Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 6.3.2025 / 11:37
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > userinit.exe and rundll32.exe failed applications please help hjt log included
Show topics
 
Forums
Forums
userinit.exe and rundll32.exe failed applications please help HJT log included
  Jump to:
 
Posted Message
Page:12Next >
vcarter15
Newbie
_ 		4. August 2008 @ 23:43 _ Link to this message    Send private message to this user   
I have gone through the steps and scans mentioned by the forum. When my computer starts userinit.exe error comes up saying that there has been an application failure, click to terminate. After clicking twice the desktop loads only the background. I then use task manager command for the control panel which jump starts the desktop loading. But, many applications, upon being clicked, show rundll32.exe error with the same message as above.

Here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:32 PM, on 8/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL

Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak

Software Updater.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=506112

9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL

=

www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=506112

9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ycomp/d...://www.yahoo.co

m
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class -

{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM

Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}

- C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215}

- (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no

file)
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no

file)
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {164576FE-2866-4C6B-94B7-4E99341AD6EE} -

C:\WINDOWS\system32\khfdDWml.dll (file missing)
O2 - BHO: (no name) - {413e1860-2aa7-4406-b58e-42b839a1eecc} - (no

file)
O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no

file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no

file)
O2 - BHO: (no name) - {91B7E723-3E63-4DE5-A018-1CDE38F9080D} - (no

file)
O2 - BHO: (no name) - {9A50B2AF-3B2B-47DD-AECD-5D80A886F504} -

C:\WINDOWS\system32\urqOEvSK.dll (file missing)
O2 - BHO: (no name) - {A497D33D-69D0-4017-A824-C1FC587999D4} - (no

file)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no

file)
O2 - BHO: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no

file)
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no

file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -

C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no

file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no

file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI

Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program

Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI]

C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program

Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program

Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton

AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common

Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m

"C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program

Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell

Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search

& Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh

Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IFStub] C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools

Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d

locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LimeWire Turbo Accelerator] "C:\Program

Files\LimeWire Turbo Accelerator\LimeWire Turbo Accelerator.exe" -tray
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"

/tray
O4 - HKCU\..\Run:

[C:\DOCUME~1\MARKHA~1\LOCALS~1\Temp\IXP001.TMP\INRFQHIS.exe]

C:\DOCUME~1\MARKHA~1\LOCALS~1\Temp\IXP001.TMP\INRFQHIS.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk =

C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program

Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program

Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software

Updater.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft

SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim

toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578}

- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -

http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: zfdtuj.dll
O20 - Winlogon Notify: urqOEvSK - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec

Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program

Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown

owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13514 bytes

Here is the Kaspersky program log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 4, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 04, 2008 16:07:43
Records in database: 1053458
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - File:


Scan statistics:
Files scanned: 69820
Threat name: 2
Infected objects: 42
Suspicious objects: 0
Duration of the scan: 01:45:10


File name / Threat name / Threats count
C:\WINDOWS\system32\zfdtuj.dll/C:\WINDOWS\system32\zfdtuj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cat 36
C:\WINDOWS\System32\zfdtuj.dll/C:\WINDOWS\System32\zfdtuj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cat 4
C:\Documents and Settings\Mark Harper\My Documents\FrostWire\Saved\tech n9ne killer.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\WINDOWS\system32\zfdtuj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cat 1

The selected area was scanned.


I was hoping someone could look at my HJT log and tell me how to get rid of the userinit.exe and rundll32.exe problems.
[ + quote]

This message has been edited since posting. Last time this message was edited on 5. August 2008 @ 02:09
Advertisement
_ 		__
2oldGeek
AfterDawn Addict
_ 		5. August 2008 @ 02:53 _ Link to this message    Send private message to this user   
Hi vcarter15,

First repair your System Files.


To repair your system you will need to run SFC /scannow
For instructions go to:

http://www.bleepingcomputer.com/forums/topic43051.html
or
http://www.updatexp.com/scannow-sfc.html


Then post a HijackThis Log and uncheck the wordwrap in notepad. Then maybe someone can help you with removing the Malware.
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
vcarter15
Newbie
_ 		5. August 2008 @ 03:50 _ Link to this message    Send private message to this user   
Can I repair my system files without my xp disk. I have the i386 folder but my cd is at home and I am on vacation? If not, is it possible to use another xp disk to obtain the files I need?
[ + quote]
2oldGeek
AfterDawn Addict
_ 		5. August 2008 @ 04:00 _ Link to this message    Send private message to this user   
Try, it may not ask you for a cd.

If i386 is on your disk and the reg entry is set to look for it on a cd then it can be changed.

Tells you how here: http://www.updatexp.com/scannow-sfc.html
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
2oldGeek
AfterDawn Addict
_ 		5. August 2008 @ 04:09 _ Link to this message    Send private message to this user   
You will need to tell your computer you now have the files on your PC.

We do this is the registry (type regedit in the Run box on the start menu) by navigating to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Setup

You will see various entries here on the right hand side. The one we want is called:

SourcePath

It probably has an entry pointing to your CD-ROM drive, and that is why it is asking for the XP CD. All we need to do is change it to:

C:\

Simply double click the SourcePatch setting and a new box will pop up allowing you to make the change.

Now restart your computer and try sfc /scannow again!

EDIT My i386 is in C:\Windows you may need to use that.
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...

This message has been edited since posting. Last time this message was edited on 5. August 2008 @ 04:13
vcarter15
Newbie
_ 		5. August 2008 @ 13:41 _ Link to this message    Send private message to this user   
My i386 file is in the C drive but not under windows and sourcepath has it set for the c drive but sfc still asks for a service pack 3 cd. My original cd did not include any of the service packs to my knowledge. I updated my windows with service pack 3 via windows update.

Where to now?
[ + quote]
2oldGeek
AfterDawn Addict
_ 		6. August 2008 @ 02:36 _ Link to this message    Send private message to this user   
Maybe we can get by without it right now..

First.. open Notepad goto -> format and uncheck Wordwrap.. then post a new HJT Log. I can?t read it with wordwrap checked..

Thanks
2OG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
vcarter15
Newbie
_ 		6. August 2008 @ 16:03 _ Link to this message    Send private message to this user   
I will not have internet for the next week but when i get home I will have the windows cd to repair my system. Then I post the HJT log. My computer does not get the internet where I am at this time so I cannot get the report to you now.
[ + quote]
2oldGeek
AfterDawn Addict
_ 		6. August 2008 @ 22:40 _ Link to this message    Send private message to this user   
Just, when you can?.

