Unsolved
This post is more than 5 years old
38 Posts
0
2546
Multiple fake antivirus pop ups
Gotta love work employees. I am the computer administrator for my company. This computer is experieincing multiple fake pop ads for anti virius software. They will bring the computer to an extremely low operating speed. Also these pop ups are experienced even whn not connected to the interent. They are the typical ones windows antivirus 2008 and there are two other (name unnknown). Also getting the system infections notices as well as task bar notifications. I have included my hijack this log and also a malaware bytes logg.
Matt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:06 PM, on 2/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\All Users\Application Data\fchihchi\xqvgbcvq.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\lphcctdj0e557.exe
C:\Program Files\SecureExpertCleaner\Reminder.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\video95.cfg.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\qip\QuickInstallPack.exe
C:\WINDOWS\system32\pphcctdj0e557.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\c.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\M3wvbE06.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: iercptbho - {D4CDC21D-43BE-4101-A1EF-E379F134771E} - C:\Documents and Settings\Owner\Local Settings\Application Data\qip\iercpt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [lphcctdj0e557] C:\WINDOWS\system32\lphcctdj0e557.exe
O4 - HKLM\..\Run: [SMrhc9tdj0e557] C:\Program Files\rhc9tdj0e557\rhc9tdj0e557.exe
O4 - HKLM\..\Run: [SecureExpertCleaner] C:\Program Files\SecureExpertCleaner\sec.exe
O4 - HKLM\..\Run: [Reminder] C:\Program Files\SecureExpertCleaner\Reminder.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\Owner\LOCALS~1\Temp\video95.cfg.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [DscShDb] C:\WINDOWS\system32\ktmbetip.exe
O4 - HKCU\..\Run: [QuickInstallPack] "C:\Documents and Settings\Owner\Local Settings\Application Data\qip\QuickInstallPack.exe" /autorun
O4 - HKLM\..\Policies\Explorer\Run: [WGmJjd1P3X] C:\Documents and Settings\All Users\Application Data\fchihchi\xqvgbcvq.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174378422906
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 6043 bytes
Malwarebytes' Anti-Malware 1.17
Database version: 846
2:14:11 PM 2/17/2009
mbam-log-2-17-2009 (14-14-11).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 108571
Time elapsed: 22 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 36
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 45
Files Infected: 138
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Program Files\alot\bin\alot.dll (Adware.BHO) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\alot (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\alot (Adware.BHO) -> Delete on reboot.
C:\Program Files\alot\bin (Adware.BHO) -> Delete on reboot.
C:\Documents and Settings\Owner\Application Data\alot (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_0 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_1 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_10 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_11 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_2 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_3 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_4 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_5 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_6 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_7 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_8 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_9 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\configurator (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\products (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\TimerManager (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\ToolbarSearch (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Updater (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_0 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_1 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_2 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_4 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_5 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_6 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_7 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_8 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_0\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_1\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_2\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_4\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_5\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_6\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_7\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_8\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images (Adware.BHO) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\alot\bin\alot.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\alot\alotUninst.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\toolbar.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_0\Button_0.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_0\Button_0.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_1\Button_1.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_1\Button_1.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_10\Button_10.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_10\Button_10.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_11\Button_11.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_11\Button_11.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_2\Button_2.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_2\Button_2.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_3\Button_3.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_3\Button_3.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_4\Button_4.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_4\Button_4.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_5\Button_5.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_5\Button_5.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_6\Button_6.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_6\Button_6.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_7\Button_7.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_7\Button_7.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_8\Button_8.