Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Need help with Vundo!!
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 06-06-2007, 10:57 AM   #1 (permalink)
Registered User
 
Join Date: Jul 2005
Posts: 33
OS: XP


Need help with Vundo!!
I have apparently gotten the mother of all Vundo trojans. I have used the vundo fix program and EVERYTHING else that I can but I still need help. First of all, when I first got this virus I downloaded Norton 360 and I believe it has help stopped any further problems. But some how this virus is burried in my computer and no matter what program I run I cannot get rid of it. On my first run of Norton, it said I had, Trojan.Vundo, Downloader.Trojan, Infostealer.Banker, Downloader.Trojan, Adware.Purityscan, Trojan.Horse, and Downloader, listed in that order. At the time, it deleted and cleaned all of those from the computer, but everytime I restart the computer I am still dealing with the Vundo virus. I have completed the 5 steps, and here are my logs:
Panda:

Incident Status Location

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[www.errorsafe.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.com.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.atwola.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.zedo.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.overture.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.searchportal.information.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lzsozj5m.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason\Cookies\jason@adrevolver[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason\Cookies\jason@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason\Cookies\jason@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Jason\Cookies\jason@bluestreak[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Jason\Cookies\jason@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason\Cookies\jason@doubleclick[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@errorsafe[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jason\Cookies\jason@fastclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Jason\Cookies\jason@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jason\Cookies\jason@mediaplex[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Cookies\jason@realmedia[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Jason\Cookies\jason@stats1.reliablestats[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.errorsafe[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jason\Cookies\jason@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Desktop\TechSupport\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Jason\Desktop\TechSupport\SmitfraudFix\restart.exe
Adware:Adware/SpywareNo Not disinfected C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\1S08U2EN\antzom[1].exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Jason\SmitfraudFix\restart.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\xxyyyvv.dll.bad
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/SpywareNo Not disinfected C:\WINDOWS\Temp\win66A.tmp.exe
DSS:
Deckard's System Scanner v20070603.47
Run by Jason on 2007-06-06 at 12:46:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2007-06-06 16:46:20 UTC - RP53 - Deckard's System Scanner Restore Point
11: 2007-06-06 01:31:51 UTC - RP52 - Software Distribution Service 3.0
10: 2007-06-05 03:22:55 UTC - RP51 - Installed Windows Internet Explorer 7.
9: 2007-06-05 03:19:38 UTC - RP50 - Installed Windows IDNMitigationAPIs.
8: 2007-06-05 03:18:45 UTC - RP49 - Installed Windows NLSDownlevelMapping.


-- First Restore Point --
1: 2007-06-04 00:25:21 UTC - RP42 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-06-06 12:48:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16441)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Brother\Brmfl05a\FAXRX.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jason\Desktop\TechSupport\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {E5225210-F293-40FE-BB2F-D5A3C7F13C47} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ipqpwngj.exe] C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: MFC-640CW USB.lnk = C:\Program Files\Brother\Brmfl05a\FAXRX.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O15 - Trusted Zone: https://www.limewire.com (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: efcaaxv - C:\WINDOWS\system32\efcaaxv.dll
O20 - Winlogon Notify: winemx32 - C:\WINDOWS\system32\winemx32.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Unknown owner - "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe"
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe"


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
R2 QBCFMonitorService (QuickBooks Database Manager Service) - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe"

S2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe (file missing)
S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007>


-- Scheduled Tasks -------------------------------------------------------------

2007-06-06 11:24:00 392 --a------ C:\WINDOWS\Tasks\At1.job


-- Files created between 2007-05-06 and 2007-06-06 -----------------------------

2007-06-06 1142 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-06 1140 0 d-------- C:\WINDOWS\LastGood
2007-06-06 10:28:41 33302 --a------ C:\WINDOWS\system32\efcaaxv.dll
2007-06-05 17:05:39 0 d-------- C:\Documents and Settings\Jason\Application Data\Stamps.com Internet Postage
2007-06-05 16:57:53 0 d-------- C:\Documents and Settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}
2007-06-05 16:57:23 0 d-------- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
2007-06-05 16:56:57 0 d-------- C:\Documents and Settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
2007-06-05 16:55:59 0 d-------- C:\Documents and Settings\All Users\Application Data\{75EE35BC-E993-41FD-9DBA-9AD37F50E521}
2007-06-05 16:55:25 0 d-------- C:\Program Files\Stamps.com Internet Postage
2007-06-05 09:52:13 4420 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-05 09:48:09 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-06-05 09:48:09 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-06-05 09:48:09 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-05 09:48:05 0 d-------- C:\Documents and Settings\Jason\SmitfraudFix <SMITFR~1>
2007-06-05 01:36:25 0 d-------- C:\VundoFix Backups
2007-06-05 00:34:30 0 d-------- C:\Documents and Settings\Jason\Application Data\Lavasoft
2007-06-04 23:14:39 0 d-------- C:\WINDOWS\network diagnostic
2007-06-04 22:55:35 0 d-------- C:\Program Files\Lavasoft
2007-06-04 22:54:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-04 19:17:52 1632835 --ahs---- C:\WINDOWS\system32\jjkmp.ini2
2007-06-04 18:43:28 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2007-06-04 18:11:29 40183 ---hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
2007-06-04 17:38:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-06-04 17:37:03 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2007-06-04 17:37:03 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-06-04 17:37:03 0 d-------- C:\Documents and Settings\Administrator\Cookies
2007-06-04 17:37:03 0 d-------- C:\Documents and Settings\Administrator\Application Data
2007-06-04 17:37:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-04 17:37:02 0 d-------- C:\Documents and Settings\Administrator\Templates
2007-06-04 17:37:02 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-04 17:37:02 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-06-04 17:13:33 0 d-------- C:\Program Files\Norton 360
2007-06-04 14:59:09 1611821 --ahs---- C:\WINDOWS\system32\jjkmp.bak2
2007-06-03 20:25:16 262144 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-06-03 20:25:16 2621440 --a------ C:\Documents and Settings\Jason\ntuser.dat
2007-06-03 17:25:14 0 d--hs---- C:\WINDOWS\system32\wsnpoem
2007-06-03 17:23:49 2 --a------ C:\-1667145715
2007-06-03 17:23:27 56832 --a------ C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
2007-06-03 17:23:23 0 d-------- C:\Documents and Settings\Jason\Application Data\Yahoo!
2007-06-03 17:23:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-06-03 17:23:06 18944 --a------ C:\WINDOWS\system32\winemx32.dll
2007-06-03 17:11:03 0 d-------- C:\Program Files\MSBuild
2007-06-03 12:25:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-06-03 11:58:52 0 d-------- C:\Documents and Settings\Jason\Application Data\Talkback
2007-06-03 11:50:57 0 d-------- C:\Program Files\Microsoft Works
2007-06-03 11:49:53 0 d-------- C:\Program Files\Microsoft.NET
2007-06-03 11:45:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-06-03 11:44:02 0 dr-h----- C:\MSOCache
2007-06-03 02:28:33 0 d-------- C:\Program Files\Common Files\supportsoft
2007-06-03 02:17:50 0 d-------- C:\Program Files\Intuit
2007-06-03 02:10:26 0 d-------- C:\Documents and Settings\All Users\Application Data\COMMON FILES
2007-05-30 22:52:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-05-30 22:14:54 0 d-------- C:\Documents and Settings\All Users\Application Data\YAHOO
2007-05-30 22:09:37 0 d-------- C:\WINDOWS\system32\LogFiles
2007-05-30 22:09:37 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-30 22:03:01 0 d-------- C:\Program Files\Yahoo!
2007-05-30 20:47:58 0 dr------- C:\Documents and Settings\Jason\Application Data\Brother
2007-05-30 20:30:32 0 d-------- C:\WINDOWS\Sun
2007-05-29 11:39:06 0 d-------- C:\Documents and Settings\Jason\Application Data\AdobeUM
2007-05-29 11:38:58 0 d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2007-05-29 11:38:57 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-28 23:15:27 0 d-------- C:\Documents and Settings\Jason\Application Data\ScanSoft
2007-05-28 21:11:15 0 d-------- C:\Documents and Settings\Jason\Application Data\Natara
2007-05-28 15:21:47 78848 --a------ C:\WINDOWS\system32\MSBIND.DLL <Not Verified; Microsoft Corporation; MSBind Object Library>
2007-05-28 15:21:47 0 d-------- C:\Program Files\Common Files\ADO
2007-05-28 15:21:22 0 d-------- C:\Program Files\GiftBox
2007-05-28 12:51:51 0 d-------- C:\Program Files\Common Files\Natara
2007-05-28 12:51:50 0 d-------- C:\Program Files\Natara
2007-05-27 20:40:18 2438 --a------ C:\WINDOWS\mozver.dat
2007-05-27 19:01:43 0 d-------- C:\Program Files\Full Tilt Poker
2007-05-27 13:49:48 0 d-------- C:\Documents and Settings\Jason\Application Data\Netscape
2007-05-26 17:15:31 0 d-------- C:\Cook'n Deluxe
2007-05-26 12:17:36 0 --a------ C:\WINDOWS\SUITE.REG
2007-05-26 12:15:31 176128 --a------ C:\WINDOWS\system32\Cw3215.dll <Not Verified; Borland International; Borland C++ 4.50>
2007-05-26 00:52:59 0 d-------- C:\Documents and Settings\Jason\Application Data\WildTangent
2007-05-26 00:50:47 0 d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2007-05-25 22:15:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Ilium Software
2007-05-25 22:13:23 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-05-25 19:04:23 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-05-25 19:01:22 0 d-------- C:\Program Files\Common Files\L&H
2007-05-25 18:24:11 0 d-------- C:\Documents and Settings\Jason\Application Data\Ilium Software
2007-05-25 17:36:25 278668 --a------ C:\WINDOWS\epsuninst.exe <Not Verified; Marcelo Bona Boff; e-PocketSetup 2003>
2007-05-25 17:36:24 0 d-------- C:\Program Files\Filao
2007-05-25 17:28:20 0 d-------- C:\Program Files\Ilium Software
2007-05-25 17:22:25 708608 --a------ C:\WINDOWS\system32\CDDBUIRoxio.dll <Not Verified; Gracenote; CDDBUIControl Module>
2007-05-25 17:22:25 569344 --a------ C:\WINDOWS\system32\CDDBControlRoxio.dll <Not Verified; Gracenote (formerly CDDB, Inc.); CDDBControl Core Module>
2007-05-25 17:01:12 0 d-------- C:\Documents and Settings\Jason\Application Data\Ulead Systems
2007-05-25 16:32:35 0 d-------- C:\Program Files\IVT Corporation
2007-05-25 16:18:59 0 d-------- C:\Program Files\DellConnect
2007-05-25 16:16:47 0 d-------- C:\Documents and Settings\Jason\Application Data\Mozilla
2007-05-25 1654 0 d-------- C:\Documents and Settings\Jason\Application Data\Help
2007-05-25 15:44:32 0 d-------- C:\Documents and Settings\Jason\Application Data\Corel Photo Album
2007-05-25 15:43:26 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-25 15:43:26 88 -r-hs---- C:\WINDOWS\system32\1AD05F47C8.sys
2007-05-25 15:23:48 0 d-------- C:\Documents and Settings\Jason\Shared
2007-05-25 15:23:46 0 d-------- C:\Documents and Settings\Jason\Incomplete
2007-05-25 15:23:32 0 d-------- C:\Documents and Settings\Jason\Application Data\LimeWire
2007-05-25 15:17:45 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-05-25 15:13:27 0 d-------- C:\Program Files\ItsDeductible2006
2007-05-25 15:13:05 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-05-25 15:09:27 0 d-------- C:\Program Files\TurboTax
2007-05-25 15:08:50 0 d-------- C:\Documents and Settings\Jason\Application Data\InstallShield
2007-05-25 15:07:44 0 d-------- C:\WINDOWS\system32\RegInfo
2007-05-25 15:04:01 0 d-------- C:\Program Files\Family Tree Legends
2007-05-25 14:53:14 0 d-------- C:\Documents and Settings\Jason\Application Data\Intuit
2007-05-25 14:53:06 0 d-------- C:\Program Files\Common Files\Palo Alto Software
2007-05-25 14:52:51 0 d-------- C:\Program Files\Common Files\Intuit
2007-05-25 14:52:41 0 d-------- C:\Program Files\Quicken
2007-05-25 14:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2007-05-25 14:27:29 0 d-------- C:\Program Files\Common Files\Nova Development
2007-05-25 14:22:25 0 d-------- C:\Program Files\LimeWire
2007-05-25 14:19:42 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-25 14:15:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-05-25 14:15:37 0 d-------- C:\Program Files\Common Files\Ulead Systems
2007-05-25 14:15:35 0 d-------- C:\Program Files\Nova Development
2007-05-25 14:15:10 0 d-------- C:\Program Files\Web Publish
2007-05-25 14:10:36 0 d-------- C:\Documents and Settings\Jason\Application Data\Google
2007-05-25 14:08:47 0 d-------- C:\Program Files\MySoftware
2007-05-25 14:05:53 57344 --a------ C:\WINDOWS\uneng.exe <Not Verified; Roxio; Roxio Update Wizard>
2007-05-25 14:05:24 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2007-05-25 14:05:24 0 d-------- C:\Program Files\Adaptec
2007-05-25 14:01:32 0 d-------- C:\Program Files\MSXML 4.0
2007-05-25 13:57:08 0 d-------- C:\Program Files\Netscape
2007-05-25 13:55:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-05-25 13:50:30 0 d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2007-05-25 13:47:04 0 d-------- C:\Program Files\palmOne
2007-05-25 13:46:43 0 d-------- C:\Documents and Settings\Jason\Application Data\HotSync
2007-05-25 13:42:20 50 --a------ C:\WINDOWS\system32\bridf05a.dat
2007-05-25 13:41:49 52224 --a------ C:\WINDOWS\system32\brinsstr.dll <Not Verified; Brother Industries,Ltd.; Brother MFL Pro>
2007-05-25 13:41:30 188416 --a------ C:\WINDOWS\system32\PDRVINST.DLL <Not Verified; brother; installer>
2007-05-25 13:41:30 69632 --a------ C:\WINDOWS\system32\BRWEBUP.EXE <Not Verified; brother; brother brwebup>
2007-05-25 13:41:30 86016 --a------ C:\WINDOWS\system32\BrWebIns.dll <Not Verified; brother; brother BrWebIns>
2007-05-25 13:41:17 0 d-------- C:\Brother
2007-05-25 13:41:14 122880 --a------ C:\WINDOWS\system32\BrfxD05a.dll <Not Verified; Brother Industries,LTD; Brother PC-FAX DIAL Dynamic Link Library>
2007-05-25 13:41:14 0 --a------ C:\WINDOWS\brdfxspd.dat
2007-05-25 13:41:13 163840 --a------ C:\WINDOWS\system32\NSSearch.dll <Not Verified; brother; brother NSSearch>
2007-05-25 13:41:13 106496 --a------ C:\WINDOWS\system32\BrMuSNMP.dll
2007-05-25 13:41:13 53248 --a------ C:\WINDOWS\system32\BrMfNt.dll <Not Verified; Brother Industries,LTD.; Brother BrMfNt>
2007-05-25 13:41:13 147456 --a------ C:\WINDOWS\brunin03.dll <Not Verified; Brother Industries,Ltd.; Brother MFL-Pro>
2007-05-25 13:41:13 0 d-------- C:\Program Files\Brother
2007-05-25 13:39:25 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-05-25 13:39:20 0 d-------- C:\Program Files\ScanSoft
2007-05-25 13:39:20 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-05-25 13:38:47 0 d-------- C:\WINDOWS\system32\PreInstall
2007-05-25 13:38:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2007-05-25 13:37:39 0 d-------- C:\Documents and Settings\Jason\Application Data\Macromedia
2007-05-25 13:37:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-05-25 13:36:27 0 d-------- C:\Program Files\DellSupport
2007-05-25 13:32:32 0 d-------- C:\Documents and Settings\Jason\Application Data\McAfee.com Personal Firewall
2007-05-25 13:32:05 0 d-------- C:\Documents and Settings\Jason\Application Data\Identities
2007-05-25 13:32:05 0 d--h----- C:\Documents and Settings\Jason\Application Data\Gtek
2007-05-25 13:32:04 0 d--h----- C:\Documents and Settings\Jason\Templates
2007-05-25 13:32:04 0 dr------- C:\Documents and Settings\Jason\Start Menu
2007-05-25 13:32:04 0 dr-h----- C:\Documents and Settings\Jason\SendTo
2007-05-25 13:32:04 0 dr-h----- C:\Documents and Settings\Jason\Recent
2007-05-25 13:32:04 0 d--h----- C:\Documents and Settings\Jason\PrintHood
2007-05-25 13:32:04 0 d--h----- C:\Documents and Settings\Jason\NetHood
2007-05-25 13:32:04 0 dr------- C:\Documents and Settings\Jason\My Documents
2007-05-25 13:32:04 0 d--h----- C:\Documents and Settings\Jason\Local Settings
2007-05-25 13:32:04 0 dr------- C:\Documents and Settings\Jason\Favorites
2007-05-25 13:32:04 0 d-------- C:\Documents and Settings\Jason\Desktop
2007-05-25 13:32:04 0 d--hs---- C:\Documents and Settings\Jason\Cookies
2007-05-25 13:32:04 0 dr-h----- C:\Documents and Settings\Jason\Application Data
2007-05-25 13:32:04 0 d-------- C:\Documents and Settings\Jason\Application Data\Symantec
2007-05-25 13:32:04 0 d-------- C:\Documents and Settings\Jason\Application Data\Sun
2007-05-25 13:31:48 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-05-25 13:31:42 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-05-25 13:31:42 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2007-05-25 13:31:42 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2007-05-25 13:30:58 0 d-------- C:\WINDOWS\system32\SoftwareDistribution