We?ll try to get the bugs out?..

[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
vcarter15
Newbie
_ 		7. August 2008 @ 00:10 _ Link to this message    Send private message to this user   
I just tried to start the laptop and it will not boot once it reaches the black screen that should say Windows XP Media Center Edition
[ + quote]
2oldGeek
AfterDawn Addict
_ 		7. August 2008 @ 00:19 _ Link to this message    Send private message to this user   
Hold down the f-8 key when you boot and see if you can get into Safe Mode..
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
vcarter15
Newbie
_ 		7. August 2008 @ 00:22 _ Link to this message    Send private message to this user   
The computer beeps when I press it.
[ + quote]
2oldGeek
AfterDawn Addict
_ 		7. August 2008 @ 00:35 _ Link to this message    Send private message to this user   
let it beep.. but it will then go to safe mod, or not...
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
vcarter15
Newbie
_ 		7. August 2008 @ 01:05 _ Link to this message    Send private message to this user   
no I think windows is gone because the windows startup does not occur nor is there anything saying windows on the screen.
[ + quote]
2oldGeek
AfterDawn Addict
_ 		7. August 2008 @ 01:20 _ Link to this message    Send private message to this user   
Check, you may have a recovery partition on your HDD sometimes F10 gets you into it when booting. Do you see the BIOS Screen?

[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
vcarter15
Newbie
_ 		7. August 2008 @ 01:30 _ Link to this message    Send private message to this user   
F2 takes me to BIOS setup. Is that what you mean? It also has a booting priority list.
[ + quote]
2oldGeek
AfterDawn Addict
_ 		7. August 2008 @ 01:39 _ Link to this message    Send private message to this user   
NO, look at the bottom of the screen as you boot up, it should give you a key to press for Recovery - if you don't have one contact the manufacturer or get an installation disk.. That's all I can tell you.
I work with malware not computer failure.....

[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
vcarter15
Newbie
_ 		7. August 2008 @ 01:44 _ Link to this message    Send private message to this user   
Thanks for the help I will get the disk when I get home.
[ + quote]
coqui3l
Junior Member
_ 		9. August 2008 @ 14:19 _ Link to this message    Send private message to this user   
hi again 2OG,

I'm posting in this thread to conserve energy (?) since my issue is identical to the first post in this thread. Here's what I've done so far thanks to this great forum: :)

1. ran "explorer.exe" under Windows Task Manager to get icons and taskbar back.
2. ran scannow from win xp cd to fix damaged system files; the progress bar ran to the end and then the dialog box just disappeared without anything more such as a confirmation that the process completed successfully; so i'm not sure if scannow completed successfully.
3. ran malwarebytes' antimalware(mbam) (latest updates couldn't be had since internet connection screwed) and the log follows below.
4. ran combofix and the log follows below.
5. ran superantispyware (with latest updates since internet connection restored) and the log follows below.
6. ran trendmicro's online housecall and the only thing detected were tracking cookies, which I directed to be deleted/removed.
7. ran mbam again (this time with latest updates since internet connection restored since last run) and the log follows below.
8. ran hijackthis and the log follows below.

That's it. Please help! Logs follow.

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 3

3:00:01 AM 8/9/2008
mbam-log-8-9-2008 (03-00-01).txt

Scan type: Full Scan (I:\|)
Objects scanned: 74711
Time elapsed: 26 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 29
Registry Values Infected: 12
Registry Data Items Infected: 2
Folders Infected: 10
Files Infected: 100

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
I:\WINDOWS\system32\hgGvvwuU.dll (Trojan.Vundo) -> Delete on reboot.
I:\WINDOWS\system32\ihpfnw.dll (Trojan.Vundo) -> Delete on reboot.
I:\WINDOWS\system32\pmnlkIyw.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b1d668c-5e87-4253-a30b-84ef33dd9d6f} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1b1d668c-5e87-4253-a30b-84ef33dd9d6f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ac8dcdfb-0497-4db7-ae2f-a435abd28cf9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ac8dcdfb-0497-4db7-ae2f-a435abd28cf9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{748d6ea8-cd59-4682-91e7-af92f4f2d40e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{748d6ea8-cd59-4682-91e7-af92f4f2d40e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlkiyw (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{629340b5-8df6-4211-9245-a86563a35792} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{65742936-8079-408b-9f3c-874b78030a72} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ascwarning32.warningbho (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ascwarning32.warningbho.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{58472bc6-bea3-42d4-8917-7a8bcb0711b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58472bc6-bea3-42d4-8917-7a8bcb0711b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\asc 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Adsl Software Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\000000af (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{748d6ea8-cd59-4682-91e7-af92f4f2d40e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{629340b5-8df6-4211-9245-a86563a35792} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{65742936-8079-408b-9f3c-874b78030a72} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{65742936-8079-408b-9f3c-874b78030a72} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm9f7a93c5 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: i:\windows\system32\hggvvwuu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: i:\windows\system32\hggvvwuu -> Delete on reboot.

