Backdoor:Zonebac.gen!B infection

Computing.Net > Forums > Security and Virus > Backdoor:Zonebac.gen!B infection

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Backdoor:Zonebac.gen!B infection

Name: mvyk
Date: November 14, 2007 at 11:58:51 Pacific
OS: Windows XP Svc Pk 2
CPU/Ram: Intel Core 2 CPU - 2GB RA
Product: Dell XPS 410

Comment:

Hello, I just ran the Microsoft Malware program and discovered my machine is infected with the Backdoor:Win32/Zonebac.gen!B trojan. Can you tell me how to remove this menace from my system? Thanks, Mike.

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: November 14, 2007 at 14:32:52 Pacific

Reply:

Please download and install the latest version of HijackThis v2.0.2:
Download the HijackThis Installer from this link: HijackThis
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Please download FindAWL from this link FindAWF
Double-click on the FindAWF.exe file to run it. It will open a command prompt and ask you to "Press any key to continue". You will be presented with a Menu.
1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT
Press 1 then press Enter. Copy and paste the contents of the AWF.txt file in your next reply.

Response Number 2

Name: mvyk
Date: November 14, 2007 at 15:20:47 Pacific

Reply:

Hi, here is the HJT file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:45 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Amazon Unbox.lnk = ?
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/act...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrob...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 10136 bytes
Here is the AWF Report:

Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Wed 11/14/2007
The current time is: 15:17:50.45

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\ITUNES\BAK
09/26/2007 01:42 PM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes
Directory of C:\PROGRA~1\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
06/29/2007 05:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
08/04/2004 02:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes
Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK
05/03/2006 02:12 AM 98,304 DMXLauncher.exe
1 File(s) 98,304 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK
09/07/2006 05:21 PM 169,984 GoogleDesktop.exe
1 File(s) 169,984 bytes
Directory of C:\PROGRA~1\INTEL\INTELM~1\BAK
07/06/2006 04:15 AM 151,552 Iaanotif.exe
1 File(s) 151,552 bytes
Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK
08/04/2007 01:33 AM 582,992 mcagent.exe
1 File(s) 582,992 bytes
Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK
09/18/2006 12:46 PM 8,192 mimboot.exe
09/18/2006 12:46 PM 110,592 mm_tray.exe
2 File(s) 118,784 bytes
Directory of C:\PROGRA~1\NORTON~1\AGENT\BAK
02/13/2007 05:57 PM 2,020,968 VProTray.exe
1 File(s) 2,020,968 bytes
Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK
03/21/2006 12:19 PM 69,632 OpwareSE4.exe
1 File(s) 69,632 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
09/08/2005 02:20 AM 122,940 DLACTRLW.exe
1 File(s) 122,940 bytes
Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK
03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes
Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK
06/10/2005 07:44 AM 81,920 issch.exe
06/10/2005 07:44 AM 249,856 isuspm.exe
2 File(s) 331,776 bytes
Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK
09/29/2003 11:14 PM 155,648 SSBkgdupdate.exe
1 File(s) 155,648 bytes
Directory of C:\PROGRA~1\LABTEC\LABTEC~1\1.0\BAK
07/09/2001 08:12 AM 429,568 lwbwheel.exe
1 File(s) 429,568 bytes
Directory of C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\ISOLAT~1\1LOW0YSY.DS4\AMKAW5XJ.P3P\URL~1.BAO\URL~1.X3U\FILES\BAK
0 File(s) 0 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
267048 Nov 2 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 6 2007 "C:\WINDOWS\Installer\{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}\iTunesIco.exe"
116008 Nov 6 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
116288 May 30 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E5ITMZG7\iTunesSetupAdmin[1].exe"
286720 Oct 19 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
26636 Oct 18 2007 "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
98304 May 3 2006 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
1529400 Jul 26 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
583696 Sep 18 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
169984 Sep 7 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
421888 Dec 8 2005 "G:\wd_windows_tools\Google\GoogleInstaller.exe"
755816 Nov 12 2005 "G:\wd_windows_tools\Google\Desktop\GoogleDesktopSearchSetup_de.exe"
562160 Nov 7 2005 "G:\wd_windows_tools\Google\Toolbar\W2KXP\GoogleToolbarInstaller_da.exe"
708080 Nov 7 2005 "G:\wd_windows_tools\Google\Toolbar\Win9XMe\GoogleToolbarInstaller_da.exe"
26636 Oct 18 2007 "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
151552 Jul 6 2006 "C:\Program Files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe"
582992 Aug 3 2007 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
582992 Aug 4 2007 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
26636 Oct 18 2007 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe"
8192 Apr 5 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mimboot.exe"
8192 Sep 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe"
26636 Oct 18 2007 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
110592 Apr 5 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
110592 Sep 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
26636 Oct 18 2007 "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
2020968 Feb 13 2007 "C:\Program Files\Norton Save and Restore\Agent\bak\VProTray.exe"
26636 Oct 18 2007 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
26636 Oct 18 2007 "C:\WINDOWS\system32\DLA\DLACTRLW.exe"
122940 Sep 8 2005 "C:\Program Files\Roxio\DLA\install\dlactrlw.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.exe"
26636 Oct 18 2007 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
26636 Oct 18 2007 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
26636 Oct 18 2007 "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
26636 Oct 18 2007 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
155648 Sep 29 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
26636 Oct 18 2007 "C:\Program Files\Labtec\Labtec Mouse Software\1.0\lwbwheel.exe"
429568 Jul 9 2001 "C:\Program Files\Labtec\Labtec Mouse Software\1.0\bak\lwbwheel.exe"

end of report

Response Number 3

Name: jabuck
Date: November 14, 2007 at 19:09:27 Pacific

Reply:

Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders
A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:

"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
"C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
"C:\Program Files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe"
"C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe"
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
"C:\Program Files\Norton Save and Restore\Agent\bak\VProTray.exe"
"C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
"C:\WINDOWS\system32\DLA\bak\DLACTRLW.exe"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
"C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
"C:\Program Files\Labtec\Labtec Mouse Software\1.0\bak\lwbwheel.exe"

Next, close and click Yes to save the changes.
Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder
When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.
Your java is out of date and can be exploited.
Download the latest version of http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
. Then from your desktop double-click on jre-1_6_3-windowsi586-p.exe to install the newest version.

Response Number 4

Name: mvyk
Date: November 14, 2007 at 19:35:41 Pacific

Reply:

Here is the new FindAWF log:

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: Wed 11/14/2007
The current time is: 19:29:57.64

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\ITUNES\BAK
09/26/2007 01:42 PM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes
Directory of C:\PROGRA~1\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
06/29/2007 05:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
08/04/2004 02:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes
Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK
05/03/2006 02:12 AM 98,304 DMXLauncher.exe
1 File(s) 98,304 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK
09/07/2006 05:21 PM 169,984 GoogleDesktop.exe
1 File(s) 169,984 bytes
Directory of C:\PROGRA~1\INTEL\INTELM~1\BAK
07/06/2006 04:15 AM 151,552 Iaanotif.exe
1 File(s) 151,552 bytes
Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK
08/04/2007 01:33 AM 582,992 mcagent.exe
1 File(s) 582,992 bytes
Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK
09/18/2006 12:46 PM 8,192 mimboot.exe
09/18/2006 12:46 PM 110,592 mm_tray.exe
2 File(s) 118,784 bytes
Directory of C:\PROGRA~1\NORTON~1\AGENT\BAK
02/13/2007 05:57 PM 2,020,968 VProTray.exe
1 File(s) 2,020,968 bytes
Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK
03/21/2006 12:19 PM 69,632 OpwareSE4.exe
1 File(s) 69,632 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
09/08/2005 02:20 AM 122,940 DLACTRLW.exe
1 File(s) 122,940 bytes
Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK
03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes
Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK
06/10/2005 07:44 AM 81,920 issch.exe
06/10/2005 07:44 AM 249,856 isuspm.exe
2 File(s) 331,776 bytes
Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK
09/29/2003 11:14 PM 155,648 SSBkgdupdate.exe
1 File(s) 155,648 bytes
Directory of C:\PROGRA~1\LABTEC\LABTEC~1\1.0\BAK
07/09/2001 08:12 AM 429,568 lwbwheel.exe
1 File(s) 429,568 bytes
Directory of C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\ISOLAT~1\1LOW0YSY.DS4\AMKAW5XJ.P3P\URL~1.BAO\URL~1.X3U\FILES\BAK
0 File(s) 0 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
267064 Sep 26 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 6 2007 "C:\WINDOWS\Installer\{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}\iTunesIco.exe"
116008 Nov 6 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
116288 May 30 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E5ITMZG7\iTunesSetupAdmin[1].exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
98304 May 3 2006 "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
98304 May 3 2006 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
1529400 Jul 26 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
583696 Sep 18 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
169984 Sep 7 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
421888 Dec 8 2005 "G:\wd_windows_tools\Google\GoogleInstaller.exe"
755816 Nov 12 2005 "G:\wd_windows_tools\Google\Desktop\GoogleDesktopSearchSetup_de.exe"
562160 Nov 7 2005 "G:\wd_windows_tools\Google\Toolbar\W2KXP\GoogleToolbarInstaller_da.exe"
708080 Nov 7 2005 "G:\wd_windows_tools\Google\Toolbar\Win9XMe\GoogleToolbarInstaller_da.exe"
151552 Jul 6 2006 "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
151552 Jul 6 2006 "C:\Program Files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe"
582992 Aug 4 2007 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
582992 Aug 4 2007 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
8192 Sep 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe"
8192 Apr 5 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mimboot.exe"
8192 Sep 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe"
110592 Sep 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
110592 Apr 5 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
110592 Sep 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
2020968 Feb 13 2007 "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
2020968 Feb 13 2007 "C:\Program Files\Norton Save and Restore\Agent\bak\VProTray.exe"
69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\DLACTRLW.exe"
122940 Sep 8 2005 "C:\Program Files\Roxio\DLA\install\dlactrlw.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
155648 Sep 29 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
155648 Sep 29 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
429568 Jul 9 2001 "C:\Program Files\Labtec\Labtec Mouse Software\1.0\lwbwheel.exe"
429568 Jul 9 2001 "C:\Program Files\Labtec\Labtec Mouse Software\1.0\bak\lwbwheel.exe"

end of report

Response Number 5

Name: mvyk
Date: November 15, 2007 at 08:01:58 Pacific

Reply:

Good morning. I have also updated my Java as you instructed.
I ran Microsoft Malware Detector again and the Zonebac no longer shows. Is it gone, or are there still some more steps to be performed? Thanks.

belkin storage manager get_atlcom class Backdoor:WinNT/Rustock.gen!B	hnm_svc.exe .v2i backdoor win32 zonebac.gen! B,
See More

Response Number 6

Name: jabuck
Date: November 15, 2007 at 14:30:34 Pacific

Reply:

More to do yet.
Option 3:
Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders
A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\system32\bak
C:\Program Files\Dell\Media Experience\bak
C:\Program Files\Google\Google Desktop Search\bak
C:\Program Files\Intel\Intel Matrix Storage Manager\bak
C:\Program Files\McAfee.com\Agent\bak
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak
C:\Program Files\Norton Save and Restore\Agent\bak
C:\Program Files\ScanSoft\OmniPageSE4.0\bak
C:\WINDOWS\system32\DLA\bak
C:\Program Files\Adobe\Acrobat 7.0\Reader\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak
C:\Program Files\Labtec\Labtec Mouse Software\1.0\bak

Next, close and click Yes to save the changes.
Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders
When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Next Option 4.

Option 4:
Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zones
This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT
Next,
Launch Notepad, and copy/paste everything between the X's making "regedit4" the very top line.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
Delete the fixme.reg file just created.
Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Response Number 7

Name: mvyk
Date: November 15, 2007 at 15:15:27 Pacific

Reply:

Here is the Option 3 FindAWF log:

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully
The current date is: Thu 11/15/2007
The current time is: 14:58:24.75

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK
03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes
Directory of C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\ISOLAT~1\1LOW0YSY.DS4\AMKAW5XJ.P3P\URL~1.BAO\URL~1.X3U\FILES\BAK
0 File(s) 0 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"

end of report

Here is the Option 4 FindAWF log:

Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Thu 11/15/2007
The current time is: 15:01:10.73

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK
03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes
Directory of C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\ISOLAT~1\1LOW0YSY.DS4\AMKAW5XJ.P3P\URL~1.BAO\URL~1.X3U\FILES\BAK
0 File(s) 0 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"

end of report
And here is the Combofix.exe log:
ComboFix 07-11-08.1 - Michael Vykukal 2007-11-15 15:09:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1198 [GMT -8:00]
Running from: C:\Documents and Settings\Michael Vykukal\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.
2007-11-15 15:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-15 12:09 <DIR> d-------- C:\Program Files\SpywareGuard
2007-11-15 11:55 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-14 19:48 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-14 18:15 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-11-14 13:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-14 12:45 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-14 12:32 34,360 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2007-11-14 11:18 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-11-14 11:18 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-11-14 10:58 <DIR> d-------- C:\Documents and Settings\Michael Vykukal\Application Data\Sunbelt Software
2007-11-14 10:40 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-14 10:24 <DIR> d-------- C:\Documents and Settings\Michael Vykukal\Application Data\AdwareAlert
2007-11-14 10:19 <DIR> d-------- C:\Program Files\SpywareDetector
2007-11-14 10:19 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-11-14 09:52 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-14 09:51 <DIR> d-------- C:\Documents and Settings\Michael Vykukal\.housecall6.6
2007-11-09 12:52 <DIR> d-------- C:\Documents and Settings\Michael Vykukal\Application Data\Move Networks
2007-11-06 08:06 <DIR> d-------- C:\Program Files\iPod
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 22:58 --------- d-----w C:\Program Files\QuickTime
2007-11-15 22:58 --------- d-----w C:\Program Files\iTunes
2007-11-15 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-15 19:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 19:45 --------- d-----w C:\Program Files\McAfee
2007-11-15 03:49 --------- d-----w C:\Program Files\Java
2007-10-27 00:16 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 03:42 --------- d-----w C:\Program Files\Dell Network Assistant
2007-09-24 03:20 --------- d-----w C:\Program Files\Sound Forge XP
2007-09-22 00:22 --------- d-----w C:\Program Files\DivX
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-r 313,472 2006-03-31 00:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
----a-w 313,472 2006-03-31 00:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 12:39]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 04:15]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 02:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 07:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 07:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.exe" [2005-09-08 02:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-07 17:21]
"LWBMOUSE"="C:\Program Files\Labtec\Labtec Mouse Software\1.0\lwbwheel.exe" [2001-07-09 08:12]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 23:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 12:19]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 12:46]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 12:46]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 14:20 C:\WINDOWS\stsystra.exe]
"Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2007-02-13 17:57]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
C:\Documents and Settings\Michael Vykukal\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 13:15:48]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-19 08:23:33]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Amazon Unbox.lnk - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2006-09-22 12:28:34]
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-02-20 13:56:29]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-07 17:11:14]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.exe [2007-04-11 10:10:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\system32\DRIVERS\v2imount.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 WimFltr;WimFltr;C:\WINDOWS\system32\DRIVERS\wimfltr.sys
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-14 20:27:53 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-11-13 16:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-11-02 16:50:27 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2006-11-02 16:50:27 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 15:10:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-15 15:10:55
.
--- E O F ---

Response Number 8

Name: jabuck
Date: November 15, 2007 at 17:58:38 Pacific

Reply:

Temporarily disable any of the following anti-spyware realtime protection programs that you may have Disable Realtime Protection or the fixes will not work. Be sure to turn yout anti-spyware programs back on once the computer is clean.
Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders
A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:

"C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"

Next, close and click Yes to save the changes.
Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder
When done with the above, it automatically runs a new scan and opens a new log.Just post the last scan at option #3.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Option 3:
Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders
A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\Adobe\Acrobat 7.0\Reader\bak
C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\ISOLAT~1\1LOW0YSY.DS4\AMKAW5XJ.P3P\URL~1.BAO\URL~1.X3U\FILES\BAK

Next, close and click Yes to save the changes.
Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders
When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Next Option 4.

Option 4:
Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zones
This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT
Next,
Launch Notepad, and copy/paste everything between the X's making "regedit4" the very top line.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
Delete the fixme.reg file just created.
Run Hijack this, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
Exit Hiajck This.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
From safe mode navigate to and delete this folder if found:
C:\Program Files\BAE\BAE.dll
Then from safe mode navigate to and delete these folders if found:
C:\Program Files\BAE

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
After you post the FindAWF log post a new Combofix log please.

Response Number 9

Name: mvyk
Date: November 15, 2007 at 23:22:27 Pacific

Reply:

Here is the Option 3 log:

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully
The current date is: Thu 11/15/2007
The current time is: 22:54:36.32

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK
03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"

end of report

And here is the Combofix log:
ComboFix 07-11-08.1 - Michael Vykukal 2007-11-15 23:15:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1440 [GMT -8:00]
Running from: C:\Documents and Settings\Michael Vykukal\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))
.
2007-11-15 15:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-15 12:09 <DIR> d-------- C:\Program Files\SpywareGuard
2007-11-15 11:55 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-14 19:48 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-14 18:15 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-11-14 13:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-14 12:45 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-14 12:32 34,360 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2007-11-14 11:18 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-11-14 11:18 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-11-14 10:58 <DIR> d-------- C:\Documents and Settings\Michael Vykukal\Application Data\Sunbelt Software
2007-11-14 10:40 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-14 10:24 <DIR> d-------- C:\Documents and Settings\Michael Vykukal\Application Data\AdwareAlert
2007-11-14 10:19 <DIR> d-------- C:\Program Files\SpywareDetector
2007-11-14 10:19 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-11-14 09:52 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-14 09:51 <DIR> d-------- C:\Documents and Settings\Michael Vykukal\.housecall6.6
2007-11-09 12:52 <DIR> d-------- C:\Documents and Settings\Michael Vykukal\Application Data\Move Networks
2007-11-06 08:06 <DIR> d-------- C:\Program Files\iPod
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 07:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-16 06:42 --------- d-----w C:\Program Files\McAfee
2007-11-15 22:58 --------- d-----w C:\Program Files\QuickTime
2007-11-15 22:58 --------- d-----w C:\Program Files\iTunes
2007-11-15 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-15 03:49 --------- d-----w C:\Program Files\Java
2007-10-27 00:16 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 03:42 --------- d-----w C:\Program Files\Dell Network Assistant
2007-09-24 03:20 --------- d-----w C:\Program Files\Sound Forge XP
2007-09-22 00:22 --------- d-----w C:\Program Files\DivX
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-15_15.10.25.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-15 18:59:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-16 06:34:30 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-15 18:59:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-16 06:34:30 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-15 18:59:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-16 06:34:30 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-16 07:12:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_84c.dat
+ 2007-11-16 07:12:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_a90.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-r 313,472 2006-03-31 00:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
----a-w 313,472 2006-03-31 00:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 12:39]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 04:15]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 02:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 07:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 07:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.exe" [2005-09-08 02:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-07 17:21]
"LWBMOUSE"="C:\Program Files\Labtec\Labtec Mouse Software\1.0\lwbwheel.exe" [2001-07-09 08:12]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 23:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 12:19]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 12:46]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 12:46]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 14:20 C:\WINDOWS\stsystra.exe]
"Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2007-02-13 17:57]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
C:\Documents and Settings\Michael Vykukal\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 13:15:48]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-19 08:23:33]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Amazon Unbox.lnk - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2006-09-22 12:28:34]
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-02-20 13:56:29]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-07 17:11:14]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.exe [2007-04-11 10:10:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\system32\DRIVERS\v2imount.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 WimFltr;WimFltr;C:\WINDOWS\system32\DRIVERS\wimfltr.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-14 20:27:53 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-11-13 16:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-11-02 16:50:27 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2006-11-02 16:50:27 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 23:17:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-15 23:17:30
C:\ComboFix2.txt ... 2007-11-15 15:10
.
--- E O F ---

Response Number 10

Name: jabuck
Date: November 16, 2007 at 16:58:16 Pacific

Reply:

If this corrupts adobe just reinstall it, hopefully it will not.
navigate to and delete this file if found:
C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
Then navigate to and delete this foldeer if found:
C:\Program Files\Adobe\Acrobat 7.0\Reader\bak
Post a new Combofix log please.

Response Number 11

Name: mvyk
Date: November 16, 2007 at 17:21:52 Pacific

Reply:

Here is the latest Combofix log you requested:
ComboFix 07-11-08.1 - Michael Vykukal 2007-11-16 15:17:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1275 [GMT -8:00]
Running from: C:\Documents and Settings\Michael Vykukal\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))
.
2007-11-15 15:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-15 12:09 <DIR> d-------- C:\Program Files\SpywareGuard
2007-11-15 11:55 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-14 19:48 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-14 18:15 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-11-14 13:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-14 12:45 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-14 12:32 34,360 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2007-11-14 11:18 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-11-14 11:18 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-11-14 10:58 <DIR> d-------- C:\Documents and Settings\Michael Vykukal\Application Data\Sunbelt Software
2007-11-14 10:40 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-14 10:24 <DIR> d-------- C:\Documents and Settings\Michael Vykukal\Application Data\AdwareAlert
2007-11-14 10:19 <DIR> d-------- C:\Program Files\SpywareDetector
2007-11-14 10:19 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-11-14 09:52 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-14 09:51 <DIR> d-------- C:\Documents and Settings\Michael Vykukal\.housecall6.6
2007-11-09 12:52 <DIR> d-------- C:\Documents and Settings\Michael Vykukal\Application Data\Move Networks
2007-11-06 08:06 <DIR> d-------- C:\Program Files\iPod
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 07:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-16 06:42 --------- d-----w C:\Program Files\McAfee
2007-11-15 22:58 --------- d-----w C:\Program Files\QuickTime
2007-11-15 22:58 --------- d-----w C:\Program Files\iTunes
2007-11-15 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-15 03:49 --------- d-----w C:\Program Files\Java
2007-10-27 00:16 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 03:42 --------- d-----w C:\Program Files\Dell Network Assistant
2007-09-24 03:20 --------- d-----w C:\Program Files\Sound Forge XP
2007-09-22 00:22 --------- d-----w C:\Program Files\DivX
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-15_15.10.25.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-15 18:59:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-16 21:33:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-15 18:59:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-16 21:33:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-15 18:59:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-16 21:33:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-16 07:34:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8f4.dat
+ 2007-11-16 07:33:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_ad0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 12:39]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 04:15]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 02:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 07:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 07:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.exe" [2005-09-08 02:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-07 17:21]
"LWBMOUSE"="C:\Program Files\Labtec\Labtec Mouse Software\1.0\lwbwheel.exe" [2001-07-09 08:12]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 23:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 12:19]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 12:46]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 12:46]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 14:20 C:\WINDOWS\stsystra.exe]
"Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2007-02-13 17:57]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
C:\Documents and Settings\Michael Vykukal\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 13:15:48]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-19 08:23:33]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Amazon Unbox.lnk - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2006-09-22 12:28:34]
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-02-20 13:56:29]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-07 17:11:14]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.exe [2007-04-11 10:10:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\system32\DRIVERS\v2imount.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 WimFltr;WimFltr;C:\WINDOWS\system32\DRIVERS\wimfltr.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-14 20:27:53 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-11-13 16:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-11-02 16:50:27 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2006-11-02 16:50:27 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 15:18:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-16 15:19:13
C:\ComboFix2.txt ... 2007-11-15 23:17
C:\ComboFix3.txt ... 2007-11-15 15:10
.
--- E O F ---
Also, is it safe for me to use my computer to access internet password protected accounts, or should I wait until we are finished? Thank you, Mike.

Response Number 12

Name: jabuck
Date: November 17, 2007 at 07:02:34 Pacific

Reply:

Your log is clean.
You should add "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
Glad we could help.

Response Number 13

Name: mvyk
Date: November 17, 2007 at 09:32:25 Pacific

Reply:

Hi, thank you very, very much for your help!! I have installed Spywareblaster as you suggested. Again, thank you, your assistance has been very greatly appreciated. Best regards, Mike.

Sponsored Link

Ads by Google

Several Malware Threats

security program?

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Backdoor:Zonebac.gen!B infection

Another zonebac.gen!B infection

Summary

www.computing.net/answers/security/another-zonebacgenb-infection/21885.html

zonebac.gen!B infection

Summary

www.computing.net/answers/security/zonebacgenb-infection-/21879.html

Help - Backdoor:Win32/Zonebac.gen!B

Summary

www.computing.net/answers/security/help-backdoorwin32zonebacgenb/21941.html

From the Geek Dictionary
Electricity - electricity is one of the backbones of our modern lives,it was discovered b...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
Number Separator in Word 2000

No internet ability and cant copy files at al

Cannot access a site

Win7 Splash gone after monitor upgrade

What apps?

All Awaiting Reply

Tom's News
New Final Fantasy XIII Trailer is 5 Minutes Long

TV Market to Launch Cross-Platform App Store

Used ATM Machines for Sale on Craigslist

Rival Publishers Collaborate on iTunes-type Store

Guy Quits Job With Error Message

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE