Jump to content

Help with Vundo


Recommended Posts

My brother asked me to help him with his computer. When I first ran anti-malware it came back with 167 infected files. After it rebooted and I ran it again it came back with 6, all Vundo. Which I cant seem to get rid of. I have the AM and HJ logs but I cannot get panda or eset to run on his laptop. Hopefully you can help with just these two logs:

AM - highlighted the problem files, killbox wasn't able to get rid of them either, they just come back after reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtspjyq (Adware.BHO) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.18Database version: 871
11:33:53 PM 6/19/2008mbam-log-6-19-2008 (23-33-53).txt
Scan type: Quick ScanObjects scanned: 38053Time elapsed: 10 minute(s), 21 second(s)
Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 12Registry Values Infected: 6Registry Data Items Infected: 1Folders Infected: 0Files Infected: 20
Memory Processes Infected:(No malicious items detected)
Memory Modules Infected:C:\WINDOWS\system32\awtsPJYq.dll (Adware.BHO) -> Unloaded module successfully.
Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bc15cfa-06c6-4f76-81e3-3151b5f8a3df} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{7bc15cfa-06c6-4f76-81e3-3151b5f8a3df} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtspjyq (Adware.BHO) -> Delete on reboot.HKEY_CLASSES_ROOT\CLSID\{4c3fefb5-8deb-4037-bdb7-1cd699e542fd} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c3fefb5-8deb-4037-bdb7-1cd699e542fd} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM447b567e (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:(No malicious items detected)
Files Infected:C:\WINDOWS\system32\fccywULd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\dLUwyccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\awtsPJYq.dll (Adware.BHO) -> Delete on reboot.C:\WINDOWS\system32\dvjqapup.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\iqxpfeie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\lmuffwxf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\rfnyuflu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\sccjbwlf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\taohechk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\uknuqxbt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\vcgdkmgx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\wquybddg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\yfcpbfqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\yfctjuxt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\yvhoehdg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Documents and Settings\Brian Patten\Local Settings\Temp\SystemDoctor2006FreeInstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\NWVEI74D\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\SP63CXMN\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ndnarwfr.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Hijackthis!

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtsPJYq.dll

Logfile of HijackThis v1.99.1Scan saved at 12:40:20 AM, on 6/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Administrator\Application Data\U3\0000187115760A98\LaunchPad.exeF:\****me\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/verizon/*http://www.yahoo.com/search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/verizon/*http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://verizon.yahoo.com/O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO2 - BHO: (no name) - {039A9623-3980-41AA-9D7D-443F08062332} - C:\WINDOWS\system32\tythobpp.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {4448F0CF-B2CF-4CD7-A108-E9A521781BEF} - C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\I2EB8SFQ\3077ahntdksr[1].dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtsPJYq.dllO2 - BHO: (no name) - {70F52DEA-7CFB-42DA-8536-51A2CCD57FA9} - C:\WINDOWS\system32\xxyASLEu.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO2 - BHO: (no name) - {BD21240F-91DC-47A6-B14F-43F548033D32} - C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\I2EB8SFQ\3077ahntdksr[1].dllO2 - BHO: {36c7e488-5d2f-fee9-b354-bb328c71105c} - {c50117c8-23bb-453b-9eef-f2d5884e7c63} - C:\WINDOWS\system32\wirrfagp.dllO2 - BHO: (no name) - {C8F2915E-0B44-48BD-BA08-A15E10ECFCB0} - C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\1LLQ7RDM\3077ahntdksr[1].dll (file missing)O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hideO4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXEO4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostartO4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [bM447b567e] Rundll32.exe "C:\WINDOWS\system32\rtjlemmy.dll",sO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dllO9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptopO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dllO20 - Winlogon Notify: awtsPJYq - C:\WINDOWS\SYSTEM32\awtsPJYq.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeO23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeO23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Thanks!

Link to post
Share on other sites

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***

Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please post back the following on your next reply:

C:\ComboFix.txt

New HijackThis log.

Link to post
Share on other sites

Here you go my man:

Combofix

ComboFix 08-06-19.2 - ******** 2008-06-20 10:42:45.1 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.134 [GMT -4:00]Running from: F:\******\ComboFix.exe * Created a new restore point.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).
C:\WINDOWS\BM447b567e.xmlC:\WINDOWS\pskt.iniC:\WINDOWS\system32\acgpjtqb.iniC:\WINDOWS\system32\aebxqdqh.dllC:\WINDOWS\system32\aiplfvwf.iniC:\WINDOWS\system32\awkubydb.iniC:\WINDOWS\system32\buyjpmvh.exeC:\WINDOWS\system32\bxqythbd.dllC:\WINDOWS\system32\ctmxltwj.iniC:\WINDOWS\system32\dmlffucp.iniC:\WINDOWS\system32\ekakjmfb.exeC:\WINDOWS\system32\eykkorpv.iniC:\WINDOWS\system32\fccployc.exeC:\WINDOWS\system32\ffmoitqt.iniC:\WINDOWS\system32\fmgampgx.iniC:\WINDOWS\system32\gdhvpbdd.exeC:\WINDOWS\system32\hrgokthi.exeC:\WINDOWS\system32\iexmjfxx.iniC:\WINDOWS\system32\jgioewnd.exeC:\WINDOWS\system32\jlkaengs.exeC:\WINDOWS\system32\jnpbuqsm.exeC:\WINDOWS\system32\jvjsklrg.dllC:\WINDOWS\system32\kevklibs.dllC:\WINDOWS\system32\kglabrjf.iniC:\WINDOWS\system32\kmlccfol.dllC:\WINDOWS\system32\kywqfikg.iniC:\WINDOWS\system32\lwwiieyb.exeC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\ncsqolrg.dllC:\WINDOWS\system32\npairtpp.dllC:\WINDOWS\system32\nsbswmhj.exeC:\WINDOWS\system32\ogstesqy.dllC:\WINDOWS\system32\ohwmrdgk.iniC:\WINDOWS\system32\onfxiypo.exeC:\WINDOWS\system32\oomhnsln.dllC:\WINDOWS\system32\osvafohe.exeC:\WINDOWS\system32\ovxggcws.dllC:\WINDOWS\system32\pojtwyer.iniC:\WINDOWS\system32\pvlfmwsw.exeC:\WINDOWS\system32\pxovywlp.dllC:\WINDOWS\system32\qngvdqdd.exeC:\WINDOWS\system32\qvjbkdii.dllC:\WINDOWS\system32\rhavdlcx.exeC:\WINDOWS\system32\rtjlemmy.dllC:\WINDOWS\system32\seiegyew.exeC:\WINDOWS\system32\smkwfxba.iniC:\WINDOWS\system32\ssirasok.exeC:\WINDOWS\system32\svqxdodp.iniC:\WINDOWS\system32\taaoifde.iniC:\WINDOWS\system32\tjdlivvo.dllC:\WINDOWS\system32\ttwjnfeq.exeC:\WINDOWS\system32\tygcdnid.iniC:\WINDOWS\system32\tythobpp.dllC:\WINDOWS\system32\ugafpyme.iniC:\WINDOWS\system32\wqsayddi.iniC:\WINDOWS\system32\wxpmjjxm.dllC:\WINDOWS\system32\ywsqhrny.dll
.(((((((((((((((((((((((((   Files Created from 2008-05-20 to 2008-06-20  ))))))))))))))))))))))))))))))).
2008-06-20 10:22 . 2004-08-03 22:58	14,848	--a------	C:\WINDOWS\system32\drivers\kbdhid.sys2008-06-20 10:22 . 2004-08-03 22:58	14,848	--a------	C:\WINDOWS\system32\dllcache\kbdhid.sys2008-06-20 00:39 . 2008-06-20 00:42	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\U32008-06-19 23:54 . 2008-06-19 23:55	<DIR>	d--------	C:\QUARANTINE2008-06-19 23:41 . 2008-06-19 23:41	<DIR>	d---s----	C:\Documents and Settings\Administrator\UserData2008-06-19 23:22 . 2008-06-19 23:22	<DIR>	d--------	C:\_OTMoveIt2008-06-19 22:48 . 2008-06-19 22:48	<DIR>	d--------	C:\Program Files\Common Files\Cisco Systems2008-06-19 22:48 . 2008-06-19 22:49	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\McAfee2008-06-19 22:48 . 2006-11-17 03:06	1,495,552	--a------	C:\WINDOWS\system32\epoPGPsdk.dll2008-06-19 22:48 . 2006-11-30 08:50	72,264	--a------	C:\WINDOWS\system32\drivers\mfeavfk.sys2008-06-19 22:48 . 2006-11-30 08:50	64,360	--a------	C:\WINDOWS\system32\drivers\mfeapfk.sys2008-06-19 22:48 . 2006-11-30 08:50	52,136	--a------	C:\WINDOWS\system32\drivers\mfetdik.sys2008-06-19 22:48 . 2006-11-30 08:50	34,152	--a------	C:\WINDOWS\system32\drivers\mfebopk.sys2008-06-19 22:48 . 2006-11-17 03:06	280	--a------	C:\WINDOWS\system32\epoPGPsdk.dll.sig2008-06-19 22:47 . 2006-11-30 08:50	168,776	--a------	C:\WINDOWS\system32\drivers\mfehidk.sys2008-06-19 22:46 . 2008-06-19 22:48	<DIR>	d--------	C:\Program Files\McAfee2008-06-19 22:46 . 2008-06-19 22:46	<DIR>	d--------	C:\Program Files\Common Files\McAfee2008-06-19 22:36 . 2008-06-19 22:36	<DIR>	d--------	C:\Documents and Settings\Brian Patten\Application Data\Malwarebytes2008-06-19 22:18 . 2008-06-20 09:50	<DIR>	d--------	C:\VundoFix Backups2008-06-19 22:04 . 2008-06-19 22:05	<DIR>	d--------	C:\!KillBox2008-06-19 21:36 . 2008-06-19 21:36	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Malwarebytes2008-06-19 21:34 . 2008-06-19 22:36	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware2008-06-19 21:34 . 2008-06-19 21:34	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-06-19 21:34 . 2008-06-19 17:48	34,296	--a------	C:\WINDOWS\system32\drivers\mbamcatchme.sys2008-06-19 21:34 . 2008-06-19 17:47	17,144	--a------	C:\WINDOWS\system32\drivers\mbam.sys2008-06-19 21:32 . 2004-11-20 07:14	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Symantec2008-06-19 21:32 . 2004-11-20 07:02	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Sonic2008-06-19 21:32 . 2004-11-20 07:13	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Apple Computer2008-06-19 21:32 . 2008-06-19 23:41	<DIR>	d--------	C:\Documents and Settings\Administrator2008-06-19 21:26 . 2008-06-20 10:22	<DIR>	d--------	C:\Documents and Settings\Brian Patten\Application Data\U32008-06-08 21:32 . 2008-06-20 10:51	54,156	--ah-----	C:\WINDOWS\QTFont.qfn2008-06-08 21:32 . 2008-06-08 21:32	1,409	--a------	C:\WINDOWS\QTFont.for
.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-20 04:18	---------	d-----w	C:\Program Files\Common Files\Symantec Shared2008-06-20 04:14	---------	d-----w	C:\Program Files\Norton AntiVirus2008-05-20 19:32	---------	d-----w	C:\Program Files\Common Files\Command Software2008-05-20 19:26	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-05-10 23:27	---------	d-----w	C:\Program Files\ItsDeductibleEX2008-05-07 17:31	27,264	------w	C:\WINDOWS\system32\awtsPJYq.dll2008-04-26 02:21	---------	d-----w	C:\Program Files\iTunes2008-04-26 02:21	---------	d-----w	C:\Program Files\iPod2008-04-23 23:11	---------	d-----w	C:\Documents and Settings\Brian Patten\Application Data\AdobeUM.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20107791-F846-4396-829C-5D1167EF7E0E}]			C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\I2EB8SFQ\3077ahntdksr[1].dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4448F0CF-B2CF-4CD7-A108-E9A521781BEF}]			C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\I2EB8SFQ\3077ahntdksr[1].dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{504D4782-3C40-4BA1-B00B-30B145AAB66D}]2008-06-20 10:56	316128	--a------	C:\WINDOWS\system32\efcCssSj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]2008-05-07 13:31	27264	---------	C:\WINDOWS\system32\awtsPJYq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD21240F-91DC-47A6-B14F-43F548033D32}]			C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\I2EB8SFQ\3077ahntdksr[1].dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8F2915E-0B44-48BD-BA08-A15E10ECFCB0}]			C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\1LLQ7RDM\3077ahntdksr[1].dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IMC"="C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe" [ ]"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-09-12 14:58 4670704]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 10:01 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-06-17 16:48 155648]"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-06-17 16:43 118784]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 05:01 110592]"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 12:25 98394]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 12:24 688218]"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 17:19 290816]"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-10-13 18:34 229438]"HPWNTOOLBOX"="C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe" [2004-07-01 18:47 327680]"AS00_Gear511"="C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2003-07-31 03:52 401408]"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20 50744]"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 16:42 509224]"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 08:50 112216]"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]"BM447b567e"="C:\WINDOWS\system32\kxgcmere.dll" [2008-06-20 10:57 102464]"474865e2"="C:\WINDOWS\system32\ovtjsffm.dll" [2008-06-20 10:59 94272]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-17 14:20:06 54512]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\awtsPJYq.dll [2008-05-07 13:31 27264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsPJYq]awtsPJYq.dll 2008-05-07 13:31 27264 C:\WINDOWS\system32\awtsPJYq.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages	REG_MULTI_SZ   	msv1_0 C:\WINDOWS\system32\efcCssSj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
.Contents of the 'Scheduled Tasks' folder"2008-06-07 21:01:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-20 10:52:23Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run  Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????4?1?5?4??????? ???B?????????????H<C? ?????? 
scanning hidden files ... 
scan completed successfullyhidden files: 0
**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\WINDOWS\system32\awtsPJYq.dll
PROCESS: C:\WINDOWS\explorer.exe-> C:\WINDOWS\system32\ovtjsffm.dll-> C:\WINDOWS\system32\kxgcmere.dll-> C:\WINDOWS\system32\efcCssSj.dll.------------------------ Other Running Processes ------------------------.C:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\McAfee\Common Framework\naPrdMgr.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exeC:\Program Files\McAfee\Common Framework\Mctray.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exeC:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\SoftwareDistribution\Download\b0264899240408ce315fe572c84c0e59\update\update.exe.**************************************************************************.Completion time: 2008-06-20 11:04:13 - machine was rebootedComboFix-quarantined-files.txt  2008-06-20 15:03:44
Pre-Run: 69,138,075,648 bytes freePost-Run: 69,296,340,992 bytes free
229	--- E O F ---	2008-04-08 22:01:21