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_8\Button_8.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_9\Button_9.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Button_9\Button_9.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\configurator\configurator.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\configurator\configurator.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\products\products.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\products\products.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_2\images\default_285_alot_celeb_search.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\alert-icon.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\cloudy.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\default_281_alot_weather_widget.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\mcloud.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\nclear.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\ncloudy.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\nmcloud.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\npcloud.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_3\images\pcloud.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_4\images\active_default_345_alot_celeb_news.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_4\images\default_345_alot_celeb_news.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_5\images\default_287_alot_celeb_center.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_6\images\default_288_alot_mrkt_camera.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_7\images\default_442_toolbar_alot_icon_rd_com.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Button_8\images\default_450_default_288_alot_mrkt_bang.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\domains.dat (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\alot_brand.png (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\spinner.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_bottom.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_caption.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_close.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\TimerManager\TimerManager.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\TimerManager\TimerManager.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Updater\Updater.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\alot\Updater\Updater.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sav.cpl (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
eps813
38 Posts
0
February 19th, 2009 06:00
+++++++++++++++++++++++++++++++++
+ File Lister Version 1.0.5
+
+ By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++
Report ran on --->>> 2/19/2009 9:33:47 AM
====== Running Processes ======
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\All Users\Application Data\fchihchi\xqvgbcvq.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\lphcctdj0e557.exe
C:\Program Files\SecureExpertCleaner\Reminder.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\video95.cfg.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\qip\QuickInstallPack.exe
C:\WINDOWS\system32\pphcctdj0e557.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\e.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WScript.exe
====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======
BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
BHO: (NO NAME) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
BHO: XML module - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
BHO: iercptbho - {D4CDC21D-43BE-4101-A1EF-E379F134771E} - C:\Documents and Settings\Owner\Local Settings\Application Data\qip\iercpt.dll
====== Values under HKLM\~\Run ======
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
"Antivirus"="C:\\Program Files\\SAV\\sav.exe"
"lphcctdj0e557"="C:\\WINDOWS\\system32\\lphcctdj0e557.exe"
"SMrhc9tdj0e557"="C:\\Program Files\\rhc9tdj0e557\\rhc9tdj0e557.exe"
"SecureExpertCleaner"="C:\\Program Files\\SecureExpertCleaner\\sec.exe"
"Reminder"="C:\\Program Files\\SecureExpertCleaner\\Reminder.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
====== Values under HKCU\~\Run ======
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"Somefox"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\video95.cfg.exe"
"Antivirus"="C:\\Program Files\\SAV\\sav.exe"
"DscShDb"="C:\\WINDOWS\\system32\\ktmbetip.exe"
"QuickInstallPack"="\"C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\qip\\QuickInstallPack.exe\" /autorun"
"Cognac"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\e.exe"
====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======
2/19/2009 9:33:47 AM 2197 32 C:\Files.txt
2/17/2009 10:02:05 PM 3890790 C:\WINDOWS\$NtUninstallKB952069_WM9$
2/17/2009 10:02:05 PM 626790 C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst
2/17/2009 10:02:39 PM 2472183 C:\WINDOWS\$NtUninstallKB954211$
2/17/2009 10:02:39 PM 626935 C:\WINDOWS\$NtUninstallKB954211$\spuninst
2/17/2009 10:01:42 PM 873415 C:\WINDOWS\$NtUninstallKB954600$
2/17/2009 10:01:42 PM 626601 C:\WINDOWS\$NtUninstallKB954600$\spuninst
2/17/2009 10:01:29 PM 1731390 C:\WINDOWS\$NtUninstallKB955069$
2/17/2009 10:01:29 PM 626494 C:\WINDOWS\$NtUninstallKB955069$\spuninst
2/17/2009 10:03:26 PM 690614 C:\WINDOWS\$NtUninstallKB955839$
2/17/2009 10:03:26 PM 627638 C:\WINDOWS\$NtUninstallKB955839$\spuninst
2/17/2009 10:01:19 PM 909060 C:\WINDOWS\$NtUninstallKB956802$
2/17/2009 10:01:19 PM 626436 C:\WINDOWS\$NtUninstallKB956802$\spuninst
2/17/2009 10:03:33 PM 765426 C:\WINDOWS\$NtUninstallKB956803$
2/17/2009 10:03:33 PM 627058 C:\WINDOWS\$NtUninstallKB956803$\spuninst
2/17/2009 10:02:26 PM 9020097 C:\WINDOWS\$NtUninstallKB956841$
2/17/2009 10:02:26 PM 630337 C:\WINDOWS\$NtUninstallKB956841$\spuninst
2/17/2009 10:02:01 PM 1080312 C:\WINDOWS\$NtUninstallKB957097$
2/17/2009 10:02:01 PM 627192 C:\WINDOWS\$NtUninstallKB957097$\spuninst
2/17/2009 10:02:57 PM 8920902 C:\WINDOWS\$NtUninstallKB958215$
2/17/2009 10:02:57 PM 640838 C:\WINDOWS\$NtUninstallKB958215$\spuninst
2/17/2009 10:01:36 PM 958861 C:\WINDOWS\$NtUninstallKB958644$
2/17/2009 10:01:36 PM 626573 C:\WINDOWS\$NtUninstallKB958644$\spuninst
2/17/2009 10:01:49 PM 959580 C:\WINDOWS\$NtUninstallKB958687$
2/17/2009 10:01:49 PM 626652 C:\WINDOWS\$NtUninstallKB958687$\spuninst
2/17/2009 10:02:14 PM 3917782 C:\WINDOWS\$NtUninstallKB960714$
2/17/2009 10:02:14 PM 628694 C:\WINDOWS\$NtUninstallKB960714$\spuninst
2/17/2009 10:01:55 PM 735525 C:\WINDOWS\$NtUninstallKB960715$
2/17/2009 10:01:55 PM 624933 C:\WINDOWS\$NtUninstallKB960715$\spuninst
2/8/2100 3:53:34 PM 1437 32 C:\WINDOWS\GtX73.ini
2/17/2009 10:02:04 PM 11404 32 C:\WINDOWS\KB952069.log
2/17/2009 10:02:38 PM 12231 32 C:\WINDOWS\KB954211.log
2/17/2009 10:01:41 PM 10290 32 C:\WINDOWS\KB954600.log
2/17/2009 10:01:28 PM 10078 32 C:\WINDOWS\KB955069.log
2/17/2009 3:39:24 PM 36822 32 C:\WINDOWS\KB955839.log
2/17/2009 3:30:49 PM 15810 32 C:\WINDOWS\KB956802.log
2/17/2009 10:03:31 PM 16897 32 C:\WINDOWS\KB956803.log
2/17/2009 10:02:22 PM 13364 32 C:\WINDOWS\KB956841.log
2/17/2009 10:01:59 PM 10686 32 C:\WINDOWS\KB957097.log
2/17/2009 10:02:45 PM 20540 32 C:\WINDOWS\KB958215.log
2/17/2009 10:01:34 PM 10598 32 C:\WINDOWS\KB958644.log
2/17/2009 10:01:48 PM 10603 32 C:\WINDOWS\KB958687.log
2/17/2009 10:02:12 PM 11785 32 C:\WINDOWS\KB960714.log
2/17/2009 10:01:54 PM 9022 32 C:\WINDOWS\KB960715.log
2/17/2009 10:00:36 PM 315034 32 C:\WINDOWS\msxml4-KB954430-enu.LOG
2/23/2100 2:35:34 PM 768 32 C:\WINDOWS\x73_lut.dat
2/17/2009 3:31:40 PM 0 32 C:\WINDOWS\system32\M3wvbE06.exe.a_a
====== Files under "\Administrator\Startup" Last 60 Days======
====== Files under "\All Users\Startup" Last 60 Days======
====== Folders under "\Program Files" Last 60 Days======
====== Files under "\System32\Drivers" Last 60 Days======
====== Files Deleted under "%Temp%" ======
C:\DOCUME~1\Owner\LOCALS~1\Temp\.tt1.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\.tt14.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\.tt17.tmp.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\.tt1D.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\.tt2.tmp.vbs
C:\DOCUME~1\Owner\LOCALS~1\Temp\.tt23.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\.tt25.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\.tt3.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\.tt5.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\.tt8.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\a.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Acr4C.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\Acr4D.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\Acr52.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\Acr53.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\c.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\dat4.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\e.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\g.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\GLV12.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\h.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\hpotdd000.log
C:\DOCUME~1\Owner\LOCALS~1\Temp\hpotdd002.log
C:\DOCUME~1\Owner\LOCALS~1\Temp\hpotdd013.log
C:\DOCUME~1\Owner\LOCALS~1\Temp\jinstall.cfg
C:\DOCUME~1\Owner\LOCALS~1\Temp\jusched.log
C:\DOCUME~1\Owner\LOCALS~1\Temp\pcf2.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\Set70.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\sJ702kJE.dat
C:\DOCUME~1\Owner\LOCALS~1\Temp\SysInfoWinModuleUninstaller.log
C:\DOCUME~1\Owner\LOCALS~1\Temp\uninst.dll
C:\DOCUME~1\Owner\LOCALS~1\Temp\uninst.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\video95.cfg.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\vmgrremok.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\vmpremov.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\x.ico
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF1E62.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF581D.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF9A31.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFA7F0.tmp
51 Files deleted
====== Files and Folders under "All Users\Application Data" Last 60 Days======
====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======
====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======
HKLM\Software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKLM\Software\microsoft\shared tools\msconfig\startupreg\HostManager
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Manager
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Monitor
HKLM\Software\microsoft\shared tools\msconfig\startupreg\MoneyAgent
HKLM\Software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKLM\Software\microsoft\shared tools\msconfig\startupreg\OmniPass
HKLM\Software\microsoft\shared tools\msconfig\startupreg\StorageGuard
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
====== Services ( Services that are Whitelisted are not shown) ======
Alerter (Alerter) C:\WINDOWS\System32\svchost.exe -k LocalService - Disabled
Application Layer Gateway Service (ALG) C:\WINDOWS\System32\alg.exe - Manual
Application Management (AppMgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual
ASP.NET State Service (aspnet_state) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe - Manual
Windows Audio (AudioSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Background Intelligent Transfer Service (BITS) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Computer Browser (Browser) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Indexing Service (CiSvc) C:\WINDOWS\system32\cisvc.exe - Manual
ClipBook (ClipSrv) C:\WINDOWS\system32\clipsrv.exe - Disabled
COM+ System Application (COMSysApp) C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - Manual
Cryptographic Services (CryptSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
DCOM Server Process Launcher (DcomLaunch) C:\WINDOWS\system32\svchost -k DcomLaunch - Auto
DHCP Client (Dhcp) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Logical Disk Manager Administrative Service (dmadmin) C:\WINDOWS\System32\dmadmin.exe /com - Manual
Logical Disk Manager (dmserver) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
DNS Client (Dnscache) C:\WINDOWS\System32\svchost.exe -k NetworkService - Auto
Error Reporting Service (ERSvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Event Log (Eventlog) C:\WINDOWS\system32\services.exe - Auto
COM+ Event System (EventSystem) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Fast User Switching Compatibility (FastUserSwitchingCompatibility) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Fax (Fax) C:\WINDOWS\system32\fxssvc.exe - Manual
Help and Support (helpsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Human Interface Device Access (HidServ) C:\WINDOWS\System32\svchost.exe -k netsvcs - Disabled
HTTP SSL (HTTPFilter) C:\WINDOWS\System32\svchost.exe -k HTTPFilter - Manual
IMAPI CD-Burning COM Service (ImapiService) C:\WINDOWS\System32\imapi.exe - Manual
Server (lanmanserver) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Workstation (lanmanworkstation) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
LexBce Server (LexBceS) C:\WINDOWS\system32\LEXBCES.EXE - Auto
TCP/IP NetBIOS Helper (LmHosts) C:\WINDOWS\System32\svchost.exe -k LocalService - Auto
Lexar JD31 (LxrJD31s) LxrJD31s.exe - Auto
Messenger (Messenger) C:\WINDOWS\System32\svchost.exe -k netsvcs - Disabled
NetMeeting Remote Desktop Sharing (mnmsrvc) C:\WINDOWS\System32\mnmsrvc.exe - Manual
Distributed Transaction Coordinator (MSDTC) C:\WINDOWS\System32\msdtc.exe - Manual
Windows Installer (MSIServer) C:\WINDOWS\System32\msiexec.exe /V - Manual
Network DDE (NetDDE) C:\WINDOWS\system32\netdde.exe - Disabled
Network DDE DSDM (NetDDEdsdm) C:\WINDOWS\system32\netdde.exe - Disabled
Net Logon (Netlogon) C:\WINDOWS\System32\lsass.exe - Manual
Network Connections (Netman) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Network Location Awareness (NLA) (Nla) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
NT LM Security Support Provider (NtLmSsp) C:\WINDOWS\System32\lsass.exe - Manual
Removable Storage (NtmsSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual
NVIDIA Driver Helper Service (NVSvc) C:\WINDOWS\System32\nvsvc32.exe - Auto
Softex OmniPass Service (omniserv) C:\Program Files\Softex\OmniPass\Omniserv.exe - Auto
Plug and Play (PlugPlay) C:\WINDOWS\system32\services.exe - Auto
Pml Driver HPZ12 (Pml Driver HPZ12) C:\WINDOWS\System32\HPZipm12.exe - Manual
IPSEC Services (PolicyAgent) C:\WINDOWS\System32\lsass.exe - Auto
Protected Storage (ProtectedStorage) C:\WINDOWS\system32\lsass.exe - Auto
Remote Access Auto Connection Manager (RasAuto) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Remote Access Connection Manager (RasMan) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Remote Desktop Help Session Manager (RDSessMgr) C:\WINDOWS\system32\sessmgr.exe - Manual
Routing and Remote Access (RemoteAccess) C:\WINDOWS\System32\svchost.exe -k netsvcs - Disabled
Remote Procedure Call (RPC) Locator (RpcLocator) C:\WINDOWS\System32\locator.exe - Manual
Remote Procedure Call (RPC) (RpcSs) C:\WINDOWS\system32\svchost -k rpcss - Auto
QoS RSVP (RSVP) C:\WINDOWS\System32\rsvp.exe - Manual
Security Accounts Manager (SamSs) C:\WINDOWS\system32\lsass.exe - Auto
Smart Card (SCardSvr) C:\WINDOWS\System32\SCardSvr.exe - Manual
Task Scheduler (Schedule) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Secondary Logon (seclogon) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
System Event Notification (SENS) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Shell Hardware Detection (ShellHWDetection) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Print Spooler (Spooler) C:\WINDOWS\system32\spoolsv.exe - Auto
System Restore Service (srservice) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
SSDP Discovery Service (SSDPSRV) C:\WINDOWS\System32\svchost.exe -k LocalService - Manual
Windows Image Acquisition (WIA) (stisvc) C:\WINDOWS\System32\svchost.exe -k imgsvc - Auto
MS Software Shadow Copy Provider (SwPrv) C:\WINDOWS\System32\dllhost.exe /Processid:{E9FAE58C-7E2C-46A9-BC4A-0DEC332F3ACC} - Manual
Performance Logs and Alerts (SysmonLog) C:\WINDOWS\system32\smlogsvc.exe - Manual
Telephony (TapiSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Terminal Services (TermService) C:\WINDOWS\System32\svchost -k DComLaunch - Manual
Themes (Themes) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Distributed Link Tracking Client (TrkWks) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Universal Plug and Play Device Host (upnphost) C:\WINDOWS\System32\svchost.exe -k LocalService - Manual
Uninterruptible Power Supply (UPS) C:\WINDOWS\System32\ups.exe - Manual
Volume Shadow Copy (VSS) C:\WINDOWS\System32\vssvc.exe - Manual
Windows Time (W32Time) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
WebClient (WebClient) C:\WINDOWS\System32\svchost.exe -k LocalService - Auto
Windows Management Instrumentation (winmgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Portable Media Serial Number Service (WmdmPmSN) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
WMI Performance Adapter (WmiApSrv) C:\WINDOWS\System32\wbem\wmiapsrv.exe - Manual
Security Center (wscsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Automatic Updates (wuauserv) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Wireless Zero Configuration (WZCSVC) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Network Provisioning Service (xmlprov) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
====== Uninstall List From Registry ======
SecureExpertCleaner 1.0.11.2
Adobe Flash Player ActiveX
Adobe Download Manager 1.2 (Remove Only)
Compaq Connections
CCleaner (remove only)
HijackThis 2.0.2
hp instant support
HP Image Zone 4.5
HP Photo and Imaging 2.0 - hp psc 1200 series
Quicken 2003 New User Edition
Instant Support
Java Web Start
JD Secure 3.1
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Update for Windows XP (KB946627)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Enhanced Multimedia Keyboard Solution
Lexmark X73
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Mozilla Firefox (3.0.1)
NVIDIA Windows 2000/XP Display Drivers
NVIDIA Gart Driver
PS2
QuickInstallPack
QuickTime
RealOne Player
AntivirXP08
S3Display
S3Gamma2
S3Info2
S3Overlay
Adobe Flash Player 9 ActiveX
VIA Rhine-Family Fast Ethernet Adapter
Windows Genuine Advantage Notifications (KB905474)
WildTangent Web Driver
Windows SR 2.0
Windows XP Service Pack 2
Microsoft Office 2000 SR-1 Small Business
Microsoft Money 2003
Microsoft Money 2003 System Pack
Sonic Update Manager
Security Update for CAPICOM (KB931906)
IntelliMover Data Transfer Demo
HP Product Assistant
Microsoft Visual J# .NET Redistributable Package 1.1
InstantShare
TrayApp
HpSdpAppCoreApp
Blazing Angels Squadrons of WWII
Unload
Java(TM) 6 Update 7
WebFldrs XP
MSXML 4.0 SP2 (KB927978)
CueTour
MUSICMATCH® Jukebox
Adobe Photoshop Album Starter Edition
Weblink
ShareIns
PanoStandAlone
CreativeProjects
PhotoGallery
HP Software Update
Destinations
HP Photo and Imaging 2.0 - All-in-One Drivers
BufferChm
Microsoft Works 7.0
HPSystemDiagnostics
SkinsHP1
MSXML 4.0 SP2 (KB954430)
QFolder
Intel(R) Extreme Graphics Driver
RecordNow!
HP Photo and Imaging 2.0 - All-in-One
InterVideo WinDVD Player
Adobe Reader 6.0
HP Memories Disc
HP Photosmart Cameras 4.5
Director
MSXML 4.0 SP2 (KB936181)
Microsoft Plus! Digital Media Edition
hp psc 1200 series
Microsoft .NET Framework 1.1
WebReg
CameraDrivers
Interactive User’s Guide
Java 2 Runtime Environment, SE v1.4.1_02
HP Deskjet Preloaded Printer Drivers
OmniPass
Quicken 2003 New User Edition
CreativeProjectsTemplates
======== Other Info ========
TOTAL PHYSICAL RAM: 503 MB
bamajim
10.4K Posts
0
February 19th, 2009 06:00
1. Go HERE and download File Lister.
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
bamajim
10.4K Posts
0
February 19th, 2009 09:00
A. Go Add or Remove Programs (Click Start ->> Control Panel ->> Add or Remove Programs)
And uninstalll the following program
Close Add or Remove Programs
B. 1. Please download The Avenger by Swandog46 to your Desktop.
2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):
Files to Delete:
C:\Documents and Settings\All Users\Application Data\fchihchi\xqvgbcvq.exe
C:\WINDOWS\system32\lphcctdj0e557.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\video95.cfg.exe
C:\WINDOWS\system32\pphcctdj0e557.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\e.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\qip\iercpt.dll
C:\Program Files\SAV\sav.exe
C:\Program Files\rhc9tdj0e557\rhc9tdj0e557.exe
C:\Program Files\SecureExpertCleaner\sec.exe
C:\Program Files\SecureExpertCleaner\Reminder.exe
C:\WINDOWS\system32\ktmbetip.exe
C:\Documents and Settings\Owner\\Local Settings\Application Data\qip\QuickInstallPack.exe
C:\WINDOWS\system32\M3wvbE06.exe.a_a
Folders to Delete:
C:\Documents and Settings\All Users\Application Data\fchihchi
C:\Program Files\SecureExpertCleaner
C:\Documents and Settings\Owner\Local Settings\Application Data\qip
C:\Program Files\SAV
C:\Program Files\rhc9tdj0e557
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
4. The Avenger will automatically do the following:
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log
eps813
38 Posts
0
February 24th, 2009 07:00
1st is avenger log. Also desktop is showing fake picture of antivirus popup
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Documents and Settings\All Users\Application Data\fchihchi\xqvgbcvq.exe" deleted successfully.
File "C:\WINDOWS\system32\lphcctdj0e557.exe" deleted successfully.
File "C:\DOCUME~1\Owner\LOCALS~1\Temp\video95.cfg.exe" deleted successfully.
File "C:\WINDOWS\system32\pphcctdj0e557.exe" deleted successfully.
File "C:\DOCUME~1\Owner\LOCALS~1\Temp\e.exe" deleted successfully.
File "C:\Documents and Settings\Owner\Local Settings\Application Data\qip\iercpt.dll" deleted successfully.
File "C:\Program Files\SAV\sav.exe" deleted successfully.
File "C:\Program Files\rhc9tdj0e557\rhc9tdj0e557.exe" deleted successfully.
Error: file "C:\Program Files\SecureExpertCleaner\sec.exe" not found!
Deletion of file "C:\Program Files\SecureExpertCleaner\sec.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Program Files\SecureExpertCleaner\Reminder.exe" not found!
Deletion of file "C:\Program Files\SecureExpertCleaner\Reminder.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\ktmbetip.exe" not found!
Deletion of file "C:\WINDOWS\system32\ktmbetip.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\Documents and Settings\Owner\\Local Settings\Application Data\qip\QuickInstallPack.exe" deleted successfully.
File "C:\WINDOWS\system32\M3wvbE06.exe.a_a" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data\fchihchi" deleted successfully.
Folder "C:\Program Files\SecureExpertCleaner" deleted successfully.
Folder "C:\Documents and Settings\Owner\Local Settings\Application Data\qip" deleted successfully.
Folder "C:\Program Files\SAV" deleted successfully.
Folder "C:\Program Files\rhc9tdj0e557" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Hijack Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:06 AM, on 2/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\f.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: iercptbho - {D4CDC21D-43BE-4101-A1EF-E379F134771E} - C:\Documents and Settings\Owner\Local Settings\Application Data\qip\iercpt.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [lphcctdj0e557] C:\WINDOWS\system32\lphcctdj0e557.exe
O4 - HKLM\..\Run: [SMrhc9tdj0e557] C:\Program Files\rhc9tdj0e557\rhc9tdj0e557.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\Owner\LOCALS~1\Temp\video95.cfg.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [DscShDb] C:\WINDOWS\system32\ktmbetip.exe
O4 - HKCU\..\Run: [QuickInstallPack] "C:\Documents and Settings\Owner\Local Settings\Application Data\qip\QuickInstallPack.exe" /autorun
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Owner\LOCALS~1\Temp\f.exe
O4 - HKLM\..\Policies\Explorer\Run: [WGmJjd1P3X] C:\Documents and Settings\All Users\Application Data\fchihchi\xqvgbcvq.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174378422906
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 5530 bytes
bamajim
10.4K Posts
0
February 24th, 2009 11:00
Looking better. We are going to use Avenger once more.
1. Rerun Hijackthis (scan only) and place checks beside the following entries
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: iercptbho - {D4CDC21D-43BE-4101-A1EF-E379F134771E} - C:\Documents and Settings\Owner\Local Settings\Application Data\qip\iercpt.dll (file missing)
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [lphcctdj0e557] C:\WINDOWS\system32\lphcctdj0e557.exe
O4 - HKLM\..\Run: [SMrhc9tdj0e557] C:\Program Files\rhc9tdj0e557\rhc9tdj0e557.exe
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\Owner\LOCALS~1\Temp\video95.cfg.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [DscShDb] C:\WINDOWS\system32\ktmbetip.exe
O4 - HKCU\..\Run: [QuickInstallPack] "C:\Documents and Settings\Owner\Local Settings\Application Data\qip\QuickInstallPack.exe" /autorun
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Owner\LOCALS~1\Temp\f.exe
O4 - HKLM\..\Policies\Explorer\Run: [WGmJjd1P3X] C:\Documents and Settings\All Users\Application Data\fchihchi\xqvgbcvq.exe
Close all other open windows except Hijackthis and Select " Fix checked"
Close Hijackthis (Do Not Reboot Yet.)
Next 1. Rerun Avenger
2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):
Files to Delete:
C:\WINDOWS\system32\msxml71.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
4. The Avenger will automatically do the following:
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log
eps813
38 Posts
0
February 25th, 2009 12:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:27 PM, on 2/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.community.dell.com/forums/t/19258955.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174378422906
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 4642 bytes
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Documents and Settings\All Users\Application Data\fchihchi\xqvgbcvq.exe" deleted successfully.
File "C:\WINDOWS\system32\lphcctdj0e557.exe" deleted successfully.
File "C:\DOCUME~1\Owner\LOCALS~1\Temp\video95.cfg.exe" deleted successfully.
File "C:\WINDOWS\system32\pphcctdj0e557.exe" deleted successfully.
File "C:\DOCUME~1\Owner\LOCALS~1\Temp\e.exe" deleted successfully.
File "C:\Documents and Settings\Owner\Local Settings\Application Data\qip\iercpt.dll" deleted successfully.
File "C:\Program Files\SAV\sav.exe" deleted successfully.
File "C:\Program Files\rhc9tdj0e557\rhc9tdj0e557.exe" deleted successfully.
Error: file "C:\Program Files\SecureExpertCleaner\sec.exe" not found!
Deletion of file "C:\Program Files\SecureExpertCleaner\sec.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Program Files\SecureExpertCleaner\Reminder.exe" not found!
Deletion of file "C:\Program Files\SecureExpertCleaner\Reminder.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\ktmbetip.exe" not found!
Deletion of file "C:\WINDOWS\system32\ktmbetip.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\Documents and Settings\Owner\\Local Settings\Application Data\qip\QuickInstallPack.exe" deleted successfully.
File "C:\WINDOWS\system32\M3wvbE06.exe.a_a" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data\fchihchi" deleted successfully.
Folder "C:\Program Files\SecureExpertCleaner" deleted successfully.
Folder "C:\Documents and Settings\Owner\Local Settings\Application Data\qip" deleted successfully.
Folder "C:\Program Files\SAV" deleted successfully.
Folder "C:\Program Files\rhc9tdj0e557" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Wed Feb 25 15:06:30 2009
15:06:30: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Wed Feb 25 15:06:32 2009
15:06:32: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Wed Feb 25 15:06:57 2009
15:06:57: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\msxml71.dll" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
eps813
38 Posts
0
February 25th, 2009 12:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:27 PM, on 2/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.community.dell.com/forums/t/19258955.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174378422906
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 4642 bytes
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Documents and Settings\All Users\Application Data\fchihchi\xqvgbcvq.exe" deleted successfully.
File "C:\WINDOWS\system32\lphcctdj0e557.exe" deleted successfully.
File "C:\DOCUME~1\Owner\LOCALS~1\Temp\video95.cfg.exe" deleted successfully.
File "C:\WINDOWS\system32\pphcctdj0e557.exe" deleted successfully.
File "C:\DOCUME~1\Owner\LOCALS~1\Temp\e.exe" deleted successfully.
File "C:\Documents and Settings\Owner\Local Settings\Application Data\qip\iercpt.dll" deleted successfully.
File "C:\Program Files\SAV\sav.exe" deleted successfully.
File "C:\Program Files\rhc9tdj0e557\rhc9tdj0e557.exe" deleted successfully.
Error: file "C:\Program Files\SecureExpertCleaner\sec.exe" not found!
Deletion of file "C:\Program Files\SecureExpertCleaner\sec.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Program Files\SecureExpertCleaner\Reminder.exe" not found!
Deletion of file "C:\Program Files\SecureExpertCleaner\Reminder.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\ktmbetip.exe" not found!
Deletion of file "C:\WINDOWS\system32\ktmbetip.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\Documents and Settings\Owner\\Local Settings\Application Data\qip\QuickInstallPack.exe" deleted successfully.
File "C:\WINDOWS\system32\M3wvbE06.exe.a_a" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data\fchihchi" deleted successfully.
Folder "C:\Program Files\SecureExpertCleaner" deleted successfully.
Folder "C:\Documents and Settings\Owner\Local Settings\Application Data\qip" deleted successfully.
Folder "C:\Program Files\SAV" deleted successfully.
Folder "C:\Program Files\rhc9tdj0e557" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Wed Feb 25 15:06:30 2009
15:06:30: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Wed Feb 25 15:06:32 2009
15:06:32: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Wed Feb 25 15:06:57 2009
15:06:57: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\msxml71.dll" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
bamajim
10.4K Posts
0
February 25th, 2009 13:00
eps813
Good work. How's your PC running at this point?
eps813
38 Posts
0
February 27th, 2009 12:00
display propertes does not all me to change the background picture and i am still getting a few pop ups here and there
eps813
38 Posts
0
February 27th, 2009 12:00
good just need to change the background and we should be all set thank you for help
bamajim
10.4K Posts
0
February 27th, 2009 13:00
Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.
eps813
38 Posts
0
March 2nd, 2009 09:00
ComboFix 09-03-01.01 - Owner 2009-03-02 11:20:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.197 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Desktop\Antivirus XP 2008.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
c:\documents and settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
c:\documents and settings\Owner\Application Data\rhc9tdj0e557
c:\windows\system32\blphcctdj0e557.scr
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\instsrv.exe
c:\windows\system32\phcctdj0e557.bmp
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.
2100-02-23 14:35 . 2001-02-22 09:54 768 --a------ c:\windows\x73_lut.dat
2100-02-08 15:53 . 2001-04-23 14:22 1,437 --a------ c:\windows\GtX73.ini
2009-02-17 12:57 . 2009-02-17 12:57 14,759 --a------ c:\documents and settings\Owner\base.dat
2009-02-17 12:50 . 2009-02-17 12:50
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 02:45 74,752 ----a-w c:\windows\system32\M3wvbE06.exe
2009-02-17 17:59 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2006-01-12 06:57 813 -c-ha-w c:\documents and settings\Owner\hpothb07.dat
2004-11-24 06:27 70,144 -c--a-w c:\documents and settings\Owner\ln_reco_before.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 c:\windows\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-24 53248]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-09 98304]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-12 36864]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2003-05-03 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 05:50 40960 c:\program files\Softex\OmniPass\OPXPGina.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=c:\windows\pss\spamsubtract.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Manager]
--a------ 2001-07-11 12:08 53248 c:\progra~1\LEXMAR~1\AcBtnMgr_X73.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Monitor]
--a------ 2001-10-08 16:21 53248 c:\progra~1\LEXMAR~1\ACMonitor_X73.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a--c--- 2002-07-17 20:00 200767 c:\program files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
-----c--- 2003-02-21 06:05 1343488 c:\program files\Softex\OmniPass\scureapp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2003-02-13 10:01 155648 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
S2 mrtRate;mrtRate;
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e173a951-51e0-11dc-9d49-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-03-02 c:\windows\Tasks\At1.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At10.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At100.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At101.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At102.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At103.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At104.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At105.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At106.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At107.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At108.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At109.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At11.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At110.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At111.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At112.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At113.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At114.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At115.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At116.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At117.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At118.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At119.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At12.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At120.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At121.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At122.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At123.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At124.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At125.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At126.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At127.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At128.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At129.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At13.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At130.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At131.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At132.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At133.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At134.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At135.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At136.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At137.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At138.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At139.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At14.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At140.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At141.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At142.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At143.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At144.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At15.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At16.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At17.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At18.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At19.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At2.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At20.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At21.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At22.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At23.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At24.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At25.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At26.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At27.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At28.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At29.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At3.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At30.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At31.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At32.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At33.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At34.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At35.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At36.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At37.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At38.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At39.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At4.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At40.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At41.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At42.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At43.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At44.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At45.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At46.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At47.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At48.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At49.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At5.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At50.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At51.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At52.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At53.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At54.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At55.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At56.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At57.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At58.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At59.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At6.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At60.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At61.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At62.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At63.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At64.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At65.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At66.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At67.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At68.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At69.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At7.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At70.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At71.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At72.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At73.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At74.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At75.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At76.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At77.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At78.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At79.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At8.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At80.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At81.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At82.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At83.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At84.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At85.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At86.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At87.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At88.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At89.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At9.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At90.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At91.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At92.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At93.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At94.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At95.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At96.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At97.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At98.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At99.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2005-04-01 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100550216.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
2007-04-27 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 08:04]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1171389132\ee\AOLSoftware.exe
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.community.dell.com/forums/t/19258955.aspx
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mStart Page = hxxp://qus9.hpwis.com/
mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\l6glye72.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprcpt.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 11:29:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2009-03-02 11:34:09
ComboFix-quarantined-files.txt 2009-03-02 16:32:47
Pre-Run: 61,904,805,888 bytes free
Post-Run: 64,098,791,424 bytes free
433 --- E O F --- 2009-02-26 03:05:54
eps813
38 Posts
0
March 2nd, 2009 09:00
ComboFix 09-03-01.01 - Owner 2009-03-02 11:20:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.197 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Desktop\Antivirus XP 2008.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
c:\documents and settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
c:\documents and settings\Owner\Application Data\rhc9tdj0e557
c:\windows\system32\blphcctdj0e557.scr
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\instsrv.exe
c:\windows\system32\phcctdj0e557.bmp
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.
2100-02-23 14:35 . 2001-02-22 09:54 768 --a------ c:\windows\x73_lut.dat
2100-02-08 15:53 . 2001-04-23 14:22 1,437 --a------ c:\windows\GtX73.ini
2009-02-17 12:57 . 2009-02-17 12:57 14,759 --a------ c:\documents and settings\Owner\base.dat
2009-02-17 12:50 . 2009-02-17 12:50
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 02:45 74,752 ----a-w c:\windows\system32\M3wvbE06.exe
2009-02-17 17:59 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2006-01-12 06:57 813 -c-ha-w c:\documents and settings\Owner\hpothb07.dat
2004-11-24 06:27 70,144 -c--a-w c:\documents and settings\Owner\ln_reco_before.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 c:\windows\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-24 53248]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-09 98304]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-12 36864]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2003-05-03 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 05:50 40960 c:\program files\Softex\OmniPass\OPXPGina.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=c:\windows\pss\spamsubtract.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Manager]
--a------ 2001-07-11 12:08 53248 c:\progra~1\LEXMAR~1\AcBtnMgr_X73.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Monitor]
--a------ 2001-10-08 16:21 53248 c:\progra~1\LEXMAR~1\ACMonitor_X73.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a--c--- 2002-07-17 20:00 200767 c:\program files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
-----c--- 2003-02-21 06:05 1343488 c:\program files\Softex\OmniPass\scureapp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2003-02-13 10:01 155648 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
S2 mrtRate;mrtRate;
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e173a951-51e0-11dc-9d49-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-03-02 c:\windows\Tasks\At1.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At10.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At100.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At101.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At102.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At103.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At104.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At105.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At106.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At107.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At108.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At109.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At11.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At110.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At111.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At112.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At113.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At114.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At115.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At116.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At117.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At118.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At119.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At12.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At120.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At121.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At122.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At123.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At124.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At125.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At126.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At127.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At128.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At129.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At13.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At130.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At131.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At132.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At133.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At134.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At135.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At136.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At137.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At138.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At139.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At14.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At140.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At141.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At142.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At143.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At144.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At15.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At16.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At17.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At18.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At19.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At2.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At20.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At21.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At22.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At23.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At24.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At25.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At26.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At27.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At28.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At29.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At3.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At30.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At31.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At32.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At33.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At34.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At35.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At36.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At37.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At38.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At39.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At4.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At40.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At41.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At42.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At43.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At44.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At45.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At46.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At47.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At48.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At49.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At5.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At50.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At51.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At52.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At53.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At54.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At55.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At56.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At57.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At58.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At59.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At6.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At60.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At61.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At62.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At63.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At64.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At65.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At66.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At67.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At68.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At69.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At7.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At70.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At71.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At72.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At73.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At74.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At75.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At76.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At77.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At78.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At79.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At8.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At80.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At81.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At82.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At83.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At84.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At85.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At86.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At87.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At88.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At89.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At9.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At90.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-01 c:\windows\Tasks\At91.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At92.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At93.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At94.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At95.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At96.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At97.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At98.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At99.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2005-04-01 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100550216.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
2007-04-27 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 08:04]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1171389132\ee\AOLSoftware.exe
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.community.dell.com/forums/t/19258955.aspx
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mStart Page = hxxp://qus9.hpwis.com/
mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\l6glye72.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprcpt.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 11:29:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2009-03-02 11:34:09
ComboFix-quarantined-files.txt 2009-03-02 16:32:47
Pre-Run: 61,904,805,888 bytes free
Post-Run: 64,098,791,424 bytes free
433 --- E O F --- 2009-02-26 03:05:54
bamajim
10.4K Posts
0
March 2nd, 2009 11:00
1. Open NotePad (not wordpad). Copy and paste the following into Notepad
File::
c:\documents and settings\Owner\ln_reco_before.exe
Folder::
c:\documents and settings\Owner\Application Data\SecureExpertCleaner
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop
Using the Image as a reference, drag CFScript into ComboFix.exe
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
2. You have a suspicious file I would like to look at
Please go HERE
Put Your Name, and Dell HJT forum
And In the file to submit box, click Browse. Locate the file
In the comments tell them that I asked you to upload the file
Then Select Send File.
eps813
38 Posts
0
March 5th, 2009 06:00
ComboFix 09-03-02.03 - Owner 2009-03-03 12:16:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.215 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\documents and settings\Owner\ln_reco_before.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\SecureExpertCleaner
c:\documents and settings\Owner\Application Data\SecureExpertCleaner\Logs\scns.log
c:\documents and settings\Owner\ln_reco_before.exe
.
((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
.
2100-02-23 14:35 . 2001-02-22 09:54 768 --a------ c:\windows\x73_lut.dat
2100-02-08 15:53 . 2001-04-23 14:22 1,437 --a------ c:\windows\GtX73.ini
2009-02-17 12:57 . 2009-02-17 12:57 14,759 --a------ c:\documents and settings\Owner\base.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 02:45 74,752 ----a-w c:\windows\system32\M3wvbE06.exe
2009-02-17 17:59 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2006-01-12 06:57 813 -c-ha-w c:\documents and settings\Owner\hpothb07.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 c:\windows\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-24 53248]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-09 98304]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-12 36864]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2003-05-03 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 05:50 40960 c:\program files\Softex\OmniPass\OPXPGina.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=c:\windows\pss\spamsubtract.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Manager]
--a------ 2001-07-11 12:08 53248 c:\progra~1\LEXMAR~1\AcBtnMgr_X73.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Monitor]
--a------ 2001-10-08 16:21 53248 c:\progra~1\LEXMAR~1\ACMonitor_X73.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a--c--- 2002-07-17 20:00 200767 c:\program files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
-----c--- 2003-02-21 06:05 1343488 c:\program files\Softex\OmniPass\scureapp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2003-02-13 10:01 155648 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
S2 mrtRate;mrtRate;
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e173a951-51e0-11dc-9d49-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-03-03 c:\windows\Tasks\At1.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At10.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At100.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At101.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At102.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At103.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At104.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At105.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At106.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At107.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At108.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At109.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At11.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At110.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At111.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At112.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At113.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At114.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At115.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At116.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At117.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At118.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At119.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At12.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At120.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At121.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At122.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At123.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At124.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At125.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At126.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At127.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At128.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At129.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At13.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At130.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At131.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At132.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At133.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At134.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At135.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At136.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At137.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At138.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At139.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At14.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At140.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At141.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At142.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At143.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At144.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At15.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At16.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At17.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At18.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At19.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At2.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At20.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At21.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At22.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At23.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At24.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At25.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At26.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At27.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At28.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At29.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At3.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At30.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At31.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At32.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At33.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At34.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At35.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At36.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At37.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At38.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At39.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At4.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At40.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At41.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At42.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At43.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At44.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At45.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At46.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At47.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At48.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At49.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At5.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At50.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At51.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At52.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At53.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At54.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At55.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At56.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At57.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At58.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At59.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At6.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At60.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At61.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At62.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At63.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At64.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At65.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At66.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At67.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At68.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At69.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At7.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At70.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At71.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At72.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At73.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At74.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At75.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At76.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At77.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At78.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At79.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At8.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At80.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At81.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At82.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At83.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At84.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At85.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At86.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At87.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At88.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At89.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At9.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At90.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-02 c:\windows\Tasks\At91.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At92.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At93.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At94.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At95.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At96.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At97.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At98.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2009-03-03 c:\windows\Tasks\At99.job
- c:\windows\system32\M3wvbE06.exe [2009-02-23 21:45]
2005-04-01 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100550216.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
2007-04-27 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 08:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.community.dell.com/forums/t/19258955.aspx
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mStart Page = hxxp://qus9.hpwis.com/
mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\l6glye72.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprcpt.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 12:22:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2009-03-03 12:26:21
ComboFix-quarantined-files.txt 2009-03-03 17:25:04
ComboFix2.txt 2009-03-02 16:34:10
Pre-Run: 63,665,127,424 bytes free
Post-Run: 64,064,163,840 bytes free
419 --- E O F --- 2009-02-26 03:05:54