-- Find3M Report ---------------------------------------------------------------

2007-06-06 12:48:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-06 11:43:17 0 d-------- C:\Program Files\Google
2007-06-06 11:40:23 0 d-------- C:\Program Files\BAE
2007-06-04 19:02:29 0 d-------- C:\Program Files\Symantec
2007-05-28 21:09:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-25 17:44:06 0 d-------- C:\Program Files\Roxio
2007-05-25 17:22:25 1044480 --a------ C:\WINDOWS\system32\ROBOEX32.DLL <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9>
2007-05-25 14:01:45 0 d-------- C:\Program Files\Common Files\AOL
2007-05-25 13:41:29 0 d-------- C:\Program Files\Common Files\InstallShield
2007-03-22 16:47:35 46344 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670} C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} C:\Program Files\BAE\BAE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl05a\\BrStDvPt.exe"
"ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"AdaptecDirectCD"="C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe"
"RegistryMechanic"=""
"PhotoExplosionCalCheck"="C:\\Program Files\\Nova Development\\Photo Explosion Deluxe 3.0\\calcheck.exe"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"ipqpwngj.exe"="C:\\Documents and Settings\\All Users\\Application Data\\ipqpwngj.exe"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\WINDOWS\\svchost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{E5225210-F293-40FE-BB2F-D5A3C7F13C47}"=""
"{8A61098D-612B-4EF2-943D-64E920684061}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcaaxv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winemx32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


-- End of Deckard's System Scanner: finished at 2007-06-06 at 12:49:31 ---------

Thanks for you help!!
Leah
layla0910 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 06-06-2007, 04:31 PM   #2 (permalink)
Registered User
 
Join Date: Jul 2005
Posts: 33
OS: XP


Re: Need help with Vundo!!
Update:
Now my Norton 360 says I had a Trojan.Nebuler. Dont know if that is totally different or all part of the same. HTH
Thanks!!
layla0910 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-08-2007, 04:26 PM   #3 (permalink)
Registered User
 
Join Date: Jul 2005
Posts: 33
OS: XP


Re: Need help with Vundo!!
It has been a few days since my first post and I have had to do virus scans everyday so I figured I needed to post the new reports. I know everyone is really busy but please help me soon. :) BTW, everything I said in my first post is still the way that it is. Thanks!

***Panda:

Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason\Cookies\jason@atwola[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@errorsafe[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.errorsafe[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Jason\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Desktop\TechSupport\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Desktop\TechSupport\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Jason\Desktop\TechSupport\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\SmitfraudFix\Process.exe
Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1162OinUninstaller.exe.vir
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe


***DSS:
Deckard's System Scanner v20070603.47
Run by Jason on 2007-06-08 at 18:13:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jason.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:13:31 PM, on 6/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Brother\Brmfl05a\FAXRX.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jason\Desktop\TechSupport\dss.exe
C:\PROGRA~1\HIJACK~1\Jason.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ipqpwngj.exe] C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: MFC-640CW USB.lnk = C:\Program Files\Brother\Brmfl05a\FAXRX.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- Files created between 2007-05-08 and 2007-06-08 -----------------------------

2007-06-08 18:09:05 0 d-------- C:\Program Files\SpywareBlaster
2007-06-06 23:04:35 0 d-------- C:\Documents and Settings\Jason\Application Data\Grisoft
2007-06-06 1142 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-05 17:05:39 0 d-------- C:\Documents and Settings\Jason\Application Data\Stamps.com Internet Postage
2007-06-05 16:57:53 0 d-------- C:\Documents and Settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}
2007-06-05 16:57:23 0 d-------- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
2007-06-05 16:56:57 0 d-------- C:\Documents and Settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
2007-06-05 16:55:59 0 d-------- C:\Documents and Settings\All Users\Application Data\{75EE35BC-E993-41FD-9DBA-9AD37F50E521}
2007-06-05 16:55:25 0 d-------- C:\Program Files\Stamps.com Internet Postage
2007-06-05 09:52:13 4208 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-05 09:48:09 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-06-05 09:48:09 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-06-05 09:48:09 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-05 09:48:05 0 d-------- C:\Documents and Settings\Jason\SmitfraudFix <SMITFR~1>
2007-06-05 01:36:25 0 d-------- C:\VundoFix Backups
2007-06-05 00:34:30 0 d-------- C:\Documents and Settings\Jason\Application Data\Lavasoft
2007-06-04 23:14:39 0 d-------- C:\WINDOWS\network diagnostic
2007-06-04 22:55:35 0 d-------- C:\Program Files\Lavasoft
2007-06-04 22:54:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-04 19:17:52 1632835 --ahs---- C:\WINDOWS\system32\jjkmp.ini2
2007-06-04 18:43:28 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2007-06-04 17:38:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-06-04 17:37:03 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2007-06-04 17:37:03 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-06-04 17:37:03 0 d-------- C:\Documents and Settings\Administrator\Cookies
2007-06-04 17:37:03 0 d-------- C:\Documents and Settings\Administrator\Application Data
2007-06-04 17:37:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-04 17:37:02 0 d-------- C:\Documents and Settings\Administrator\Templates
2007-06-04 17:37:02 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-04 17:37:02 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-06-04 17:13:33 0 d-------- C:\Program Files\Norton 360
2007-06-04 14:59:09 1611821 --ahs---- C:\WINDOWS\system32\jjkmp.bak2
2007-06-03 20:25:16 262144 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-06-03 20:25:16 3145728 --a------ C:\Documents and Settings\Jason\ntuser.dat
2007-06-03 17:23:27 56832 --a------ C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
2007-06-03 17:23:23 0 d-------- C:\Documents and Settings\Jason\Application Data\Yahoo!
2007-06-03 17:23:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-06-03 17:11:03 0 d-------- C:\Program Files\MSBuild
2007-06-03 12:25:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-06-03 11:58:52 0 d-------- C:\Documents and Settings\Jason\Application Data\Talkback
2007-06-03 11:50:57 0 d-------- C:\Program Files\Microsoft Works
2007-06-03 11:49:53 0 d-------- C:\Program Files\Microsoft.NET
2007-06-03 11:45:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-06-03 11:44:02 0 dr-h----- C:\MSOCache
2007-06-03 02:28:33 0 d-------- C:\Program Files\Common Files\supportsoft
2007-06-03 02:17:50 0 d-------- C:\Program Files\Intuit
2007-06-03 02:10:26 0 d-------- C:\Documents and Settings\All Users\Application Data\COMMON FILES
2007-05-30 22:52:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-05-30 22:14:54 0 d-------- C:\Documents and Settings\All Users\Application Data\YAHOO
2007-05-30 22:09:37 0 d-------- C:\WINDOWS\system32\LogFiles
2007-05-30 22:09:37 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-30 22:03:01 0 d-------- C:\Program Files\Yahoo!
2007-05-30 20:47:58 0 dr------- C:\Documents and Settings\Jason\Application Data\Brother
2007-05-30 20:30:32 0 d-------- C:\WINDOWS\Sun
2007-05-29 11:39:06 0 d-------- C:\Documents and Settings\Jason\Application Data\AdobeUM
2007-05-29 11:38:58 0 d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2007-05-29 11:38:57 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-28 23:15:27 0 d-------- C:\Documents and Settings\Jason\Application Data\ScanSoft
2007-05-28 21:11:15 0 d-------- C:\Documents and Settings\Jason\Application Data\Natara
2007-05-28 15:21:47 78848 --a------ C:\WINDOWS\system32\MSBIND.DLL <Not Verified; Microsoft Corporation; MSBind Object Library>
2007-05-28 15:21:47 0 d-------- C:\Program Files\Common Files\ADO
2007-05-28 15:21:22 0 d-------- C:\Program Files\GiftBox
2007-05-28 12:51:51 0 d-------- C:\Program Files\Common Files\Natara
2007-05-28 12:51:50 0 d-------- C:\Program Files\Natara
2007-05-27 20:40:18 2438 --a------ C:\WINDOWS\mozver.dat
2007-05-27 19:01:43 0 d-------- C:\Program Files\Full Tilt Poker
2007-05-27 13:49:48 0 d-------- C:\Documents and Settings\Jason\Application Data\Netscape
2007-05-26 17:15:31 0 d-------- C:\Cook'n Deluxe
2007-05-26 12:17:36 0 --a------ C:\WINDOWS\SUITE.REG
2007-05-26 12:15:31 176128 --a------ C:\WINDOWS\system32\Cw3215.dll <Not Verified; Borland International; Borland C++ 4.50>
2007-05-26 00:52:59 0 d-------- C:\Documents and Settings\Jason\Application Data\WildTangent
2007-05-26 00:50:47 0 d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2007-05-25 22:15:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Ilium Software
2007-05-25 22:13:23 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-05-25 19:04:23 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-05-25 19:01:22 0 d-------- C:\Program Files\Common Files\L&H
2007-05-25 18:24:11 0 d-------- C:\Documents and Settings\Jason\Application Data\Ilium Software
2007-05-25 17:36:25 278668 --a------ C:\WINDOWS\epsuninst.exe <Not Verified; Marcelo Bona Boff; e-PocketSetup 2003>
2007-05-25 17:36:24 0 d-------- C:\Program Files\Filao
2007-05-25 17:28:20 0 d-------- C:\Program Files\Ilium Software
2007-05-25 17:22:25 708608 --a------ C:\WINDOWS\system32\CDDBUIRoxio.dll <Not Verified; Gracenote; CDDBUIControl Module>
2007-05-25 17:22:25 569344 --a------ C:\WINDOWS\system32\CDDBControlRoxio.dll <Not Verified; Gracenote (formerly CDDB, Inc.); CDDBControl Core Module>
2007-05-25 17:01:12 0 d-------- C:\Documents and Settings\Jason\Application Data\Ulead Systems
2007-05-25 16:32:35 0 d-------- C:\Program Files\IVT Corporation
2007-05-25 16:18:59 0 d-------- C:\Program Files\DellConnect
2007-05-25 16:16:47 0 d-------- C:\Documents and Settings\Jason\Application Data\Mozilla
2007-05-25 1654 0 d-------- C:\Documents and Settings\Jason\Application Data\Help
2007-05-25 15:44:32 0 d-------- C:\Documents and Settings\Jason\Application Data\Corel Photo Album
2007-05-25 15:43:26 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-25 15:43:26 88 -r-hs---- C:\WINDOWS\system32\1AD05F47C8.sys
2007-05-25 15:23:48 0 d-------- C:\Documents and Settings\Jason\Shared
2007-05-25 15:23:46 0 d-------- C:\Documents and Settings\Jason\Incomplete
2007-05-25 15:23:32 0 d-------- C:\Documents and Settings\Jason\Application Data\LimeWire
2007-05-25 15:17:45 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-05-25 15:13:27 0 d-------- C:\Program Files\ItsDeductible2006
2007-05-25 15:13:05 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-05-25 15:09:27 0 d-------- C:\Program Files\TurboTax
2007-05-25 15:08:50 0 d-------- C:\Documents and Settings\Jason\Application Data\InstallShield
2007-05-25 15:07:44 0 d-------- C:\WINDOWS\system32\RegInfo
2007-05-25 15:04:01 0 d-------- C:\Program Files\Family Tree Legends
2007-05-25 14:53:14 0 d-------- C:\Documents and Settings\Jason\Application Data\Intuit
2007-05-25 14:53:06 0 d-------- C:\Program Files\Common Files\Palo Alto Software
2007-05-25 14:52:51 0 d-------- C:\Program Files\Common Files\Intuit
2007-05-25 14:52:41 0 d-------- C:\Program Files\Quicken
2007-05-25 14:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2007-05-25 14:27:29 0 d-------- C:\Program Files\Common Files\Nova Development
2007-05-25 14:22:25 0 d-------- C:\Program Files\LimeWire
2007-05-25 14:19:42 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-25 14:15:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-05-25 14:15:37 0 d-------- C:\Program Files\Common Files\Ulead Systems
2007-05-25 14:15:35 0 d-------- C:\Program Files\Nova Development
2007-05-25 14:15:10 0 d-------- C:\Program Files\Web Publish
2007-05-25 14:10:36 0 d-------- C:\Documents and Settings\Jason\Application Data\Google
2007-05-25 14:08:47 0 d-------- C:\Program Files\MySoftware
2007-05-25 14:05:53 57344 --a------ C:\WINDOWS\uneng.exe <Not Verified; Roxio; Roxio Update Wizard>
2007-05-25 14:05:24 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2007-05-25 14:05:24 0 d-------- C:\Program Files\Adaptec
2007-05-25 14:01:32 0 d-------- C:\Program Files\MSXML 4.0
2007-05-25 13:57:08 0 d-------- C:\Program Files\Netscape
2007-05-25 13:55:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-05-25 13:50:30 0 d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2007-05-25 13:47:04 0 d-------- C:\Program Files\palmOne
2007-05-25 13:46:43 0 d-------- C:\Documents and Settings\Jason\Application Data\HotSync
2007-05-25 13:42:20 50 --a------ C:\WINDOWS\system32\bridf05a.dat
2007-05-25 13:41:49 52224 --a------ C:\WINDOWS\system32\brinsstr.dll <Not Verified; Brother Industries,Ltd.; Brother MFL Pro>
2007-05-25 13:41:30 188416 --a------ C:\WINDOWS\system32\PDRVINST.DLL <Not Verified; brother; installer>
2007-05-25 13:41:30 69632 --a------ C:\WINDOWS\system32\BRWEBUP.EXE <Not Verified; brother; brother brwebup>
2007-05-25 13:41:30 86016 --a------ C:\WINDOWS\system32\BrWebIns.dll <Not Verified; brother; brother BrWebIns>
2007-05-25 13:41:17 0 d-------- C:\Brother
2007-05-25 13:41:14 122880 --a------ C:\WINDOWS\system32\BrfxD05a.dll <Not Verified; Brother Industries,LTD; Brother PC-FAX DIAL Dynamic Link Library>
2007-05-25 13:41:14 0 --a------ C:\WINDOWS\brdfxspd.dat
2007-05-25 13:41:13 163840 --a------ C:\WINDOWS\system32\NSSearch.dll <Not Verified; brother; brother NSSearch>
2007-05-25 13:41:13 106496 --a------ C:\WINDOWS\system32\BrMuSNMP.dll
2007-05-25 13:41:13 53248 --a------ C:\WINDOWS\system32\BrMfNt.dll <Not Verified; Brother Industries,LTD.; Brother BrMfNt>
2007-05-25 13:41:13 147456 --a------ C:\WINDOWS\brunin03.dll <Not Verified; Brother Industries,Ltd.; Brother MFL-Pro>
2007-05-25 13:41:13 0 d-------- C:\Program Files\Brother
2007-05-25 13:39:25 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-05-25 13:39:20 0 d-------- C:\Program Files\ScanSoft
2007-05-25 13:39:20 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-05-25 13:38:47 0 d-------- C:\WINDOWS\system32\PreInstall
2007-05-25 13:38:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2007-05-25 13:37:39 0 d-------- C:\Documents and Settings\Jason\Application Data\Macromedia
2007-05-25 13:37:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-05-25 13:36:27 0 d-------- C:\Program Files\DellSupport
2007-05-25 13:32:32 0 d-------- C:\Documents and Settings\Jason\Application Data\McAfee.com Personal Firewall
2007-05-25 13:32:05 0 d-------- C:\Documents and Settings\Jason\Application Data\Identities
2007-05-25 13:32:05 0 d--h----- C:\Documents and Settings\Jason\Application Data\Gtek
2007-05-25 13:32:04 0 d--h----- C:\Documents and Settings\Jason\Templates
2007-05-25 13:32:04 0 dr------- C:\Documents and Settings\Jason\Start Menu
2007-05-25 13:32:04 0 dr-h----- C:\Documents and Settings\Jason\SendTo
2007-05-25 13:32:04 0 dr-h----- C:\Documents and Settings\Jason\Recent
2007-05-25 13:32:04 0 d--h----- C:\Documents and Settings\Jason\PrintHood
2007-05-25 13:32:04 0 d--h----- C:\Documents and Settings\Jason\NetHood
2007-05-25 13:32:04 0 dr------- C:\Documents and Settings\Jason\My Documents
2007-05-25 13:32:04 0 d--h----- C:\Documents and Settings\Jason\Local Settings
2007-05-25 13:32:04 0 dr------- C:\Documents and Settings\Jason\Favorites
2007-05-25 13:32:04 0 d-------- C:\Documents and Settings\Jason\Desktop
2007-05-25 13:32:04 0 d--hs---- C:\Documents and Settings\Jason\Cookies
2007-05-25 13:32:04 0 dr-h----- C:\Documents and Settings\Jason\Application Data
2007-05-25 13:32:04 0 d-------- C:\Documents and Settings\Jason\Application Data\Symantec
2007-05-25 13:32:04 0 d-------- C:\Documents and Settings\Jason\Application Data\Sun
2007-05-25 13:31:48 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-05-25 13:31:42 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-05-25 13:31:42 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2007-05-25 13:31:42 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2007-05-25 13:30:58 0 d-------- C:\WINDOWS\system32\SoftwareDistribution


-- Find3M Report ---------------------------------------------------------------

2007-06-08 18:09:49 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-08 17:33:34 0 d-------- C:\Program Files\Google
2007-06-08 17:29:36 0 d-------- C:\Program Files\BAE
2007-06-04 19:02:29 0 d-------- C:\Program Files\Symantec
2007-05-28 21:09:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-25 17:44:06 0 d-------- C:\Program Files\Roxio
2007-05-25 17:22:25 1044480 --a------ C:\WINDOWS\system32\ROBOEX32.DLL <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9>
2007-05-25 14:01:45 0 d-------- C:\Program Files\Common Files\AOL
2007-05-25 13:41:29 0 d-------- C:\Program Files\Common Files\InstallShield
2007-03-22 16:47:35 46344 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670} C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} C:\Program Files\BAE\BAE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl05a\\BrStDvPt.exe"
"ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"AdaptecDirectCD"="C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe"
"RegistryMechanic"=""
"PhotoExplosionCalCheck"="C:\\Program Files\\Nova Development\\Photo Explosion Deluxe 3.0\\calcheck.exe"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"ipqpwngj.exe"="C:\\Documents and Settings\\All Users\\Application Data\\ipqpwngj.exe"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{8A61098D-612B-4EF2-943D-64E920684061}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winemx32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


-- End of Deckard's System Scanner: finished at 2007-06-08 at 18:14:10 ---------
Attached Files
File Type: txt main.txt (30.7 KB, 0 views)
layla0910 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 12:20 AM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,445
OS: N/A


Re: Need help with Vundo!!
1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 01:42 AM   #5 (permalink)
Registered User
 
Join Date: Jul 2005
Posts: 33
OS: XP


Re: Need help with Vundo!!
Im soooo glad to hear from you!! :) Thanks!!

Here they are:

ComboFix 07-06-09.1
"Jason" - 2007-06-09 3:36:53 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))


2007-06-08 20:22 <DIR> d-------- C:\Program Files\Palm Inc
2007-06-08 18:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-07 02:29 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-06 23:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-06 22:23 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2007-06-06 11:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-05 17:05 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Stamps.com Internet Postage
2007-06-05 16:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{D9AA4D17-9292-410D-9AA5-84526D062900}
2007-06-05 16:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
2007-06-05 16:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
2007-06-05 16:55 <DIR> d-------- C:\Program Files\Stamps.com Internet Postage
2007-06-05 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{75EE35BC-E993-41FD-9DBA-9AD37F50E521}
2007-06-05 09:52 4,208 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-05 09:48 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-05 09:48 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-05 09:48 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-05 09:48 <DIR> d-------- C:\DOCUME~1\Jason\SmitfraudFix
2007-06-05 01:36 <DIR> d-------- C:\VundoFix Backups
2007-06-05 00:34 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Lavasoft
2007-06-04 23:16 <DIR> d-------- C:\Deckard
2007-06-04 23:14 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-04 23:12 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-06-04 22:55 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-04 22:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-04 19:17 1,632,835 --ahs---- C:\WINDOWS\system32\jjkmp.ini2
2007-06-04 18:56 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-04 18:56 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-04 18:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Symantec Temporary Files
2007-06-04 17:37 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-04 17:13 <DIR> d-------- C:\Program Files\Norton 360
2007-06-04 14:59 1,611,821 --ahs---- C:\WINDOWS\system32\jjkmp.bak2
2007-06-03 20:25 3,145,728 --a------ C:\DOCUME~1\Jason\ntuser.dat
2007-06-03 20:25 262,144 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-06-03 17:23 56,832 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\ipqpwngj.exe
2007-06-03 17:23 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Yahoo!
2007-06-03 17:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-03 17:12 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-06-03 17:11 <DIR> d-------- C:\Program Files\MSBuild
2007-06-03 12:25 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-06-03 12:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
2007-06-03 12:24 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-06-03 12:24 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-06-03 12:24 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-06-03 12:24 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-06-03 12:24 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-06-03 12:24 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-06-03 12:24 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-06-03 11:58 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Talkback
2007-06-03 11:50 <DIR> d-------- C:\Program Files\Microsoft Works
2007-06-03 11:49 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-06-03 11:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-06-03 11:44 <DIR> dr-h----- C:\MSOCache
2007-06-03 02:28 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2007-06-03 02:27 1,933,312 --a------ C:\WINDOWS\system32\cdintf251.dll
2007-06-03 02:17 <DIR> d-------- C:\Program Files\Intuit
2007-06-03 02:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMMON FILES
2007-05-30 22:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-05-30 22:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\YAHOO
2007-05-30 22:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-30 22:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-30 22:03 <DIR> d-------- C:\Program Files\Yahoo!
2007-05-30 20:47 <DIR> dr------- C:\DOCUME~1\Jason\APPLIC~1\Brother
2007-05-29 11:39 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\AdobeUM
2007-05-28 23:15 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\ScanSoft
2007-05-28 21:11 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Natara
2007-05-28 15:21 78,848 --a------ C:\WINDOWS\system32\MSBIND.DLL
2007-05-28 15:21 <DIR> d-------- C:\Program Files\GiftBox
2007-05-28 15:21 <DIR> d-------- C:\Program Files\Common Files\ADO
2007-05-28 12:51 <DIR> d-------- C:\Program Files\Natara
2007-05-28 12:51 <DIR> d-------- C:\Program Files\Common Files\Natara
2007-05-27 20:40 2,438 --a------ C:\WINDOWS\mozver.dat
2007-05-27 19:01 <DIR> d-------- C:\Program Files\Full Tilt Poker
2007-05-27 13:49 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Netscape
2007-05-26 17:15 <DIR> d-------- C:\Cook'n Deluxe
2007-05-26 12:17 0 --a------ C:\WINDOWS\SUITE.REG
2007-05-26 12:15 176,128 --a------ C:\WINDOWS\system32\Cw3215.dll
2007-05-26 00:52 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\WildTangent
2007-05-26 00:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WildTangent
2007-05-25 22:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ilium Software
2007-05-25 22:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-05-25 19:38 9,389,672 --a------ C:\Program Files\winzip111.exe
2007-05-25 19:04 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-05-25 19:01 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-05-25 18:24 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Ilium Software
2007-05-25 17:36 278,668 --a------ C:\WINDOWS\epsuninst.exe
2007-05-25 17:36 <DIR> d-------- C:\Program Files\Filao
2007-05-25 17:28 <DIR> d-------- C:\Program Files\Ilium Software
2007-05-25 17:22 708,608 --a------ C:\WINDOWS\system32\CDDBUIRoxio.dll
2007-05-25 17:22 569,344 --a------ C:\WINDOWS\system32\CDDBControlRoxio.dll
2007-05-25 17:01 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Ulead Systems
2007-05-25 16:33 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-05-25 16:33 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-05-25 16:33 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-05-25 16:33 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-05-25 16:33 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-05-25 16:33 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-05-25 16:33 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-05-25 16:32 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-05-25 16:32 <DIR> d-------- C:\Program Files\IVT Corporation
2007-05-25 16:18 <DIR> d-------- C:\Program Files\DellConnect


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-09 05:58:04 -------- d-----w C:\Program Files\Google
2007-06-09 05:56:30 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-09 05:55:02 -------- d-----w C:\Program Files\BAE
2007-06-04 23:02:29 -------- d-----w C:\Program Files\Symantec
2007-05-29 01:09:01 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-25 21:44:06 -------- d-----w C:\Program Files\Roxio
2007-05-25 21:22:26 30,662 ----a-w C:\WINDOWS\system32\drivers\Mmc_2k.sys
2007-05-25 21:22:26 25,930 ----a-w C:\WINDOWS\system32\drivers\Dvd_2k.sys
2007-05-25 21:22:26 241,280 ----a-w C:\WINDOWS\system32\drivers\cdudf_xp.sys
2007-05-25 21:22:26 206,464 ----a-w C:\WINDOWS\system32\drivers\udfreadr_xp.sys
2007-05-25 21:22:26 144,250 ----a-w C:\WINDOWS\system32\drivers\pwd_2K.sys
2007-05-25 21:22:25 49,152 ----a-w C:\WINDOWS\system32\cdrtc.dll
2007-05-25 21:22:25 45,056 ----a-w C:\WINDOWS\system32\cdral.dll
2007-05-25 21:22:25 1,044,480 ----a-w C:\WINDOWS\system32\ROBOEX32.DLL
2007-05-25 18:01:45 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-25 17:46:41 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-05-25 17:41:29 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-30 20:44:52 186,520 ----a-w C:\WINDOWS\system32\SymNPPWA.dll
2007-03-22 20:47:35 46,344 ----a-w C:\WINDOWS\NSSetDefaultBrowser.EXE
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 17:39]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-18 23:22]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 05:20]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}=C:\Program Files\BAE\BAE.dll [2006-06-14 08:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-03 11:58]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 21:36]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2007-05-25 17:22]
"RegistryMechanic"="" []
"PhotoExplosionCalCheck"="C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe" [2006-05-10 12:32]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 19:20]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"ipqpwngj.exe"="C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe" [2007-06-03 17:23]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-30 08:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-25 13:37]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winemx32]
winemx32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

*Newly Created Service* - COMHOST
*Newly Created Service* - IDRIVERT
*Newly Created Service* - MSISERVER
*Newly Created Service* - ODSERV

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-09 03:39:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-06-09 3:40:00
C:\ComboFix-quarantined-files.txt ... 2007-06-09 03:39
C:\ComboFix2.txt ... 2007-06-09 00:46
C:\ComboFix3.txt ... 2007-06-07 02:35

--- E O F ---


HJT:
Logfile of HijackThis v1.99.1
Scan saved at 3:40:49 AM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Brother\Brmfl05a\FAXRX.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ipqpwngj.exe] C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: MFC-640CW USB.lnk = C:\Program Files\Brother\Brmfl05a\FAXRX.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
layla0910 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 02:05 AM   #6 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,445
OS: N/A


Re: Need help with Vundo!!
Do this first. I shall have further instructions after this.

Please download the Suspicious File Packer → http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop and run it.
Paste the following list of filepaths into the Suspicious File Packer window:

C:\WINDOWS\system32\drivers\COH_Mon.sys
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ipqpwngj.exe

Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site → http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.


--------------


C:\DOCUME~1\ALLUSE~1\APPLIC~1\{D9AA4D17-9292-410D-9AA5-84526D062900}
C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
C:\DOCUME~1\ALLUSE~1\APPLIC~1\{75EE35BC-E993-41FD-9DBA-9AD37F50E521}

Take a quick peek inside the above folders. Tell me what's inside
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 02:17 AM   #7 (permalink)
Registered User
 
Join Date: Jul 2005
Posts: 33
OS: XP


Re: Need help with Vundo!!
Thanks for the help!! I have completed what you needed me to do. All 4 of those files are stamps.com info. Looks like they all contain the same files.
layla0910 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 02:33 AM   #8 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,445
OS: N/A


Re: Need help with Vundo!!
Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - (no file)
O4 - HKLM\..\Run: [ipqpwngj.exe] C:\Documents and Settings\All Users\Application Data\ipqpwngj.exe
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
C:\WINDOWS\system32\jjkmp.ini2
C:\WINDOWS\system32\jjkmp.bak2
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ipqpwngj.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"=-
"ipqpwngj.exe"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winemx32]
Save this as ComboFix-Do.txt




Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe
Then post the resultant log


---------------


Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. We only require a report from it.
    It does not provide an option to clean/disinfect.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 02:34 AM   #9 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,445
OS: N/A


Re: Need help with Vundo!!
This is to be performed after you have posted the required logs.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1 - http://java.sun.com/javase/downloads/index.jsp
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 06:46 AM   #10 (permalink)
Registered User
 
Join Date: Jul 2005
Posts: 33
OS: XP


Re: Need help with Vundo!!
Here are my reports:
***Combo:


"Jason" - 2007-06-09 4:53:18 Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Jason\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1\ipqpwngj.exe
C:\WINDOWS\system32\jjkmp.bak2
C:\WINDOWS\system32\jjkmp.ini2


((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))


2007-06-08 20:22 <DIR> d-------- C:\Program Files\Palm Inc
2007-06-08 18:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-07 02:29 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-06 23:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-06 22:23 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2007-06-06 11:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-05 17:05 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Stamps.com Internet Postage
2007-06-05 16:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{D9AA4D17-9292-410D-9AA5-84526D062900}
2007-06-05 16:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
2007-06-05 16:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
2007-06-05 16:55 <DIR> d-------- C:\Program Files\Stamps.com Internet Postage
2007-06-05 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{75EE35BC-E993-41FD-9DBA-9AD37F50E521}
2007-06-05 09:52 4,208 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-05 09:48 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-05 09:48 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-05 09:48 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-05 09:48 <DIR> d-------- C:\DOCUME~1\Jason\SmitfraudFix
2007-06-05 01:36 <DIR> d-------- C:\VundoFix Backups
2007-06-05 00:34 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Lavasoft
2007-06-04 23:16 <DIR> d-------- C:\Deckard
2007-06-04 23:14 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-04 23:12 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-06-04 22:55 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-04 22:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-04 18:56 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-04 18:56 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-04 18:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Symantec Temporary Files
2007-06-04 17:37 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-04 17:13 <DIR> d-------- C:\Program Files\Norton 360
2007-06-03 20:25 3,407,872 --a------ C:\DOCUME~1\Jason\ntuser.dat
2007-06-03 20:25 262,144 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-06-03 17:23 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Yahoo!
2007-06-03 17:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-03 17:12 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-06-03 17:11 <DIR> d-------- C:\Program Files\MSBuild
2007-06-03 12:25 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-06-03 12:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
2007-06-03 12:24 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-06-03 12:24 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-06-03 12:24 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-06-03 12:24 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-06-03 12:24 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-06-03 12:24 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-06-03 12:24 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-06-03 11:58 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Talkback
2007-06-03 11:50 <DIR> d-------- C:\Program Files\Microsoft Works
2007-06-03 11:49 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-06-03 11:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-06-03 11:44 <DIR> dr-h----- C:\MSOCache
2007-06-03 02:28 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2007-06-03 02:27 1,933,312 --a------ C:\WINDOWS\system32\cdintf251.dll
2007-06-03 02:17 <DIR> d-------- C:\Program Files\Intuit
2007-06-03 02:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMMON FILES
2007-05-30 22:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-05-30 22:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\YAHOO
2007-05-30 22:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-30 22:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-30 22:03 <DIR> d-------- C:\Program Files\Yahoo!
2007-05-30 20:47 <DIR> dr------- C:\DOCUME~1\Jason\APPLIC~1\Brother
2007-05-29 11:39 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\AdobeUM
2007-05-28 23:15 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\ScanSoft
2007-05-28 21:11 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Natara
2007-05-28 15:21 78,848 --a------ C:\WINDOWS\system32\MSBIND.DLL
2007-05-28 15:21 <DIR> d-------- C:\Program Files\GiftBox
2007-05-28 15:21 <DIR> d-------- C:\Program Files\Common Files\ADO
2007-05-28 12:51 <DIR> d-------- C:\Program Files\Natara
2007-05-28 12:51 <DIR> d-------- C:\Program Files\Common Files\Natara
2007-05-27 20:40 2,438 --a------ C:\WINDOWS\mozver.dat
2007-05-27 19:01 <DIR> d-------- C:\Program Files\Full Tilt Poker
2007-05-27 13:49 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Netscape
2007-05-26 17:15 <DIR> d-------- C:\Cook'n Deluxe
2007-05-26 12:17 0 --a------ C:\WINDOWS\SUITE.REG
2007-05-26 12:15 176,128 --a------ C:\WINDOWS\system32\Cw3215.dll
2007-05-26 00:52 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\WildTangent
2007-05-26 00:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WildTangent
2007-05-25 22:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ilium Software
2007-05-25 22:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-05-25 19:38 9,389,672 --a------ C:\Program Files\winzip111.exe
2007-05-25 19:04 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-05-25 19:01 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-05-25 18:24 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Ilium Software
2007-05-25 17:36 278,668 --a------ C:\WINDOWS\epsuninst.exe
2007-05-25 17:36 <DIR> d-------- C:\Program Files\Filao
2007-05-25 17:28 <DIR> d-------- C:\Program Files\Ilium Software
2007-05-25 17:22 708,608 --a------ C:\WINDOWS\system32\CDDBUIRoxio.dll
2007-05-25 17:22 569,344 --a------ C:\WINDOWS\system32\CDDBControlRoxio.dll
2007-05-25 17:01 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Ulead Systems
2007-05-25 16:33 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-05-25 16:33 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-05-25 16:33 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-05-25 16:33 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-05-25 16:33 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-05-25 16:33 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-05-25 16:33 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-05-25 16:32 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-05-25 16:32 <DIR> d-------- C:\Program Files\IVT Corporation
2007-05-25 16:18 <DIR> d-------- C:\Program Files\DellConnect
2007-05-25 16:06 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Help
2007-05-25 15:44 <DIR> d-------- C:\DOCUME~1\Jason\APPLIC~1\Corel Photo Album
2007-05-25 15:43 88 -r-hs---- C:\WINDOWS\system32\1AD05F47C8.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-09 05:58:04 -------- d-----w C:\Program Files\Google
2007-06-09 05:56:30 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-09 05:55:02 -------- d-----w C:\Program Files\BAE
2007-06-04 23:02:29 -------- d-----w C:\Program Files\Symantec
2007-05-29 01:09:01 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-25 21:44:06 -------- d-----w C:\Program Files\Roxio
2007-05-25 21:22:26 30,662 ----a-w C:\WINDOWS\system32\drivers\Mmc_2k.sys
2007-05-25 21:22:26 25,930 ----a-w C:\WINDOWS\system32\drivers\Dvd_2k.sys
2007-05-25 21:22:26 241,280 ----a-w C:\WINDOWS\system32\drivers\cdudf_xp.sys
2007-05-25 21:22:26 206,464 ----a-w C:\WINDOWS\system32\drivers\udfreadr_xp.sys
2007-05-25 21:22:26 144,250 ----a-w C:\WINDOWS\system32\drivers\pwd_2K.sys
2007-05-25 21:22:25 49,152 ----a-w C:\WINDOWS\system32\cdrtc.dll
2007-05-25 21:22:25 45,056 ----a-w C:\WINDOWS\system32\cdral.dll
2007-05-25 21:22:25 1,044,480 ----a-w C:\WINDOWS\system32\ROBOEX32.DLL
2007-05-25 18:01:45 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-25 17:46:41 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-05-25 17:41:29 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-30 20:44:52 186,520 ----a-w C:\WINDOWS\system32\SymNPPWA.dll
2007-03-22 20:47:35 46,344 ----a-w C:\WINDOWS\NSSetDefaultBrowser.EXE
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 17:39]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-18 23:22]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 05:20]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}=C:\Program Files\BAE\BAE.dll [2006-06-14 08:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-03 11:58]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 21:36]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2007-05-25 17:22]
"PhotoExplosionCalCheck"="C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe" [2006-05-10 12:32]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 19:20]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-30 08:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-25 13:37]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

*Newly Created Service* - COMHOST
*Newly Created Service* - IDRIVERT
*Newly Created Service* - MSISERVER
*Newly Created Service* - ODSERV

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-09 04:54:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-06-09 4:55:32
C:\ComboFix-quarantined-files.txt ... 2007-06-09 04:55
C:\ComboFix2.txt ... 2007-06-09 03:43

--- E O F ---

*****


KASPERSKY ONLINE SCANNER REPORT
Saturday, June 09, 2007 8:42:19 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 9/06/2007
Kaspersky Anti-Virus database records: 341572
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 84129
Number of viruses found 1
Number of infected objects 5
Number of suspicious objects 0
Duration of the scan process 01:53:04

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks\qbsdklog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\638EEC1E.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\A159F067.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Jason\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Desktop\TechSupport\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jason\Desktop\TechSupport\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jason\Desktop\TechSupport\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jason\Desktop\TechSupport\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\History\History.IE5\MSHist012007060920070610\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temp\~DFAEC4.tmp Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temp\~DFD33.tmp Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temp\~DFD765.tmp Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jason\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jason\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\dbdam Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\dbdao Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\dbeam Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\dbeao Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\dbm Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\fii.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\hp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\1ee783377ac0\rpmh.ht1 Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped
C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped
C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped
C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\QB GDS P.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET1E3D.tmp Object is locked skipped
C:\WINDOWS\Temp\JET1EAA.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\change.log Object is locked skipped
Scan process completed.



***HJT



Logfile of HijackThis v1.99.1
Scan saved at 8:42:57 AM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Brother\Brmfl05a\FAXRX.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: MFC-640CW USB.lnk = C:\Program Files\Brother\Brmfl05a\FAXRX.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
layla0910 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-09-2007, 04:01 PM   #11 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,445
OS: N/A


Re: Need help with Vundo!!
Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
    Go to Start → Run → type control sysdm.cpl,,4 & press Enter
    • Tick on the checkbox - Turn off System Restore on all drives
    • Click Apply
    Turn it back 'On' by unticking the same checkbox & click OK


  2. DISABLE THE VIEWING OF SYSTEM FILES
    From Windows Explorer, go to Tools>Folder Options> View tab.
    • Untick - Show hidden files and folder
    • Tick - Hide file extensions for known types
    • Tick - Hide protected operating system files
    Click Yes to confirm & then click OK


  3. SECURING INTERNET EXPLORER
    From within Internet Explorer click on the Tools menu and then click on Internet Options.
    • Select the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Select Custom Level .
        • Change 'Download signed ActiveX controls' to Prompt
        • Change 'Download unsigned ActiveX controls' to Disable
        • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
        • Change 'Installation of desktop items' to Prompt
        • Change 'Launching programs and files in an IFRAME' to Prompt
        • Change 'Navigate sub-frames across different domains' to Prompt
        • When all these changes have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Select OK to exit the Internet Properties page.


  4. ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources → http://www.bleepingcomputer.com/forums/topict405.html

    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  5. FIREWALL
    Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here → http://www.bleepingcomputer.com/forums/tutorial60.html


  6. Microsoft Windows Updatehttp://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  7. SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial43.html

  8. AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial48.html


  9. SPYWAREBLASTER
    SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

    Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html


  10. IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://toolbar.google.com/ - Google Toolbar - Get the free google toolbar to help stop pop up windows.

  • http://cleanup.stevengould.org/ - CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

  • http://www.winpatrol.com/ -Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here: http://www.winpatrol.com/features.html

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-11-2007, 12:42 AM   #12 (permalink)
Registered User
 
Join Date: Jul 2005
Posts: 33
OS: XP


Re: Need help with Vundo!!
Thank you so much for all your help!! Sorry for the delay in my response, but my husband is sooooo sick right now. (he seems to have the Vundo now, wish you could help me get him virus free!!) I did another Panda scan, just to be safe and all seems to be well. Consider me resolved and thanks again!!
layla0910 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:32 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85