Tech Support Forum - View Single Post - js/psyme virus aftermath scan from activescan 2.0

kewlix · 09-09-2008, 01:51 AM

Hello hows every one doing?

Good i hope

, as for me I'm currently in a sticky situation.

My task manager is disabled for one, two js/psyme keeps dling a Cazillian viruses which makes me so frustrated

i tried every and any thing except for professional help.

I do know that they are other things that i could use but i have yet to tamper with those programs such as hijack this and cwshedder. I have no clue how to use these programs

and that's why i'm here BEGGING FOR YOUR HELP PLEASE

help me I don't have a windows xp cd to reinstall this virus is insanely smart it deleted all my restore points, it also changed my desktop back ground to a blue screen with this statement " Warning: Spyware threat has been detected on your pc. Your Computer has several fatal errors due to spyware activity. It is strongly recommended to install an antispyware to close all security vulnerabilities. Antispyware software helps protect your pc against spyware and other security threats." Then there is a link that says "UPDATE YOUR ANTISPYWARE PROTECTION" its actually clickable on my screen but i know better to not even think about clicking it.

Things i have tried:
(1) Avg virus scanner (doesn't work for js/pysme and task manager disable)
(2) search and destroy (doesn't work for js/pysme and task manager disable)
(3) I tried a registry fix for my task manager but that didnt work.
(4) manually changing "disabletaskMGR" value from 1 - "0" all i got was a never ending cycle of "screw you haha i win im back to 1 again"

Last but not least the good old System restore

but that didnt work either If you guys could some how pull a rabbit out of this messed up hat of a comp i would BE superly awesomely happy and would never forget you guys when i'm famous

Before i forget here's a copy of my hijackthis /active scan 2.0. And i Apologize for huge post just wanted to get everything out there before i forgot.

Active scan 2.0
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-08 15:28:14
PROTECTIONS: 0
MALWARE: 48
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\rival\favorites\insurance
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\RivaL\Cookies\rival@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.atdmt.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.mediaplex.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\RivaL\Cookies\rival@azjmp[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.statcounter.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\RivaL\Cookies\rival@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\RivaL\Cookies\rival@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\RivaL\Cookies\rival@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.apmebf.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[server.iad.liveperson.net/hc/56483237]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[server.iad.liveperson.net/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.zedo.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.adrevolver.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.bravenet.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.go.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\RivaL\Cookies\rival@target[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.target.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\RivaL\Cookies\rival@did-it[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.did-it.com/]
00250251 Adware/ISearch Adware No 0 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP275\A0290567.exe
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.atwola.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\AMIEL\Application Data\Mozilla\Firefox\Profiles\wf6mk85s.default\cookies.txt[.ehg-dig.hitbox.com/]
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\RivaL\Cookies\rival@enhance[2].txt
01271851 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP276\A0292861.DLL
02941684 Trj/WmaDownloader.G Virus/Trojan No 0 Yes No C:\Documents and Settings\RivaL\Incomplete\T-60301-Gigantic Brick House Butts 2.avi
02944473 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP275\A0291561.exe
03412473 Adware/Zenosearch Adware No 0 Yes No C:\WINDOWS\system32\ncntttdm.exe
03421659 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP275\A0291688.exe
03485688 Rootkit/Agent.JQL Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP276\A0292891.sys
03508074 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP275\A0291692.exe
03508074 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP275\A0291696.exe
03548696 Adware/SpyShredder Adware No 0 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP275\A0291691.exe
03548696 Adware/SpyShredder Adware No 0 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP275\A0291689.exe
03548697 Trj/Clicker.ALY Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP275\A0291686.dll
03548823 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP275\A0291685.exe
03584928 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP276\A0291705.dll
03586664 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP275\A0291560.exe
03586803 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP275\A0291699.exe
03587001 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP275\A0291698.exe
03591886 Adware/AccesMembre Adware No 0 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP275\A0291697.exe
03614195 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{EA153135-794A-442D-BB1C-160510ABB975}\RP275\A0291693.dll
03623169 Adware/WebSearch Adware Yes 1 Yes No C:\WINDOWS\System32\uesiuqcr.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location \;s5<
;===================================================================================================================================================================================
No C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\Uninst.exe \;s5<
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description \;s5<
;===================================================================================================================================================================================
133387 MEDIUM MS06-065 \;s5<
133386 MEDIUM MS06-064 \;s5<
133385 MEDIUM MS06-063 \;s5<
133379 HIGH MS06-057 \;s5<
131654 HIGH MS06-055 \;s5<
129977 MEDIUM MS06-053 \;s5<
129976 MEDIUM MS06-052 \;s5<
126093 HIGH MS06-051 \;s5<
126092 MEDIUM MS06-050 \;s5<
126087 HIGH MS06-046 \;s5<
126086 MEDIUM MS06-045 \;s5<
126083 HIGH MS06-042 \;s5<
126082 HIGH MS06-041 \;s5<
126081 HIGH MS06-040 \;s5<
123421 HIGH MS06-036 \;s5<
123420 HIGH MS06-035 \;s5<
120825 MEDIUM MS06-032 \;s5<
120823 MEDIUM MS06-030 \;s5<
120818 HIGH MS06-025 \;s5<
120815 HIGH MS06-022 \;s5<
120814 HIGH MS06-021 \;s5<
117384 MEDIUM MS06-018 \;s5<
114666 HIGH MS06-015 \;s5<
114664 HIGH MS06-013 \;s5<
111790 MEDIUM MS06-011 \;s5<
108744 MEDIUM MS06-008 \;s5<
108743 MEDIUM MS06-007 \;s5<
108742 MEDIUM MS06-006 \;s5<
104567 HIGH MS06-002 \;s5<
104237 HIGH MS06-001 \;s5<
101055 HIGH MS05-054 \;s5<
96574 HIGH MS05-053 \;s5<
93396 HIGH MS05-052 \;s5<
93395 HIGH MS05-051 \;s5<
93394 HIGH MS05-050 \;s5<
93454 MEDIUM MS05-049 \;s5<
;===================================================================================================================================================================================

Hijackthis scan
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\uesiuqcr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\program files\steam\steam.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\RivaL\Desktop\HiJackThis_v2.exe

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\uesiuqcr.exe,
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: agadoo browser optimizer - {65a4805e-60ef-7a07-28c7-3d4261929f71} - C:\WINDOWS\System32\zurkxcitpayrms.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AE55C7EC-82F8-46CB-8DC2-57BF42F025FF} - C:\WINDOWS\System32\tuvUNedD.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {F145B6CD-5D7C-4FE5-9AD9-C85D8F05DDCD} - C:\WINDOWS\System32\qoMgdbbb.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [{6665cd51-4a02-f719-a93b-6689e1cce919}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\bdaluemeohdmef.dll" DllStub
O4 - HKLM\..\Run: [201009fb] rundll32.exe "C:\WINDOWS\System32\fnpfoyay.dll",b
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntttdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rmwnw64o.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {17DF9D0D-036E-424B-98D7-A41E4CE783EF} - ms-its:mhtml:file://c:\\nores.mht!http://adxcnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: tuvUNedD - C:\WINDOWS\SYSTEM32\tuvUNedD.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 9062 bytes