Folders Infected:
I:\Program Files\ASC 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
I:\Program Files\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\kBin02 (Trojan.Agent) -> Quarantined and deleted successfully.
I:\Program Files\WAV (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
I:\WINDOWS\system32\hgGvvwuU.dll (Trojan.Vundo) -> Delete on reboot.
I:\WINDOWS\system32\UuwvvGgh.ini (Trojan.Vundo) -> Delete on reboot.
I:\WINDOWS\system32\UuwvvGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\ihpfnw.dll (Trojan.Vundo) -> Delete on reboot.
I:\WINDOWS\system32\grcfjvyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\uyvjfcrg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\pmnlkIyw.dll (Trojan.Vundo) -> Delete on reboot.
I:\Program Files\Web Technologies\iebr.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\Adsl Software Ltd\WinSpywareProtect\Winspywareprotect.exe (Rogue.Installer) -> Quarantined and deleted successfully.
I:\Documents and Settings\Chino\Local Settings\Temp\josdsiwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Documents and Settings\Chino\Local Settings\Temp\qwvrmuxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Documents and Settings\Chino\Local Settings\Temp\urlefcwm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Documents and Settings\Chino\Local Settings\Temp\ymspwocu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Documents and Settings\Chino\Local Settings\Temporary Internet Files\Content.IE5\1I7DPL1M\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Documents and Settings\Chino\Local Settings\Temporary Internet Files\Content.IE5\KT11BFFN\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Program Files\ASC 2.1\ASC 2.1.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\kqyyugos.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\pmnoMDVP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\qrpqiekj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\vmrlcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\ugcebhru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Program Files\Web Technologies\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Program Files\Web Technologies\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Program Files\Web Technologies\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Program Files\Web Technologies\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Program Files\Web Technologies\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Program Files\Web Technologies\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Program Files\WAV\wav.cpl (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
I:\Program Files\WAV\wav.exe (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
I:\Program Files\WAV\wav0.dat (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
I:\Program Files\WAV\wav1.dat (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080711151711562.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080712115842312.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080712193340578.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080713110331515.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080713152306515.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080713152802609.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080713154458765.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080713160507046.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080713230534718.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080714085159015.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080714111238312.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080714145617937.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080715163937968.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080715221726046.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080716084335343.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080716133336421.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080716162904375.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080717001820671.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080717083131531.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080717144611703.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080717144853046.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080717152507609.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080717174341562.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080718102725250.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080718144858703.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080718165917984.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080718185223359.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080718211318218.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080719204932343.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080720121712718.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080720213310437.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080721085153687.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080721145910015.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080721175015218.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080722141328515.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080722201905609.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080723093304953.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080723122359546.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080724131107796.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080725085009828.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080725085218593.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080725125520484.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080725155039562.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080725161511375.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080725161716875.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080725205834796.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080726013207359.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080726105932890.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080726155914453.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080726222943859.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080727010626578.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080727124116406.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080727124302546.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080727171628500.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080727181614703.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080727224600765.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080728082007312.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080728130159671.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080728180354000.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\wav.cpl (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\mdofeuwi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
I:\WINDOWS\BM9f7a93c5.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\BM9f7a93c5.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Documents and Settings\Juan\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\Documents and Settings\Juan\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Documents and Settings\Juan\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Documents and Settings\Juan\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Documents and Settings\Juan\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

ComboFix 08-08-08.07 - Juan 2008-08-09 3:08:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.344 [GMT -4:00]
Running from: I:\Documents and Settings\Juan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Documents and Settings\Bruce\Application Data\macromedia\Flash Player\#SharedObjects\DE7RVP2P\interclick.com
I:\Documents and Settings\Bruce\Application Data\macromedia\Flash Player\#SharedObjects\DE7RVP2P\interclick.com\ud.sol
I:\Documents and Settings\Bruce\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
I:\Documents and Settings\Bruce\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
I:\Documents and Settings\Chino\Application Data\macromedia\Flash Player\#SharedObjects\8EYHB8G5\interclick.com
I:\Documents and Settings\Chino\Application Data\macromedia\Flash Player\#SharedObjects\8EYHB8G5\interclick.com\ud.sol
I:\Documents and Settings\Chino\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
I:\Documents and Settings\Chino\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
I:\Documents and Settings\Juan\Application Data\macromedia\Flash Player\#SharedObjects\FHNTXTXE\interclick.com
I:\Documents and Settings\Juan\Application Data\macromedia\Flash Player\#SharedObjects\FHNTXTXE\interclick.com\ud.sol
I:\Documents and Settings\Juan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
I:\Documents and Settings\Juan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
I:\WINDOWS\pskt.ini
I:\WINDOWS\system32\ihpfnw.dll
I:\WINDOWS\system32\MSINET.oca
I:\WINDOWS\system32\pujdgijh.dll
I:\WINDOWS\system32\rpbciyst.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

