Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page infected- Win32:Adware-gen
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 08-04-2008, 04:33 PM   #1 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: xpsp2


infected- Win32:Adware-gen
please help, while attempting to log on error message userinit.exe failed to initialize, pops up. avast detects win32:adware-gen. dss and activescan are attached because after pasting dss it would not let me post due to too many img? anyway i would appreciate it if you could look at it for me thank you.

Deckard's System Scanner v20071014.68
Run by Kevin on 2008-08-04 16:49:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
35: 2008-08-04 21:49:32 UTC - RP628 - Deckard's System Scanner Restore Point
34: 2008-08-03 20:45:11 UTC - RP627 - System Checkpoint
33: 2008-08-01 21:37:05 UTC - RP626 - Installed VeohTV BETA
32: 2008-07-22 20:16:41 UTC - RP625 - System Checkpoint
31: 2008-07-13 15:09:01 UTC - RP624 - System Checkpoint


-- First Restore Point --
1: 2008-05-12 14:48:02 UTC - RP594 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kevin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:56 PM, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CoolMon\CoolMon.exe
C:\Documents and Settings\Kevin\Desktop\dss.exe
C:\DOCUME~1\Kevin\Desktop\Kevin\hjt\Kevin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\KEVIN\Application Data\Mozilla\Profiles\default\y9d1k2hu.slt\prefs.js)
O2 - BHO: (no name) - {1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F} - (no file)
O2 - BHO: (no name) - {30ED533D-7E10-48D6-8314-E07DFE852B87} - C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\393ORJKQ\3077ahntdksr[1].dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: (no name) - {780DEB95-C4BC-4969-B4E7-79597C6C476f} - C:\WINDOWS\system32\qhlimldk.dll
O2 - BHO: (no name) - {898A8FB6-FB50-48D3-928C-2D36A93920AE} - (no file)
O2 - BHO: (no name) - {A14683DA-36F5-4EAA-A770-ED6DAE5514C3} - C:\WINDOWS\system32\hgGXNdDt.dll
O2 - BHO: {9275743a-c176-426a-8cf4-780f4643bd4a} - {a4db3464-f087-4fc8-a624-671ca3475729} - C:\WINDOWS\system32\riollo.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - C:\WINDOWS\system32\tuvWPgfG.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BMe78a7185] Rundll32.exe "C:\WINDOWS\system32\pkayvcal.dll",s
O4 - HKLM\..\Run: [e4b94219] rundll32.exe "C:\WINDOWS\system32\vmpvsljc.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Veoh] "C:\Documents and Settings\Kevin\My Documents\New Folder\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Documents and Settings\Kevin\My Documents\New Folder\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Documents and Settings\Kevin\My Documents\New Folder\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRA~1\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {F894F149-AE5E-4CD4-8A90-062EF4901C9B} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://eyetide.com/download//223/Eye...0Installer.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {E596DF5F-4239-4D40-8367-EBADF0165917} - http://privacyprotector.com/.freewar...yprotector.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: riollo.dll
O20 - Winlogon Notify: cbXpQiIB - cbXpQiIB.dll (file missing)
O20 - Winlogon Notify: tuvWPgfG - C:\WINDOWS\SYSTEM32\tuvWPgfG.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - c:\winself.exe (file missing)
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14154 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Kevin\Desktop\Kevin\hjt\backups\) -----

backup-20080523-153639-240 O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{59b44969-e831-1932-41d2-4426d9202f8a}.dll" DllInit
backup-20080523-153640-174 O4 - HKLM\..\Run: [BMe78a7185] Rundll32.exe "C:\WINDOWS\system32\srhkvvie.dll",s
backup-20080523-153640-704 O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
backup-20080523-154245-678 O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - (no file)
backup-20080523-154245-898 O2 - BHO: (no name) - {C613CE22-151C-4331-94FF-F113A153F66D} - error (file missing)
backup-20080523-161920-530 O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - unable to read value
.cmd - unable to read key
.cmd - unable to read key
.cmd - unable to read key
.inf - inffile - shell\open\command - unable to read value
.ini - inifile - shell\open\command - notepad.exe %1
.reg - regfile - shell\edit\command - unable to read value
.txt - txtfile - shell\open\command - notepad.exe %1
.vbs - VBSFile - shell\edit\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 MusCDriverV32 - c:\windows\system32\drivers\muscdriverv32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver>

S1 EACMOS - c:\windows\system32\drivers\eacmos.sys (file missing)
S1 EAWDMFD - c:\windows\system32\drivers\eawdmfd.sys (file missing)
S3 SNDP202 (Bushnell ImageView) - c:\windows\system32\drivers\sndp202.sys <Not Verified; ; DualMode Camera Driver>
S3 TICalc - c:\windows\system32\drivers\ticalc.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 MsSecurity1.209.4 (MsSecurity Updated) - c:\winself.exe service (file missing)
S2 ntlogin32 (NT login service) - c:\windows\system32\libsysmgr.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&268D196D&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&268D196D&0
Service: i8042prt

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&268D196D&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&268D196D&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-08-04 16:00:00 392 --ah----- C:\WINDOWS\Tasks\{C185ABC2-822F-4D34-9CF9-6FDDC99D90CE}_DESKTOP_Kevin.job
2001-10-17 06:20:35 258 --a------ C:\WINDOWS\Tasks\Registration reminder 3.job
2001-10-17 06:20:35 258 --a------ C:\WINDOWS\Tasks\Registration reminder 2.job
2001-10-17 06:20:34 258 --a------ C:\WINDOWS\Tasks\Registration reminder 1.job


-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 16:47:21 0 d-------- C:\Program Files\SpywareBlaster
2008-08-03 19:43:30 0 d-------- C:\WINDOWS\LastGood
2008-08-03 19:04:29 0 d-------- C:\Program Files\Panda Security
2008-08-03 18:02:35 100864 --a------ C:\WINDOWS\system32\uwidsebv.dll
2008-08-03 18:02:35 100864 --a------ C:\WINDOWS\system32\bkmdlf.dll
2008-08-02 12:48:03 80896 --a------ C:\WINDOWS\system32\vmpvsljc.dll
2008-08-02 12:45:04 100864 --a------ C:\WINDOWS\system32\riollo.dll
2008-08-02 12:45:03 100864 --a------ C:\WINDOWS\system32\ekpscqes.dll
2008-08-02 12:36:49 90624 --a------ C:\WINDOWS\system32\pkayvcal.dll
2008-07-29 13:15:01 95744 --a------ C:\WINDOWS\system32\xjhfnu.dll
2008-07-29 13:14:59 95744 --a------ C:\WINDOWS\system32\tmqkrmvq.dll
2008-07-29 13:12:59 90624 --a------ C:\WINDOWS\system32\ypmhmnqw.dll
2008-07-26 19:27:00 89600 --a------ C:\WINDOWS\system32\njesaded.dll
2008-07-19 20:36:44 91136 --a------ C:\WINDOWS\system32\cmhovhxr.dll
2008-07-15 20:48:19 103936 --a------ C:\WINDOWS\system32\xdoxds.dll
2008-07-15 20:48:16 103936 --a------ C:\WINDOWS\system32\amnqgdct.dll
2008-07-15 20:41:04 92160 --a------ C:\WINDOWS\system32\ompuisig.dll
2008-07-13 10:38:30 49664 --a------ C:\WINDOWS\system32\qhlimldk.dll
2008-07-13 10:36:35 103424 --a------ C:\WINDOWS\system32\vzorqz.dll
2008-07-13 10:36:33 103424 --a------ C:\WINDOWS\system32\yhapmwbi.dll
2008-07-13 10:36:23 91648 --a------ C:\WINDOWS\system32\qbpdtmwc.dll
2008-07-11 14:21:20 49664 --a------ C:\WINDOWS\system32\nrxephoa.dll
2008-07-11 14:21:11 90624 --a------ C:\WINDOWS\system32\frcehsap.dll
2008-07-09 22:21:59 49664 --a------ C:\WINDOWS\system32\xwrqdpmh.dll
2008-07-09 22:17:00 102912 --a------ C:\WINDOWS\system32\qjycyd.dll
2008-07-09 22:16:56 102912 --a------ C:\WINDOWS\system32\ukjyhfcy.dll
2008-07-09 22:16:47 91136 --a------ C:\WINDOWS\system32\quyhvrfj.dll
2008-07-08 14:56:37 49664 --a------ C:\WINDOWS\system32\jxwhqbkh.dll
2008-07-08 14:54:37 91136 --a------ C:\WINDOWS\system32\ckbdrgux.dll


-- Find3M Report ---------------------------------------------------------------

2008-08-04 16:53:17 877066 --ahs---- C:\WINDOWS\system32\tDdNXGgh.ini2
2008-07-14 15:46:03 0 d-------- C:\Documents and Settings\Kevin\Application Data\Move Networks
2008-06-28 17:15:40 103424 --a------ C:\WINDOWS\system32\dycmquwc.dll
2008-06-28 17:15:40 103424 --a------ C:\WINDOWS\system32\csatxj.dll
2008-06-28 17:10:08 0 d-------- C:\Program Files\AIM6
2008-06-28 17:07:24 0 d-------- C:\Program Files\Common Files\AOL
2008-06-28 17:06:48 0 d-------- C:\Documents and Settings\Kevin\Application Data\Viewpoint
2008-06-28 16:55:52 90624 --a------ C:\WINDOWS\system32\pjnvtsbe.dll
2008-06-27 17:22:45 0 d-------- C:\Documents and Settings\Kevin\Application Data\uTorrent
2008-06-27 17:14:20 0 d-------- C:\Program Files\MSBuild
2008-06-27 17:04:40 0 d-------- C:\Program Files\Reference Assemblies
2008-06-27 16:47:49 49664 --a------ C:\WINDOWS\system32\piqeebtq.dll
2008-06-27 16:45:37 102912 --a------ C:\WINDOWS\system32\cvnbak.dll
2008-06-27 16:45:37 102912 --a------ C:\WINDOWS\system32\adbmfgol.dll
2008-06-27 16:45:24 90112 --a------ C:\WINDOWS\system32\ilmkoise.dll
2008-06-27 16:44:40 319488 --a------ C:\WINDOWS\system32\hgGXNdDt.dll
2008-06-27 16:40:34 0 d-------- C:\Documents and Settings\Kevin\Application Data\Sony Setup
2008-06-27 16:39:48 0 d-------- C:\Program Files\Sony Setup
2008-06-27 16:39:23 24576 --a------ C:\WINDOWS\system32\tuvWPgfG.dll
2008-06-27 16:39:23 24576 --a------ C:\WINDOWS\system32\mlJBSLfD.dll
2008-06-27 13:13:39 0 d-------- C:\Program Files\uTorrent
2008-06-27 13:12:03 0 d-------- C:\Program Files\Sony
2008-06-26 09:04:30 0 d-------- C:\Documents and Settings\Kevin\Application Data\Audacity
2008-06-25 21:31:03 0 d-------- C:\Program Files\LimeWire
2008-06-21 10:38:02 0 d-------- C:\Documents and Settings\Kevin\Application Data\Apple Computer
2008-06-10 10:06:34 106 --a------ C:\WINDOWS\wuasirvy.dll
2008-06-10 09:26:32 8 --a------ C:\WINDOWS\sdfinacs.dll
2008-06-10 09:06:31 36 --a------ C:\WINDOWS\rasqervy.dll
2008-06-10 09:06:24 5 --a------ C:\WINDOWS\sdfixwcs.dll
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\taack.exe
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\taack.dat
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\a.bat
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\temp#01.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\ssurf022.dll
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\psoft1.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\psof1.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\ps1.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\netode.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\mtr2.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\msnbho.dll
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\msgp.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\medup020.dll
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\medup012.dll
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\h@tkeysh@@k.dll
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\bsva-egihsg52.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\thun32.dll
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\thun.dll
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\ssvchost.exe
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\ssvchost.com
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\Rundl1.exe
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\regm64.dll
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\regc64.dll
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\newsd32.exe
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\msvchost.exe
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\emesx.dll
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\akttzn.exe
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\winsystem.exe
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\winsystem.exe
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\sysreq.exe
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\mssecu.exe
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\bdn.com
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\awtoolb.dll
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\anticipator.dll
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\mssecu.exe
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\bdn.com
2008-05-09 09:06:06 4096 --a------ C:\WINDOWS\system32\vbsys2.dll


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-08-04 16:54:55 ------------
Attached Files
File Type: txt main.txt (26.3 KB, 2 views)
File Type: txt extra.txt (10.2 KB, 2 views)
File Type: txt ActiveScan.txt (38.5 KB, 1 views)
Last edited by Ried; 08-11-2008 at 06:46 PM.
khealy729 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-07-2008, 07:14 PM   #2 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: xpsp2


Re: infected- Win32:Adware-gen
i am bumping because it has been more than 72 hours
khealy729 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-10-2008, 02:29 PM   #3 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: xpsp2


Re: infected- Win32:Adware-gen
bump...
khealy729 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-10-2008, 04:53 PM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: infected- Win32:Adware-gen
Hello khealy729 and welcome,

This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2008, 01:57 PM   #5 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: xpsp2


Re: infected- Win32:Adware-gen
there was a problem while running combofix. a little while into the scan the computer restarted itself I dont believe that is part of combofix as i never got a finished message or a log. I tried running it twice with the same result.
khealy729 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2008, 02:02 PM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: infected- Win32:Adware-gen
Delete your existing ComboFix.exe and download a fresh copy.

Boot into Safe Mode and try running it from there.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2008, 03:29 PM   #7 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: xpsp2


Re: infected- Win32:Adware-gen
ok ran in safe mode got to the point where it said creating log file then same thing restart and no log. i ran dss log is below.

Deckard's System Scanner v20071014.68
Run by Kevin on 2008-08-11 16:25:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kevin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:18 PM, on 08/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CoolMon\CoolMon.exe
C:\Documents and Settings\Kevin\Desktop\dss.exe
C:\DOCUME~1\Kevin\Desktop\Kevin\hjt\Kevin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\KEVIN\Application Data\Mozilla\Profiles\default\y9d1k2hu.slt\prefs.js)
O2 - BHO: (no name) - {30ED533D-7E10-48D6-8314-E07DFE852B87} - C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\393ORJKQ\3077ahntdksr[1].dll (file missing)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [e4b94219] rundll32.exe "C:\WINDOWS\system32\hfidebog.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Veoh] "C:\Documents and Settings\Kevin\My Documents\New Folder\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Documents and Settings\Kevin\My Documents\New Folder\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Documents and Settings\Kevin\My Documents\New Folder\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRA~1\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {F894F149-AE5E-4CD4-8A90-062EF4901C9B} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://eyetide.com/download//223/Eye...0Installer.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {E596DF5F-4239-4D40-8367-EBADF0165917} - http://privacyprotector.com/.freewar...yprotector.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: cbXpQiIB - cbXpQiIB.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12725 bytes

-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-11 16:21:19 6736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-08-11 14:20:40 0 d-------- C:\cmdcons
2008-08-11 13:41:03 68096 --a------ C:\WINDOWS\zip.exe
2008-08-11 13:41:03 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-11 13:41:03 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-11 13:41:03 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-11 13:41:03 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-11 13:41:03 98816 --a------ C:\WINDOWS\sed.exe
2008-08-11 13:41:03 80412 --a------ C:\WINDOWS\grep.exe
2008-08-11 13:41:03 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-04 16:47:21 0 d-------- C:\Program Files\SpywareBlaster
2008-08-03 19:04:29 0 d-------- C:\Program Files\Panda Security


-- Find3M Report ---------------------------------------------------------------

2008-08-11 15:27:25 0 d-------- C:\Program Files\Common Files
2008-07-14 15:46:03 0 d-------- C:\Documents and Settings\Kevin\Application Data\Move Networks
2008-06-28 17:10:08 0 d-------- C:\Program Files\AIM6
2008-06-28 17:07:24 0 d-------- C:\Program Files\Common Files\AOL
2008-06-28 1748 0 d-------- C:\Documents and Settings\Kevin\Application Data\Viewpoint
2008-06-27 17:22:45 0 d-------- C:\Documents and Settings\Kevin\Application Data\uTorrent
2008-06-27 17:14:20 0 d-------- C:\Program Files\MSBuild
2008-06-27 17:04:40 0 d-------- C:\Program Files\Reference Assemblies
2008-06-27 16:40:34 0 d-------- C:\Documents and Settings\Kevin\Application Data\Sony Setup
2008-06-27 16:39:48 0 d-------- C:\Program Files\Sony Setup
2008-06-27 13:13:39 0 d-------- C:\Program Files\uTorrent
2008-06-27 13:12:03 0 d-------- C:\Program Files\Sony
2008-06-26 09:04:30 0 d-------- C:\Documents and Settings\Kevin\Application Data\Audacity
2008-06-25 21:31:03 0 d-------- C:\Program Files\LimeWire
2008-06-21 10:38:02 0 d-------- C:\Documents and Settings\Kevin\Application Data\Apple Computer


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30ED533D-7E10-48D6-8314-E07DFE852B87}]
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\393ORJKQ\3077ahntdksr[1].dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [08/15/2001 01:50 PM]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [09/26/2001 11:30 AM]
"Smapp"="Smtray.exe" [05/31/2001 10:32 PM C:\WINDOWS\system32\SMTray.exe]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [07/24/2001 04:34 PM]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [10/17/2001 12:50 PM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [12/09/2003 02:02 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [12/10/2003 04:52 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/09/2005 05:13 PM]
"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [01/08/2003 02:36 PM]
"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [09/04/2002 10:36 AM]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [09/18/2002 07:52 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/09/2005 05:13 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/26/2006 02:27 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 01:37 PM]
"WorksFUD"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"e4b94219"="C:\WINDOWS\system32\hfidebog.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Yahoo! Pager"="1" []
"Veoh"="C:\Documents and Settings\Kevin\My Documents\New Folder\VeohClient.exe" []
"MoneyStartUp"="c:\Program Files\Microsoft Money\System\Money Startup.exe" [07/19/2000 12:00 PM]
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Documents and Settings\Kevin\My Documents\New Folder\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\
CoolMon.lnk - C:\Program Files\CoolMon\CoolMon.exe [10/13/2002 10:51:43 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXpQiIB]
cbXpQiIB.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"StartSurfing"=C:\PROGRA~1\STARTS~1\STARTS~1.EXE
"AltnetPointsManager"=c:\program files\altnet\points manager\points manager.exe -s
"avserve2.exe"=C:\WINDOWS\avserve2.exe
"avserve.exe"=C:\WINDOWS\avserve.exe
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"nwiz"=nwiz.exe /install
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\SETUP.EXE
install\command- F:\INSTALL\_SETUP.exe




-- End of Deckard's System Scanner: finished at 2008-08-11 16:26:05 ------------
khealy729 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2008, 05:03 PM   #8 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: xpsp2


Re: infected- Win32:Adware-gen
ran combo fix once more in safe mode. it went all the way through finally got a log it follows below. my desktop appears to have returned to normal.

ComboFix 08-08-10.05 - Kevin 2008-08-11 17:12:30.4 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.

2100-02-16 16:09 . 2001-02-16 15:37 62 --a------ C:\WINDOWS\system32\LXBOUSCI.INI
2008-08-11 13:51 . 2008-08-11 15:01 474 --ahs---- C:\WINDOWS\system32\balapnxn.ini
2008-08-04 16:48 . 2008-08-04 16:48 <DIR> d-------- C:\Deckard
2008-08-04 16:47 . 2008-08-04 16:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-03 19:44 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-03 19:04 . 2008-08-03 19:04 <DIR> d-------- C:\Program Files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 20:46 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Move Networks
2008-06-28 22:10 --------- d-----w C:\Program Files\AIM6
2008-06-28 22:07 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-28 22:06 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Viewpoint
2008-06-28 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-28 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-28 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-06-27 22:22 --------- d-----w C:\Documents and Settings\Kevin\Application Data\uTorrent
2008-06-27 22:14 --------- d-----w C:\Program Files\MSBuild
2008-06-27 22:04 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-27 21:40 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Sony Setup
2008-06-27 21:39 --------- d-----w C:\Program Files\Sony Setup
2008-06-27 18:13 --------- d-----w C:\Program Files\uTorrent
2008-06-27 18:12 --------- d-----w C:\Program Files\Sony
2008-06-27 01:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 14:04 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Audacity
2008-06-26 02:31 --------- d-----w C:\Program Files\LimeWire
2008-06-21 15:38 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Apple Computer
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-24 19:52 399,084 ----a-w C:\Documents and Settings\Kevin\g74.exe
2006-10-31 01:52 3,932 ----a-w C:\Documents and Settings\Kevin\Application Data\CMLayout.dat
2006-10-31 01:52 268 ----a-w C:\Documents and Settings\Kevin\Application Data\CMCPaper.dat
2005-04-06 15:18 16,384 ----a-w C:\Documents and Settings\Kevin\rappmx.dll
2003-07-18 16:12 4 ----a-w C:\Documents and Settings\Kevin\hl.dat
2001-05-21 10:54 3,932 ----a-w C:\Documents and Settings\Elizabeth\Application Data\CMLayout.dat
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30ED533D-7E10-48D6-8314-E07DFE852B87}]
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\393ORJKQ\3077ahntdksr[1].dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Veoh"="C:\Documents and Settings\Kevin\My Documents\New Folder\VeohClient.exe" [BU]
"MoneyStartUp"="c:\Program Files\Microsoft Money\System\Money Startup.exe" [2000-07-19 12:00 24625]
"Aim6"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-08-15 13:50 28672]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2001-09-26 11:30 131072]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 16:34 36864]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-10-17 12:50 655360]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 14:02 57344]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52 380928]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 17:13 86016]
"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 14:36 40960]
"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 10:36 53248]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 19:52 36864]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 17:13 7204864]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-26 02:27 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 13:37 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"e4b94219"="C:\WINDOWS\system32\hfidebog.dll" [BU]
"Smapp"="Smtray.exe" [2001-05-31 22:32 224256 C:\WINDOWS\system32\SMTray.exe]
"WorksFUD"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Documents and Settings\Kevin\My Documents\New Folder\Picasa2\PicasaMediaDetector.exe" [BU]

C:\Documents and Settings\Elizabeth\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\
CoolMon.lnk - C:\Program Files\CoolMon\CoolMon.exe [2002-10-13 22:51:43 1516032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXpQiIB]
cbXpQiIB.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=riollo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"StartSurfing"=C:\PROGRA~1\STARTS~1\STARTS~1.EXE
"AltnetPointsManager"=c:\program files\altnet\points manager\points manager.exe -s
"avserve2.exe"=C:\WINDOWS\avserve2.exe
"avserve.exe"=C:\WINDOWS\avserve.exe
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"nwiz"=nwiz.exe /install
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AnalogX\\Proxy\\proxy.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35617:TCP"= 35617:TCP:Gnutella
"35617:UDP"= 35617:UDP:Gnutella

S0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 13:31]
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS []
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 13:35]
S2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe [2005-05-04 01:04]
S2 ntlogin32;NT login service;C:\WINDOWS\System32\libsysmgr.exe []
S2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 17:36]
S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
S3 Gcr432;Gcr432;C:\WINDOWS\system32\Drivers\gcr432.sys [2001-09-06 16:05]
S3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-07-19 14:58]
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 08:28]
S3 SNDP202;Bushnell ImageView;C:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-01-08 09:43]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [2005-05-03 22:42]
S3 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys [2001-01-29 16:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE
\Shell\install\command - F:\INSTALL\_SETUP.exe