hijackthis!

Logfile of HijackThis v1.99.1Scan saved at 11:10:50 AM, on 6/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exeC:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exeC:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXEC:\PROGRA~1\Yahoo!\browser\ybrwicon.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXEC:\Program Files\McAfee\Common Framework\UdaterUI.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exeC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\explorer.exeC:\Documents and Settings\Brian Patten\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com/'>http://verizon.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/verizon/*http://www.yahoo.com/search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hideO4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXEO4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostartO4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [474865e2] rundll32.exe "C:\WINDOWS\system32\ovtjsffm.dll",bO4 - HKLM\..\Run: [bM447b567e] Rundll32.exe "C:\WINDOWS\system32\kxgcmere.dll",sO4 - HKCU\..\Run: [iMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptopO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeO23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeO23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Link to post
Share on other sites

Your Java application is one update behind. In time, this outdated version can cause a slight security risk as a result.

Please follow these steps to remove older version Java components

1. Close any open programs you may have running, especially your web

browser.

2. Click Start-->Control Panel-->Add or Remove Programs.

3. Click once on any item listing Java Runtime Environment in the name (to highlight it) then click the "Remove" or "Change/Remove" button.

Not every version of Java will begin with "Java" so be sure to read each entry in the list.

Repeat step 3 as many times as necessary to remove all versions of Java.

**If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.

4. Navigate to and delete:

  • C:\Program Files\Java <=this folder if found

5. Then go to this page.

Scroll down to where it says "The Java Runtime Environment (JRE) allows end-users to run Java applications" and click the "Download" button to the right. Select the platform for "Windows".

6. Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement", then click Continue...The page will refresh

Then, click on the link to download Windows Offline Installation. Save it to your desktop.

Now, from your desktop, double-click on the executable to install the newest version.

Please open a blank Notepad by clicking start-->run

Then, in the run box type Notepad.exe and click "OK".

Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

File::

C:\WINDOWS\system32\awtsPJYq.dll

C:\WINDOWS\system32\ovtjsffm.dll

C:\WINDOWS\system32\kxgcmere.dll

C:\WINDOWS\system32\efcCssSj.dll

C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\I2EB8SFQ\3077ahntdksr[1].dll

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20107791-F846-4396-829C-5D1167EF7E0E}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4448F0CF-B2CF-4CD7-A108-E9A521781BEF}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{504D4782-3C40-4BA1-B00B-30B145AAB66D}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD21240F-91DC-47A6-B14F-43F548033D32}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8F2915E-0B44-48BD-BA08-A15E10ECFCB0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BM447b567e"=-

"474865e2"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsPJYq]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000000

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000000

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000000

Link to post
Share on other sites

Combofix has been running for ever, now its at "Please allow ComboFix to reboot the machine."

I manually rebooted it and here is the log:

ComboFix 08-06-19.2 - Brian Patten 2008-06-20 13:20:04.2 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.148 [GMT -4:00]Running from: C:\Documents and Settings\Brian Patten\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Brian Patten\Desktop\CFScript.txt * Created a new restore point
FILE ::C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\I2EB8SFQ\3077ahntdksr[1].dllC:\WINDOWS\system32\awtsPJYq.dllC:\WINDOWS\system32\efcCssSj.dllC:\WINDOWS\system32\kxgcmere.dllC:\WINDOWS\system32\ovtjsffm.dll.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).
C:\WINDOWS\BM447b567e.xmlC:\WINDOWS\pskt.iniC:\WINDOWS\system32\awtsPJYq.dllC:\WINDOWS\system32\efcCssSj.dllC:\WINDOWS\system32\jnacdqbc.dllC:\WINDOWS\system32\jSssCcfe.iniC:\WINDOWS\system32\jSssCcfe.ini2C:\WINDOWS\system32\kxgcmere.dllC:\WINDOWS\system32\mffsjtvo.iniC:\WINDOWS\system32\ovtjsffm.dll
.(((((((((((((((((((((((((   Files Created from 2008-05-20 to 2008-06-20  ))))))))))))))))))))))))))))))).
2008-06-20 13:17 . 2008-03-25 02:37	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl2008-06-20 13:16 . 2008-06-20 13:16	<DIR>	d--------	C:\Program Files\Common Files\Java2008-06-20 10:22 . 2004-08-03 22:58	14,848	--a------	C:\WINDOWS\system32\drivers\kbdhid.sys2008-06-20 10:22 . 2004-08-03 22:58	14,848	--a------	C:\WINDOWS\system32\dllcache\kbdhid.sys2008-06-20 00:39 . 2008-06-20 00:42	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\U32008-06-19 23:54 . 2008-06-19 23:55	<DIR>	d--------	C:\QUARANTINE2008-06-19 23:41 . 2008-06-19 23:41	<DIR>	d---s----	C:\Documents and Settings\Administrator\UserData2008-06-19 23:22 . 2008-06-19 23:22	<DIR>	d--------	C:\_OTMoveIt2008-06-19 22:48 . 2008-06-19 22:48	<DIR>	d--------	C:\Program Files\Common Files\Cisco Systems2008-06-19 22:48 . 2008-06-19 22:49	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\McAfee2008-06-19 22:48 . 2006-11-17 03:06	1,495,552	--a------	C:\WINDOWS\system32\epoPGPsdk.dll2008-06-19 22:48 . 2006-11-30 08:50	72,264	--a------	C:\WINDOWS\system32\drivers\mfeavfk.sys2008-06-19 22:48 . 2006-11-30 08:50	64,360	--a------	C:\WINDOWS\system32\drivers\mfeapfk.sys2008-06-19 22:48 . 2006-11-30 08:50	52,136	--a------	C:\WINDOWS\system32\drivers\mfetdik.sys2008-06-19 22:48 . 2006-11-30 08:50	34,152	--a------	C:\WINDOWS\system32\drivers\mfebopk.sys2008-06-19 22:48 . 2006-11-17 03:06	280	--a------	C:\WINDOWS\system32\epoPGPsdk.dll.sig2008-06-19 22:47 . 2006-11-30 08:50	168,776	--a------	C:\WINDOWS\system32\drivers\mfehidk.sys2008-06-19 22:46 . 2008-06-19 22:48	<DIR>	d--------	C:\Program Files\McAfee2008-06-19 22:46 . 2008-06-19 22:46	<DIR>	d--------	C:\Program Files\Common Files\McAfee2008-06-19 22:36 . 2008-06-19 22:36	<DIR>	d--------	C:\Documents and Settings\Brian Patten\Application Data\Malwarebytes2008-06-19 22:18 . 2008-06-20 09:50	<DIR>	d--------	C:\VundoFix Backups2008-06-19 22:04 . 2008-06-19 22:05	<DIR>	d--------	C:\!KillBox2008-06-19 21:36 . 2008-06-19 21:36	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Malwarebytes2008-06-19 21:34 . 2008-06-19 22:36	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware2008-06-19 21:34 . 2008-06-19 21:34	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-06-19 21:34 . 2008-06-19 17:48	34,296	--a------	C:\WINDOWS\system32\drivers\mbamcatchme.sys2008-06-19 21:34 . 2008-06-19 17:47	17,144	--a------	C:\WINDOWS\system32\drivers\mbam.sys2008-06-19 21:32 . 2004-11-20 07:14	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Symantec2008-06-19 21:32 . 2004-11-20 07:02	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Sonic2008-06-19 21:32 . 2004-11-20 07:13	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Apple Computer2008-06-19 21:32 . 2008-06-19 23:41	<DIR>	d--------	C:\Documents and Settings\Administrator2008-06-19 21:26 . 2008-06-20 10:22	<DIR>	d--------	C:\Documents and Settings\Brian Patten\Application Data\U32008-06-08 21:32 . 2008-06-20 14:32	54,156	--ah-----	C:\WINDOWS\QTFont.qfn2008-06-08 21:32 . 2008-06-08 21:32	1,409	--a------	C:\WINDOWS\QTFont.for
.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-20 17:17	---------	d-----w	C:\Program Files\Java2008-06-20 04:18	---------	d-----w	C:\Program Files\Common Files\Symantec Shared2008-06-20 04:14	---------	d-----w	C:\Program Files\Norton AntiVirus2008-05-20 19:32	---------	d-----w	C:\Program Files\Common Files\Command Software2008-05-20 19:26	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-05-10 23:27	---------	d-----w	C:\Program Files\ItsDeductibleEX2008-04-26 02:21	---------	d-----w	C:\Program Files\iTunes2008-04-26 02:21	---------	d-----w	C:\Program Files\iPod2008-04-23 23:11	---------	d-----w	C:\Documents and Settings\Brian Patten\Application Data\AdobeUM.
(((((((((((((((((((((((((((((   snapshot@2008-06-20_11.00.27.50   ))))))))))))))))))))))))))))))))))))))))).+ 2008-01-23 04:56:21	554,008	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll+ 2007-12-10 12:41:11	518,944	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll+ 2007-12-10 12:41:11	326,432	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll+ 2007-12-10 12:41:11	1,516,568	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll+ 2007-12-10 12:41:11	355,112	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll+ 2008-03-27 07:39:13	151,583	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll+ 2007-12-10 12:41:12	60,192	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll+ 2007-12-10 12:41:12	248,608	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll+ 2007-12-10 12:41:12	219,936	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll+ 2007-12-10 12:41:12	355,104	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll+ 2007-12-10 12:41:13	432,928	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll+ 2007-12-10 12:41:13	322,336	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll+ 2007-12-10 12:41:13	559,904	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll+ 2007-12-10 12:41:13	264,992	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll+ 2007-12-10 12:41:13	838,432	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll+ 2007-12-10 12:41:14	621,344	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll+ 2007-12-10 12:41:14	355,104	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll+ 2007-03-06 01:22:36	14,048	----a-w	C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll+ 2007-03-06 01:22:41	213,216	----a-w	C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe+ 2007-03-06 01:22:34	22,752	----a-w	C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll+ 2007-03-06 01:22:59	716,000	----a-w	C:\WINDOWS\$hf_mig$\KB950749\update\update.exe+ 2007-03-06 01:23:51	371,424	----a-w	C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll- 2008-06-20 14:50:00	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-06-20 18:30:33	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-03-25 04:50:25	554,008	----a-w	C:\WINDOWS\system32\dllcache\dao360.dll+ 2008-03-25 04:50:28	518,944	----a-w	C:\WINDOWS\system32\dllcache\msexch40.dll+ 2008-03-25 04:50:30	326,432	----a-w	C:\WINDOWS\system32\dllcache\msexcl40.dll+ 2008-03-25 04:50:34	1,516,568	----a-w	C:\WINDOWS\system32\dllcache\msjet40.dll+ 2008-03-25 04:50:40	355,112	----a-w	C:\WINDOWS\system32\dllcache\msjetol1.dll+ 2008-03-27 08:12:54	151,583	----a-w	C:\WINDOWS\system32\dllcache\msjint40.dll+ 2008-03-25 04:50:42	60,192	----a-w	C:\WINDOWS\system32\dllcache\msjter40.dll+ 2008-03-25 04:50:42	248,608	----a-w	C:\WINDOWS\system32\dllcache\msjtes40.dll+ 2008-03-25 04:50:44	219,936	----a-w	C:\WINDOWS\system32\dllcache\msltus40.dll+ 2008-03-25 04:50:45	355,104	----a-w	C:\WINDOWS\system32\dllcache\mspbde40.dll+ 2008-03-25 04:50:47	432,928	----a-w	C:\WINDOWS\system32\dllcache\msrd2x40.dll+ 2008-03-25 04:50:49	322,336	----a-w	C:\WINDOWS\system32\dllcache\msrd3x40.dll+ 2008-03-25 04:50:52	559,904	----a-w	C:\WINDOWS\system32\dllcache\msrepl40.dll+ 2008-03-25 04:50:55	264,992	----a-w	C:\WINDOWS\system32\dllcache\mstext40.dll+ 2008-03-25 04:50:57	838,432	----a-w	C:\WINDOWS\system32\dllcache\mswdat10.dll+ 2008-03-25 04:50:58	621,344	----a-w	C:\WINDOWS\system32\dllcache\mswstr10.dll+ 2008-03-25 04:50:58	355,104	----a-w	C:\WINDOWS\system32\dllcache\msxbde40.dll- 2008-02-22 05:23:35	135,168	----a-w	C:\WINDOWS\system32\java.exe+ 2008-03-25 05:28:39	135,168	----a-w	C:\WINDOWS\system32\java.exe- 2008-02-22 05:23:39	135,168	----a-w	C:\WINDOWS\system32\javaw.exe+ 2008-03-25 05:28:43	135,168	----a-w	C:\WINDOWS\system32\javaw.exe- 2008-02-22 06:33:32	139,264	----a-w	C:\WINDOWS\system32\javaws.exe+ 2008-03-25 06:37:01	139,264	----a-w	C:\WINDOWS\system32\javaws.exe+ 2008-05-09 18:35:06	16,863,864	----a-w	C:\WINDOWS\system32\MRT.exe- 2004-08-04 08:00:00	512,029	----a-w	C:\WINDOWS\system32\msexch40.dll+ 2008-03-25 04:50:28	518,944	----a-w	C:\WINDOWS\system32\msexch40.dll- 2004-08-04 08:00:00	319,517	----a-w	C:\WINDOWS\system32\msexcl40.dll+ 2008-03-25 04:50:30	326,432	----a-w	C:\WINDOWS\system32\msexcl40.dll- 2004-08-04 08:00:00	1,507,356	----a-w	C:\WINDOWS\system32\msjet40.dll+ 2008-03-25 04:50:34	1,516,568	----a-w	C:\WINDOWS\system32\msjet40.dll- 2004-08-04 08:00:00	358,976	----a-w	C:\WINDOWS\system32\msjetoledb40.dll+ 2008-03-25 04:50:40	355,112	----a-w	C:\WINDOWS\system32\msjetoledb40.dll- 2004-08-04 08:00:00	151,583	----a-w	C:\WINDOWS\system32\msjint40.dll+ 2008-03-27 08:12:54	151,583	----a-w	C:\WINDOWS\system32\msjint40.dll- 2004-08-04 08:00:00	53,279	----a-w	C:\WINDOWS\system32\msjter40.dll+ 2008-03-25 04:50:42	60,192	----a-w	C:\WINDOWS\system32\msjter40.dll- 2004-08-04 08:00:00	241,693	----a-w	C:\WINDOWS\system32\msjtes40.dll+ 2008-03-25 04:50:42	248,608	----a-w	C:\WINDOWS\system32\msjtes40.dll- 2004-08-04 08:00:00	213,023	----a-w	C:\WINDOWS\system32\msltus40.dll+ 2008-03-25 04:50:44	219,936	----a-w	C:\WINDOWS\system32\msltus40.dll- 2004-08-04 08:00:00	348,189	----a-w	C:\WINDOWS\system32\mspbde40.dll+ 2008-03-25 04:50:45	355,104	----a-w	C:\WINDOWS\system32\mspbde40.dll- 2004-08-04 08:00:00	421,919	----a-w	C:\WINDOWS\system32\msrd2x40.dll+ 2008-03-25 04:50:47	432,928	----a-w	C:\WINDOWS\system32\msrd2x40.dll- 2004-08-04 08:00:00	315,423	----a-w	C:\WINDOWS\system32\msrd3x40.dll+ 2008-03-25 04:50:49	322,336	----a-w	C:\WINDOWS\system32\msrd3x40.dll- 2004-08-04 08:00:00	552,989	----a-w	C:\WINDOWS\system32\msrepl40.dll+ 2008-03-25 04:50:52	559,904	----a-w	C:\WINDOWS\system32\msrepl40.dll- 2004-08-04 08:00:00	258,077	----a-w	C:\WINDOWS\system32\mstext40.dll+ 2008-03-25 04:50:55	264,992	----a-w	C:\WINDOWS\system32\mstext40.dll- 2004-08-04 08:00:00	831,519	----a-w	C:\WINDOWS\system32\mswdat10.dll+ 2008-03-25 04:50:57	838,432	----a-w	C:\WINDOWS\system32\mswdat10.dll- 2004-08-04 08:00:00	614,429	----a-w	C:\WINDOWS\system32\mswstr10.dll+ 2008-03-25 04:50:58	621,344	----a-w	C:\WINDOWS\system32\mswstr10.dll- 2004-08-04 08:00:00	348,189	----a-w	C:\WINDOWS\system32\msxbde40.dll+ 2008-03-25 04:50:58	355,104	----a-w	C:\WINDOWS\system32\msxbde40.dll.-- Snapshot reset to current date --.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IMC"="C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe" [ ]"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-09-12 14:58 4670704]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 10:01 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-06-17 16:48 155648]"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-06-17 16:43 118784]"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 05:01 110592]"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 12:25 98394]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 12:24 688218]"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 17:19 290816]"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-10-13 18:34 229438]"HPWNTOOLBOX"="C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe" [2004-07-01 18:47 327680]"AS00_Gear511"="C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2003-07-31 03:52 401408]"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20 50744]"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 16:42 509224]"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 08:50 112216]"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-17 14:20:06 54512]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 18:43]S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg511nd5.sys [2003-06-20 14:47]
.Contents of the 'Scheduled Tasks' folder"2008-06-07 21:01:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-20 14:31:31Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run  Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????4?1?5?4??@???? ???B?????????????H<C? ?????? 
scanning hidden files ... 
scan completed successfullyhidden files: 0
**************************************************************************.Completion time: 2008-06-20 14:35:20ComboFix-quarantined-files.txt  2008-06-20 18:35:15ComboFix2.txt  2008-06-20 15:08:33
Pre-Run: 69,724,585,984 bytes freePost-Run: 69,679,828,992 bytes free
222	--- E O F ---	2008-06-20 15:05:39

Are we good to go now?

Link to post
Share on other sites

  • 2 weeks later...

Due to lack of response from the user, I will close the thread to prevent others from posting into it. Many thanks to 1972vet for your assistance.

If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.