Hi Bio,
This time the buggard bit the dust. The MBAM ran for almost 2 hours and worked as adverticed. Afterwards I ran ComboFix and Hijack . I am including the logs from all 3.
Facinating stuff when one gets under the covers. Thank you for your patience and help to achieve this victory. BTW is anybody attempting to find out who are behind such capers. Since they want the victims to buy their solution to the problem they created in the first place one might possibly follow the money excanged for the service. Extortion comes to mind and as far as I know that is plain illegal.
Well anyway, the logs are listed below.
Thanks again Bio.
Regards from
Johs. in Vermont (and you should see the Fall colors this week. Spectacular)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:46 PM, on 10/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\COMMON~1\AOL\115522~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\AOL\115522~1\EE\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\explorer.exe
C:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155222575\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: enshutil - {06214B7E-A79D-CAAB-4DA3-0528E741892C} - C:\Program Files\befabg\enshutil.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
--
E
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ComboFix 08-10-08.05 - Owner 2008-10-09 13:12:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1474 [GMT -4:00]
Running from: C:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\LocalService\Application Data\twain_32
C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds
C:\Program Files\INSTALL.LOG
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SYSREST.SYS
((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
.
2008-10-09 12:10 . 2008-10-09 12:10 <DIR> d-------- C:\Documents and Settings\Owner.HOMEPC\Application Data\Malwarebytes
2008-10-09 12:10 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-09 12:10 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-09 12:09 . 2008-10-09 12:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 12:09 . 2008-10-09 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-09 12:08 . 2008-10-07 19:50 4,608,744 --a------ C:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2008-10-09 12:08 . 2008-10-08 10:09 2,189,864 --a------ C:\mbam-setup.exe
2008-10-09 12:08 . 2008-09-29 18:28 28,160 --a------ C:\rundll32 setupapi.doc
2008-10-09 12:08 . 1991-02-07 13:00 430 --a------ C:\SFINSTAL.DIR
2008-10-09 12:08 . 2006-01-05 10:12 0 --a------ C:\CONFIG.BAK
2008-10-07 17:24 . 2008-10-07 17:24 <DIR> d-------- C:\Program Files\Belarc
2008-10-07 17:24 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-10-05 11:35 . 2008-10-09 13:04 2,939,457 -ra------ C:\ComboFix.exe
2008-10-04 15:23 . 2008-10-09 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\jorgrurg
2008-10-02 15:38 . 2008-09-29 18:37 396,288 --a------ C:\HijackThis.exe
2008-10-02 15:16 . 2008-10-02 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\zmzunony
2008-09-26 18:33 . 2008-04-13 20:12 26,112 --a------ C:\WINDOWS\system32\stus.exe
2008-09-26 18:21 . 2008-09-26 18:21 <DIR> d-------- C:\WINDOWS\Application Data
2008-09-26 18:21 . 2008-09-26 18:21 <DIR> d-------- C:\Program Files\befabg
2008-09-26 18:21 . 2008-09-26 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\onwxajgp
2008-09-26 18:20 . 2008-09-26 18:20 94,208 --a------ C:\WINDOWS\system32\wlyzelml.exe
2008-09-24 16:57 . 2008-09-24 16:57 364 --a------ C:\WINDOWS\system32\MRT.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 00:49 19,968 ----a-w C:\
0xf9.exe
2008-10-05 17:32 470 ----a-w C:\Documents and Settings\Owner.HOMEPC\Application Data\wklnhst.dat
2008-09-26 22:33 8,192 ----a-w C:\WINDOWS\system32\userinit.exe
2008-09-07 21:21 --------- d-----w C:\Program Files\Raxco
2008-09-07 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-09-07 18:38 --------- d-----w C:\Program Files\America Online 9.0
2008-09-07 18:38 --------- d-----w C:\Documents and Settings\Owner.HOMEPC\Application Data\AOL
2008-08-11 19:10 --------- d-----w C:\Program Files\Bodog Poker
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-08-28 00:55 880 ----a-w C:\Program Files\Data.cfg
2007-05-27 14:05 5,149,152 ----a-w C:\Program Files\rminstall.exe
2006-02-24 17:20 917,504 ----a-w C:\Program Files\WirelessCfg.exe
2006-02-24 17:20 90,112 ----a-w C:\Program Files\Mrv8000x.dll
2005-11-11 19:43 49,152 ----a-w C:\Program Files\AutoLinkLib.dll
2005-11-11 19:43 1,327,195 ----a-w C:\Program Files\odSupp_M.dll
2002-07-26 21:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
.
------- Sigcheck -------
2005-05-25 22:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-04-20 15:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 06:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2005-05-25 22:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 15:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 07:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 07:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-10 15:00 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-09-26 18:33 8192 8f936db8d2498e0c837cecf93afff871 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-10 169984]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"HostManager"="C:\Program Files\Common Files\AOL\1155222575\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-30 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-30 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-10 98304]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-07-09 2577120]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2007-08-07 303344]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2007-08-07 13552]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 C:\WINDOWS\arpwrmsg.exe]
"CHotkey"="zHotkey.exe" [2004-12-08 C:\WINDOWS\zHotkey.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-09 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2005-11-30 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 113664]
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2006-08-10 2168360]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"enshutil"= {06214B7E-A79D-CAAB-4DA3-0528E741892C} - C:\Program Files\befabg\enshutil.dll [2008-09-26 126976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1155222575\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Marvell\\Mrv8000x.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 2\\PhotoshopElements.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 MRV6X32P;Vista 32-bits Native WiFi Driver;C:\WINDOWS\system32\DRIVERS\MRVW13B.sys [2006-11-02 253952]
S3 Radialpoint Security Services;Verizon Internet Security Suite;C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120]
S3 WlanUIG;NB 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-06-18 379456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44099d41-287f-11db-8c3a-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
SharedTaskScheduler-IPC Configuration Utility - (no file)
SharedTaskScheduler-{020487CC-FC04-4B1E-863F-D9801796230B} - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) =
hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-09 13:13:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-09 13:17:08
ComboFix-quarantined-files.txt 2008-10-09 17:16:58
Pre-Run: 225,170,202,624 bytes free
Post-Run: 225,142,247,424 bytes free
199 --- E O F --- 2008-09-24 20:57:11
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Malwarebytes' Anti-Malware 1.28
Database version: 1248
Windows 5.1.2600 Service Pack 3
10/9/2008 12:46:19 PM
mbam-log-2008-10-09 (12-45-17).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 128557
Time elapsed: 33 minute(s), 46 second(s)
Memory Processes Infected: 15
Memory Modules Infected: 1
Registry Keys Infected: 37
Registry Values Infected: 40
Registry Data Items Infected: 8
Folders Infected: 17
Files Infected: 149
Memory Processes Infected:
C:\Program Files\Microsoft Security Adviser\msctrl.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Microsoft Security Adviser\msavsc.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Microsoft Security Adviser\msscan.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Microsoft Security Adviser\msiemon.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Microsoft Security Adviser\msfw.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\runsql.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\sv.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\svzip.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\svhoster.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\vlc.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\svw.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\svc.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\lphcpc2j0e9de.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Microsoft Security Adviser\mssadv.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\wdmon.exe (Trojan.FakeAlert) -> No action taken.
Memory Modules Infected:
C:\WINDOWS\system32\blphcpc2j0e9de.scr (Trojan.FakeAlert) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{020487cc-fc04-4b1e-863f-d9801796230b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhctc2j0e9de (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sysrest.sys (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\updatewin (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kyvf4zfvwo (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msctrl.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msctrl.exe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msavsc.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msavsc.exe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msscan.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msscan.exe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiemon.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiemon.exe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msfw.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msfw.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runsql (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netsv32 (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netzip (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net64 (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlc (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netw (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netc (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpc2j0e9de (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhctc2j0e9de (Rogue.AntivirusXP2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhctc2j0e9de (Rogue.AntivirusXP2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wdmon (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssadv.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssadv.exe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> No action taken.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> No action taken.
C:\Program Files\akl (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Application Data\rhctc2j0e9de (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Application Data\rhctc2j0e9de\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Application Data\rhctc2j0e9de\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Application Data\rhctc2j0e9de\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Application Data\rhctc2j0e9de\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Application Data\rhctc2j0e9de\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Application Data\rhctc2j0e9de\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Application Data\rhctc2j0e9de\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Application Data\rhctc2j0e9de\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Application Data\rhctc2j0e9de\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Application Data\rhctc2j0e9de\Quarantine\Packages (Rogue.Multiple) -> No action taken.
Files Infected:
C:\WINDOWS\system32\3076l.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Documents and Settings\All Users\Application Data\jorgrurg\zuxyjgxe.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Program Files\Microsoft Security Adviser\msctrl.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Microsoft Security Adviser\msavsc.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Microsoft Security Adviser\msscan.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Microsoft Security Adviser\msiemon.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Microsoft Security Adviser\msfw.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\runsql.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\sv.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\svzip.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\svhoster.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\vlc.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\svw.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\svc.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\lphcpc2j0e9de.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\msavsc.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\msctrl.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\msfw.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\msiemon.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\mssadv.dll (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\msscan.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Desktop\msavsc.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Desktop\mssadv.dll (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt16F.tmp.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\60325cahp25caa.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\60325cahp25cab.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\60325cahp25cac.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\60325cahp25cad.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\60325cahp25cae.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\60325cahp25caf.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\60325cahp25cag.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\60325cahp25cah.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\60325cahp25cai.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\329011731.exe (Malware.Trace) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temporary Internet Files\Content.IE5\08ARR3EK\p[1].exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\tmp2280948.log (Trojan.Downloader) -> No action taken.
C:\WINDOWS\tmp4927050.log (Trojan.Downloader) -> No action taken.
C:\WINDOWS\tmp4995811.log (Trojan.Downloader) -> No action taken.
C:\Program Files\Microsoft Security Adviser\msctrl.log (Trojan.Downloader) -> No action taken.
C:\Program Files\Microsoft Security Adviser\msctrl2.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Microsoft Security Adviser\msctrl2.log (Trojan.Downloader) -> No action taken.
C:\Program Files\Microsoft Security Adviser\mssadv.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Microsoft Security Adviser\mssadv.log (Trojan.Downloader) -> No action taken.
C:\Program Files\Microsoft Security Adviser\mssadv_sp.log (Trojan.Downloader) -> No action taken.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\svx.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\wdmon.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\bdn.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\system32\blphcpc2j0e9de.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcpc2j0e9de.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\pphcpc2j0e9de.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> No action taken.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Application Data\config.cfg (Malware.Trace) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Application Data\~tmp.html (Malware.Trace) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt10.tmp.vbs (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt15.tmp.vbs (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt1D.tmp.vbs (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt1E.tmp.vbs (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt1F.tmp.vbs (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt21.tmp.vbs (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt22.tmp.vbs (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt7.tmp.vbs (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt8.tmp.vbs (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.tt9.tmp.vbs (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.ttA.tmp.vbs (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.ttD.tmp.vbs (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\.ttE.tmp.vbs (Trojan.FakeAlert) -> No action tak