2008-08-09 01:58 . 2008-08-09 01:58 <DIR> d-------- I:\Documents and Settings\Juan\Application Data\Malwarebytes
2008-08-09 01:57 . 2008-08-09 01:58 <DIR> d-------- I:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 01:57 . 2008-08-09 01:57 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 01:57 . 2008-07-30 20:07 38,472 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-09 01:57 . 2008-07-30 20:07 17,144 --a------ I:\WINDOWS\system32\drivers\mbam.sys
2008-08-08 22:19 . 2008-08-08 22:19 <DIR> d-------- I:\Program Files\Trend Micro
2008-08-08 21:24 . 2001-08-17 13:28 771,581 --a--c--- I:\WINDOWS\system32\dllcache\winacisa.sys
2008-08-08 21:23 . 2001-08-17 13:28 765,884 --a--c--- I:\WINDOWS\system32\dllcache\usrti.sys
2008-08-08 21:22 . 2001-08-17 13:28 794,654 --a--c--- I:\WINDOWS\system32\dllcache\usr1801.sys
2008-08-08 21:21 . 2001-08-17 22:36 525,568 --a--c--- I:\WINDOWS\system32\dllcache\tridxp.dll
2008-08-08 21:20 . 2001-08-17 14:01 241,664 --a--c--- I:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-08-08 21:19 . 2001-08-17 14:56 172,768 --a--c--- I:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-08-08 21:18 . 2001-08-17 12:18 285,760 --a--c--- I:\WINDOWS\system32\dllcache\stlnata.sys
2008-08-08 21:17 . 2001-08-17 14:56 147,200 --a--c--- I:\WINDOWS\system32\dllcache\smidispb.dll
2008-08-08 21:16 . 2001-08-17 14:56 252,032 --a--c--- I:\WINDOWS\system32\dllcache\sis300iv.dll
2008-08-08 21:15 . 2001-08-17 22:36 495,616 --a--c--- I:\WINDOWS\system32\dllcache\sblfx.dll
2008-08-08 21:14 . 2001-08-17 14:56 245,632 --a--c--- I:\WINDOWS\system32\dllcache\s3savmx.dll
2008-08-08 21:13 . 2001-08-17 13:28 899,146 --a--c--- I:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-08-08 21:12 . 2008-04-13 20:12 363,520 --a--c--- I:\WINDOWS\system32\dllcache\psisdecd.dll
2008-08-08 21:11 . 2008-04-13 20:10 259,328 --a--c--- I:\WINDOWS\system32\dllcache\perm3dd.dll
2008-08-08 21:10 . 2001-08-17 14:05 351,616 --a--c--- I:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-08-08 21:09 . 2008-04-13 14:31 2,023,936 --a--c--- I:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-08-08 21:08 . 2001-08-17 12:11 128,000 --a--c--- I:\WINDOWS\system32\dllcache\n100325.sys
2008-08-08 21:07 . 2001-08-17 12:50 320,384 --a--c--- I:\WINDOWS\system32\dllcache\mgaum.sys
2008-08-08 21:06 . 2001-08-17 13:28 802,683 --a--c--- I:\WINDOWS\system32\dllcache\ltsm.sys
2008-08-08 21:05 . 2008-04-13 20:11 253,952 --a--c--- I:\WINDOWS\system32\dllcache\kdsusd.dll
2008-08-08 21:04 . 2008-04-13 20:12 151,552 --a--c--- I:\WINDOWS\system32\dllcache\irftp.exe
2008-08-08 21:03 . 2008-04-13 20:11 702,845 --a--c--- I:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-08-08 21:02 . 2001-08-17 13:28 542,879 --a--c--- I:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-08-08 21:01 . 2001-08-17 13:28 907,456 --a--c--- I:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-08-08 21:00 . 2001-08-17 14:56 1,733,120 --a--c--- I:\WINDOWS\system32\dllcache\g400d.dll
2008-08-08 20:59 . 2001-08-17 13:28 595,647 --a--c--- I:\WINDOWS\system32\dllcache\es56cvmp.sys
2008-08-08 20:58 . 2001-08-17 13:28 634,134 --a--c--- I:\WINDOWS\system32\dllcache\el656ct5.sys
2008-08-08 20:57 . 2001-08-17 12:14 952,007 --a--c--- I:\WINDOWS\system32\dllcache\diwan.sys
2008-08-08 20:56 . 2008-04-13 20:11 249,856 --a--c--- I:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-08-08 20:55 . 2001-08-17 12:13 980,034 --a--c--- I:\WINDOWS\system32\dllcache\cicap.sys
2008-08-08 20:54 . 2001-08-17 22:36 102,400 --a--c--- I:\WINDOWS\system32\dllcache\binlsvc.dll
2008-08-08 20:53 . 2001-08-17 13:28 871,388 --a--c--- I:\WINDOWS\system32\dllcache\bcmdm.sys
2008-08-08 20:52 . 2001-08-17 12:19 747,392 --a--c--- I:\WINDOWS\system32\dllcache\adm8830.sys
2008-08-08 20:52 . 2001-08-17 12:19 584,448 --a--c--- I:\WINDOWS\system32\dllcache\adm8810.sys
2008-08-08 20:52 . 2001-08-17 12:19 553,984 --a--c--- I:\WINDOWS\system32\dllcache\adm8820.sys
2008-08-08 20:52 . 2001-08-17 14:07 101,888 --a--c--- I:\WINDOWS\system32\dllcache\adpu160m.sys
2008-08-08 20:52 . 2001-08-17 12:11 46,112 --a--c--- I:\WINDOWS\system32\dllcache\adptsf50.sys
2008-08-08 20:52 . 2001-08-17 12:11 20,160 --a--c--- I:\WINDOWS\system32\dllcache\adm8511.sys
2008-08-08 20:52 . 2004-08-03 22:32 10,880 --a--c--- I:\WINDOWS\system32\dllcache\admjoy.sys
2008-07-29 20:41 . 2008-07-29 20:41 77 --a------ I:\Documents and Settings\Juan\1741.bat
2008-07-29 18:43 . 2008-07-29 18:57 <DIR> d-------- I:\Program Files\VirtualDJ
2008-07-29 17:11 . 2008-07-29 17:11 <DIR> d-------- I:\Program Files\Common Files\PACE Anti-Piracy
2008-07-29 17:11 . 2008-07-29 17:11 <DIR> d-------- I:\Documents and Settings\Juan\Application Data\PACE Anti-Piracy
2008-07-29 17:11 . 2008-07-29 17:11 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-07-29 17:07 . 2006-12-08 22:50 16,384 --a------ I:\WINDOWS\system32\drivers\DigiFilt.sys
2008-07-29 17:05 . 2008-07-29 17:06 <DIR> d-------- I:\Program Files\Digidesign
2008-07-29 17:05 . 2007-10-31 03:16 3,683,014 --a------ I:\WINDOWS\system32\DirectIO.dll
2008-07-29 17:05 . 2007-10-31 00:03 1,362,460 --a------ I:\WINDOWS\system32\ExpansionHD_Firmware.bin
2008-07-29 17:05 . 2007-10-31 00:03 659,456 --a------ I:\WINDOWS\system32\DSI.dll
2008-07-29 17:05 . 2007-10-30 23:03 270,336 --a------ I:\WINDOWS\system32\DigiPlatformSupport.dll
2008-07-29 17:05 . 2006-12-08 23:21 90,112 --a------ I:\WINDOWS\system32\WinMMFix.dll
2008-07-29 17:05 . 2007-10-31 00:36 15,872 --a------ I:\WINDOWS\system32\digicoin.dll
2008-07-29 14:29 . 2008-07-29 14:29 <DIR> d--h----- I:\WINDOWS\PIF
2008-07-29 14:23 . 2008-07-29 14:23 <DIR> d-------- I:\Documents and Settings\Juan\Application Data\InstallShield
2008-07-29 14:18 . 2008-07-29 14:18 <DIR> d----c--- I:\WINDOWS\system32\DRVSTORE
2008-07-29 14:18 . 2008-07-29 14:18 <DIR> d-------- I:\WINDOWS\Downloaded Installations
2008-07-29 14:18 . 2008-07-29 14:18 <DIR> d-------- I:\Program Files\InterLok
2008-07-29 14:13 . 2008-07-29 17:05 <DIR> d-------- I:\Program Files\Common Files\Digidesign
2008-07-28 18:43 . 2008-07-28 20:12 <DIR> d-------- I:\Documents and Settings\Juan\.housecall6.6
2008-07-28 18:09 . 2008-07-28 18:09 109 --a------ I:\WINDOWS\DelToolbox.bat
2008-07-28 18:01 . 2008-07-28 18:01 <DIR> d-------- I:\Documents and Settings\Juan\Application Data\DAEMON Tools
2008-07-28 18:01 . 2008-07-28 18:01 717,296 --a------ I:\WINDOWS\system32\drivers\sptd.sys
2008-07-27 21:36 . 2008-07-27 21:36 69 --a------ I:\WINDOWS\NeroDigital.ini
2008-07-18 21:11 . 2008-07-18 21:17 <DIR> d-------- I:\WINDOWS\UMStor
2008-07-18 21:11 . 2008-07-18 21:17 <DIR> d-------- I:\WINDOWS\system\iosubsys
2008-07-18 21:11 . 2003-11-21 18:09 201,736 --------- I:\WINDOWS\system32\drivers\UMSTOR.sys
2008-07-11 11:26 . 2008-07-28 18:03 <DIR> d-a------ I:\Documents and Settings\All Users\Application Data\TEMP
2008-07-10 03:10 . 2008-08-09 03:05 <DIR> d-------- I:\Documents and Settings\Juan\Application Data\LimeWire
2008-07-10 03:09 . 2008-07-10 03:10 <DIR> d-------- I:\Program Files\LimeWire
2008-07-10 02:11 . 2005-11-10 14:54 402,944 -ra------ I:\WINDOWS\system32\drivers\BLKWGU.sys
2008-07-10 02:10 . 2008-07-10 02:10 <DIR> d-------- I:\Program Files\Belkin
2008-07-10 01:38 . 2008-07-10 01:38 786,944 --a------ I:\WINDOWS\RDBios32.dll
2008-07-10 01:38 . 2008-07-10 01:38 532,480 --a------ I:\WINDOWS\cPC_DMIRD.dll
2008-07-10 01:30 . 2008-07-10 01:33 39 --a------ I:\WINDOWS\wwwbatch.ini
2008-07-10 01:02 . 2008-08-01 12:18 <DIR> d-------- I:\Documents and Settings\Bruce
2008-07-10 00:35 . 2008-07-10 00:47 <DIR> d-------- I:\Program Files\VstPlugins
2008-07-10 00:35 . 2002-07-07 18:14 1,294,336 --a------ I:\WINDOWS\system32\vorbis.acm
2008-07-10 00:35 . 2006-06-20 04:56 225,280 --a------ I:\WINDOWS\system32\rewire.dll
2008-07-10 00:34 . 2008-08-02 14:06 <DIR> d-------- I:\Program Files\Image-Line
2008-07-10 00:20 . 2008-08-09 02:59 <DIR> d-------- I:\Documents and Settings\Juan
2008-07-10 00:20 . 2008-04-13 20:12 221,184 --a------ I:\WINDOWS\system32\wmpns.dll
2008-07-10 00:19 . 2008-07-10 00:19 <DIR> d-------- I:\Program Files\Fraunhofer mp3 codec
2008-07-10 00:19 . 1998-04-30 14:56 129,024 --a------ I:\WINDOWS\UNWISE.EXE
2008-07-09 13:21 . 2007-07-30 19:19 271,224 --a------ I:\WINDOWS\system32\mucltui.dll
2008-07-09 13:21 . 2007-07-30 19:19 30,072 --a------ I:\WINDOWS\system32\mucltui.dll.mui
2008-07-09 12:22 . 2008-07-09 12:22 <DIR> d-------- I:\Program Files\RealVNC
2008-07-09 12:19 . 2008-07-09 12:19 <DIR> d-------- I:\Program Files\PrivacyEraser Computing
2008-07-09 11:07 . 1999-07-22 18:14 306,688 --a------ I:\WINDOWS\IsUninst.exe
2008-07-09 11:07 . 2002-08-15 19:59 123,619 --a------ I:\WINDOWS\system32\SYMEVNT.386
2008-07-09 11:07 . 2002-08-15 19:59 83,672 --a------ I:\WINDOWS\system32\S32EVNT1.DLL
2008-07-09 11:07 . 2002-08-15 19:59 73,224 --a------ I:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-09 11:07 . 2002-08-14 06:03 34,578 --a------ I:\WINDOWS\system32\drivers\NPDRIVER.SYS
2008-07-09 11:07 . 2008-07-09 11:07 260 --a------ I:\WINDOWS\_delis32.ini
2008-07-09 11:07 . 2008-07-09 11:07 32 --ahs---- I:\WINDOWS\system32\{4F6393C1-062F-4645-8130-DB7B840608F4}.dat
2008-07-09 11:07 . 2008-07-09 11:07 32 --ahs---- I:\WINDOWS\{AE8C3F95-B00F-4840-B971-6326F5D0AD77}.dat
2008-07-09 11:07 . 2008-07-09 11:07 14 --a------ I:\WINDOWS\system32\SR2.dat
2008-07-09 11:06 . 2008-07-09 11:07 <DIR> d-------- I:\Program Files\Symantec
2008-07-09 11:06 . 2008-07-09 12:07 <DIR> d-------- I:\Program Files\Norton AntiVirus
2008-07-09 11:06 . 2008-08-09 03:05 <DIR> d-------- I:\Program Files\Common Files\Symantec Shared
2008-07-09 11:06 . 2008-07-09 11:06 <DIR> d-------- I:\Documents and Settings\Chino\Application Data\Symantec
2008-07-09 11:06 . 2008-07-09 11:07 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Symantec
2008-07-09 09:27 . 2008-07-09 09:27 <DIR> d-------- I:\Program Files\Common Files\Ahead
2008-07-09 09:27 . 2008-07-09 09:27 <DIR> d-------- I:\Program Files\Ahead
2008-07-09 09:27 . 2004-07-26 17:16 1,568,768 --------- I:\WINDOWS\system32\ImagX7.dll
2008-07-09 09:27 . 2004-07-26 17:16 476,320 --------- I:\WINDOWS\system32\ImagXpr7.dll
2008-07-09 09:27 . 2004-07-26 17:16 471,040 --------- I:\WINDOWS\system32\ImagXRA7.dll
2008-07-09 09:27 . 2004-07-26 17:16 262,144 --------- I:\WINDOWS\system32\ImagXR7.dll
2008-07-09 09:27 . 2001-07-09 11:50 155,648 --a------ I:\WINDOWS\system32\NeroCheck.exe
2008-07-09 09:27 . 2004-03-02 17:37 125,184 --------- I:\WINDOWS\system32\drivers\imagesrv.sys
2008-07-09 09:27 . 2000-06-26 11:45 106,496 --a------ I:\WINDOWS\system32\TwnLib20.dll
2008-07-09 09:27 . 2004-03-02 17:37 5,504 --------- I:\WINDOWS\system32\drivers\imagedrv.sys
2008-07-09 09:26 . 2008-07-29 17:06 <DIR> d--h----- I:\Program Files\InstallShield Installation Information
2008-07-09 09:26 . 2008-07-09 09:26 <DIR> d-------- I:\Program Files\CyberLink
2008-07-09 09:26 . 2008-07-09 09:26 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-09 09:24 . 2008-07-09 09:24 376 --a------ I:\WINDOWS\ODBC.INI
2008-07-09 09:23 . 2008-07-09 09:23 <DIR> d-------- I:\Program Files\Microsoft ActiveSync
2008-07-09 09:21 . 2008-07-09 09:21 <DIR> d-------- I:\WINDOWS\ShellNew
2008-07-09 09:21 . 2008-07-09 09:21 <DIR> d-------- I:\Program Files\Common Files\L&H
2008-07-09 09:17 . 2008-07-09 09:17 <DIR> d-------- I:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 11:09 --------- d-----w I:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w I:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w I:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w I:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w I:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w I:\WINDOWS\system32\drivers\bthport.sys
2008-05-09 10:53 90,112 ----a-w I:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w I:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w I:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w I:\WINDOWS\system32\scrrun.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Internet Eraser"="I:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe" [2007-03-09 19:30 538112]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="I:\WINDOWS\system32\igfxtray.exe" [2004-11-02 09:03 155648]
"HotKeysCmds"="I:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59 126976]
"ccApp"="I:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 22:22 50880]
"ccRegVfy"="I:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 22:23 34504]
"Advanced Tools Check"="I:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2002-08-26 22:35 79480]
"DigidesignMMERefresh"="I:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 00:35 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="I:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 09:04 54936]

I:\Documents and Settings\Juan\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - I:\Program Files\LimeWire\LimeWire.exe [2008-06-18 14:46:56 147456]

I:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - I:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 11:23:10 1404928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ihpfnw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"I:\\WINDOWS\\system32\\sessmgr.exe"=
"I:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"I:\\Program Files\\LimeWire\\LimeWire.exe"=
"I:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

R0 DigiFilter;DigiFilter;I:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 22:50]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-09 I:\WINDOWS\Tasks\Symantec NetDetect.job
- I:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Windows Logon Applicationedc - I:\Documents and Settings\Juan\winlogon.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
O17 -: HKLM\CCS\Interface\{D48E101C-D047-42D2-BCDA-00F4ACB9ABFE}: NameServer = 192.168.0.33


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 03:11:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-09 3:12:49
ComboFix-quarantined-files.txt 2008-08-09 07:12:45

Pre-Run: 67,562,442,752 bytes free
Post-Run: 67,777,155,072 bytes free

238 --- E O F --- 2008-07-10 04:04:00

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/09/2008 at 03:30 AM

Application Version : 4.15.1000

Core Rules Database Version : 3531
Trace Rules Database Version: 1520

Scan type : Complete Scan
Total Scan Time : 00:14:19

Memory items scanned : 331
Memory threats detected : 0
Registry items scanned : 4838
Registry threats detected : 0
File items scanned : 13463
File threats detected : 167

Browser Hijacker.Favorites
I:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\ANTIVIRUS SCAN.URL

Adware.Tracking Cookie
I:\Documents and Settings\Bruce\Cookies\bruce@bs.serving-sys[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@scanner.vav-scan[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@adopt.specificclick[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@cache.trafficmp[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@chitika[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@trafficmp[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@adopt.euroclick[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@rotator.adjuggler[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@adbrite[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@statcounter[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@apmebf[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@www.3dstats[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@angleinteractive.directtrack[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@data.coremetrics[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ads.ovguide[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@adrevolver[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@statsync[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@atdmt[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@reduxads.valuead[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ad.zanox[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@realmedia[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ads.revsci[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@fastclick[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@revenue[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ads.bridgetrack[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@tremor.adbureau[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@mediaplex[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ads.realtechnetwork[3].txt
I:\Documents and Settings\Bruce\Cookies\bruce@advertising[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ads.realtechnetwork[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@questionmarket[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@specificclick[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ad.yieldmanager[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@www.burstnet[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ad.yieldmanager[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@tracking.profitsource[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@optimost[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@tradedoubler[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@casalemedia[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@mediaresponder[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@zedo[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@bgu.directtrack[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@media.adrevolver[3].txt
I:\Documents and Settings\Bruce\Cookies\bruce@media.adrevolver[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@serving-sys[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@collective-media[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@aff.primaryads[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@mediatraffic[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@www.burstbeacon[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@2o7[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@serve.clickbooth[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@doubleclick[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@linksynergy[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@directtrack[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@hornymatches[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@www.statsync[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@bluestreak[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@tribalfusion[3].txt
I:\Documents and Settings\Bruce\Cookies\bruce@tribalfusion[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@scanner.anvi-scanner[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@media6degrees[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@burstnet[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@interclick[1].txt
I:\Documents and Settings\Chino\Cookies\chino@at.atwola[1].txt
I:\Documents and Settings\Chino\Cookies\chino@view.atdmt[1].txt
I:\Documents and Settings\Chino\Cookies\chino@microsoftwindows.112.2o7[1].txt
I:\Documents and Settings\Chino\Cookies\chino@cache.trafficmp[1].txt
I:\Documents and Settings\Chino\Cookies\chino@media6degrees[1].txt
I:\Documents and Settings\Chino\Cookies\chino@roiservice[1].txt
I:\Documents and Settings\Chino\Cookies\chino@adnetserver[1].txt
I:\Documents and Settings\Chino\Cookies\chino@traffic.buyservices[1].txt
I:\Documents and Settings\Chino\Cookies\chino@doubleclick[1].txt
I:\Documents and Settings\Chino\Cookies\chino@ehg-dig.hitbox[2].txt
I:\Documents and Settings\Chino\Cookies\chino@eas.apm.emediate[1].txt
I:\Documents and Settings\Chino\Cookies\chino@scanner.vav-scan[2].txt
I:\Documents and Settings\Chino\Cookies\chino@incentaclick[2].txt
I:\Documents and Settings\Chino\Cookies\chino@interclick[1].txt
I:\Documents and Settings\Chino\Cookies\chino@stats.adbrite[2].txt
I:\Documents and Settings\Chino\Cookies\chino@bluestreak[2].txt
I:\Documents and Settings\Chino\Cookies\chino@prospect.adbureau[1].txt
I:\Documents and Settings\Chino\Cookies\chino@hypertracker[1].txt
I:\Documents and Settings\Chino\Cookies\chino@rotator.adjuggler[2].txt
I:\Documents and Settings\Chino\Cookies\chino@scanner.anvi-scanner[2].txt
I:\Documents and Settings\Chino\Cookies\chino@ehg-myspaceinc.hitbox[2].txt
I:\Documents and Settings\Chino\Cookies\chino@adopt.euroclick[2].txt
I:\Documents and Settings\Chino\Cookies\chino@ar.atwola[1].txt
I:\Documents and Settings\Chino\Cookies\chino@burstnet[1].txt
I:\Documents and Settings\Chino\Cookies\chino@adprofile[2].txt
I:\Documents and Settings\Chino\Cookies\chino@richmedia.yahoo[2].txt
I:\Documents and Settings\Chino\Cookies\chino@bs.serving-sys[1].txt
I:\Documents and Settings\Chino\Cookies\chino@hitbox[1].txt
I:\Documents and Settings\Chino\Cookies\chino@statcounter[2].txt
I:\Documents and Settings\Chino\Cookies\chino@stats.sitesuite[1].txt
I:\Documents and Settings\Chino\Cookies\chino@server.iad.liveperson[3].txt
I:\Documents and Settings\Chino\Cookies\chino@data.coremetrics[1].txt
I:\Documents and Settings\Chino\Cookies\chino@buycom.122.2o7[1].txt
I:\Documents and Settings\Chino\Cookies\chino@ads.pointroll[2].txt
I:\Documents and Settings\Chino\Cookies\chino@adtrackingserver[2].txt
I:\Documents and Settings\Chino\Cookies\chino@server.iad.liveperson[1].txt
I:\Documents and Settings\Chino\Cookies\chino@angleinteractive.directtrack[2].txt
I:\Documents and Settings\Chino\Cookies\chino@atdmt[2].txt
I:\Documents and Settings\Chino\Cookies\chino@adecn[2].txt
I:\Documents and Settings\Chino\Cookies\chino@viacom.adbureau[1].txt
I:\Documents and Settings\Chino\Cookies\chino@dynamic.media.adrevolver[1].txt
I:\Documents and Settings\Chino\Cookies\chino@homestore.122.2o7[1].txt
I:\Documents and Settings\Chino\Cookies\chino@login.tracking101[2].txt
I:\Documents and Settings\Chino\Cookies\chino@imrworldwide[2].txt
I:\Documents and Settings\Chino\Cookies\chino@trafficmp[1].txt
I:\Documents and Settings\Chino\Cookies\chino@adrevolver[2].txt
I:\Documents and Settings\Chino\Cookies\chino@msnportal.112.2o7[2].txt
I:\Documents and Settings\Chino\Cookies\chino@ads.vlaze[2].txt
I:\Documents and Settings\Chino\Cookies\chino@questionmarket[2].txt
I:\Documents and Settings\Chino\Cookies\chino@tremor.adbureau[2].txt
I:\Documents and Settings\Chino\Cookies\chino@ads.revsci[1].txt
I:\Documents and Settings\Chino\Cookies\chino@media.mtvnservices[2].txt
I:\Documents and Settings\Chino\Cookies\chino@ad.yieldmanager[2].txt
I:\Documents and Settings\Chino\Cookies\chino@insightexpressai[1].txt
I:\Documents and Settings\Chino\Cookies\chino@specificclick[1].txt
I:\Documents and Settings\Chino\Cookies\chino@adopt.specificclick[2].txt
I:\Documents and Settings\Chino\Cookies\chino@specificclick[3].txt
I:\Documents and Settings\Chino\Cookies\chino@ad.yieldmanager[1].txt
I:\Documents and Settings\Chino\Cookies\chino@realmedia[1].txt
I:\Documents and Settings\Chino\Cookies\chino@advertising[2].txt
I:\Documents and Settings\Chino\Cookies\chino@searchfeed[1].txt
I:\Documents and Settings\Chino\Cookies\chino@fastclick[1].txt
I:\Documents and Settings\Chino\Cookies\chino@www.burstnet[2].txt
I:\Documents and Settings\Chino\Cookies\chino@fastclick[2].txt
I:\Documents and Settings\Chino\Cookies\chino@advertising[1].txt
I:\Documents and Settings\Chino\Cookies\chino@edge.ru4[1].txt
I:\Documents and Settings\Chino\Cookies\chino@overture[2].txt
I:\Documents and Settings\Chino\Cookies\chino@ad.zanox[1].txt
I:\Documents and Settings\Chino\Cookies\chino@adbrite[2].txt
I:\Documents and Settings\Chino\Cookies\chino@tacoda[1].txt
I:\Documents and Settings\Chino\Cookies\chino@www.incentaclick[2].txt
I:\Documents and Settings\Chino\Cookies\chino@revsci[2].txt
I:\Documents and Settings\Chino\Cookies\chino@mediaresponder[2].txt
I:\Documents and Settings\Chino\Cookies\chino@collective-media[1].txt
I:\Documents and Settings\Chino\Cookies\chino@mediaplex[2].txt
I:\Documents and Settings\Chino\Cookies\chino@media.adrevolver[3].txt
I:\Documents and Settings\Chino\Cookies\chino@media.adrevolver[2].txt
I:\Documents and Settings\Chino\Cookies\chino@perf.overture[1].txt
I:\Documents and Settings\Chino\Cookies\chino@zedo[3].txt
I:\Documents and Settings\Chino\Cookies\chino@zedo[2].txt
I:\Documents and Settings\Chino\Cookies\chino@tracking.profitsource[1].txt
I:\Documents and Settings\Chino\Cookies\chino@trafficdashboard[1].txt
I:\Documents and Settings\Chino\Cookies\chino@tracking.vindicosuite[1].txt
I:\Documents and Settings\Chino\Cookies\chino@servedby.onlinemediadiva[2].txt
I:\Documents and Settings\Chino\Cookies\chino@bgu.directtrack[2].txt
I:\Documents and Settings\Chino\Cookies\chino@serve.clickbooth[1].txt
I:\Documents and Settings\Chino\Cookies\chino@casalemedia[2].txt
I:\Documents and Settings\Chino\Cookies\chino@mediatraffic[1].txt
I:\Documents and Settings\Chino\Cookies\chino@statse.webtrendslive[2].txt
I:\Documents and Settings\Chino\Cookies\chino@fls.doubleclick[1].txt
I:\Documents and Settings\Chino\Cookies\chino@hearstmagazines.112.2o7[1].txt
I:\Documents and Settings\Chino\Cookies\chino@atwola[1].txt
I:\Documents and Settings\Chino\Cookies\chino@apmebf[1].txt
I:\Documents and Settings\Chino\Cookies\chino@serving-sys[1].txt
I:\Documents and Settings\Chino\Cookies\chino@homesteadtechnologies.122.2o7[1].txt
I:\Documents and Settings\Chino\Cookies\chino@hornymatches[2].txt
I:\Documents and Settings\Chino\Cookies\chino@2o7[1].txt
I:\Documents and Settings\Chino\Cookies\chino@directtrack[2].txt
I:\Documents and Settings\Chino\Cookies\chino@tribalfusion[2].txt
I:\Documents and Settings\Chino\Cookies\chino@tribalfusion[1].txt
I:\Documents and Settings\Chino\Cookies\chino@media.vlzserver[1].txt
I:\Documents and Settings\Chino\Cookies\chino@linksynergy[1].txt
I:\Documents and Settings\Chino\Cookies\chino@tradedoubler[2].txt

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$


Malwarebytes' Anti-Malware 1.24
Database version: 1035
Windows 5.1.2600 Service Pack 3

12:25:12 PM 8/9/2008
mbam-log-8-9-2008 (12-25-12).txt

Scan type: Full Scan (I:\|)
Objects scanned: 69852
Time elapsed: 20 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:54 PM, on 8/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Digidesign\Drivers\MMERefresh.exe
I:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\hkcmd.exe
I:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
I:\Program Files\RealVNC\VNC4\winvnc4.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] I:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] I:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] I:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKCU\..\Run: [Free Internet Eraser] I:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] I:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] I:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Run VNC Server.lnk = I:\Program Files\RealVNC\VNC4\winvnc4.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = I:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1215602231843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1215610436218
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D48E101C-D047-42D2-BCDA-00F4ACB9ABFE}: NameServer = 192.168.0.33
O20 - AppInit_DLLs: ihpfnw.dll
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - I:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - I:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe

--
End of file - 4779 bytes

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

End of post.
[ + quote]
coqui3l
Junior Member
_ 		9. August 2008 @ 15:07 _ Link to this message    Send private message to this user   
Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/08/07 08:26:31

Norman Scanner Engine Version: 5.93.01
Nvcbin.def Version: 5.93.00, Date: 2008/08/07 08:26:31, Variants: 1968419

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3
Logged on user: DESKTOPJUAN\Juan

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "ihpfnw.dll" -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scan started: 09/08/2008 14:36:44


Scanning running processes and process memory...

Number of processes/threads found: 1153
Number of processes/threads scanned: 1153
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 28s


Scanning file system...

Scanning: I:\*.*


Running post-scan cleanup routine:

Number of files found: 4205
Number of archives unpacked: 136
Number of files scanned: 4199
Number of files not scanned: 6
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 2m 6s
[ + quote]
coqui3l
Junior Member
_ 		9. August 2008 @ 17:42 _ Link to this message    Send private message to this user   
windows defender found and removed "Trojan:Win32/Vundo.HT".

vundofix in safemode didn't find anything.
[ + quote]
2oldGeek
AfterDawn Addict
_ 		10. August 2008 @ 11:21 _ Link to this message    Send private message to this user   
ALRIGHT, coqui3l, you did an excellent job of cleanup. That?s what happens when someone can follow directions.



Congratulations your log looks CLEAN

Here is a suggestion to STAY Clean:
Download and install Spywareblaster <= SpywareBlaster will prevent ActiveX and spyware from being installed.

Also, in order to prevent the installation of Trojans and Malware on your machine Please download and install:
Comodo BOClean
This little jewel is an AntiMalware/AntiTrojan program that is very non-invasive. It doesn?t scan for malware that has been installed, it just sits in the tray and captures malware BEFORE it is installed.. It has about 60,000 definitions in the data base and updates 2 or 3 times a week, sometimes. Install this and you?ll never get another Vundo Trojan?..


There are a few things you must do once you are completely clean:

1. Time for some housekeeping

Please download the OTMoveIt2 by OldTimer

? Save it to your desktop.
? Run the tool by clicking on the icon.
? Click the Cleanup button.

? The tools that we used as well as this one will be removed from your system.


2. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.

? Under Main "Select Files to Delete" choose: Select All.
? Click the Empty Selected button.

? If you use Firefox browser click Firefox at the top and choose: Select All
? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.

? If you use Opera browser click Opera at the top and choose: Select All
? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.

? Click Exit on the Main menu to close the program.



3. Now Set a New Restore Point to prevent possible reinfection from an old one.
Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

? Go to Start > Programs > Accessories > System Tools and click "System Restore".

? Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

? Then go to Start > Run and type: Cleanmgr
? Click "OK"
Select the drive you want to clean usually C:
Click OK
When it completes the scan:
? Click the "More Options" Tab.
? Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.


4. Defragment your Hard Drive

1.Open My Computer.
2.Right-click the local disk volume that you want to defragment, and then click Properties.
3.On the Tools tab, click Defragment Now.
4.Click Defragment.




And here are some tips to reduce the potential for spyware infection in the future:


Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.


And also see TonyKlein's good advice
So how did I get infected in the first place?




Enjoy your clean computer. Any questions?

The oldgeek knows how to get the bugs out?. Oops, missed one..




2OG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
coqui3l
Junior Member
_ 		10. August 2008 @ 18:20 _ Link to this message    Send private message to this user   
Thanks 2OG. :) Peace.
[ + quote]
2oldGeek
AfterDawn Addict
_ 		10. August 2008 @ 18:26 _ Link to this message    Send private message to this user   
You are welcome, coqui3l.
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Advertisement
_ 		__
 
_
vcarter15
Newbie
_ 		17. August 2008 @ 23:12 _ Link to this message    Send private message to this user   
Hey Im back again and now I have a cd that is called the reinstallation dvd. My computer did not come with any other disks for the operating system because the os was preinstalled. Is this the correct dvd?
[ + quote]
 
Page:12Next >
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
Findgala. Sticked Failed. HJT Log 8 21. August 2013 Windows - Virus and spyware problems
Pls check my HJT - is it heathy now? 4 14. February 2012 Windows - Virus and spyware problems
Laptop freezes and need re boot. HJT help needed 6 13. February 2012 Windows - Virus and spyware problems
Hi! Can someone take a look at a HJT log please, nasty virus! 1 27. January 2012 Windows - Virus and spyware problems
HJT..... Assist Please 15 31. December 2011 Windows - Virus and spyware problems
Redirections, other random things, HJT log 2 23. May 2011 Windows - Virus and spyware problems
System slow on startup and running loud - HJT log 3 11. May 2011 Windows - Virus and spyware problems
Slow and lagging computer -HJT log 4 30. March 2011 Windows - Virus and spyware problems
computer actin up a lil (HJT log) 3 24. February 2011 Windows - Virus and spyware problems
HJT log, please check 1 24. January 2011 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > userinit.exe and rundll32.exe failed applications please help hjt log included
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork