Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hi, Need help but not good with computers.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hi, Need help but not good with computers.

Unread postby mgcbus65 » November 7th, 2007, 7:06 pm

Hi, This seems like a long list. I hope I did it right. I followed all directions on your site. Any help would be appreciated. Please use simple terms as I am not good with computers. Thanks, George

Logfile of HijackThis v1.99.1
Scan saved at 6:02:12 PM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\AOL\1109124511\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\System32\BhoCitUS.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109124511\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Woxot] "C:\Program Files\??crosoft.NET\w?nlogon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://aol.worldwinner.com/games/v46/sh ... Loader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free- ... .0.0.8.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/be ... eweled.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydi ... 0.0.67.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free- ... uncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4053/ ... brkpie.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free- ... 0.0.33.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free- ... player.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejew ... er_v10.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/free- ... 0.0.47.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://aolsvc.aol.com/onlinegames/free- ... 0.0.22.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
mgcbus65
Regular Member
 
Posts: 32
Joined: November 6th, 2007, 8:29 pm
Advertisement
Register to Remove

Re: Hi, Need help but not good with computers.

Unread postby Katana » November 10th, 2007, 5:04 pm

mgcbus65 wrote: Please use simple terms as I am not good with computers. Thanks, George


Hi George and welcome to the forums :)

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I'll do my best to keep things easy for you :thumbright:


Download and Run ComboFix
  • Download Combofix from one of the two links below :

    Download 1
    Download 2
  • Then double click combofix.exe & follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
ComboFix SHOULD NOT be used without supervision
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby mgcbus65 » November 10th, 2007, 6:11 pm

Hi Katana, Thanks for the reply. I will do this and repost as soon as I complete it. Thanks again, George
mgcbus65
Regular Member
 
Posts: 32
Joined: November 6th, 2007, 8:29 pm

Unread postby mgcbus65 » November 10th, 2007, 9:09 pm

Hi, Here is that list. I did have a window popup as the computer was rebooting. It read nircmd.cfexe.dll application failed to initialize. I had to close that out for it to reboot. Thanks, George

ComboFix 07-11-08.1 - dad 2007-11-10 19:35:44.1 - NTFSx86
Running from: C:\Documents and Settings\dad\Local Settings\Temporary Internet Files\Content.IE5\CGUV57JS\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\Starware
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\cursorcafe.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\cursorcafeA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\games.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\gamesA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\moviesA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\screensaverA.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data.\Starware\contexts\error.xml
C:\Documents and Settings\All Users\Application Data.\Starware\contexts\related.xml
C:\Documents and Settings\All Users\Application Data.\Starware\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data.\Starware\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\dad\Application Data\FNTS~1
C:\Documents and Settings\dad\Application Data\FunWebProducts
C:\Documents and Settings\dad\Application Data\FunWebProducts\Data\dad\avatar.dat
C:\Documents and Settings\dad\Application Data\FunWebProducts\Data\dad\register.dat
C:\Documents and Settings\dad\Application Data\MBOLS~1
C:\Documents and Settings\mom\Application Data\FunWebProducts
C:\Documents and Settings\mom\Application Data\FunWebProducts\Data\mom\wffavs.dat
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\sembly~1
C:\Program Files\crosof~1.net
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\012A283F.urr
C:\Program Files\FunWebProducts\Shared\Cache(2)\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache(2)\SmileyCentralBtn.html
C:\Program Files\ISM
C:\Program Files\ISM\BndDrive7.dll
C:\Program Files\ISM2
C:\Program Files\ISM2\cringupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\hydramedupd.exe
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\ISM2\ISMPack8.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Cache(2)\000C6065.bin
C:\Program Files\MyWebSearch\bar\Cache(2)\000C670C.bin
C:\Program Files\MyWebSearch\bar\Cache(2)\000C698D.bin
C:\Program Files\MyWebSearch\bar\Cache(2)\000C6C0D.bin
C:\Program Files\MyWebSearch\bar\Cache(2)\000C6EFB.bin
C:\Program Files\MyWebSearch\bar\Cache(2)\0210DFB9
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\ScreensaversInst.dll
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\Program Files\smante~1
C:\Program Files\tsks~1
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.

