userinit.exe and rundll32.exe failed applications please help HJT log included

vcarter15 · Aug 5, 2008

I have gone through the steps and scans mentioned by the forum. When my computer starts userinit.exe error comes up saying that there has been an application failure, click to terminate. After clicking twice the desktop loads only the background. I then use task manager command for the control panel which jump starts the desktop loading. But, many applications, upon being clicked, show rundll32.exe error with the same message as above.

Here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:32 PM, on 8/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL

Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak

Software Updater.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=506112

9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL

=

www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=506112

9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.co

m
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class -

{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM

Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}

- C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215}

- (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no

file)
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no

file)
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {164576FE-2866-4C6B-94B7-4E99341AD6EE} -

C:\WINDOWS\system32\khfdDWml.dll (file missing)
O2 - BHO: (no name) - {413e1860-2aa7-4406-b58e-42b839a1eecc} - (no

file)
O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no

file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no

file)
O2 - BHO: (no name) - {91B7E723-3E63-4DE5-A018-1CDE38F9080D} - (no

file)
O2 - BHO: (no name) - {9A50B2AF-3B2B-47DD-AECD-5D80A886F504} -

C:\WINDOWS\system32\urqOEvSK.dll (file missing)
O2 - BHO: (no name) - {A497D33D-69D0-4017-A824-C1FC587999D4} - (no

file)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no

file)
O2 - BHO: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no

file)
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no

file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -

C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no

file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no

file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI

Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program

Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI]

C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program

Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program

Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton

AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common

Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m

"C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program

Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell

Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search

& Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh

Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IFStub] C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools

Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d

locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LimeWire Turbo Accelerator] "C:\Program

Files\LimeWire Turbo Accelerator\LimeWire Turbo Accelerator.exe" -tray
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"

/tray
O4 - HKCU\..\Run:

[C:\DOCUME~1\MARKHA~1\LOCALS~1\Temp\IXP001.TMP\INRFQHIS.exe]

C:\DOCUME~1\MARKHA~1\LOCALS~1\Temp\IXP001.TMP\INRFQHIS.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk =

C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program

Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program

Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software

Updater.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft

SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim

toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578}

- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -

http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: zfdtuj.dll
O20 - Winlogon Notify: urqOEvSK - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec

Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program

Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown

owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13514 bytes

Here is the Kaspersky program log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 4, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 04, 2008 16:07:43
Records in database: 1053458
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - File:

Scan statistics:
Files scanned: 69820
Threat name: 2
Infected objects: 42
Suspicious objects: 0
Duration of the scan: 01:45:10

File name / Threat name / Threats count
C:\WINDOWS\system32\zfdtuj.dll/C:\WINDOWS\system32\zfdtuj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cat 36
C:\WINDOWS\System32\zfdtuj.dll/C:\WINDOWS\System32\zfdtuj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cat 4
C:\Documents and Settings\Mark Harper\My Documents\FrostWire\Saved\tech n9ne killer.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\WINDOWS\system32\zfdtuj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cat 1

The selected area was scanned.

I was hoping someone could look at my HJT log and tell me how to get rid of the userinit.exe and rundll32.exe problems.

2oldGeek · Aug 5, 2008

Hi vcarter15,

First repair your System Files.

To repair your system you will need to run SFC /scannow
For instructions go to:

http://www.bleepingcomputer.com/forums/topic43051.html
or
http://www.updatexp.com/scannow-sfc.html

Then post a HijackThis Log and uncheck the wordwrap in notepad. Then maybe someone can help you with removing the Malware.

vcarter15 · Aug 5, 2008

Can I repair my system files without my xp disk. I have the i386 folder but my cd is at home and I am on vacation? If not, is it possible to use another xp disk to obtain the files I need?

2oldGeek · Aug 5, 2008

Try, it may not ask you for a cd.

If i386 is on your disk and the reg entry is set to look for it on a cd then it can be changed.

Tells you how here: http://www.updatexp.com/scannow-sfc.html

2oldGeek · Aug 5, 2008

You will need to tell your computer you now have the files on your PC.

We do this is the registry (type regedit in the Run box on the start menu) by navigating to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Setup

You will see various entries here on the right hand side. The one we want is called:

SourcePath

It probably has an entry pointing to your CD-ROM drive, and that is why it is asking for the XP CD. All we need to do is change it to:

C:\

Simply double click the SourcePatch setting and a new box will pop up allowing you to make the change.

Now restart your computer and try sfc /scannow again!

EDIT My i386 is in C:\Windows you may need to use that.

vcarter15 · Aug 5, 2008

My i386 file is in the C drive but not under windows and sourcepath has it set for the c drive but sfc still asks for a service pack 3 cd. My original cd did not include any of the service packs to my knowledge. I updated my windows with service pack 3 via windows update.

Where to now?

2oldGeek · Aug 6, 2008

Maybe we can get by without it right now..

First.. open Notepad goto -> format and uncheck Wordwrap.. then post a new HJT Log. I can’t read it with wordwrap checked..

Thanks
2OG

vcarter15 · Aug 6, 2008

I will not have internet for the next week but when i get home I will have the windows cd to repair my system. Then I post the HJT log. My computer does not get the internet where I am at this time so I cannot get the report to you now.

2oldGeek · Aug 6, 2008

Just, when you can….

We’ll try to get the bugs out…..

vcarter15 · Aug 7, 2008

I just tried to start the laptop and it will not boot once it reaches the black screen that should say Windows XP Media Center Edition

2oldGeek · Aug 7, 2008

Hold down the f-8 key when you boot and see if you can get into Safe Mode..

vcarter15 · Aug 7, 2008

The computer beeps when I press it.

2oldGeek · Aug 7, 2008

let it beep.. but it will then go to safe mod, or not...

vcarter15 · Aug 7, 2008

no I think windows is gone because the windows startup does not occur nor is there anything saying windows on the screen.

2oldGeek · Aug 7, 2008

Check, you may have a recovery partition on your HDD sometimes F10 gets you into it when booting. Do you see the BIOS Screen?

vcarter15 · Aug 7, 2008

F2 takes me to BIOS setup. Is that what you mean? It also has a booting priority list.

2oldGeek · Aug 7, 2008

NO, look at the bottom of the screen as you boot up, it should give you a key to press for Recovery - if you don't have one contact the manufacturer or get an installation disk.. That's all I can tell you.
I work with malware not computer failure.....

vcarter15 · Aug 7, 2008

Thanks for the help I will get the disk when I get home.

coqui3l · Aug 9, 2008

hi again 2OG,

I'm posting in this thread to conserve energy (?) since my issue is identical to the first post in this thread. Here's what I've done so far thanks to this great forum:

1. ran "explorer.exe" under Windows Task Manager to get icons and taskbar back.
2. ran scannow from win xp cd to fix damaged system files; the progress bar ran to the end and then the dialog box just disappeared without anything more such as a confirmation that the process completed successfully; so i'm not sure if scannow completed successfully.
3. ran malwarebytes' antimalware(mbam) (latest updates couldn't be had since internet connection screwed) and the log follows below.
4. ran combofix and the log follows below.
5. ran superantispyware (with latest updates since internet connection restored) and the log follows below.
6. ran trendmicro's online housecall and the only thing detected were tracking cookies, which I directed to be deleted/removed.
7. ran mbam again (this time with latest updates since internet connection restored since last run) and the log follows below.
8. ran hijackthis and the log follows below.

That's it. Please help! Logs follow.

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 3

3:00:01 AM 8/9/2008
mbam-log-8-9-2008 (03-00-01).txt

Scan type: Full Scan (I:\|)
Objects scanned: 74711
Time elapsed: 26 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 29
Registry Values Infected: 12
Registry Data Items Infected: 2
Folders Infected: 10
Files Infected: 100

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
I:\WINDOWS\system32\hgGvvwuU.dll (Trojan.Vundo) -> Delete on reboot.
I:\WINDOWS\system32\ihpfnw.dll (Trojan.Vundo) -> Delete on reboot.
I:\WINDOWS\system32\pmnlkIyw.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b1d668c-5e87-4253-a30b-84ef33dd9d6f} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1b1d668c-5e87-4253-a30b-84ef33dd9d6f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ac8dcdfb-0497-4db7-ae2f-a435abd28cf9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ac8dcdfb-0497-4db7-ae2f-a435abd28cf9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{748d6ea8-cd59-4682-91e7-af92f4f2d40e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{748d6ea8-cd59-4682-91e7-af92f4f2d40e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlkiyw (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{629340b5-8df6-4211-9245-a86563a35792} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{65742936-8079-408b-9f3c-874b78030a72} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ascwarning32.warningbho (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ascwarning32.warningbho.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{58472bc6-bea3-42d4-8917-7a8bcb0711b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58472bc6-bea3-42d4-8917-7a8bcb0711b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\asc 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Adsl Software Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\000000af (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{748d6ea8-cd59-4682-91e7-af92f4f2d40e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{629340b5-8df6-4211-9245-a86563a35792} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{65742936-8079-408b-9f3c-874b78030a72} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{65742936-8079-408b-9f3c-874b78030a72} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm9f7a93c5 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: i:\windows\system32\hggvvwuu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: i:\windows\system32\hggvvwuu -> Delete on reboot.

Folders Infected:
I:\Program Files\ASC 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
I:\Program Files\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\kBin02 (Trojan.Agent) -> Quarantined and deleted successfully.
I:\Program Files\WAV (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
I:\WINDOWS\system32\hgGvvwuU.dll (Trojan.Vundo) -> Delete on reboot.
I:\WINDOWS\system32\UuwvvGgh.ini (Trojan.Vundo) -> Delete on reboot.
I:\WINDOWS\system32\UuwvvGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\ihpfnw.dll (Trojan.Vundo) -> Delete on reboot.
I:\WINDOWS\system32\grcfjvyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\uyvjfcrg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\pmnlkIyw.dll (Trojan.Vundo) -> Delete on reboot.
I:\Program Files\Web Technologies\iebr.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\Adsl Software Ltd\WinSpywareProtect\Winspywareprotect.exe (Rogue.Installer) -> Quarantined and deleted successfully.
I:\Documents and Settings\Chino\Local Settings\Temp\josdsiwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Documents and Settings\Chino\Local Settings\Temp\qwvrmuxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Documents and Settings\Chino\Local Settings\Temp\urlefcwm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Documents and Settings\Chino\Local Settings\Temp\ymspwocu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Documents and Settings\Chino\Local Settings\Temporary Internet Files\Content.IE5\1I7DPL1M\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Documents and Settings\Chino\Local Settings\Temporary Internet Files\Content.IE5\KT11BFFN\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Program Files\ASC 2.1\ASC 2.1.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\kqyyugos.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\pmnoMDVP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\qrpqiekj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\vmrlcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\ugcebhru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Program Files\Web Technologies\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Program Files\Web Technologies\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Program Files\Web Technologies\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Program Files\Web Technologies\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Program Files\Web Technologies\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Program Files\Web Technologies\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Program Files\WAV\wav.cpl (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
I:\Program Files\WAV\wav.exe (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
I:\Program Files\WAV\wav0.dat (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
I:\Program Files\WAV\wav1.dat (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080711151711562.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080712115842312.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080712193340578.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080713110331515.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080713152306515.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080713152802609.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080713154458765.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080713160507046.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080713230534718.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080714085159015.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080714111238312.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080714145617937.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080715163937968.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080715221726046.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080716084335343.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080716133336421.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080716162904375.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080717001820671.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080717083131531.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080717144611703.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080717144853046.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080717152507609.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080717174341562.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080718102725250.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080718144858703.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080718165917984.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080718185223359.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080718211318218.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080719204932343.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080720121712718.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080720213310437.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080721085153687.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080721145910015.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080721175015218.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080722141328515.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080722201905609.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080723093304953.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080723122359546.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080724131107796.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080725085009828.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080725085218593.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080725125520484.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080725155039562.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080725161511375.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080725161716875.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080725205834796.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080726013207359.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080726105932890.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080726155914453.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080726222943859.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080727010626578.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080727124116406.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080727124302546.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080727171628500.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080727181614703.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080727224600765.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080728082007312.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080728130159671.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080728180354000.log (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\wav.cpl (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\mdofeuwi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
I:\WINDOWS\BM9f7a93c5.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\BM9f7a93c5.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Documents and Settings\Juan\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\Documents and Settings\Juan\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Documents and Settings\Juan\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Documents and Settings\Juan\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
I:\Documents and Settings\Juan\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

ComboFix 08-08-08.07 - Juan 2008-08-09 3:08:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.344 [GMT -4:00]
Running from: I:\Documents and Settings\Juan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Documents and Settings\Bruce\Application Data\macromedia\Flash Player\#SharedObjects\DE7RVP2P\interclick.com
I:\Documents and Settings\Bruce\Application Data\macromedia\Flash Player\#SharedObjects\DE7RVP2P\interclick.com\ud.sol
I:\Documents and Settings\Bruce\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
I:\Documents and Settings\Bruce\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
I:\Documents and Settings\Chino\Application Data\macromedia\Flash Player\#SharedObjects\8EYHB8G5\interclick.com
I:\Documents and Settings\Chino\Application Data\macromedia\Flash Player\#SharedObjects\8EYHB8G5\interclick.com\ud.sol
I:\Documents and Settings\Chino\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
I:\Documents and Settings\Chino\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
I:\Documents and Settings\Juan\Application Data\macromedia\Flash Player\#SharedObjects\FHNTXTXE\interclick.com
I:\Documents and Settings\Juan\Application Data\macromedia\Flash Player\#SharedObjects\FHNTXTXE\interclick.com\ud.sol
I:\Documents and Settings\Juan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
I:\Documents and Settings\Juan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
I:\WINDOWS\pskt.ini
I:\WINDOWS\system32\ihpfnw.dll
I:\WINDOWS\system32\MSINET.oca
I:\WINDOWS\system32\pujdgijh.dll
I:\WINDOWS\system32\rpbciyst.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

2008-08-09 01:58 . 2008-08-09 01:58 <DIR> d-------- I:\Documents and Settings\Juan\Application Data\Malwarebytes
2008-08-09 01:57 . 2008-08-09 01:58 <DIR> d-------- I:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 01:57 . 2008-08-09 01:57 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 01:57 . 2008-07-30 20:07 38,472 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-09 01:57 . 2008-07-30 20:07 17,144 --a------ I:\WINDOWS\system32\drivers\mbam.sys
2008-08-08 22:19 . 2008-08-08 22:19 <DIR> d-------- I:\Program Files\Trend Micro
2008-08-08 21:24 . 2001-08-17 13:28 771,581 --a--c--- I:\WINDOWS\system32\dllcache\winacisa.sys
2008-08-08 21:23 . 2001-08-17 13:28 765,884 --a--c--- I:\WINDOWS\system32\dllcache\usrti.sys
2008-08-08 21:22 . 2001-08-17 13:28 794,654 --a--c--- I:\WINDOWS\system32\dllcache\usr1801.sys
2008-08-08 21:21 . 2001-08-17 22:36 525,568 --a--c--- I:\WINDOWS\system32\dllcache\tridxp.dll
2008-08-08 21:20 . 2001-08-17 14:01 241,664 --a--c--- I:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-08-08 21:19 . 2001-08-17 14:56 172,768 --a--c--- I:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-08-08 21:18 . 2001-08-17 12:18 285,760 --a--c--- I:\WINDOWS\system32\dllcache\stlnata.sys
2008-08-08 21:17 . 2001-08-17 14:56 147,200 --a--c--- I:\WINDOWS\system32\dllcache\smidispb.dll
2008-08-08 21:16 . 2001-08-17 14:56 252,032 --a--c--- I:\WINDOWS\system32\dllcache\sis300iv.dll
2008-08-08 21:15 . 2001-08-17 22:36 495,616 --a--c--- I:\WINDOWS\system32\dllcache\sblfx.dll
2008-08-08 21:14 . 2001-08-17 14:56 245,632 --a--c--- I:\WINDOWS\system32\dllcache\s3savmx.dll
2008-08-08 21:13 . 2001-08-17 13:28 899,146 --a--c--- I:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-08-08 21:12 . 2008-04-13 20:12 363,520 --a--c--- I:\WINDOWS\system32\dllcache\psisdecd.dll
2008-08-08 21:11 . 2008-04-13 20:10 259,328 --a--c--- I:\WINDOWS\system32\dllcache\perm3dd.dll
2008-08-08 21:10 . 2001-08-17 14:05 351,616 --a--c--- I:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-08-08 21:09 . 2008-04-13 14:31 2,023,936 --a--c--- I:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-08-08 21:08 . 2001-08-17 12:11 128,000 --a--c--- I:\WINDOWS\system32\dllcache\n100325.sys
2008-08-08 21:07 . 2001-08-17 12:50 320,384 --a--c--- I:\WINDOWS\system32\dllcache\mgaum.sys
2008-08-08 21:06 . 2001-08-17 13:28 802,683 --a--c--- I:\WINDOWS\system32\dllcache\ltsm.sys
2008-08-08 21:05 . 2008-04-13 20:11 253,952 --a--c--- I:\WINDOWS\system32\dllcache\kdsusd.dll
2008-08-08 21:04 . 2008-04-13 20:12 151,552 --a--c--- I:\WINDOWS\system32\dllcache\irftp.exe
2008-08-08 21:03 . 2008-04-13 20:11 702,845 --a--c--- I:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-08-08 21:02 . 2001-08-17 13:28 542,879 --a--c--- I:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-08-08 21:01 . 2001-08-17 13:28 907,456 --a--c--- I:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-08-08 21:00 . 2001-08-17 14:56 1,733,120 --a--c--- I:\WINDOWS\system32\dllcache\g400d.dll
2008-08-08 20:59 . 2001-08-17 13:28 595,647 --a--c--- I:\WINDOWS\system32\dllcache\es56cvmp.sys
2008-08-08 20:58 . 2001-08-17 13:28 634,134 --a--c--- I:\WINDOWS\system32\dllcache\el656ct5.sys
2008-08-08 20:57 . 2001-08-17 12:14 952,007 --a--c--- I:\WINDOWS\system32\dllcache\diwan.sys
2008-08-08 20:56 . 2008-04-13 20:11 249,856 --a--c--- I:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-08-08 20:55 . 2001-08-17 12:13 980,034 --a--c--- I:\WINDOWS\system32\dllcache\cicap.sys
2008-08-08 20:54 . 2001-08-17 22:36 102,400 --a--c--- I:\WINDOWS\system32\dllcache\binlsvc.dll
2008-08-08 20:53 . 2001-08-17 13:28 871,388 --a--c--- I:\WINDOWS\system32\dllcache\bcmdm.sys
2008-08-08 20:52 . 2001-08-17 12:19 747,392 --a--c--- I:\WINDOWS\system32\dllcache\adm8830.sys
2008-08-08 20:52 . 2001-08-17 12:19 584,448 --a--c--- I:\WINDOWS\system32\dllcache\adm8810.sys
2008-08-08 20:52 . 2001-08-17 12:19 553,984 --a--c--- I:\WINDOWS\system32\dllcache\adm8820.sys
2008-08-08 20:52 . 2001-08-17 14:07 101,888 --a--c--- I:\WINDOWS\system32\dllcache\adpu160m.sys
2008-08-08 20:52 . 2001-08-17 12:11 46,112 --a--c--- I:\WINDOWS\system32\dllcache\adptsf50.sys
2008-08-08 20:52 . 2001-08-17 12:11 20,160 --a--c--- I:\WINDOWS\system32\dllcache\adm8511.sys
2008-08-08 20:52 . 2004-08-03 22:32 10,880 --a--c--- I:\WINDOWS\system32\dllcache\admjoy.sys
2008-07-29 20:41 . 2008-07-29 20:41 77 --a------ I:\Documents and Settings\Juan\1741.bat
2008-07-29 18:43 . 2008-07-29 18:57 <DIR> d-------- I:\Program Files\VirtualDJ
2008-07-29 17:11 . 2008-07-29 17:11 <DIR> d-------- I:\Program Files\Common Files\PACE Anti-Piracy
2008-07-29 17:11 . 2008-07-29 17:11 <DIR> d-------- I:\Documents and Settings\Juan\Application Data\PACE Anti-Piracy
2008-07-29 17:11 . 2008-07-29 17:11 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-07-29 17:07 . 2006-12-08 22:50 16,384 --a------ I:\WINDOWS\system32\drivers\DigiFilt.sys
2008-07-29 17:05 . 2008-07-29 17:06 <DIR> d-------- I:\Program Files\Digidesign
2008-07-29 17:05 . 2007-10-31 03:16 3,683,014 --a------ I:\WINDOWS\system32\DirectIO.dll
2008-07-29 17:05 . 2007-10-31 00:03 1,362,460 --a------ I:\WINDOWS\system32\ExpansionHD_Firmware.bin
2008-07-29 17:05 . 2007-10-31 00:03 659,456 --a------ I:\WINDOWS\system32\DSI.dll
2008-07-29 17:05 . 2007-10-30 23:03 270,336 --a------ I:\WINDOWS\system32\DigiPlatformSupport.dll
2008-07-29 17:05 . 2006-12-08 23:21 90,112 --a------ I:\WINDOWS\system32\WinMMFix.dll
2008-07-29 17:05 . 2007-10-31 00:36 15,872 --a------ I:\WINDOWS\system32\digicoin.dll
2008-07-29 14:29 . 2008-07-29 14:29 <DIR> d--h----- I:\WINDOWS\PIF
2008-07-29 14:23 . 2008-07-29 14:23 <DIR> d-------- I:\Documents and Settings\Juan\Application Data\InstallShield
2008-07-29 14:18 . 2008-07-29 14:18 <DIR> d----c--- I:\WINDOWS\system32\DRVSTORE
2008-07-29 14:18 . 2008-07-29 14:18 <DIR> d-------- I:\WINDOWS\Downloaded Installations
2008-07-29 14:18 . 2008-07-29 14:18 <DIR> d-------- I:\Program Files\InterLok
2008-07-29 14:13 . 2008-07-29 17:05 <DIR> d-------- I:\Program Files\Common Files\Digidesign
2008-07-28 18:43 . 2008-07-28 20:12 <DIR> d-------- I:\Documents and Settings\Juan\.housecall6.6
2008-07-28 18:09 . 2008-07-28 18:09 109 --a------ I:\WINDOWS\DelToolbox.bat
2008-07-28 18:01 . 2008-07-28 18:01 <DIR> d-------- I:\Documents and Settings\Juan\Application Data\DAEMON Tools
2008-07-28 18:01 . 2008-07-28 18:01 717,296 --a------ I:\WINDOWS\system32\drivers\sptd.sys
2008-07-27 21:36 . 2008-07-27 21:36 69 --a------ I:\WINDOWS\NeroDigital.ini
2008-07-18 21:11 . 2008-07-18 21:17 <DIR> d-------- I:\WINDOWS\UMStor
2008-07-18 21:11 . 2008-07-18 21:17 <DIR> d-------- I:\WINDOWS\system\iosubsys
2008-07-18 21:11 . 2003-11-21 18:09 201,736 --------- I:\WINDOWS\system32\drivers\UMSTOR.sys
2008-07-11 11:26 . 2008-07-28 18:03 <DIR> d-a------ I:\Documents and Settings\All Users\Application Data\TEMP
2008-07-10 03:10 . 2008-08-09 03:05 <DIR> d-------- I:\Documents and Settings\Juan\Application Data\LimeWire
2008-07-10 03:09 . 2008-07-10 03:10 <DIR> d-------- I:\Program Files\LimeWire
2008-07-10 02:11 . 2005-11-10 14:54 402,944 -ra------ I:\WINDOWS\system32\drivers\BLKWGU.sys
2008-07-10 02:10 . 2008-07-10 02:10 <DIR> d-------- I:\Program Files\Belkin
2008-07-10 01:38 . 2008-07-10 01:38 786,944 --a------ I:\WINDOWS\RDBios32.dll
2008-07-10 01:38 . 2008-07-10 01:38 532,480 --a------ I:\WINDOWS\cPC_DMIRD.dll
2008-07-10 01:30 . 2008-07-10 01:33 39 --a------ I:\WINDOWS\wwwbatch.ini
2008-07-10 01:02 . 2008-08-01 12:18 <DIR> d-------- I:\Documents and Settings\Bruce
2008-07-10 00:35 . 2008-07-10 00:47 <DIR> d-------- I:\Program Files\VstPlugins
2008-07-10 00:35 . 2002-07-07 18:14 1,294,336 --a------ I:\WINDOWS\system32\vorbis.acm
2008-07-10 00:35 . 2006-06-20 04:56 225,280 --a------ I:\WINDOWS\system32\rewire.dll
2008-07-10 00:34 . 2008-08-02 14:06 <DIR> d-------- I:\Program Files\Image-Line
2008-07-10 00:20 . 2008-08-09 02:59 <DIR> d-------- I:\Documents and Settings\Juan
2008-07-10 00:20 . 2008-04-13 20:12 221,184 --a------ I:\WINDOWS\system32\wmpns.dll
2008-07-10 00:19 . 2008-07-10 00:19 <DIR> d-------- I:\Program Files\Fraunhofer mp3 codec
2008-07-10 00:19 . 1998-04-30 14:56 129,024 --a------ I:\WINDOWS\UNWISE.EXE
2008-07-09 13:21 . 2007-07-30 19:19 271,224 --a------ I:\WINDOWS\system32\mucltui.dll
2008-07-09 13:21 . 2007-07-30 19:19 30,072 --a------ I:\WINDOWS\system32\mucltui.dll.mui
2008-07-09 12:22 . 2008-07-09 12:22 <DIR> d-------- I:\Program Files\RealVNC
2008-07-09 12:19 . 2008-07-09 12:19 <DIR> d-------- I:\Program Files\PrivacyEraser Computing
2008-07-09 11:07 . 1999-07-22 18:14 306,688 --a------ I:\WINDOWS\IsUninst.exe
2008-07-09 11:07 . 2002-08-15 19:59 123,619 --a------ I:\WINDOWS\system32\SYMEVNT.386
2008-07-09 11:07 . 2002-08-15 19:59 83,672 --a------ I:\WINDOWS\system32\S32EVNT1.DLL
2008-07-09 11:07 . 2002-08-15 19:59 73,224 --a------ I:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-09 11:07 . 2002-08-14 06:03 34,578 --a------ I:\WINDOWS\system32\drivers\NPDRIVER.SYS
2008-07-09 11:07 . 2008-07-09 11:07 260 --a------ I:\WINDOWS\_delis32.ini
2008-07-09 11:07 . 2008-07-09 11:07 32 --ahs---- I:\WINDOWS\system32\{4F6393C1-062F-4645-8130-DB7B840608F4}.dat
2008-07-09 11:07 . 2008-07-09 11:07 32 --ahs---- I:\WINDOWS\{AE8C3F95-B00F-4840-B971-6326F5D0AD77}.dat
2008-07-09 11:07 . 2008-07-09 11:07 14 --a------ I:\WINDOWS\system32\SR2.dat
2008-07-09 11:06 . 2008-07-09 11:07 <DIR> d-------- I:\Program Files\Symantec
2008-07-09 11:06 . 2008-07-09 12:07 <DIR> d-------- I:\Program Files\Norton AntiVirus
2008-07-09 11:06 . 2008-08-09 03:05 <DIR> d-------- I:\Program Files\Common Files\Symantec Shared
2008-07-09 11:06 . 2008-07-09 11:06 <DIR> d-------- I:\Documents and Settings\Chino\Application Data\Symantec
2008-07-09 11:06 . 2008-07-09 11:07 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Symantec
2008-07-09 09:27 . 2008-07-09 09:27 <DIR> d-------- I:\Program Files\Common Files\Ahead
2008-07-09 09:27 . 2008-07-09 09:27 <DIR> d-------- I:\Program Files\Ahead
2008-07-09 09:27 . 2004-07-26 17:16 1,568,768 --------- I:\WINDOWS\system32\ImagX7.dll
2008-07-09 09:27 . 2004-07-26 17:16 476,320 --------- I:\WINDOWS\system32\ImagXpr7.dll
2008-07-09 09:27 . 2004-07-26 17:16 471,040 --------- I:\WINDOWS\system32\ImagXRA7.dll
2008-07-09 09:27 . 2004-07-26 17:16 262,144 --------- I:\WINDOWS\system32\ImagXR7.dll
2008-07-09 09:27 . 2001-07-09 11:50 155,648 --a------ I:\WINDOWS\system32\NeroCheck.exe
2008-07-09 09:27 . 2004-03-02 17:37 125,184 --------- I:\WINDOWS\system32\drivers\imagesrv.sys
2008-07-09 09:27 . 2000-06-26 11:45 106,496 --a------ I:\WINDOWS\system32\TwnLib20.dll
2008-07-09 09:27 . 2004-03-02 17:37 5,504 --------- I:\WINDOWS\system32\drivers\imagedrv.sys
2008-07-09 09:26 . 2008-07-29 17:06 <DIR> d--h----- I:\Program Files\InstallShield Installation Information
2008-07-09 09:26 . 2008-07-09 09:26 <DIR> d-------- I:\Program Files\CyberLink
2008-07-09 09:26 . 2008-07-09 09:26 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-09 09:24 . 2008-07-09 09:24 376 --a------ I:\WINDOWS\ODBC.INI
2008-07-09 09:23 . 2008-07-09 09:23 <DIR> d-------- I:\Program Files\Microsoft ActiveSync
2008-07-09 09:21 . 2008-07-09 09:21 <DIR> d-------- I:\WINDOWS\ShellNew
2008-07-09 09:21 . 2008-07-09 09:21 <DIR> d-------- I:\Program Files\Common Files\L&H
2008-07-09 09:17 . 2008-07-09 09:17 <DIR> d-------- I:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 11:09 --------- d-----w I:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w I:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w I:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w I:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w I:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w I:\WINDOWS\system32\drivers\bthport.sys
2008-05-09 10:53 90,112 ----a-w I:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w I:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w I:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w I:\WINDOWS\system32\scrrun.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Internet Eraser"="I:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe" [2007-03-09 19:30 538112]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="I:\WINDOWS\system32\igfxtray.exe" [2004-11-02 09:03 155648]
"HotKeysCmds"="I:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59 126976]
"ccApp"="I:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 22:22 50880]
"ccRegVfy"="I:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 22:23 34504]
"Advanced Tools Check"="I:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2002-08-26 22:35 79480]
"DigidesignMMERefresh"="I:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 00:35 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="I:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 09:04 54936]

I:\Documents and Settings\Juan\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - I:\Program Files\LimeWire\LimeWire.exe [2008-06-18 14:46:56 147456]

I:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - I:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 11:23:10 1404928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ihpfnw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"I:\\WINDOWS\\system32\\sessmgr.exe"=
"I:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"I:\\Program Files\\LimeWire\\LimeWire.exe"=
"I:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

R0 DigiFilter;DigiFilter;I:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 22:50]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-09 I:\WINDOWS\Tasks\Symantec NetDetect.job
- I:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Windows Logon Applicationedc - I:\Documents and Settings\Juan\winlogon.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
O17 -: HKLM\CCS\Interface\{D48E101C-D047-42D2-BCDA-00F4ACB9ABFE}: NameServer = 192.168.0.33

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 03:11:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-09 3:12:49
ComboFix-quarantined-files.txt 2008-08-09 07:12:45

Pre-Run: 67,562,442,752 bytes free
Post-Run: 67,777,155,072 bytes free

238 --- E O F --- 2008-07-10 04:04:00

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/09/2008 at 03:30 AM

Application Version : 4.15.1000

Core Rules Database Version : 3531
Trace Rules Database Version: 1520

Scan type : Complete Scan
Total Scan Time : 00:14:19

Memory items scanned : 331
Memory threats detected : 0
Registry items scanned : 4838
Registry threats detected : 0
File items scanned : 13463
File threats detected : 167

Browser Hijacker.Favorites
I:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\ANTIVIRUS SCAN.URL

Adware.Tracking Cookie
I:\Documents and Settings\Bruce\Cookies\bruce@bs.serving-sys[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@scanner.vav-scan[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@adopt.specificclick[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@cache.trafficmp[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@chitika[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@trafficmp[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@adopt.euroclick[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@rotator.adjuggler[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@adbrite[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@statcounter[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@apmebf[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@www.3dstats[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@angleinteractive.directtrack[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@data.coremetrics[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ads.ovguide[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@adrevolver[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@statsync[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@atdmt[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@reduxads.valuead[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ad.zanox[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@realmedia[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ads.revsci[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@fastclick[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@revenue[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ads.bridgetrack[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@tremor.adbureau[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@mediaplex[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ads.realtechnetwork[3].txt
I:\Documents and Settings\Bruce\Cookies\bruce@advertising[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ads.realtechnetwork[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@questionmarket[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@specificclick[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ad.yieldmanager[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@www.burstnet[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@ad.yieldmanager[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@tracking.profitsource[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@optimost[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@tradedoubler[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@casalemedia[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@mediaresponder[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@zedo[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@bgu.directtrack[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@media.adrevolver[3].txt
I:\Documents and Settings\Bruce\Cookies\bruce@media.adrevolver[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@serving-sys[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@collective-media[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@aff.primaryads[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@mediatraffic[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@www.burstbeacon[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@2o7[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@serve.clickbooth[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@doubleclick[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@linksynergy[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@directtrack[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@hornymatches[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@www.statsync[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@bluestreak[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@tribalfusion[3].txt
I:\Documents and Settings\Bruce\Cookies\bruce@tribalfusion[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@scanner.anvi-scanner[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@media6degrees[1].txt
I:\Documents and Settings\Bruce\Cookies\bruce@burstnet[2].txt
I:\Documents and Settings\Bruce\Cookies\bruce@interclick[1].txt
I:\Documents and Settings\Chino\Cookies\chino@at.atwola[1].txt
I:\Documents and Settings\Chino\Cookies\chino@view.atdmt[1].txt
I:\Documents and Settings\Chino\Cookies\chino@microsoftwindows.112.2o7[1].txt
I:\Documents and Settings\Chino\Cookies\chino@cache.trafficmp[1].txt
I:\Documents and Settings\Chino\Cookies\chino@media6degrees[1].txt
I:\Documents and Settings\Chino\Cookies\chino@roiservice[1].txt
I:\Documents and Settings\Chino\Cookies\chino@adnetserver[1].txt
I:\Documents and Settings\Chino\Cookies\chino@traffic.buyservices[1].txt
I:\Documents and Settings\Chino\Cookies\chino@doubleclick[1].txt
I:\Documents and Settings\Chino\Cookies\chino@ehg-dig.hitbox[2].txt
I:\Documents and Settings\Chino\Cookies\chino@eas.apm.emediate[1].txt
I:\Documents and Settings\Chino\Cookies\chino@scanner.vav-scan[2].txt
I:\Documents and Settings\Chino\Cookies\chino@incentaclick[2].txt
I:\Documents and Settings\Chino\Cookies\chino@interclick[1].txt
I:\Documents and Settings\Chino\Cookies\chino@stats.adbrite[2].txt
I:\Documents and Settings\Chino\Cookies\chino@bluestreak[2].txt
I:\Documents and Settings\Chino\Cookies\chino@prospect.adbureau[1].txt
I:\Documents and Settings\Chino\Cookies\chino@hypertracker[1].txt
I:\Documents and Settings\Chino\Cookies\chino@rotator.adjuggler[2].txt
I:\Documents and Settings\Chino\Cookies\chino@scanner.anvi-scanner[2].txt
I:\Documents and Settings\Chino\Cookies\chino@ehg-myspaceinc.hitbox[2].txt
I:\Documents and Settings\Chino\Cookies\chino@adopt.euroclick[2].txt
I:\Documents and Settings\Chino\Cookies\chino@ar.atwola[1].txt
I:\Documents and Settings\Chino\Cookies\chino@burstnet[1].txt
I:\Documents and Settings\Chino\Cookies\chino@adprofile[2].txt
I:\Documents and Settings\Chino\Cookies\chino@richmedia.yahoo[2].txt
I:\Documents and Settings\Chino\Cookies\chino@bs.serving-sys[1].txt
I:\Documents and Settings\Chino\Cookies\chino@hitbox[1].txt
I:\Documents and Settings\Chino\Cookies\chino@statcounter[2].txt
I:\Documents and Settings\Chino\Cookies\chino@stats.sitesuite[1].txt
I:\Documents and Settings\Chino\Cookies\chino@server.iad.liveperson[3].txt
I:\Documents and Settings\Chino\Cookies\chino@data.coremetrics[1].txt
I:\Documents and Settings\Chino\Cookies\chino@buycom.122.2o7[1].txt
I:\Documents and Settings\Chino\Cookies\chino@ads.pointroll[2].txt
I:\Documents and Settings\Chino\Cookies\chino@adtrackingserver[2].txt
I:\Documents and Settings\Chino\Cookies\chino@server.iad.liveperson[1].txt
I:\Documents and Settings\Chino\Cookies\chino@angleinteractive.directtrack[2].txt
I:\Documents and Settings\Chino\Cookies\chino@atdmt[2].txt
I:\Documents and Settings\Chino\Cookies\chino@adecn[2].txt
I:\Documents and Settings\Chino\Cookies\chino@viacom.adbureau[1].txt
I:\Documents and Settings\Chino\Cookies\chino@dynamic.media.adrevolver[1].txt
I:\Documents and Settings\Chino\Cookies\chino@homestore.122.2o7[1].txt
I:\Documents and Settings\Chino\Cookies\chino@login.tracking101[2].txt
I:\Documents and Settings\Chino\Cookies\chino@imrworldwide[2].txt
I:\Documents and Settings\Chino\Cookies\chino@trafficmp[1].txt
I:\Documents and Settings\Chino\Cookies\chino@adrevolver[2].txt
I:\Documents and Settings\Chino\Cookies\chino@msnportal.112.2o7[2].txt
I:\Documents and Settings\Chino\Cookies\chino@ads.vlaze[2].txt
I:\Documents and Settings\Chino\Cookies\chino@questionmarket[2].txt
I:\Documents and Settings\Chino\Cookies\chino@tremor.adbureau[2].txt
I:\Documents and Settings\Chino\Cookies\chino@ads.revsci[1].txt
I:\Documents and Settings\Chino\Cookies\chino@media.mtvnservices[2].txt
I:\Documents and Settings\Chino\Cookies\chino@ad.yieldmanager[2].txt
I:\Documents and Settings\Chino\Cookies\chino@insightexpressai[1].txt
I:\Documents and Settings\Chino\Cookies\chino@specificclick[1].txt
I:\Documents and Settings\Chino\Cookies\chino@adopt.specificclick[2].txt
I:\Documents and Settings\Chino\Cookies\chino@specificclick[3].txt
I:\Documents and Settings\Chino\Cookies\chino@ad.yieldmanager[1].txt
I:\Documents and Settings\Chino\Cookies\chino@realmedia[1].txt
I:\Documents and Settings\Chino\Cookies\chino@advertising[2].txt
I:\Documents and Settings\Chino\Cookies\chino@searchfeed[1].txt
I:\Documents and Settings\Chino\Cookies\chino@fastclick[1].txt
I:\Documents and Settings\Chino\Cookies\chino@www.burstnet[2].txt
I:\Documents and Settings\Chino\Cookies\chino@fastclick[2].txt
I:\Documents and Settings\Chino\Cookies\chino@advertising[1].txt
I:\Documents and Settings\Chino\Cookies\chino@edge.ru4[1].txt
I:\Documents and Settings\Chino\Cookies\chino@overture[2].txt
I:\Documents and Settings\Chino\Cookies\chino@ad.zanox[1].txt
I:\Documents and Settings\Chino\Cookies\chino@adbrite[2].txt
I:\Documents and Settings\Chino\Cookies\chino@tacoda[1].txt
I:\Documents and Settings\Chino\Cookies\chino@www.incentaclick[2].txt
I:\Documents and Settings\Chino\Cookies\chino@revsci[2].txt
I:\Documents and Settings\Chino\Cookies\chino@mediaresponder[2].txt
I:\Documents and Settings\Chino\Cookies\chino@collective-media[1].txt
I:\Documents and Settings\Chino\Cookies\chino@mediaplex[2].txt
I:\Documents and Settings\Chino\Cookies\chino@media.adrevolver[3].txt
I:\Documents and Settings\Chino\Cookies\chino@media.adrevolver[2].txt
I:\Documents and Settings\Chino\Cookies\chino@perf.overture[1].txt
I:\Documents and Settings\Chino\Cookies\chino@zedo[3].txt
I:\Documents and Settings\Chino\Cookies\chino@zedo[2].txt
I:\Documents and Settings\Chino\Cookies\chino@tracking.profitsource[1].txt
I:\Documents and Settings\Chino\Cookies\chino@trafficdashboard[1].txt
I:\Documents and Settings\Chino\Cookies\chino@tracking.vindicosuite[1].txt
I:\Documents and Settings\Chino\Cookies\chino@servedby.onlinemediadiva[2].txt
I:\Documents and Settings\Chino\Cookies\chino@bgu.directtrack[2].txt
I:\Documents and Settings\Chino\Cookies\chino@serve.clickbooth[1].txt
I:\Documents and Settings\Chino\Cookies\chino@casalemedia[2].txt
I:\Documents and Settings\Chino\Cookies\chino@mediatraffic[1].txt
I:\Documents and Settings\Chino\Cookies\chino@statse.webtrendslive[2].txt
I:\Documents and Settings\Chino\Cookies\chino@fls.doubleclick[1].txt
I:\Documents and Settings\Chino\Cookies\chino@hearstmagazines.112.2o7[1].txt
I:\Documents and Settings\Chino\Cookies\chino@atwola[1].txt
I:\Documents and Settings\Chino\Cookies\chino@apmebf[1].txt
I:\Documents and Settings\Chino\Cookies\chino@serving-sys[1].txt
I:\Documents and Settings\Chino\Cookies\chino@homesteadtechnologies.122.2o7[1].txt
I:\Documents and Settings\Chino\Cookies\chino@hornymatches[2].txt
I:\Documents and Settings\Chino\Cookies\chino@2o7[1].txt
I:\Documents and Settings\Chino\Cookies\chino@directtrack[2].txt
I:\Documents and Settings\Chino\Cookies\chino@tribalfusion[2].txt
I:\Documents and Settings\Chino\Cookies\chino@tribalfusion[1].txt
I:\Documents and Settings\Chino\Cookies\chino@media.vlzserver[1].txt
I:\Documents and Settings\Chino\Cookies\chino@linksynergy[1].txt
I:\Documents and Settings\Chino\Cookies\chino@tradedoubler[2].txt

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Malwarebytes' Anti-Malware 1.24
Database version: 1035
Windows 5.1.2600 Service Pack 3

12:25:12 PM 8/9/2008
mbam-log-8-9-2008 (12-25-12).txt

Scan type: Full Scan (I:\|)
Objects scanned: 69852
Time elapsed: 20 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:54 PM, on 8/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Digidesign\Drivers\MMERefresh.exe
I:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\hkcmd.exe
I:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
I:\Program Files\RealVNC\VNC4\winvnc4.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] I:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] I:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] I:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKCU\..\Run: [Free Internet Eraser] I:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] I:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] I:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Run VNC Server.lnk = I:\Program Files\RealVNC\VNC4\winvnc4.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = I:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1215602231843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215610436218
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...a0/&filename=jinstall-6u7-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D48E101C-D047-42D2-BCDA-00F4ACB9ABFE}: NameServer = 192.168.0.33
O20 - AppInit_DLLs: ihpfnw.dll
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - I:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - I:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe

--
End of file - 4779 bytes

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

End of post.

coqui3l · Aug 9, 2008

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/08/07 08:26:31

Norman Scanner Engine Version: 5.93.01
Nvcbin.def Version: 5.93.00, Date: 2008/08/07 08:26:31, Variants: 1968419

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3
Logged on user: DESKTOPJUAN\Juan

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "ihpfnw.dll" -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scan started: 09/08/2008 14:36:44

Scanning running processes and process memory...

Number of processes/threads found: 1153
Number of processes/threads scanned: 1153
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 28s

Scanning file system...

Scanning: I:\*.*

Running post-scan cleanup routine:

Number of files found: 4205
Number of archives unpacked: 136
Number of files scanned: 4199
Number of files not scanned: 6
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 2m 6s

Log in or Sign up

userinit.exe and rundll32.exe failed applications please help HJT log included

vcarter15 Member

2oldGeek Active member

vcarter15 Member

2oldGeek Active member

2oldGeek Active member

vcarter15 Member

2oldGeek Active member

vcarter15 Member

2oldGeek Active member

vcarter15 Member

2oldGeek Active member

vcarter15 Member

2oldGeek Active member

vcarter15 Member

2oldGeek Active member

vcarter15 Member

2oldGeek Active member

vcarter15 Member

coqui3l Member

coqui3l Member

Share This Page

Log in or Sign up

userinit.exe and rundll32.exe failed applications please help HJT log included

vcarter15 Member

2oldGeek Active member

vcarter15 Member

2oldGeek Active member

2oldGeek Active member

vcarter15 Member

2oldGeek Active member

vcarter15 Member

2oldGeek Active member

vcarter15 Member

2oldGeek Active member

vcarter15 Member

2oldGeek Active member

vcarter15 Member

2oldGeek Active member

vcarter15 Member

2oldGeek Active member

vcarter15 Member

coqui3l Member

coqui3l Member

Share This Page

Useful Searches