wincodecpro infestation

Status
Not open for further replies.

clcrutch

Solid State Member
Messages
13
I have tried all I know to rid this PC of this infection but it comes back. I have followed the removal guide. Please advise. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:01, on 5/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\dejusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [d] C:\Program Files\Java\jre6\bin\dejusched.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9d4c62c1a6df4) (gupdate1c9d4c62c1a6df4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6689 bytes
 
Yes. I have run Combofix at least twice and Malwarebytes more than that. Both have cleaned up infections. In fact I have run everything in your guide at least twice. I think I have solved the problem and then the video resets to less than full screen width and I get a warning that a fatal error has occurred and the windows video codecs need to be reinstalled. A red icon with an X in it appears in the lower right lower tray indicating "error."
 
Well the log looks good, can you post the combofix log as I can see what it deleted?

Have you downloaded new codecs yet?
 
ComboFix 09-05-13.02 - Tim Murphy 05/14/2009 18:53.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1708 [GMT -4:00]
Running from: c:\documents and settings\Tim Murphy\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.

2009-05-14 20:44 . 2009-05-14 20:44 -------- d-----w c:\documents and settings\Administrator\Application Data\Simply Super Software
2009-05-14 20:44 . 2009-05-14 22:39 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-05-14 20:09 . 2009-05-14 20:09 -------- d-sh--w c:\documents and settings\Tim Murphy\IETldCache
2009-05-14 20:06 . 2009-05-14 20:06 -------- d-----w c:\windows\ie8updates
2009-05-14 20:05 . 2009-04-25 05:30 102400 ------w c:\windows\system32\dllcache\iecompat.dll
2009-05-14 20:04 . 2009-05-14 20:05 -------- dc-h--w c:\windows\ie8
2009-05-14 15:55 . 2009-05-14 19:13 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-14 02:44 . 2009-05-14 22:52 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-14 02:44 . 2005-08-26 05:50 77312 ----a-w c:\windows\system32\ztvunace26.dll
2009-05-14 02:44 . 2006-05-25 19:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll
2009-05-14 02:44 . 2006-06-19 17:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll
2009-05-14 02:44 . 2002-03-06 05:00 75264 ----a-w c:\windows\system32\unacev2.dll
2009-05-14 02:44 . 2003-02-03 00:06 153088 ----a-w c:\windows\system32\UNRAR3.dll
2009-05-14 02:44 . 2009-05-14 02:44 -------- d-----w c:\program files\Trojan Remover
2009-05-14 02:44 . 2009-05-14 02:44 -------- d-----w c:\documents and settings\Tim Murphy\Application Data\Simply Super Software
2009-05-14 02:44 . 2009-05-14 02:44 -------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2009-05-13 22:59 . 2009-05-13 22:59 -------- d-----w C:\VundoFix Backups
2009-05-13 21:04 . 2009-05-13 21:04 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-13 20:48 . 2009-05-13 20:48 -------- d-----w c:\program files\Trend Micro
2009-05-13 20:21 . 2009-05-14 22:36 -------- d-----w c:\program files\CleanUp!
2009-05-13 20:13 . 2009-05-13 20:13 -------- d-----w c:\program files\MSConfig CleanUp
2009-05-13 02:12 . 2009-05-04 20:37 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-13 01:48 . 2009-05-13 01:48 -------- d-----w c:\documents and settings\Tim Murphy\Application Data\Malwarebytes
2009-05-13 01:48 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-13 01:48 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-13 01:48 . 2009-05-13 01:48 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-13 01:48 . 2009-05-13 01:49 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-13 00:31 . 2009-05-13 00:31 -------- d-----w c:\documents and settings\NetworkService\Application Data\Share-to-Web Upload Folder
2009-05-12 23:52 . 2009-05-12 23:52 32 --s-a-w c:\windows\system32\3995223591.dat
2009-04-30 00:44 . 2002-05-24 15:52 10368 ----a-w c:\windows\system32\drivers\dwusbdnt.sys
2009-04-30 00:44 . 2009-04-30 00:44 -------- d-----w c:\program files\Digitalway
2009-04-29 19:35 . 2009-05-14 22:40 -------- d-----w c:\documents and settings\Tim Murphy\Application Data\LimeWire
2009-04-29 19:35 . 2009-04-29 19:35 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-29 19:31 . 2008-08-20 17:58 9072 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-04-29 19:31 . 2008-08-20 17:58 9200 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-04-29 19:31 . 2008-08-20 17:58 129520 ------w c:\windows\system32\pxafs.dll
2009-04-29 19:30 . 2009-04-29 19:33 -------- d-----w c:\documents and settings\Tim Murphy\Application Data\Winamp
2009-04-21 22:05 . 2005-10-14 18:45 135168 ----a-w c:\windows\system32\igfxres.dll
2009-04-20 23:55 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-20 23:55 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-20 23:55 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-20 23:55 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-20 23:55 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-20 23:55 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-20 23:55 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-20 23:55 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-20 23:55 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-20 23:55 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-20 23:54 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-20 23:54 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 19:01 . 2005-07-11 21:06 -------- d-----w c:\program files\Google
2009-05-13 20:17 . 2005-03-08 22:58 -------- d-----w c:\program files\Support.com
2009-05-13 20:03 . 2005-03-03 03:59 -------- d-----w c:\program files\Dell
2009-05-13 01:44 . 2006-06-16 19:21 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-04 20:37 . 2009-02-16 21:35 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-30 00:44 . 2005-03-03 03:57 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-29 19:34 . 2005-03-03 03:55 -------- d-----w c:\program files\Java
2009-03-08 08:34 . 2004-08-10 18:51 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-10 18:51 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-10 18:50 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-10 18:51 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-10 18:50 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-10 18:51 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-10 18:51 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-10 18:51 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-10 18:51 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-10 18:51 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-10 18:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-19 16:33 . 2005-03-08 23:06 68136 -c--a-w c:\documents and settings\Tim Murphy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-18 01:52 . 2009-02-18 01:52 98304 ----a-w c:\windows\system32CmdLineExt.dll
2009-02-17 03:24 . 2004-08-10 19:03 78535 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-16 21:35 . 2009-02-16 21:35 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-16 21:35 . 2009-02-16 21:35 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-16 21:35 . 2009-02-16 21:35 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2004-08-04 11:00 . 2004-08-10 18:51 94784 -csh--w c:\windows\twain.dll
2008-04-14 00:12 . 2004-08-10 18:51 50688 --sh--w c:\windows\twain_32.dll
2008-04-14 00:11 . 2004-08-10 18:51 1028096 --sha-w c:\windows\system32\mfc42.dll
2008-04-14 00:12 . 2004-08-10 18:51 57344 --sh--w c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2004-08-10 18:51 413696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2004-08-10 18:51 343040 --sha-w c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2004-08-10 18:51 551936 --sh--w c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2004-08-10 18:51 84992 --sha-w c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2004-08-10 18:51 11776 --sh--w c:\windows\system32\regsvr32.exe
.
 
((((((((((((((((((((((((((((( SnapShot@2009-05-14_02.35.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-06-17 21:13 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
+ 2006-07-12 19:45 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-10 18:51 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
+ 2006-06-29 12:05 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-29 12:05 . 2006-06-29 12:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-28 21:59 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 21:59 . 2006-06-28 21:59 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-10 18:51 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 18:51 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 18:51 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2006-10-17 17:01 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-10 18:51 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
- 2006-06-29 12:05 . 2006-06-29 12:05 26112 c:\windows\system32\idndl.dll
+ 2006-06-29 12:05 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-03-08 08:34 . 2009-03-08 08:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-03-08 08:24 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2009-05-14 19:02 . 2009-05-14 19:02 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2009-05-14 19:02 . 2009-05-14 19:02 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-14 19:02 . 2009-05-14 19:02 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-14 19:02 . 2009-05-14 19:02 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-14 19:02 . 2009-05-14 19:02 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-14 19:02 . 2009-05-14 19:02 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
+ 2009-05-14 20:04 . 2008-04-14 00:12 37888 c:\windows\ie8\url.dll
+ 2009-05-14 20:05 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-05-14 20:04 . 2008-04-14 00:12 39424 c:\windows\ie8\pngfilt.dll
+ 2009-05-14 20:04 . 2008-04-14 00:12 96256 c:\windows\ie8\occache.dll
+ 2009-05-14 20:04 . 2008-04-13 16:26 56832 c:\windows\ie8\mshtmler.dll
+ 2009-05-14 20:04 . 2008-04-14 00:12 29184 c:\windows\ie8\mshta.exe
+ 2009-05-14 20:04 . 2008-04-14 00:11 22016 c:\windows\ie8\licmgr10.dll
+ 2009-05-14 20:04 . 2008-04-14 00:11 15872 c:\windows\ie8\jsproxy.dll
+ 2009-05-14 20:04 . 2008-04-14 00:11 96256 c:\windows\ie8\inseng.dll
+ 2009-05-14 20:04 . 2008-04-14 00:11 35840 c:\windows\ie8\imgutil.dll
+ 2009-05-14 20:04 . 2008-04-14 00:12 93184 c:\windows\ie8\iexplore.exe
+ 2009-05-14 20:04 . 2008-04-14 00:11 62976 c:\windows\ie8\iesetup.dll
+ 2009-05-14 20:04 . 2008-04-14 00:11 48640 c:\windows\ie8\iernonce.dll
+ 2009-05-14 20:04 . 2009-02-20 08:10 81920 c:\windows\ie8\ieencode.dll
+ 2009-05-14 20:04 . 2008-04-14 00:12 34304 c:\windows\ie8\ie4uinit.exe
+ 2009-05-14 20:04 . 2008-04-14 00:11 38912 c:\windows\ie8\hmmapi.dll
+ 2009-05-14 20:04 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
+ 2009-05-14 20:04 . 2008-04-14 00:11 99840 c:\windows\ie8\advpack.dll
+ 2009-05-14 20:04 . 2008-04-14 00:11 61440 c:\windows\ie8\admparse.dll
+ 2009-05-14 20:06 . 2009-03-08 08:35 2048 c:\windows\ie8updates\KB969497-IE8\iecompat.dll
- 2006-07-06 20:39 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2006-07-06 20:39 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-10 18:51 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-10 18:51 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
+ 2004-08-10 18:51 . 2009-03-08 08:34 109568 c:\windows\system32\occache.dll
+ 2004-08-10 18:51 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
+ 2004-08-10 18:51 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-10 18:51 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-10 18:51 . 2009-03-08 08:31 183808 c:\windows\system32\iepeers.dll
+ 2004-08-10 18:51 . 2009-03-08 18:09 391536 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 08:11 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-08-10 18:51 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-10 18:51 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-10 18:51 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-10 18:51 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 18:51 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-10 18:51 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll
+ 2008-04-21 06:44 . 2009-03-08 08:34 914944 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 109568 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-10 18:51 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 18:09 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 183808 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 18:09 . 2009-03-08 18:09 391536 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-10 18:50 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll
+ 2009-05-14 20:06 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969497-IE8\spuninst\updspapi.dll
+ 2009-05-14 20:06 . 2008-07-09 07:38 231288 c:\windows\ie8updates\KB969497-IE8\spuninst\spuninst.exe
+ 2009-05-14 20:04 . 2009-02-20 08:10 666112 c:\windows\ie8\wininet.dll
+ 2009-05-14 20:04 . 2008-04-14 00:12 276480 c:\windows\ie8\webcheck.dll
+ 2009-05-14 20:04 . 2008-04-14 00:12 851968 c:\windows\ie8\vgx.dll
+ 2009-05-14 20:04 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-05-14 20:04 . 2009-02-20 08:10 619520 c:\windows\ie8\urlmon.dll
+ 2009-05-14 20:05 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-05-14 20:05 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-05-14 20:04 . 2008-04-14 00:12 532480 c:\windows\ie8\mstime.dll
+ 2009-05-14 20:04 . 2008-04-14 00:12 146432 c:\windows\ie8\msrating.dll
+ 2009-05-14 20:04 . 2004-08-04 11:00 146432 c:\windows\ie8\msls31.dll
+ 2009-05-14 20:04 . 2008-04-14 00:11 449024 c:\windows\ie8\mshtmled.dll
+ 2009-05-14 20:04 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2009-05-14 20:04 . 2008-04-14 00:11 251904 c:\windows\ie8\iepeers.dll
+ 2009-05-14 20:04 . 2008-04-14 00:11 323584 c:\windows\ie8\iedkcs32.dll
+ 2009-05-14 20:04 . 2004-08-04 11:00 221184 c:\windows\ie8\ieakui.dll
+ 2009-05-14 20:04 . 2008-04-14 00:11 216576 c:\windows\ie8\ieaksie.dll
+ 2009-05-14 20:04 . 2008-04-14 00:11 143360 c:\windows\ie8\ieakeng.dll
+ 2009-05-14 20:04 . 2008-04-14 00:11 205312 c:\windows\ie8\dxtrans.dll
+ 2009-05-14 20:04 . 2008-04-14 00:11 357888 c:\windows\ie8\dxtmsft.dll
+ 2004-08-10 18:51 . 2009-03-08 08:34 1206784 c:\windows\system32\urlmon.dll
+ 2004-08-10 18:51 . 2009-03-08 08:41 5937152 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 1985024 c:\windows\system32\iertutil.dll
+ 2009-02-07 01:07 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2008-06-26 08:15 . 2009-03-08 08:34 1206784 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-21 06:44 . 2009-03-08 08:41 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2009-05-14 20:04 . 2009-02-20 08:11 3068416 c:\windows\ie8\mshtml.dll
+ 2005-05-10 22:42 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2009-03-08 08:39 11063808 c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-16 1601304]
"d"="c:\program files\Java\jre6\bin\dejusched.exe" [2009-05-12 67584]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-05-10 1059208]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-04-06 1277584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-16 21:35 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe"=
"c:\\Program Files\\Hewlett-Packard\\AiO\\hp officejet d series\\FRU\\Itp32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\Tim Murphy\\Desktop\\misc\\LimeWire\\LimeWire.exe"=
"c:\\Westwood\\RA2\\game.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/16/2009 5:35 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 953168]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/16/2009 5:35 PM 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/16/2009 5:35 PM 107272]
S1 DW;DW; [x]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/16/2009 5:35 PM 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/16/2009 5:35 PM 298264]
S2 gupdate1c9d4c62c1a6df4;Google Update Service (gupdate1c9d4c62c1a6df4);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2009 2:59 PM 133104]
S3 AX88172;ASIX AX88172 USB2 to Fast Ethernet Adapter;c:\windows\system32\drivers\ax88172.sys [3/9/2005 3:52 PM 10496]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwusbdnt.sys [4/29/2009 8:44 PM 10368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{345e5ec0-be72-11da-9a7b-0011437191c5}]
\Shell\AutoRun\command - e:\jdsecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cde5816-9c82-11dc-9d6a-00505b0161f5}]
\Shell\AutoRun\command - f:\wd_windows_tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 20:37]

2009-05-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 18:59]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-05-14 18:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-142327467-3618201263-4169217308-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c1,05,3f,79,7e,19,e9,43,00,bd,3b,d3,40,64,d3,70,c1,88,5d,ce,70,72,c5,
17,4d,c3,2a,f6,72,30,10,a1,8b,c3,d3,68,79,e7,93,30,95,7d,51,6e,19,78,2c,f1,\
"??"=hex:a4,85,77,d6,48,b5,d7,21,60,bf,ff,19,6f,ed,a1,f1
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(224)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-05-14 18:59
ComboFix-quarantined-files.txt 2009-05-14 22:58
ComboFix2.txt 2009-05-14 02:38

Pre-Run: 30,914,338,816 bytes free
Post-Run: 30,900,219,904 bytes free

338 --- E O F --- 2009-05-14 15:45
 
I have not installed any new codecs. The trojan is linked to a website trying to sell a fix.
 
Malwarebytes' Anti-Malware 1.36
Database version: 2118
Windows 5.1.2600 Service Pack 3

5/14/2009 6:26:15 PM
mbam-log-2009-05-14 (18-26-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 175993
Time elapsed: 1 hour(s), 28 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP659\A0049831.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
 
Malwarebytes' Anti-Malware 1.36
Database version: 2118
Windows 5.1.2600 Service Pack 3

5/12/2009 11:13:04 PM
mbam-log-2009-05-12 (23-13-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 164427
Time elapsed: 54 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\TSNOPKHN\21[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
 
Status
Not open for further replies.
Back
Top Bottom