\windows\azygagazy.com c:\windows\dytojo.com c:\windows\is-K6BIJ.exe c:\windows\knpiqba.exe c:\windows\labojuju.com c:\windows\system32\dayahiba.dll c:\windows\system32\fudoneze.dll c:\windows\system32\jijuwajo.dll c:\windows\system32\kimulizi.dll c:\windows\system32\lufuyuko.dll c:\windows\system32\suhalewo.dll . ((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 ))))))))))))))))))))))))))))))) . 2009-10-16 01:29 . 2009-10-16 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\83633831 2009-10-15 00:20 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-15 00:20 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-14 18:39 . 2009-10-14 18:39 -------- d-----w- c:\program files\Trend Micro 2009-10-14 17:05 . 2009-10-15 00:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-13 14:37 . 2009-10-13 14:37 -------- d-----w- c:\documents and settings\Amanda\Local Settings\Application Data\AIM 2009-09-20 03:32 . 2009-09-20 03:32 -------- d-sh--w- c:\documents and settings\Debbie\PrivacIE 2009-09-20 03:04 . 2009-09-20 03:04 -------- d-----w- c:\documents and settings\Debbie\Application Data\acccore 2009-09-20 03:02 . 2009-09-20 03:02 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\AOL OCP 2009-09-20 03:02 . 2009-09-20 03:02 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\AOL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-16 17:20 . 2006-12-09 02:44 -------- d-----w- c:\program files\iTunes 2009-10-14 00:28 . 2008-12-16 01:42 -------- d-----w- c:\documents and settings\Debbie\Application Data\LimeWire 2009-09-29 21:39 . 2006-05-20 06:10 -------- d-----w- c:\program files\McAfee 2009-09-17 16:38 . 2006-05-20 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-15 00:47 . 2009-09-15 00:47 -------- d-----w- c:\documents and settings\Amanda\Application Data\Malwarebytes 2009-09-15 00:47 . 2009-09-15 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-14 00:03 . 2009-09-14 00:03 -------- d-----w- c:\documents and settings\Amanda\Application Data\McAfee 2009-08-27 19:23 . 2006-12-17 03:52 -------- d-----w- c:\program files\AIM6 2009-08-27 19:22 . 2006-12-17 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-08-27 19:21 . 2006-12-17 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads 2009-08-05 09:01 . 2005-08-16 08:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-27 18:22 . 2006-05-27 22:19 96616 ----a-w- c:\documents and settings\Amanda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-25 22:45 . 2009-06-28 00:17 33061 ----a-w- c:\windows\king-uninstall.exe 2009-07-25 09:23 . 2009-06-10 23:28 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-21 14:35 . 2006-05-27 22:19 8404 --sha-w- c:\windows\system32\KGyGaAvL.sys 2007-03-10 18:23 . 2007-03-10 18:23 56 --sh--r- c:\windows\system32\399DCE404B.sys 2006-06-14 22:21 . 2006-06-14 22:21 56 --sh--r- c:\windows\system32\7FC3E94890.sys 2009-07-16 13:29 . 2009-07-16 13:29 1111915 --sha-w- c:\windows\system32\badebusu.exe 2006-06-02 02:30 . 2006-05-27 22:19 88 --sh--r- c:\windows\system32\D438FE4D12.sys 2009-07-16 01:29 . 2009-07-16 01:29 88576 --sha-w- c:\windows\system32\noyijoyo.dll 2009-07-15 13:28 . 2009-07-15 13:28 88576 --sha-w- c:\windows\system32\suteniro.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-15_00.50.47 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-16 17:23 . 2009-10-16 17:23 16384 c:\windows\Temp\Perflib_Perfdata_3a8.dat + 2006-05-26 00:59 . 2009-10-16 16:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-05-26 00:59 . 2009-10-14 21:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-05-26 00:59 . 2009-10-16 16:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-05-26 00:59 . 2009-10-14 21:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-10-15 01:51 . 2009-10-16 16:17 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2006-05-26 00:59 . 2009-10-14 21:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-05 39408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] c:\documents and settings\Amanda\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 139776] c:\documents and settings\Debbie\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 139776] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Motorola\\iDEN WebJAL\\WebJAL.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\AIM6\\aolsoftware.exe"= "c:\\Program Files\\McAfee\\VirusScan\\mcods.exe"= "c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"= "c:\\Program Files\\McAfee\\MSC\\mcmscsvc.exe"= "c:\\Program Files\\McAfee\\MSM\\McSmtFwk.exe"= "c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-10-16 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-08 01:26] 2009-09-17 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-08 01:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://ie.search.msn.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com mWindow Title = Windows Internet Explorer provided by Comcast uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - HKLM-Run-17475428 - c:\docume~1\ALLUSE~1\APPLIC~1\17475428\17475428.exe SharedTaskScheduler-{7e908faf-0089-43cc-9d72-1082ce645de4} - c:\windows\system32\fudoneze.dll SSODL-leyobusuw-{7e908faf-0089-43cc-9d72-1082ce645de4} - c:\windows\system32\fudoneze.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-16 13:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1104) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe c:\progra~1\McAfee.com\Agent\mcagent.exe c:\windows\system32\wdfmgr.exe c:\program files\Viewpoint\Common\ViewpointService.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\windows\system32\dllhost.exe c:\program files\iPod\bin\iPodService.exe c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe . ************************************************************************** . Completion time: 2009-10-16 13:48 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-16 17:47 ComboFix2.txt 2009-10-15 01:15 Pre-Run: 17,178,488,832 bytes free Post-Run: 17,079,230,464 bytes free 249 --- E O F --- 2009-09-10 07:05 ESET ONLINE SCANNER LOG C:\Documents and Settings\Amanda\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-6553fc85-1aa086ce.zip Java/Exploit.Bytverify trojan C:\Program Files\Common Files\zuwi\zuwid\vocabulary Win32/TrojanDownloader.TSUpdate.J trojan C:\Qoobox\Quarantine\[4]-Submit_2009-10-16_13.13.14.zip a variant of Win32/Adware.SuperJuan.H application C:\Qoobox\Quarantine\C\WINDOWS\system32\apadeirk.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\appaghgc.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\blwagplf.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\ckwksxgf.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\cvqsfxcf.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\dayahiba.dll.vir a variant of Win32/KillAV.NFZ trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\dgoivwbb.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\dmsadaue.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\dviykotg.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\fjdcpdlm.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\hgjlm.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\hgjlm.ini2.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\ikoqurlv.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\jdjuboen.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\jhpyrkoo.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\jlptkowq.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\lufuyuko.dll.vir a variant of Win32/KillAV.NFZ trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\migeewlr.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\mubodigi.dll.vir a variant of Win32/KillAV.NFZ trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\mwbjiydn.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\nusoyeta.dll.vir a variant of Win32/Adware.SuperJuan.H application C:\Qoobox\Quarantine\C\WINDOWS\system32\nyirwljd.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\otqnxgcv.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\pgfqsnfv.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\qmsbcttu.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\rdvwxvxi.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\rerdjqqv.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\suhalewo.dll.vir a variant of Win32/KillAV.NFZ trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\swsllsot.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\uscjuudb.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\uvnjoikh.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\uxgsncwk.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\vltxshyi.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\wyonmqtr.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\xkyilmiq.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\system32\yorefenu.dll.vir a variant of Win32/Adware.SuperJuan.H application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054814.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054815.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054816.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054817.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054821.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054822.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054823.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054824.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054826.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054827.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054828.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054829.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054830.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054831.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054833.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054834.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054835.dll a variant of Win32/Adware.SuperJuan.H application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054836.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054837.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054838.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054841.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054842.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054843.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054844.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054845.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054846.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054847.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054848.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054849.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054850.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0054851.dll a variant of Win32/Adware.SuperJuan.H application C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP491\A0056067.dll a variant of Win32/KillAV.NFZ trojan C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP491\A0056068.dll a variant of Win32/KillAV.NFZ trojan
  6. MANDA
    I saved what you told me to save dragged it into ComboFix the blue screen appeared and then stopped at please wait. I left it on over night because it was taking so long when I woke up it was still saying the same thing. I disabled my anti virus and now my computer has gotten WAY WORSE! I have no desktop icons and the desktop is completely white. I have the start menu. I ran my anti virus again and it says it took care of the virus but I know that it hasn't because of the obvious reasons. I'm unsure what I should do. There is no other ways of ridding my computer of this INFECTION! PLEASE HELP!
  7. MANDA
    ComboFix 09-10-14.04 - Amanda 10/14/2009 20:29.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.258 [GMT -4:00] Running from: c:\documents and settings\Amanda\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Documents\buhy.inf c:\documents and settings\Amanda\Application Data\kodog.reg c:\documents and settings\Amanda\Application Data\Sskdmns.dll c:\documents and settings\Amanda\Application Data\toboroh.inf c:\documents and settings\Amanda\Cookies\abomomameg.lib c:\documents and settings\Amanda\Cookies\asubihy.db c:\documents and settings\Amanda\Cookies\epabaleh._sy c:\documents and settings\Amanda\Cookies\gaquj.inf c:\documents and settings\Amanda\Cookies\isamose.com c:\documents and settings\Amanda\Cookies\omykezypi._sy c:\documents and settings\Amanda\Cookies\qigodypa.bat c:\documents and settings\Amanda\Cookies\roxosacufo.pif c:\documents and settings\Amanda\Cookies\urykariz.dl c:\documents and settings\Amanda\Cookies\voqurew.dat c:\documents and settings\Amanda\Cookies\yjedekyweq.db c:\documents and settings\Amanda\Cookies\yzyrun.vbs c:\documents and settings\Amanda\Local Settings\Temporary Internet Files\hyvyqocacu.reg c:\documents and settings\Amanda\Local Settings\Temporary Internet Files\ijibajener.lib c:\documents and settings\Amanda\Local Settings\Temporary Internet Files\pybowy.bat c:\documents and settings\Amanda\Local Settings\Temporary Internet Files\yvafof.dll c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\Ssk.log c:\documents and settings\LocalService\Start Menu\Programs\UCmore - The Search Accelerator c:\documents and settings\LocalService\Start Menu\Programs\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk c:\progra~1\COMMON~1\{A4BC8~1 c:\program files\Common Files\misc002 c:\program files\pslister c:\program files\pslister\Uninstall.exe c:\program files\Windows Police Pro c:\program files\Windows Police Pro\msvcm80.dll c:\program files\Windows Police Pro\msvcp80.dll c:\program files\Windows Police Pro\msvcr80.dll c:\recycler\NPROTECT c:\temp\1cb c:\temp\1cb\syscheck.log c:\temp\bkR11 c:\temp\bkR11\ftCa.log c:\temp\tn3 c:\windows\aqin._sy c:\windows\duliqu.dll c:\windows\ibacamon.dll c:\windows\ihotilefi._sy c:\windows\inub.inf c:\windows\kb913800.exe c:\windows\oxubuhatap.reg c:\windows\polaxuqoha.dll c:\windows\system32\apadeirk.ini c:\windows\system32\appaghgc.ini c:\windows\system32\blwagplf.ini c:\windows\system32\ckwksxgf.ini c:\windows\system32\crunner c:\windows\system32\crunner\cproc.exe.config c:\windows\system32\crunner\cupdater.exe.config c:\windows\system32\crunner\ICSharpCode.SharpZipLib.dll c:\windows\system32\crunner\Version.txt c:\windows\system32\cvqsfxcf.ini c:\windows\system32\dgoivwbb.ini c:\windows\system32\dmsadaue.ini c:\windows\system32\dviykotg.ini c:\windows\system32\efihiq.vbs c:\windows\system32\fjdcpdlm.ini c:\windows\system32\hgjlm.ini c:\windows\system32\hgjlm.ini2 c:\windows\system32\howenuze.dll c:\windows\system32\ikoqurlv.ini c:\windows\system32\jdjuboen.ini c:\windows\system32\jhpyrkoo.ini c:\windows\system32\jlptkowq.ini c:\windows\system32\jycejihag.vbs c:\windows\system32\migeewlr.ini c:\windows\system32\mubodigi.dll c:\windows\system32\mwbjiydn.ini c:\windows\system32\nusoyeta.dll c:\windows\system32\nyirwljd.ini c:\windows\system32\otqnxgcv.ini c:\windows\system32\pgfqsnfv.ini c:\windows\system32\posinobo.dll c:\windows\system32\pump.exe c:\windows\system32\qmsbcttu.ini c:\windows\system32\rdvwxvxi.ini c:\windows\system32\rerdjqqv.ini c:\windows\system32\swsllsot.ini c:\windows\system32\uscjuudb.ini c:\windows\system32\uvnjoikh.ini c:\windows\system32\uxgsncwk.ini c:\windows\system32\vltxshyi.ini c:\windows\system32\wyonmqtr.ini c:\windows\system32\xkyilmiq.ini c:\windows\system32\yorefenu.dll c:\windows\uhepohal.dll c:\windows\yzumovesam.scr . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DOMAINSERVICE -------\Legacy_RUNDLL.EXE -------\Legacy_WINDOWS_OVERLAY_COMPONENTS ((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 ))))))))))))))))))))))))))))))) . 2009-10-15 00:20 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-15 00:20 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-14 18:39 . 2009-10-14 18:39 -------- d-----w- c:\program files\Trend Micro 2009-10-14 17:11 . 2009-10-14 17:11 693760 ----a-w- c:\windows\is-K6BIJ.exe 2009-10-14 17:05 . 2009-10-15 00:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-14 11:55 . 2009-10-14 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\40021007 2009-10-13 14:37 . 2009-10-13 14:37 -------- d-----w- c:\documents and settings\Amanda\Local Settings\Application Data\AIM 2009-09-20 03:32 . 2009-09-20 03:32 -------- d-sh--w- c:\documents and settings\Debbie\PrivacIE 2009-09-20 03:04 . 2009-09-20 03:04 -------- d-----w- c:\documents and settings\Debbie\Application Data\acccore 2009-09-20 03:02 . 2009-09-20 03:02 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\AOL OCP 2009-09-20 03:02 . 2009-09-20 03:02 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\AOL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-14 00:28 . 2008-12-16 01:42 -------- d-----w- c:\documents and settings\Debbie\Application Data\LimeWire 2009-09-29 21:39 . 2006-05-20 06:10 -------- d-----w- c:\program files\McAfee 2009-09-17 16:38 . 2006-05-20 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-15 00:47 . 2009-09-15 00:47 -------- d-----w- c:\documents and settings\Amanda\Application Data\Malwarebytes 2009-09-15 00:47 . 2009-09-15 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-14 00:03 . 2009-09-14 00:03 -------- d-----w- c:\documents and settings\Amanda\Application Data\McAfee 2009-09-13 23:17 . 2009-09-13 23:17 19439 ----a-w- c:\documents and settings\Amanda\Local Settings\Application Data\uhivol.scr 2009-09-13 23:17 . 2009-09-13 23:17 19084 ----a-w- c:\windows\azygagazy.com 2009-09-13 23:17 . 2009-09-13 23:17 13685 ----a-w- c:\documents and settings\Amanda\Application Data\jesimuboq.dat 2009-09-13 23:17 . 2009-09-13 23:17 10666 ----a-w- c:\documents and settings\Amanda\Application Data\tawib.dll 2009-09-13 16:59 . 2009-09-13 16:59 17438 ----a-w- c:\program files\Common Files\lilano.pif 2009-09-13 16:59 . 2009-09-13 16:59 17235 ----a-w- c:\documents and settings\All Users\Application Data\kekiqasety.dat 2009-09-13 16:59 . 2009-09-13 16:59 17036 ----a-w- c:\documents and settings\Amanda\Application Data\loqu.dll 2009-09-13 16:59 . 2009-09-13 16:59 15882 ----a-w- c:\documents and settings\Amanda\Local Settings\Application Data\hygiza.scr 2009-09-13 16:59 . 2009-09-13 16:59 12438 ----a-w- c:\windows\labojuju.com 2009-09-13 16:59 . 2009-09-13 16:59 12096 ----a-w- c:\windows\dytojo.com 2009-08-27 19:23 . 2006-12-17 03:52 -------- d-----w- c:\program files\AIM6 2009-08-27 19:22 . 2006-12-17 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-08-27 19:21 . 2006-12-17 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads 2009-08-05 09:01 . 2005-08-16 08:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-27 18:22 . 2006-05-27 22:19 96616 ----a-w- c:\documents and settings\Amanda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-25 22:45 . 2009-06-28 00:17 33061 ----a-w- c:\windows\king-uninstall.exe 2009-07-25 09:23 . 2009-06-10 23:28 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-21 14:35 . 2006-05-27 22:19 8404 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-07-17 19:01 . 2005-08-16 08:18 58880 ----a-w- c:\windows\system32\atl.dll 1989-12-12 14:10 . 2006-08-27 00:13 550000 --sh--r- c:\windows\knpiqba.exe 2007-03-10 18:23 . 2007-03-10 18:23 56 --sh--r- c:\windows\system32\399DCE404B.sys 2006-06-14 22:21 . 2006-06-14 22:21 56 --sh--r- c:\windows\system32\7FC3E94890.sys 2006-06-02 02:30 . 2006-05-27 22:19 88 --sh--r- c:\windows\system32\D438FE4D12.sys 2009-07-14 11:55 . 2009-07-14 11:55 52224 --sha-w- c:\windows\system32\jijuwajo.dll 2009-07-14 11:57 . 2009-07-14 11:57 52224 --sha-w- c:\windows\system32\kimulizi.dll . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2004-12-13 19:30 . 2007-01-09 22:32 58984 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe 2007-06-01 20:51 . 2007-06-01 20:51 257088 c:\program files\iTunes\bak\iTunesHelper.exe 2009-04-02 20:11 . 2009-04-02 20:11 342312 c:\program files\iTunes\iTunesHelper.exe 2001-08-16 21:52 . 2001-08-16 21:52 74832 c:\program files\Norton SystemWorks\Norton AntiVirus\bak\navapw32.exe 2007-04-27 13:41 . 2007-04-27 13:41 282624 c:\program files\QuickTime\bak\qttask.exe 2009-01-05 20:18 . 2009-01-05 20:18 413696 c:\program files\QuickTime\QTTask.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b227d665-405d-437b-aadc-876c4882dea5}] 2009-07-14 11:57 52224 --sha-w- c:\windows\system32\kimulizi.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-05 39408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Aim6"="" [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lphcl84j0epbj"="c:\windows\system32\lphcl84j0epbj.exe" [N/A] "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [N/A] "fawiyumoz"="c:\windows\system32\howenuze.dll" [N/A] "fovuzevevo"="yorefenu.dll" [N/A] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "zuwi"="c:\progra~1\COMMON~1\zuwi\zuwim.exe" [N/A] "tiviu"="c:\windows\system32\xtkptc.exe" [N/A] [HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run] "{A4BC867B-0AE9-1033-1008-050412200001}"="c:\program files\Common Files\{A4BC867B-0AE9-1033-1008-050412200001}\Update.exe" [N/A] c:\documents and settings\Amanda\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 139776] c:\documents and settings\Debbie\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 139776] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Motorola\\iDEN WebJAL\\WebJAL.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\AIM6\\aolsoftware.exe"= "c:\\Program Files\\McAfee\\VirusScan\\mcods.exe"= "c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"= "c:\\Program Files\\McAfee\\MSC\\mcmscsvc.exe"= "c:\\Program Files\\McAfee\\MSM\\McSmtFwk.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-09-16 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-08 01:26] 2009-09-17 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-08 01:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://ie.search.msn.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com mWindow Title = Windows Internet Explorer provided by Comcast uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: whataboutadog.com Trusted Zone: whataboutarabit.com . . ------- File Associations ------- . . - - - - ORPHANS REMOVED - - - - SharedTaskScheduler-{f65753e3-606a-4bd9-99a8-04eaab3aebef} - c:\windows\system32\wowinule.dll SharedTaskScheduler-{8564bb19-855a-4a5e-af83-06401f4aade9} - c:\windows\system32\howenuze.dll SSODL-remabikoy-{f65753e3-606a-4bd9-99a8-04eaab3aebef} - c:\windows\system32\wowinule.dll SSODL-tuvahasal-{8564bb19-855a-4a5e-af83-06401f4aade9} - c:\windows\system32\howenuze.dll Notify-CSCSettings - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-14 20:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1680) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe c:\windows\system32\wdfmgr.exe c:\program files\Viewpoint\Common\ViewpointService.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\progra~1\McAfee.com\Agent\mcagent.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-10-15 21:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-15 01:15 Pre-Run: 16,938,229,760 bytes free Post-Run: 17,203,228,672 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 332 --- E O F --- 2009-09-10 07:05
  8. MANDA
    I have a virus called artemis and vundo. I use McAfee anti virus. I was able to download hijak this and have a log I dont know if that could be of any help with my problem. I was recommened to download Malwarebytes but then when I did I got a message that mbam.exe was unable to be found. Heres my logs. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:41:38 PM, on 10/14/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\dllhost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE c:\PROGRA~1\mcafee\msc\mcshell.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) O1 - Hosts: 216.19.0.250 idenupdate.motorola.com O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: (no name) - {b227d665-405d-437b-aadc-876c4882dea5} - kimulizi.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [lphcl84j0epbj] C:\WINDOWS\system32\lphcl84j0epbj.exe O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [fawiyumoz] Rundll32.exe "c:\windows\system32\wowinule.dll",a O4 - HKLM\..\Run: [fovuzevevo] Rundll32.exe "yorefenu.dll",s O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [zuwi] C:\PROGRA~1\COMMON~1\zuwi\zuwim.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [tiviu] C:\WINDOWS\system32\xtkptc.exe reg_run (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{A4BC867B-0AE9-1033-1008-050412200001}] "C:\Program Files\Common Files\{A4BC867B-0AE9-1033-1008-050412200001}\Update.exe" mc-110-12-0000509 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [zuwi] C:\PROGRA~1\COMMON~1\zuwi\zuwim.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{A4BC867B-0AE9-1033-1008-050412200001}] "C:\Program Files\Common Files\{A4BC867B-0AE9-1033-1008-050412200001}\Update.exe" mc-110-12-0000509 (User 'Default user') O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM') O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.whataboutadog.com O15 - Trusted Zone: *.whataboutarabit.com O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} - http://www.terp17.com/ax/axo.cab O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/eliteview.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O18 - Filter hijack: text/html - {9cf9032e-1de7-42e4-82ba-3ce8262a9b34} - (no file) O20 - AppInit_DLLs: c:\windows\system32\wowinule.dll,nusoyeta.dll O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\ O21 - SSODL: remabikoy - {f65753e3-606a-4bd9-99a8-04eaab3aebef} - c:\windows\system32\wowinule.dll O22 - SharedTaskScheduler: mujuzedij - {f65753e3-606a-4bd9-99a8-04eaab3aebef} - c:\windows\system32\wowinule.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8642 bytes
  9. MANDA
    I use McAfee Anti Virus and it quarnteened most of the files but kept on saying to scan after restart. So I scaned it agian after I restarted the computer and it said it again. It said I had an Artemis trojan and and Vundo trojan. So I googled them and a few sites recommended Malwarebytes but when I download it the mbam.exe is missing. I tried so of the things in the forums but Im confused I dont know what the logs and things are. Can someone help? Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.