Solve : Still getting numerous threat detections even after a virus sc – InterviewSolution

InterviewSolution

1.	Solve : Still getting numerous threat detections even after a virus scan! Help!?
Answer» While I know how to maintain my own computer and am usually pretty capable of knowing which programs to run to keep my computer in a proper condition, I am coming to you because my dad's computer seems to be beyond my reach of help. He has AVG free version 8.0.138 installed, I've run a full system scan and opted to fix/quarantine all results. I've also installed Ad-Aware and run a full system scan and had it fix all results. But now it seems AVG is popping up constantly with multiple threat detections at a time. And while browsing the internet (he's been using Firefox), it seems there are more popups than before I ran the SCANS. I've gone through the checklist of what to do before posting, so here are the results: Suspicious programs in the add/remove programs list: AdVantage (powering Freeze.com) Bonjour SUPERAntiSpyware log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/30/2009 at 00:15 AM Application Version : 4.26.1002 Core Rules Database Version : 3872 Trace Rules Database Version: 1820 Scan type : Complete Scan Total Scan Time : 00:46:38 Memory items scanned : 499 Memory threats detected : 8 Registry items scanned : 5335 Registry threats detected : 59 File items scanned : 41918 File threats detected : 22 Adware.Vundo/Variant C:\WINDOWS\SYSTEM32\YUWULOYA.DLL C:\WINDOWS\SYSTEM32\YUWULOYA.DLL C:\WINDOWS\SYSTEM32\PAGAKELI.DLL C:\WINDOWS\SYSTEM32\PAGAKELI.DLL C:\WINDOWS\SYSTEM32\VOKETANA.DLL C:\WINDOWS\SYSTEM32\VOKETANA.DLL C:\WINDOWS\SYSTEM32\HAGIPUGO.DLL C:\WINDOWS\SYSTEM32\HAGIPUGO.DLL C:\WINDOWS\SYSTEM32\MUGUGUPU.DLL C:\WINDOWS\SYSTEM32\MUGUGUPU.DLL C:\WINDOWS\SYSTEM32\DOHIYUHI.DLL C:\WINDOWS\SYSTEM32\DOHIYUHI.DLL C:\WINDOWS\SYSTEM32\MENENUMA.DLL C:\WINDOWS\SYSTEM32\MENENUMA.DLL HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A06671E9-EFE2-490D-B24D-5E6C2F0C5D34} HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A06671E9-EFE2-490D-B24D-5E6C2F0C5D34} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A06671E9-EFE2-490D-B24D-5E6C2F0C5D34} C:\WINDOWS\SYSTEM32\BAYUKUKA.DLL C:\WINDOWS\SYSTEM32\DUHIFIHO.DLL C:\WINDOWS\SYSTEM32\FOROHEKA.DLL C:\WINDOWS\SYSTEM32\HEWUDADO.DLL C:\WINDOWS\SYSTEM32\LISISEJU.DLL C:\WINDOWS\SYSTEM32\LIWUWUTO.DLL C:\WINDOWS\SYSTEM32\MAPELUZU.DLL C:\WINDOWS\SYSTEM32\WIWEDINO.DLL Adware.Vundo/Variant-EC C:\WINDOWS\SYSTEM32\NUKOKEZI.DLL C:\WINDOWS\SYSTEM32\NUKOKEZI.DLL Adware.Vundo Variant HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4} HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32 HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{82F6FEA3-A6EE-41D7-BF74-59BF9795F15E} HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{76086C05-4D0A-4B92-9219-2E3FE8C553F9} HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82F6FEA3-A6EE-41D7-BF74-59BF9795F15E} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SSODL HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4} Trojan.Vundo-Variant/NextGen HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a06671e9-efe2-490d-b24d-5e6c2f0c5d34} HKCR\CLSID\{A06671E9-EFE2-490D-B24D-5E6C2F0C5D34} HKCR\CLSID\{A06671E9-EFE2-490D-B24D-5E6C2F0C5D34}\InprocServer32 HKCR\CLSID\{A06671E9-EFE2-490D-B24D-5E6C2F0C5D34}\InprocServer32#ThreadingModel Transponder Variant BHO HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000250-0320-4DD4-BE4F-7566D2314352} Unclassified.Unknown Origin HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{13197ACE-6851-45C3-A7FF-C281324D5489} HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15651C7C-E812-44A2-A9AC-B467A2233E7D} Trojan.FakeAlert-IEBT HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38BF827A-D7C5-46E1-A9A2-47B1B5BB5438} Adware.2020Search HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E1075F4-EEC4-4A86-ADD7-CD5F52858C31} HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} Adware.180solutions/SurfAssistant HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5DAFD089-24B1-4C5E-BD42-8CA72550717B} Adware.AdSponsor/ISM HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573} HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B27CC68-110C-46A9-80D3-F3107DE6EB98} Adware.Second Thought HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{965A592F-8EFA-4250-8630-7960230792F1} Adware.Zango Toolbar/Hb HKCR\InstIE.HbInstObj.1 HKCR\InstIE.HbInstObj.1\CLSID Adware.Zango/ShoppingReport HKCR\ShoppingReport.HbAx HKCR\ShoppingReport.HbAx\CLSID HKCR\ShoppingReport.HbAx\CurVer HKCR\ShoppingReport.HbAx.1 HKCR\ShoppingReport.HbAx.1\CLSID HKCR\ShoppingReport.HbInfoBand HKCR\ShoppingReport.HbInfoBand\CLSID HKCR\ShoppingReport.HbInfoBand\CurVer HKCR\ShoppingReport.HbInfoBand.1 HKCR\ShoppingReport.HbInfoBand.1\CLSID HKCR\ShoppingReport.IEButton HKCR\ShoppingReport.IEButton\CLSID HKCR\ShoppingReport.IEButton\CurVer HKCR\ShoppingReport.IEButton.1 HKCR\ShoppingReport.IEButton.1\CLSID HKCR\ShoppingReport.IEButtonA HKCR\ShoppingReport.IEButtonA\CLSID HKCR\ShoppingReport.IEButtonA\CurVer HKCR\ShoppingReport.IEButtonA.1 HKCR\ShoppingReport.IEButtonA.1\CLSID HKCR\ShoppingReport.RprtCtrl HKCR\ShoppingReport.RprtCtrl\CLSID HKCR\ShoppingReport.RprtCtrl\CurVer HKCR\ShoppingReport.RprtCtrl.1 HKCR\ShoppingReport.RprtCtrl.1\CLSID Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\aoprndtws HKLM\SOFTWARE\Microsoft\FCOVM HKLM\SOFTWARE\Microsoft\RemoveRP HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\rdfa Rogue.Advanced AntiVirus 2008 HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\AAV Trojan.Fake-Drop/Gen C:\WINDOWS\INSTALLER\ID53.EXE Adware.Vundo/Variant-MSFake C:\WINDOWS\SYSTEM32\MSICUU.EXE C:\WINDOWS\SYSTEM32\MSIZAP.EXE Trace.Known Threat Sources C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9XG4K16A\l.s.bg1z[1].gif C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QCV1YBAX\l.s.bg2z[1].gif C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0VTXA8ZH\favicon[1].ico MBAM log: Malwarebytes' Anti-Malware 1.36 Database version: 2060 Windows 5.1.2600 Service Pack 3 4/30/2009 12:35:13 AM mbam-log-2009-04-30 (00-35-13).txt Scan type: Quick Scan Objects scanned: 81403 Time elapsed: 3 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 27 Registry Values Infected: 6 Registry Data Items Infected: 4 Folders Infected: 3 Files Infected: 19 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\hidatiga.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74fa5d99-38cd-4e3e-b765-54fad4bda166} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{74fa5d99-38cd-4e3e-b765-54fad4bda166} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2a21e363-25d6-43c4-af76-d04b9681dc62} (Rogue.SpyMaxx) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5dd8cef7-e063-4f85-a8ef-394912af2a6f} (Rogue.SpyMaxx) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{26b0d0de-6465-493e-94de-9b8e0725c119} (Rogue.SpyMaxx) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1077480f-c8c5-41fb-a4ca-06ea44a3d318} (Rogue.SpyMaxx) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{74fa5d99-38cd-4e3e-b765-54fad4bda166} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PostInstallC (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Live.com (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\185d76e8 (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tohutuholo (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm1b6e4574 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\spamblockerutility 4.8.4 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) GOOD: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\804031 (Trojan.BHO) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\bewetera.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\areteweb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bupibojo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ojobipub.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dufisuzu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uzusifud.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hemunebu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ubenumeh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hidatiga.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\agitadih.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dupakoti.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wetevija.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-329068152-1425521274-725345543-1003\Dc157.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM1b6e4574.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM1b6e4574.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\31.tmp (Heuristics.Malware) -> Quarantined and deleted successfully. HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:45:40 AM, on 4/30/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lexmark 3400 Series\lxcymon.exe C:\Program Files\Lexmark 3400 Series\ezprint.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\lxcycoms.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\Sniper.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe, O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {76A57932-FEB7-4A37-BA5A-BFA2604ABC98} - (no file) O2 - BHO: (no name) - {828E08CE-57E0-4D00-A1CC-386356B58291} - (no file) O2 - BHO: (no name) - {A760146E-AC7F-4309-A168-F98DA3ADBA20} - C:\WINDOWS\system32\wvUoMeBR.dll (file missing) O2 - BHO: (no name) - {A9066B31-F1DC-4F2F-8577-CCFEE9B96C90} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,[emailprotected] O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MESSENGER (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [tohutuholo] Rundll32.exe "C:\WINDOWS\system32\hewudado.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{88FA506C-D634-414B-9A10-55214C00488C}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{88FA506C-D634-414B-9A10-55214C00488C}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - FILTER hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file) O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\yuwuloya.dll c:\windows\system32\pagakeli.dll c:\windows\system32\voketana.dll c:\windows\system32\nukokezi.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: f - C:\WINDOWS\system32\icsxml\f.dll (file missing) O20 - Winlogon Notify: xxyywvVN - xxyywvVN.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe -- End of file - 8305 bytes Thank you for your time. I know you are volunteers and your help is most appreciated!Wow, that's a scary amount of threats Have you tried using different scanning software? Nod32 is one of the best, or maybe look into forking out the money for Trend Micro, a savvy investment. I see alot of the threats were deleted/quarantined, are they all coming back or only a couple of them? Some infections tend to hide themselves good enough to be able to fool scanning software and re-infect after a clean.I don't know if they're coming back yet. As I stated initially, I had only run an AVG and an Ad-Aware scan. I had actually run a Housecall scan the other week when the threat detections started, but that just seemed to make them mad I just did all these scans, as per the "Read before posting" thread. So far I haven't had a threat detection or a popup, so it seems good. At least for now.Dionnejl, Please WAIT for instructions from a malware specialist. I believe it will either be Evilfantasy or Broni. They will have a look at your logs when they are able and will guid you from there.

Discussion

No Comment Found

Related InterviewSolutions