*Newly Created Service* - DCFS2K
.
Contents of the 'Scheduled Tasks' folder

2001-10-17 C:\WINDOWS\Tasks\Registration reminder 1.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2001-10-17 C:\WINDOWS\Tasks\Registration reminder 2.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2001-10-17 C:\WINDOWS\Tasks\Registration reminder 3.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2008-08-04 C:\WINDOWS\Tasks\{C185ABC2-822F-4D34-9CF9-6FDDC99D90CE}_DESKTOP_Kevin.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-04 02:56]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\4k3nozsh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 17:18:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\Kevin\LOCALS~1\Temp\RGI1.tmp 7075 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-08-11 17:28:01
ComboFix-quarantined-files.txt 2008-08-11 22:27:14
ComboFix2.txt 2008-08-11 21:21:12

Pre-Run: 27,642,982,400 bytes free
Post-Run: 27,618,770,944 bytes free

187 --- E O F --- 2008-06-20 15:37:40
khealy729 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2008, 06:45 PM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: infected- Win32:Adware-gen
Please check for the presence of this file - C:\bug.txt

If present, kindly post the contents of that .txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2008, 07:01 PM   #10 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: xpsp2


Re: infected- Win32:Adware-gen
I couldnt find any file with that name
khealy729 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2008, 07:04 PM   #11 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: infected- Win32:Adware-gen
Is there a C:\ComboFix.txt

Or a C:\Qoobox

The reason I'm asking is because based on your most recent main.txt, it appears that ComboFix took care of most of the infections.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2008, 07:19 PM   #12 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: infected- Win32:Adware-gen
I'm sorry, khealy, I somehow overlooked your Post #8. Last I knew, you couldn't get ComboFix to complete and had posted a new main.txt


Please post the contents of the C:\Qoobox\ComboFix2.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2008, 07:57 PM   #13 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: xpsp2


Re: infected- Win32:Adware-gen
here are the contents of combofix2.txt

ComboFix 08-08-10.05 - Kevin 2008-08-11 15:21:07.3 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.317 [GMT -5:00]
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\AntiSpywareMaster.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk
C:\Documents and Settings\Donna\Start Menu\Programs\Startup\think-adz.lnk
C:\Documents and Settings\Elizabeth\Desktop\AntiSpywareMaster.lnk
C:\Documents and Settings\Kevin\Application Data\macromedia\Flash Player\#SharedObjects\H2678TRR\interclick.com
C:\Documents and Settings\Kevin\Application Data\macromedia\Flash Player\#SharedObjects\H2678TRR\interclick.com\ud.sol
C:\Documents and Settings\Kevin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Kevin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Kevin\gside.exe
C:\Documents and Settings\Kimberly\Desktop\AntiSpywareMaster.lnk
C:\U.exe
C:\WINDOWS\BMe78a7185.txt
C:\WINDOWS\BMe78a7185.xml
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\pskt.ini
C:\WINDOWS\rasqervy.dll
C:\WINDOWS\sdfinacs.dll
C:\WINDOWS\sdfixwcs.dll
C:\WINDOWS\system32\9639173091.CPX
C:\WINDOWS\system32\96391730912.CPX
C:\WINDOWS\system32\96391730921.CPX
C:\WINDOWS\system32\96391730931.CPX
C:\WINDOWS\system32\96391730951.CPX
C:\WINDOWS\system32\adbmfgol.dll
C:\WINDOWS\system32\amnqgdct.dll
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\bkmdlf.dll
C:\WINDOWS\system32\bvjfqxqr.ini
C:\WINDOWS\system32\cjlsvpmv.ini
C:\WINDOWS\system32\ckbdrgux.dll
C:\WINDOWS\system32\cmhovhxr.dll
C:\WINDOWS\system32\csatxj.dll
C:\WINDOWS\system32\cvnbak.dll
C:\WINDOWS\system32\dbwjnmhg.dll
C:\WINDOWS\system32\dycmquwc.dll
C:\WINDOWS\system32\ekpscqes.dll
C:\WINDOWS\system32\frcehsap.dll
C:\WINDOWS\system32\gobedifh.ini
C:\WINDOWS\system32\hdjyerel.ini
C:\WINDOWS\system32\hfidebog.dll
C:\WINDOWS\system32\hgGXNdDt.dll
C:\WINDOWS\system32\ilmkoise.dll
C:\WINDOWS\system32\iuhoneal.dll
C:\WINDOWS\system32\iwmprd.dll
C:\WINDOWS\system32\ixsdprdd.ini
C:\WINDOWS\system32\jxwhqbkh.dll
C:\WINDOWS\system32\kvqwsmqo.ini
C:\WINDOWS\system32\lylqcdvp.dll
C:\WINDOWS\system32\mfvaxqee.dll
C:\WINDOWS\system32\mgtsctnk.ini
C:\WINDOWS\system32\minijpqv.dll
C:\WINDOWS\system32\mlJBSLfD.dll
C:\WINDOWS\system32\mpcbrikr.dll
C:\WINDOWS\system32\n3
C:\WINDOWS\system32\njesaded.dll
C:\WINDOWS\system32\nrxephoa.dll
C:\WINDOWS\system32\ompuisig.dll
C:\WINDOWS\system32\peigpolg.ini
C:\WINDOWS\system32\piqeebtq.dll
C:\WINDOWS\system32\pjnvtsbe.dll
C:\WINDOWS\system32\pkayvcal.dll
C:\WINDOWS\system32\pornebfl.ini
C:\WINDOWS\system32\qbpdtmwc.dll
C:\WINDOWS\system32\qhlimldk.dll
C:\WINDOWS\system32\qjycyd.dll
C:\WINDOWS\system32\quyhvrfj.dll
C:\WINDOWS\system32\rabbrteh.dll
C:\WINDOWS\system32\riollo.dll
C:\WINDOWS\system32\rkirbcpm.ini
C:\WINDOWS\system32\RqWFffii.ini
C:\WINDOWS\system32\RqWFffii.ini2
C:\WINDOWS\system32\tDdNXGgh.ini
C:\WINDOWS\system32\tDdNXGgh.ini2
C:\WINDOWS\system32\tkkktvbi.ini
C:\WINDOWS\system32\tmqkrmvq.dll
C:\WINDOWS\system32\tuvWPgfG.dll
C:\WINDOWS\system32\ukjyhfcy.dll
C:\WINDOWS\system32\utxvligy.dll
C:\WINDOWS\system32\uwidsebv.dll
C:\WINDOWS\system32\vedvmhjw.dll
C:\WINDOWS\system32\vmpvsljc.dll
C:\WINDOWS\system32\vzorqz.dll
C:\WINDOWS\system32\waywjwtu.ini
C:\WINDOWS\system32\whpnslgr.dll
C:\WINDOWS\system32\wopndj.dll
C:\WINDOWS\system32\xdoxds.dll
C:\WINDOWS\system32\xgajrg.dll
C:\WINDOWS\system32\xjhfnu.dll
C:\WINDOWS\system32\xwrqdpmh.dll
C:\WINDOWS\system32\yhapmwbi.dll
C:\WINDOWS\system32\ypmhmnqw.dll
C:\WINDOWS\teller2.chk
C:\WINDOWS\wuasirvy.dll
.
---- Previous Run -------
.
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\AntiSpywareMaster
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\simtest\svchostsys.bat
C:\Program Files\Common Files\simtest\temp.txt
C:\Program Files\Common Files\svchostsys
C:\Program Files\Common Files\svchostsys\ICSharpCode.SharpZipLib.dll
C:\Program Files\Common Files\svchostsys\svchostsys.exe.config
C:\Program Files\Common Files\svchostsys\svchostupdate.exe.config
C:\Program Files\Common Files\svchostsys\Version.txt
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\MyWay
C:\Program Files\MyWay\myBar\Cache(2)\0004E413.bmp
C:\Program Files\MyWay\myBar\Cache(2)\0004EA8B.bmp
C:\Program Files\MyWay\myBar\Cache(2)\0004EE25.bmp
C:\Program Files\MyWay\myBar\Cache(2)\00126624
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\RcvSystem
C:\Program Files\Svconr
C:\Program Files\Temporary
C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\license.txt
C:\Program Files\webhancer\Programs\readme.txt
C:\Program Files\webhancer\Programs\sporder.dll
C:\Program Files\webhancer\Programs\whagent.ini
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\123messenger.per
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\a.bat
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msacm32.drv
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssecu.exe
C:\WINDOWS\mssvr.exe
C:\WINDOWS\muotr.so
C:\WINDOWS\ntnut.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bang-006.ico
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\nt68rrtc12.sys
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\voiceip.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsb.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\wintst32.tmp
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

----- BITS: Possible infected sites -----

http://80.93.48.74
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4


((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.

2100-02-16 16:09 . 2001-02-16 15:37 62 --a------ C:\WINDOWS\system32\LXBOUSCI.INI
2008-08-11 13:51 . 2008-08-11 15:01 474 --ahs---- C:\WINDOWS\system32\balapnxn.ini
2008-08-04 16:48 . 2008-08-04 16:48 <DIR> d-------- C:\Deckard
2008-08-04 16:47 . 2008-08-04 16:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-03 19:44 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-03 19:04 . 2008-08-03 19:04 <DIR> d-------- C:\Program Files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 20:46 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Move Networks
2008-06-28 22:10 --------- d-----w C:\Program Files\AIM6
2008-06-28 22:07 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-28 22:06 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Viewpoint
2008-06-28 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-28 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-28 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-06-27 22:22 --------- d-----w C:\Documents and Settings\Kevin\Application Data\uTorrent
2008-06-27 22:14 --------- d-----w C:\Program Files\MSBuild
2008-06-27 22:04 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-27 21:40 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Sony Setup
2008-06-27 21:39 --------- d-----w C:\Program Files\Sony Setup
2008-06-27 18:13 --------- d-----w C:\Program Files\uTorrent
2008-06-27 18:12 --------- d-----w C:\Program Files\Sony
2008-06-27 01:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 14:04 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Audacity
2008-06-26 02:31 --------- d-----w C:\Program Files\LimeWire
2008-06-21 15:38 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Apple Computer
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-24 19:52 399,084 ----a-w C:\Documents and Settings\Kevin\g74.exe
2006-10-31 01:52 3,932 ----a-w C:\Documents and Settings\Kevin\Application Data\CMLayout.dat
2006-10-31 01:52 268 ----a-w C:\Documents and Settings\Kevin\Application Data\CMCPaper.dat
2005-04-06 15:18 16,384 ----a-w C:\Documents and Settings\Kevin\rappmx.dll
2003-07-18 16:12 4 ----a-w C:\Documents and Settings\Kevin\hl.dat
2001-05-21 10:54 3,932 ----a-w C:\Documents and Settings\Elizabeth\Application Data\CMLayout.dat
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"MoneyStartUp"="c:\Program Files\Microsoft Money\System\Money Startup.exe" [2000-07-19 12:00 24625]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-08-15 13:50 28672]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2001-09-26 11:30 131072]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 16:34 36864]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-10-17 12:50 655360]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 14:02 57344]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52 380928]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 17:13 86016]
"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 14:36 40960]
"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 10:36 53248]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 19:52 36864]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 17:13 7204864]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-26 02:27 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 13:37 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Smapp"="Smtray.exe" [2001-05-31 22:32 224256 C:\WINDOWS\system32\SMTray.exe]

C:\Documents and Settings\Elizabeth\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\
CoolMon.lnk - C:\Program Files\CoolMon\CoolMon.exe [2002-10-13 22:51:43 1516032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=riollo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"StartSurfing"=C:\PROGRA~1\STARTS~1\STARTS~1.EXE
"AltnetPointsManager"=c:\program files\altnet\points manager\points manager.exe -s
"avserve2.exe"=C:\WINDOWS\avserve2.exe
"avserve.exe"=C:\WINDOWS\avserve.exe
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"nwiz"=nwiz.exe /install
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AnalogX\\Proxy\\proxy.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35617:TCP"= 35617:TCP:Gnutella
"35617:UDP"= 35617:UDP:Gnutella

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 13:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 13:35]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe [2005-05-04 01:04]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 17:36]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
R3 Gcr432;Gcr432;C:\WINDOWS\system32\Drivers\gcr432.sys [2001-09-06 16:05]
R3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-07-19 14:58]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 08:28]
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS []
S2 ntlogin32;NT login service;C:\WINDOWS\System32\libsysmgr.exe []
S3 SNDP202;Bushnell ImageView;C:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-01-08 09:43]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [2005-05-03 22:42]
S3 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys [2001-01-29 16:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE
\Shell\install\command - F:\INSTALL\_SETUP.exe
.
Contents of the 'Scheduled Tasks' folder

2001-10-17 C:\WINDOWS\Tasks\Registration reminder 1.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2001-10-17 C:\WINDOWS\Tasks\Registration reminder 2.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2001-10-17 C:\WINDOWS\Tasks\Registration reminder 3.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2008-08-04 C:\WINDOWS\Tasks\{C185ABC2-822F-4D34-9CF9-6FDDC99D90CE}_DESKTOP_Kevin.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-04 02:56]
.
- - - - ORPHANS REMOVED - - - -

BHO-{30ED533D-7E10-48D6-8314-E07DFE852B87} - C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\393ORJKQ\3077ahntdksr[1].dll
HKCU-Run-Veoh - C:\Documents and Settings\Kevin\My Documents\New Folder\VeohClient.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-e4b94219 - C:\WINDOWS\system32\hfidebog.dll
HKLM-Run-WorksFUD - (no file)
HKU-Default-Run-Picasa Media Detector - C:\Documents and Settings\Kevin\My Documents\New Folder\Picasa2\PicasaMediaDetector.exe
Notify-cbXpQiIB - cbXpQiIB.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\4k3nozsh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 1610
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\CPQEADM.exe
C:\Compaq\CPQInet\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
.
**************************************************************************
.
Completion time: 2008-08-11 16:21:11 - machine was rebooted [Kevin]
ComboFix-quarantined-files.txt 2008-08-11 21:21:02

Pre-Run: 27,591,503,872 bytes free
Post-Run: 27,024,203,776 bytes free

467 --- E O F --- 2008-06-20 15:37:40
khealy729 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2008, 08:34 PM   #14 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: infected- Win32:Adware-gen
Thank you.

I'm not sure which of your programs is interfering with ComboFix at reboot, but it's likely to be Avast as it reloads. Regardless, ComboFix has been able to do it's job.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:


http://www.techsupportforum.com/security-center/hijackthis-log-help/276864-infected-win32-adware-gen-post1643785.html#post1643785

NoOrphans::
Collect::
C:\Documents and Settings\Kevin\g74.exe

File::
C:\Documents and Settings\Kevin\rappmx.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30ED533D-7E10-48D6-8314-E07DFE852B87}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"=-
"Aim6"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e4b94219"=-
"WorksFUD"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXpQiIB]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
---------------------------------------------------------------------

If you did not see the message above, there should be a [4]-Submit_<date and time>.zip folder on your desktop. Please visit this site and follow the instructions for uploading that folder that's on your desktop.

--------------------------------------------------------------------

Then please run a new online scan at Panda and we'll see what remains.

Perform an online scan with Panda ActiveScan
  • Click on Scan Your PC Now
  • A "pop up" window will appear, or a new tab will open.
  • Click on Register
  • Choose the option you like most, but we recommend the Free Registration.
  • Click on Register
  • Enter your e-mail address, and create a password.
  • Select "I do not want to receive any type of information". (unless you want to receive such information)
  • Click on Send
  • Confirm registration, and continue by entering your user name and password, then click on Enter
  • Select Full Scan, then Click on Scan Now
  • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  • If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
  • Please ignore the offer to buy the program. Click on Export To
  • Export the log and save it to your desktop.
  • Please attach the contents of that log in your next reply, along with the C:\ComboFix.txt

* Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-12-2008, 12:18 PM   #15 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: xpsp2


Re: infected- Win32:Adware-gen
Here is the combofix log, attached is combofix.txt and a new activescan. Also the .zip file requested was uploaded to bleepingcomputer

ComboFix 08-08-10.05 - Kevin 2008-08-12 10:25:42.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222 [GMT -5:00]
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kevin\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Kevin\rappmx.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kevin\g74.exe
C:\Documents and Settings\Kevin\rappmx.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2100-02-16 16:09 . 2001-02-16 15:37 62 --a------ C:\WINDOWS\system32\LXBOUSCI.INI
2008-08-11 13:51 . 2008-08-11 15:01 474 --ahs---- C:\WINDOWS\system32\balapnxn.ini
2008-08-04 16:48 . 2008-08-04 16:48 <DIR> d-------- C:\Deckard
2008-08-04 16:47 . 2008-08-04 16:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-03 19:44 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-03 19:04 . 2008-08-03 19:04 <DIR> d-------- C:\Program Files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 20:46 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Move Networks
2008-06-28 22:10 --------- d-----w C:\Program Files\AIM6
2008-06-28 22:07 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-28 22:06 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Viewpoint
2008-06-28 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-28 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-28 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-06-27 22:22 --------- d-----w C:\Documents and Settings\Kevin\Application Data\uTorrent
2008-06-27 22:14 --------- d-----w C:\Program Files\MSBuild
2008-06-27 22:04 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-27 21:40 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Sony Setup
2008-06-27 21:39 --------- d-----w C:\Program Files\Sony Setup
2008-06-27 18:13 --------- d-----w C:\Program Files\uTorrent
2008-06-27 18:12 --------- d-----w C:\Program Files\Sony
2008-06-27 01:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 14:04 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Audacity
2008-06-26 02:31 --------- d-----w C:\Program Files\LimeWire
2008-06-21 15:38 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Apple Computer
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2006-10-31 01:52 3,932 ----a-w C:\Documents and Settings\Kevin\Application Data\CMLayout.dat
2006-10-31 01:52 268 ----a-w C:\Documents and Settings\Kevin\Application Data\CMCPaper.dat
2003-07-18 16:12 4 ----a-w C:\Documents and Settings\Kevin\hl.dat
2001-05-21 10:54 3,932 ----a-w C:\Documents and Settings\Elizabeth\Application Data\CMLayout.dat
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-11_16.20.17.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-12 15:15:51 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_560.dat
+ 2008-08-12 15:15:54 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_6d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"MoneyStartUp"="c:\Program Files\Microsoft Money\System\Money Startup.exe" [2000-07-19 12:00 24625]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-08-15 13:50 28672]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2001-09-26 11:30 131072]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 16:34 36864]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-10-17 12:50 655360]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 14:02 57344]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52 380928]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 17:13 86016]
"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 14:36 40960]
"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 10:36 53248]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 19:52 36864]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 17:13 7204864]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-26 02:27 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 13:37 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Smapp"="Smtray.exe" [2001-05-31 22:32 224256 C:\WINDOWS\system32\SMTray.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Documents and Settings\Kevin\My Documents\New Folder\Picasa2\PicasaMediaDetector.exe" [N/A]

C:\Documents and Settings\Elizabeth\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\
CoolMon.lnk - C:\Program Files\CoolMon\CoolMon.exe [2002-10-13 22:51:43 1516032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"StartSurfing"=C:\PROGRA~1\STARTS~1\STARTS~1.EXE
"AltnetPointsManager"=c:\program files\altnet\points manager\points manager.exe -s
"avserve2.exe"=C:\WINDOWS\avserve2.exe
"avserve.exe"=C:\WINDOWS\avserve.exe
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"nwiz"=nwiz.exe /install
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AnalogX\\Proxy\\proxy.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35617:TCP"= 35617:TCP:Gnutella
"35617:UDP"= 35617:UDP:Gnutella

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 13:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 13:35]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe [2005-05-04 01:04]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 17:36]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
R3 Gcr432;Gcr432;C:\WINDOWS\system32\Drivers\gcr432.sys [2001-09-06 16:05]
R3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-07-19 14:58]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 08:28]
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS []
S2 ntlogin32;NT login service;C:\WINDOWS\System32\libsysmgr.exe []
S3 SNDP202;Bushnell ImageView;C:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-01-08 09:43]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [2005-05-03 22:42]
S3 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys [2001-01-29 16:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE
\Shell\install\command - F:\INSTALL\_SETUP.exe
.
Contents of the 'Scheduled Tasks' folder

2001-10-17 C:\WINDOWS\Tasks\Registration reminder 1.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2001-10-17 C:\WINDOWS\Tasks\Registration reminder 2.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2001-10-17 C:\WINDOWS\Tasks\Registration reminder 3.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2008-08-04 C:\WINDOWS\Tasks\{C185ABC2-822F-4D34-9CF9-6FDDC99D90CE}_DESKTOP_Kevin.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-04 02:56]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 10:32:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-12 10:39:31
ComboFix-quarantined-files.txt 2008-08-12 15:39:03
ComboFix2.txt 2008-08-11 22:28:02
ComboFix3.txt 2008-08-11 21:21:12

Pre-Run: 27,061,583,872 bytes free
Post-Run: 27,035,811,840 bytes free

183 --- E O F --- 2008-06-20 15:37:40
Attached Files
File Type: txt ActiveScan.txt (41.4 KB, 2 views)
File Type: txt ComboFix.txt (11.7 KB, 0 views)
Last edited by khealy729; 08-12-2008 at 12:19 PM.
khealy729 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-12-2008, 08:16 PM   #16 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: infected- Win32:Adware-gen
Hi khealy79,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:
SkipFix::
File::
c:\windows\kwv2.dat
C:\WINDOWS\system32\balapnxn.ini

Folder::
C:\Documents and Settings\Kevin\My Documents\Downloads\SonyVegasPro8.0b+FullyWorkingCrack

Registry::
[-hkey_classes_root\tldctl2.urllink]
[-hkey_local_machine\software\classes\tldctl2.urllink.1]
[-hkey_classes_root\tldctl2.urllink.1]
[-hkey_local_machine\software\classes\tldctl2.urllink]
[-hkey_local_machine\software\classes\appid\altnet signing module.exe]
[-hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch]
[-hkey_classes_root\kbbar.kbbarband.1]
[-hkey_classes_root\kbbar.kbbarband]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C}]
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

--------------------------------------------------------------------

Clear Cookies in Firefox:

Launch Mozilla Firefox>Tools>Options
  • Click the Privacy tab
    Under 'Private Data', click 'Clear Now'
    in the ensuing dialog box, ensure 'Cookies' is checked
    Click 'Clear Private Data Now'



Clear Cookies - Internet Explorer 7

Launch Internet Explorer>Tools>Internet Options
  • Under Browsing History 'Delete Temporary Files, cookies....'
  • Click the 'Delete' button.
  • In the ensuing dialog box, click 'Delete Cookies'

------------------------------------------------------------

After carrying out the above, your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-13-2008, 09:42 AM   #17 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: xpsp2


Re: infected- Win32:Adware-gen
All appears to be well, thank you very much Ried, you have been a great help.
khealy729 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-13-2008, 11:53 AM   #18 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: infected- Win32:Adware-gen
You're welcome, khealy729. Take care.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:22 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85