2007-11-10 19:43 <DIR> d-------- C:\Program Files\p2pnetworks
2007-11-10 19:43 <DIR> d-------- C:\Program Files\e-zshopper
2007-11-10 19:43 <DIR> d-------- C:\Program Files\amsys
2007-11-10 19:43 <DIR> d-------- C:\Program Files\akl
2007-11-10 19:43 <DIR> d-------- C:\Program Files\Accoona
2007-11-10 19:43 <DIR> d-------- C:\Program Files\3721
2007-11-10 19:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-06 19:59 28,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys
2007-11-06 01:31 <DIR> d-------- C:\WINDOWS\SYSTEM32\acespy
2007-11-04 11:01 4 --a------ C:\WINDOWS\SYSTEM32\stfv.bin
2007-11-04 10:57 21,248 --a------ C:\WINDOWS\SYSTEM32\ace16win.dll
2007-11-04 01:08 12 --a------ C:\WINDOWS\SYSTEM32\dpqaqlqx.bin
2007-11-04 01:07 123,908 --a------ C:\WINDOWS\SYSTEM32\vvgeowbv.exe
2007-11-04 01:07 27,702 --a------ C:\info.exe
2007-11-04 01:07 21,504 --a------ C:\WINDOWS\SYSTEM32\aivskurq.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 00:43 9,984 ----a-w C:\WINDOWS\kvnab.exe
2007-11-11 00:43 9,728 ----a-w C:\WINDOWS\SYSTEM32\wml.exe
2007-11-11 00:43 9,472 ----a-w C:\WINDOWS\fhfmm-Uninstaller.exe
2007-11-11 00:43 8,192 ----a-w C:\WINDOWS\flt.dll
2007-11-11 00:43 32,256 ----a-w C:\WINDOWS\kkcomp.dll
2007-11-11 00:43 31,488 ----a-w C:\WINDOWS\liqui.exe
2007-11-11 00:43 29,696 ----a-w C:\WINDOWS\kkcomp.exe
2007-11-11 00:43 29,440 ----a-w C:\WINDOWS\ngd.dll
2007-11-11 00:43 29,440 ----a-w C:\WINDOWS\liqad$.exe
2007-11-11 00:43 29,184 ----a-w C:\WINDOWS\dp0.dll
2007-11-11 00:43 28,928 ----a-w C:\WINDOWS\settn.dll
2007-11-11 00:43 28,672 ----a-w C:\WINDOWS\wml.exe
2007-11-11 00:43 28,672 ----a-w C:\WINDOWS\7search.dll
2007-11-11 00:43 28,160 ----a-w C:\WINDOWS\eventlowg.dll
2007-11-11 00:43 27,392 ----a-w C:\WINDOWS\ie_32.exe
2007-11-11 00:43 27,136 ----a-w C:\WINDOWS\xadbrk.dll
2007-11-11 00:43 26,624 ----a-w C:\WINDOWS\hotporn.exe
2007-11-11 00:43 26,112 ----a-w C:\WINDOWS\kkcomp$.exe
2007-11-11 00:43 25,344 ----a-w C:\WINDOWS\liqad.dll
2007-11-11 00:43 24,320 ----a-w C:\WINDOWS\xxxvideo.exe
2007-11-11 00:43 24,320 ----a-w C:\WINDOWS\pbar.dll
2007-11-11 00:43 23,552 ----a-w C:\WINDOWS\daxtime.dll
2007-11-11 00:43 22,528 ----a-w C:\WINDOWS\xadbrk.exe
2007-11-11 00:43 22,528 ----a-w C:\WINDOWS\wbeCheck.exe
2007-11-11 00:43 22,016 ----a-w C:\WINDOWS\kvnab$.exe
2007-11-11 00:43 21,760 ----a-w C:\WINDOWS\liqui-Uninstaller.exe
2007-11-11 00:43 20,992 ----a-w C:\WINDOWS\SYSTEM32\vxddsk.exe
2007-11-11 00:43 20,224 ----a-w C:\WINDOWS\liqui.dll
2007-11-11 00:43 18,944 ----a-w C:\WINDOWS\SYSTEM32\msole32.exe
2007-11-11 00:43 17,664 ----a-w C:\WINDOWS\fhfmm.exe
2007-11-11 00:43 17,408 ----a-w C:\WINDOWS\vxddsk.exe
2007-11-11 00:43 17,408 ----a-w C:\WINDOWS\jd2002.dll
2007-11-11 00:43 16,896 ----a-w C:\WINDOWS\pbsysie.dll
2007-11-11 00:43 15,616 ----a-w C:\WINDOWS\spredirect.dll
2007-11-11 00:43 15,360 ----a-w C:\WINDOWS\SYSTEM32\ESHOPEE.exe
2007-11-11 00:43 14,592 ----a-w C:\WINDOWS\kvnab.dll
2007-11-11 00:43 12,288 ----a-w C:\WINDOWS\aconti.exe
2007-11-11 00:43 12,032 ----a-w C:\WINDOWS\adbar.dll
2007-11-11 00:43 11,520 ----a-w C:\WINDOWS\wbeInst$.exe
2007-11-11 00:43 11,264 ----a-w C:\WINDOWS\cbinst$.exe
2007-11-11 00:43 10,752 ----a-w C:\WINDOWS\iexplorr23.dll
2007-11-11 00:43 10,496 ----a-w C:\WINDOWS\xadbrk_.exe
2007-11-11 00:43 10,496 ----a-w C:\WINDOWS\liqad.exe
2007-11-11 00:43 10,240 ----a-w C:\WINDOWS\hcwprn.exe
2007-11-11 00:42 10,240 ----a-w C:\WINDOWS\764.exe
2007-11-10 23:38 --------- d-----w C:\Program Files\AIM6
2007-11-10 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-26 13:38 --------- d-----w C:\Documents and Settings\dad\Application Data\Viewpoint
2007-10-26 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-18 05:10 --------- d-----w C:\Documents and Settings\dad\Application Data\LimeWire
2007-10-10 23:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-10 23:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-10 23:04 --------- d-----w C:\Documents and Settings\dad\Application Data\InterTrust
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-01-04 23:42 91,720 ----a-w C:\Documents and Settings\dad\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
2007-11-04 01:07 21504 --a------ C:\WINDOWS\system32\aivskurq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-24 23:00]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 02:01]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 19:22]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 11:00]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-21 18:10]
"Lexmark X83 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 10:25]
"Lexmark X83 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 12:42]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 08:21]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 18:02]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 21:50]
"HostManager"="C:\Program Files\Common Files\AOL\1109124511\ee\AOLSoftware.exe" [2006-09-25 19:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 13:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-22 21:12]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-07-06 20:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
"Woxot"="C:\Program Files\??crosoft.NET\w?nlogon.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-07 06:26:28]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet


.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 01:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (GEORGE-dad).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-11-11 00:56:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-beth).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-caitlyn).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:55:23 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-dad).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:55:03 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-dan).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:56:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-mom).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-samantha).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:56:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-tgd).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-tom).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:16:11 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-beth).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-caitlyn).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 00:56:01 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-dad).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-11 00:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-dan).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-11 00:59:00 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-mom).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-11 00:56:01 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-samantha).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-11 00:55:03 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-tom).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 19:57:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-10 19:59:52 - machine was rebooted
.
--- E O F ---
mgcbus65
Regular Member
 
Posts: 32
Joined: November 6th, 2007, 8:29 pm

Unread postby Katana » November 10th, 2007, 9:23 pm

OK, that is one heavily infected machine :shock:

It will take me a while to go through that log, but I will get back to you as soon as I can.

A quick question, did you installArdamax Keylogger ??
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby mgcbus65 » November 10th, 2007, 9:34 pm

Hi, I did not install it. Is it something that I should do? I have 5 children that are always using the internet so I am sure that is most of the problem. Am I correct? Thanks, George
mgcbus65
Regular Member
 
Posts: 32
Joined: November 6th, 2007, 8:29 pm

Unread postby Katana » November 10th, 2007, 9:47 pm

mgcbus65 wrote:Hi, I did not install it. Is it something that I should do? I have 5 children that are always using the internet so I am sure that is most of the problem. Am I correct? Thanks, George

If you did not install it, you may have a problem.
It WAS installed on your computer.
If you did not install it, it means someone may have access to any passwords or other confidential information that you may have typed.

Remote Installer - creates a customized Ardamax Keylogger engine file. You can email this file to your target for remote monitoring.


Check with your family first, if they know nothing about it then read the next paragraph

I'm afraid I have unpleasant news for you. You have evidence of a Very Dangerous infection on this machine.
It is a Remote Keylogger
It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...

If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.
I am sorry to be the bearer of bad news, but it is best that you know the full impact of this infection :(
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby Katana » November 11th, 2007, 8:45 am

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys
    C:\WINDOWS\SYSTEM32\stfv.bin
    C:\WINDOWS\SYSTEM32\ace16win.dll
    C:\WINDOWS\SYSTEM32\dpqaqlqx.bin
    C:\WINDOWS\SYSTEM32\vvgeowbv.exe
    C:\info.exe
    C:\WINDOWS\SYSTEM32\aivskurq.dll
    C:\WINDOWS\kvnab.exe
    C:\WINDOWS\SYSTEM32\wml.exe
    C:\WINDOWS\fhfmm-Uninstaller.exe
    C:\WINDOWS\flt.dll
    C:\WINDOWS\kkcomp.dll
    C:\WINDOWS\liqui.exe
    C:\WINDOWS\kkcomp.exe
    C:\WINDOWS\ngd.dll
    C:\WINDOWS\liqad$.exe
    C:\WINDOWS\dp0.dll
    C:\WINDOWS\settn.dll
    C:\WINDOWS\wml.exe
    C:\WINDOWS\7search.dll
    C:\WINDOWS\eventlowg.dll
    C:\WINDOWS\ie_32.exe
    C:\WINDOWS\xadbrk.dll
    C:\WINDOWS\hotporn.exe
    C:\WINDOWS\kkcomp$.exe
    C:\WINDOWS\liqad.dll
    C:\WINDOWS\xxxvideo.exe
    C:\WINDOWS\pbar.dll
    C:\WINDOWS\daxtime.dll
    C:\WINDOWS\xadbrk.exe
    C:\WINDOWS\wbeCheck.exe
    C:\WINDOWS\kvnab$.exe
    C:\WINDOWS\liqui-Uninstaller.exe
    C:\WINDOWS\SYSTEM32\vxddsk.exe
    C:\WINDOWS\liqui.dll
    C:\WINDOWS\SYSTEM32\msole32.exe
    C:\WINDOWS\fhfmm.exe
    C:\WINDOWS\vxddsk.exe
    C:\WINDOWS\jd2002.dll
    C:\WINDOWS\pbsysie.dll
    C:\WINDOWS\spredirect.dll
    C:\WINDOWS\SYSTEM32\ESHOPEE.exe
    C:\WINDOWS\kvnab.dll
    C:\WINDOWS\aconti.exe
    C:\WINDOWS\adbar.dll
    C:\WINDOWS\wbeInst$.exe
    C:\WINDOWS\cbinst$.exe
    C:\WINDOWS\iexplorr23.dll
    C:\WINDOWS\xadbrk_.exe
    C:\WINDOWS\liqad.exe
    C:\WINDOWS\hcwprn.exe
    C:\WINDOWS\764.exe
    
    Folder::
    C:\WINDOWS\SYSTEM32\acespy
    C:\Program Files\p2pnetworks
    C:\Program Files\e-zshopper
    C:\Program Files\amsys
    C:\Program Files\akl
    C:\Program Files\Accoona
    C:\Program Files\akl
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Woxot"=-
    
    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"=-
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Hi, Need help but not good with computers.

Unread postby mgcbus65 » November 11th, 2007, 7:09 pm

Hi, I don't believe anyone installed it here. It there anything to do to get rid of it or is that part of what you are helping me with? Thanks, George

ComboFix 07-11-08.1 - dad 2007-11-11 17:40:30.2 - NTFSx86
Running from: C:\Documents and Settings\dad\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\dad\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\info.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\SYSTEM32\ace16win.dll
C:\WINDOWS\SYSTEM32\aivskurq.dll
C:\WINDOWS\SYSTEM32\dpqaqlqx.bin
C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys
C:\WINDOWS\SYSTEM32\ESHOPEE.exe
C:\WINDOWS\SYSTEM32\msole32.exe
C:\WINDOWS\SYSTEM32\stfv.bin
C:\WINDOWS\SYSTEM32\vvgeowbv.exe
C:\WINDOWS\SYSTEM32\vxddsk.exe
C:\WINDOWS\SYSTEM32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\info.exe
C:\Program Files\3721
C:\Program Files\Accoona
C:\Program Files\akl
C:\Program Files\amsys
C:\Program Files\e-zshopper
C:\Program Files\p2pnetworks
C:\WINDOWS\SYSTEM32\ace16win.dll
C:\WINDOWS\SYSTEM32\acespy
C:\WINDOWS\SYSTEM32\acespy\__acelog.ndx
C:\WINDOWS\SYSTEM32\acespy\systune.exe
C:\WINDOWS\SYSTEM32\aivskurq.dll
C:\WINDOWS\SYSTEM32\dpqaqlqx.bin
C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys
C:\WINDOWS\SYSTEM32\stfv.bin
C:\WINDOWS\SYSTEM32\vvgeowbv.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.

2007-11-10 19:32 51,200 --a------ C:\WINDOWS\NirCmd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 23:38 --------- d-----w C:\Program Files\AIM6
2007-11-10 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-26 13:38 --------- d-----w C:\Documents and Settings\dad\Application Data\Viewpoint
2007-10-26 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-18 05:10 --------- d-----w C:\Documents and Settings\dad\Application Data\LimeWire
2007-10-10 23:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-10 23:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-10 23:04 --------- d-----w C:\Documents and Settings\dad\Application Data\InterTrust
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-01-04 23:42 91,720 ----a-w C:\Documents and Settings\dad\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-24 23:00]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 02:01]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 19:22]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 11:00]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-21 18:10]
"Lexmark X83 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 10:25]
"Lexmark X83 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 12:42]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 08:21]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 18:02]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 21:50]
"HostManager"="C:\Program Files\Common Files\AOL\1109124511\ee\AOLSoftware.exe" [2006-09-25 19:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 13:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-22 21:12]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-07-06 20:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 01:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (GEORGE-dad).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-11-11 22:56:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-beth).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 22:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-caitlyn).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 22:56:49 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-dad).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 23:00:01 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-dan).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 22:56:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-mom).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 22:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-samantha).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 22:56:01 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-tgd).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 22:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-tom).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 22:16:00 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-beth).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 22:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-caitlyn).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-11 22:56:01 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-dad).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-11 22:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-dan).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-11 22:59:01 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-mom).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-11 22:56:01 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-samantha).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-11 23:00:01 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-tom).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 17:52:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 18:00:50 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-10 19:59
.
--- E O F ---
mgcbus65
Regular Member
 
Posts: 32
Joined: November 6th, 2007, 8:29 pm

Re: Hi, Need help but not good with computers.

Unread postby Katana » November 11th, 2007, 7:24 pm

mgcbus65 wrote:Hi, I don't believe anyone installed it here. It there anything to do to get rid of it or is that part of what you are helping me with?

After looking at the log properly I doubt anyone there installed it.
The first run of ComboFix deleted it, but it showed as being created immediately again.
It was definitely a nasty.
There were several other variants of keyloggers in the log, so I would definitely take measures to stop identity theft and call your bank (if you do online banking/shopping)
See the quote box above for more information on what to do.
Let's have another scan to make sure we got it all.
Kaspersky Online Scanner .

Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Hi, Need help but not good with computers.

Unread postby mgcbus65 » November 12th, 2007, 1:21 pm

Hi, I did as you said and saved the log but everytime I try to post it the computer says internet explorer encountered an add on and it wont post it. It tells me that internet explorer must close. the add on name is aoltb.dll also tried to email it through aol to another computer but says the same thing. I can open email from that computer just can't send it. I wrote this from another computer. Thanks, George
mgcbus65
Regular Member
 
Posts: 32
Joined: November 6th, 2007, 8:29 pm

Re: Hi, Need help but not good with computers.

Unread postby Katana » November 12th, 2007, 1:56 pm

Did you save the web page ?
Open the log, and try to copy/paste the text
You may need more tan one post
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Hi, Need help but not good with computers.

Unread postby mgcbus65 » November 12th, 2007, 6:38 pm

It wont let me post anything
mgcbus65
Regular Member
 
Posts: 32
Joined: November 6th, 2007, 8:29 pm

Re: Hi, Need help but not good with computers.

Unread postby mgcbus65 » November 12th, 2007, 7:01 pm

I tried to make the log two parts but it still says that aoltb.dll addon is running and internet explorer has encountered a problom and must close. The log is very large. Thanks, George
mgcbus65
Regular Member
 
Posts: 32
Joined: November 6th, 2007, 8:29 pm

Re: Hi, Need help but not good with computers.

Unread postby mgcbus65 » November 12th, 2007, 7:02 pm

If I type a message I can post it from the troubled computer with no problems. Thanks
mgcbus65
Regular Member
 
Posts: 32
Joined: November 6th, 2007, 8:29 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware