Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
 
 Closed TopicStart new topic
Trojan.Vundo among other things. Dont want to do this by myself. [RESO, Explorer.exe fails to load in Safe Mode. Includes a list of intrusion
Spartan2090
post Jun 15 2007, 08:06 PM
Post #1


New Member
*
Posts: 9
From: Washington State USA
OS: Window XP SP2
Hi, I've recently encountred this and I was hoping you could assist me. I would appreciate any help you can give me. I don't feel I have the expertise in order to complete the self help guide. Also i'm not sure if this, is exactly what you are talking about in it.

I think i should tell you that this is very blatant spyware. There is a blinking ? and X mark in my systems tray. It constanly bombards me with messages of being open to spyware and what have you. I cannot seem to remove it as well. If I click on it, it brings me to WinAnti-Virus 2007 ad or a SpyCrush ad.

So far i've tried the Lavasoft's Ad-Aware SE Personal in safe mode as well as a full system scan with Norton Anti-Virus 2007 in safe mode. I've cleaned out a lot of files in my registry as well as some other spyware but not this one. Also when I BOOT my computer in safe mode my explorer.exe fails to load. I've tried loading manually as well, but it soon stops running and i'm left with nothing. Thankfully the ctrl+alt+delete function works and I can access programs from there. However I have to know exaclty where it's saved. I dont know if that is a part of this or if its something else.

Once again i'd appreciate any help I can get.

Oh and Also before your alarmed at some of the programs I have including Tor. I've been teacjing myself about networking and things of that nature and I fiddle around with that program to better inderstand networks.
____________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 6:34:48 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.735\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files\Tor\tor.exe" --nt-service -f "C:\Documents and Settings\Owner\Application Data\Vidalia\torrc" ControlPort 9051 (file missing)

*_________________________________________________________________________________*
This is what my Norton Anti-Virus 2007 has been constantly blocking since this Spyware/Malware has been infecting my computer.
*_________________________________________________________________________________*
Category: Security risks
Date Time,Feature,Risk Name,Result,Item Type,Virus Definition Version,Product Version,User Name,Computer Name,Details
6/15/2007 6:45:51 PM,Auto-Protect,Trojan.LowZones,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2U55A2ZY\koocwolla_20070601[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/15/2007 6:43:01 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WRT8ALQ6\ffa_mv20070611[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/15/2007 6:43:01 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\klrcaumh.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/15/2007 6:39:55 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WRT8ALQ6\nauj_20070613_1[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/15/2007 6:39:55 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\yscgejnf.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/15/2007 6:32:22 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PJODM3SM\ffa_mv20070611[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/15/2007 6:32:22 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\xqqhsyep.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/15/2007 6:11:15 PM,Auto-Protect,WinFixer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2U55A2ZY\WinAntiVirusPro2007FreeInstall[1].cab,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Blocked"
6/15/2007 3:04:20 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\viiqyxcj.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/15/2007 3:04:20 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2U55A2ZY\nauj_20070613_1[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/15/2007 3:01:22 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\tjxkcrse.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/15/2007 3:01:22 PM,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PJODM3SM\ms_s_2[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/15/2007 3:01:20 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\gkleqqps.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/15/2007 3:01:20 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7RM15I0T\ffa_mv20070611[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/15/2007 2:58:43 PM,Auto-Protect,WinFixer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7RM15I0T\WinAntiSpyware2007FreeInstall[1].cab,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Blocked"
6/15/2007 2:58:26 PM,Auto-Protect,Trojan.LowZones,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7RM15I0T\koocwolla_20070601[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 10:17:42 PM,Auto-Protect,Trojan.LowZones,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K2WJR72S\koocwolla_20070601[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 10:14:51 PM,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\93C7HD0H\ms_s_2[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 10:12:00 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\P2J9RHL1\ffa_mv20070611[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 10:11:59 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\awkaijpq.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 10:10:35 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\63O4LBZQ\nauj_20070613_1[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 8:50:14 PM,Auto-Protect,WinFixer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K2WJR72S\WinAntiVirusPro2007FreeInstall[1].cab,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Blocked"
6/14/2007 8:23:59 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\demkgplv.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 8:23:59 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\63O4LBZQ\ffa_mv20070611[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 8:20:59 PM,Auto-Protect,Trojan.LowZones,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\93C7HD0H\koocwolla_20070601[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 8:20:58 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\63O4LBZQ\nauj_20070613_1[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 8:20:58 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\qwloahko.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 8:17:59 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\utdjxocx.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 8:17:58 PM,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K2WJR72S\ms_s_2[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 8:13:13 PM,Auto-Protect,Trojan.LowZones,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\P2J9RHL1\koocwolla_20070601[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:56:31 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AZNZS6BD\ffa_mv20070611[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:56:31 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\dghemjwl.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:53:26 PM,Auto-Protect,Trojan.LowZones,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IGZNB6YB\koocwolla_20070601[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:50:27 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\fbaofuug.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:50:26 PM,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\P639KZ0O\ms_s_2[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:49:31 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\xmyvnraf.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:49:31 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\P639KZ0O\nauj_20070613_1[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:44:36 PM,Auto-Protect,Trojan.LowZones,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AZNZS6BD\koocwolla_20070601[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:34:39 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\hhcyxvsi.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:34:39 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\P639KZ0O\ffa_mv20070611[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:31:25 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\morhhnhv.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:31:25 PM,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KEVKMTTV\ms_s_2[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:29:00 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\vnqpgfgu.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:29:00 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KEVKMTTV\nauj_20070613_1[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 7:06:34 PM,Auto-Protect,WinFixer,Fully removed,File,2007.06.14.017,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HPQYB2WS\WinAntiVirusPro2007FreeInstall[1].cab,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Fully removed"
6/14/2007 6:50:43 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7HA7174D\ffa_mv20070611[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 6:50:43 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\drvvshjn.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 6:47:32 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EK2KV7RD\nauj_20070613_1[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 6:47:32 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\onaplque.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 6:41:32 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\hdegatay.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 6:41:31 PM,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2FG17EHJ\ms_s_2[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 6:38:41 PM,Auto-Protect,Trojan.LowZones,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7HA7174D\koocwolla_20070601[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 6:31:04 PM,Auto-Protect,Trojan.LowZones,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EK2KV7RD\koocwolla_20070601[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 6:31:03 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\twjnaucs.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 6:31:03 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7HA7174D\ffa_mv20070611[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 6:28:16 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HPQYB2WS\nauj_20070613_1[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 6:28:16 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\qooxmdgg.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 6:28:15 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\fpcnooeg.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 6:28:09 PM,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2FG17EHJ\ms_s_2[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 5:44:57 PM,Virus scanner,SpyCrush,Fully removed,File,2007.06.14.017,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: ,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Fully removed"
6/14/2007 4:56:43 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\ejfpbfyv.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 4:56:43 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2FG17EHJ\nauj_20070613_1[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 4:56:43 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\nwhtlrax.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 4:56:43 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HPQYB2WS\ffa_mv20070611[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 4:53:49 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\ghinwexu.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 4:53:49 PM,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HPQYB2WS\ms_s_2[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 4:50:50 PM,Auto-Protect,Trojan.LowZones,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HPQYB2WS\koocwolla_20070601[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 4:02:43 PM,Auto-Protect,WinFixer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2FG17EHJ\WinAntiSpyware2007FreeInstall[1].cab,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Blocked"
6/14/2007 4:01:16 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\myasbjii.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 4:01:16 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HPQYB2WS\ffa_mv20070611[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 4:01:09 PM,Auto-Protect,Trojan.LowZones,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HPQYB2WS\koocwolla_20070601[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 3:58:13 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\ujnbvvdn.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 3:58:13 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2FG17EHJ\nauj_20070613_1[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 3:55:19 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\tjxiafif.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 3:55:18 PM,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HPQYB2WS\ms_s_2[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 3:52:54 PM,Auto-Protect,SpyCrush,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Program Files\SpyCrush 3.2\uninst.exe,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Blocked"
6/14/2007 3:52:52 PM,Auto-Protect,SpyCrush,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Program Files\SpyCrush 3.2\SpyCrush 3.2.exe,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Blocked"
6/14/2007 3:44:31 PM,Auto-Protect,DriveCleaner,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HPQYB2WS\installdrivecleanerstart[1].cab,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Blocked"
6/14/2007 3:44:30 PM,Auto-Protect,DriveCleaner,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HPQYB2WS\installdrivecleanerstart[1].cab,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Blocked"
6/14/2007 3:39:52 PM,Auto-Protect,Trojan.LowZones,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7HA7174D\koocwolla_20070601[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 3:39:52 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\xjyncfnw.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 3:39:51 PM,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HPQYB2WS\ms_s_2[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 3:36:52 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2FG17EHJ\ffa_mv20070611[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 3:36:52 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\gcosvweu.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 3:33:52 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HPQYB2WS\nauj_20070613_1[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 3:33:51 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\xwgnlxml.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 3:06:16 PM,Auto-Protect,WinFixer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HPQYB2WS\WinAntiVirusPro2007FreeInstall[1].cab,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Blocked"
6/14/2007 3:04:46 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\gbjakgap.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 3:04:46 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2FG17EHJ\nauj_20070613_1[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 3:01:45 PM,Auto-Protect,Trojan.LowZones,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EK2KV7RD\koocwolla_20070601[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 2:58:48 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\odeonltk.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 2:58:48 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HPQYB2WS\ffa_mv20070611[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/14/2007 2:56:08 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7HA7174D\ms_s_2[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/13/2007 10:15:55 PM,Auto-Protect,WinFixer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2FG17EHJ\WinAntiSpyware2007FreeInstall[1].cab,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Blocked"
6/13/2007 4:15:20 PM,Auto-Protect,WinFixer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E0DMY69O\WinAntiSpyware2007FreeInstall[1].cab,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Blocked"
6/13/2007 4:02:16 PM,Virus scanner,Trojan Horse,Removal failed,File,2007.06.13.022,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: [keygen.exe] inside of [c:\documents and settings\owner\local settings\temp\rar$dr13.906\rebuilt.vng-w40k.rar],Risk category: Virus,Overall Risk Impact: High,Action taken: Removal failed"
6/13/2007 4:02:16 PM,Virus scanner,Trojan Horse,Removal failed,File,2007.06.13.022,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: [keygen.exe] inside of [c:\documents and settings\owner\local settings\temp\rar$dr13.906\rebuilt.vng-w40k.rar],Risk category: Virus,Overall Risk Impact: High,Action taken: Removal failed"
6/13/2007 3:51:49 PM,Auto-Protect,WinFixer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E0DMY69O\WinAntiVirusPro2007FreeInstall[1].cab,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Blocked"
6/13/2007 3:03:18 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\pjjssmjv.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/13/2007 3:03:18 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\T0LLVIM6\ffa_mv20070611[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/13/2007 3:00:20 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\wkiyligd.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/13/2007 3:00:19 PM,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6JNM35KF\ms_s_2[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/13/2007 2:57:16 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RTT3OKU7\nauj_20070613_1[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/13/2007 2:57:16 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\bejidqyj.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/13/2007 2:54:45 PM,Auto-Protect,Trojan.LowZones,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KB6JW5KW\koocwolla_20070601[1],Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:44:32 PM,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\win35.tmp,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
6/12/2007 4:44:32 PM,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1JR1T9OC\xc42[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
6/12/2007 4:43:57 PM,Auto-Protect,Downloader,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Desktop\install.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:43:56 PM,Auto-Protect,Downloader,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Desktop\keygen.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:42:55 PM,Auto-Protect,Downloader,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\win33.tmp,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:42:55 PM,Auto-Protect,Downloader,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QG0H0IQH\xzc37[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:42:53 PM,Auto-Protect,Downloader.Trojan,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TU5DG52C\xc36[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:42:44 PM,Auto-Protect,Trojan.Nebuler,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5VYHSA5C\xc29[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:42:38 PM,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HU7Y10KC\anti4[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:42:30 PM,Auto-Protect,Downloader,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E0DMY69O\xc23[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:42:28 PM,Auto-Protect,Infostealer.Ldpinch,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FEXNY4D8\xc60[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:42:24 PM,Auto-Protect,Downloader,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Desktop\install.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:42:24 PM,Auto-Protect,Downloader,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Desktop\keygen.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:36:55 PM,Auto-Protect,Trojan Horse,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DI16.781\keygen.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:36:49 PM,Auto-Protect,Trojan Horse,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR13.906\keygen.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:36:25 PM,Auto-Protect,Trojan Horse,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR13.906\keygen.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:34:33 PM,Auto-Protect,Trojan Horse,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\My Documents\keygen.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:34:24 PM,Auto-Protect,Trojan Horse,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX01.531\keygen.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
6/12/2007 4:34:10 PM,Auto-Protect,Trojan Horse,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX00.016\keygen.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
5/6/2007 5:00:30 PM,Auto-Protect,Trojan Horse,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Incomplete\T-233472-Anno 1602 Creation of New World.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
5/6/2007 5:00:14 PM,Auto-Protect,Trojan Horse,Blocked,File,N/A,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Incomplete\T-233472-Anno 1602 Rip.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
5/6/2007 9:21:18 AM,Virus scanner,Trojan.Dropper,Fully removed,File,2007.05.05.017,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: [moo.dll] inside of [c:\documents and settings\owner\my documents\downloads\polarisv205c.zip],Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
5/6/2007 9:21:18 AM,Virus scanner,Trojan.Dropper,Fully removed,File,2007.05.05.017,10.0.3.3,SYSTEM,OWNER-E68F4BE52,"Source: [moo.dll] inside of [c:\documents and settings\owner\my documents\downloads\polarisv205c.zip],Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
2/19/2007 1:13:34 PM,Auto-Protect,Adware.ZangoSearch,Removal not attempted,File,2007.02.18.016,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Incomplete\Preview-T-1771275-05 Track 5 (song).wma,Risk category: Adware,Overall Risk Impact: Low,Action taken: Removal not attempted"
2/19/2007 1:13:34 PM,Auto-Protect,Adware.ZangoSearch,Removal not attempted,File,2007.02.18.016,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Incomplete\T-1771275-05 Track 5 (song).wma,Risk category: Adware,Overall Risk Impact: Low,Action taken: Removal not attempted"
1/15/2007 9:19:45 AM,Virus scanner,Tracking Cookie,Excluded,File,2007.01.14.008,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: ,Risk category: Cookie,Overall Risk Impact: Low,Action taken: Excluded"
1/14/2007 11:43:05 AM,Virus scanner,Tracking Cookie,Fully removed,File,2007.01.13.017,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: ,Risk category: Cookie,Overall Risk Impact: Low,Action taken: Fully removed"
1/5/2007 10:07:56 PM,Virus scanner,Tracking Cookie,Fully removed,File,2007.01.05.018,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: ,Risk category: Cookie,Overall Risk Impact: Low,Action taken: Fully removed"
1/2/2007 7:14:06 PM,Auto-Protect,Backdoor.Trojan,Blocked,File,N/A,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX04.515\spee.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
1/2/2007 7:14:06 PM,Auto-Protect,Trojan Horse,Blocked,File,N/A,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX04.515\dtr.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
1/2/2007 7:13:27 PM,Auto-Protect,Backdoor.Trojan,Blocked,File,N/A,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX00.469\spee.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
1/2/2007 7:13:27 PM,Auto-Protect,Trojan Horse,Blocked,File,N/A,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX00.469\dtr.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
12/29/2006 11:14:06 PM,Virus scanner,Trojan Horse,Removal failed,File,2006.12.29.017,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: [ccgzh104.exe] inside of [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\b4hznfe1\shaikh_ccgzh104[1].rar],Risk category: Virus,Overall Risk Impact: High,Action taken: Removal failed"
12/29/2006 11:14:05 PM,Virus scanner,Tracking Cookie,Fully removed,File,2006.12.29.017,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: ,Risk category: Cookie,Overall Risk Impact: Low,Action taken: Fully removed"
12/27/2006 3:06:18 PM,Auto-Protect,Trojan Horse,Blocked,File,N/A,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\My Documents\Downloads\shaikh_ccgzh104\ccgzh104.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
12/27/2006 3:05:54 PM,Auto-Protect,Trojan Horse,Blocked,File,N/A,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX00.687\shaikh_ccgzh104\ccgzh104.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
12/26/2006 5:51:54 PM,Virus scanner,Tracking Cookie,Fully removed,File,2006.12.26.017,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: ,Risk category: Cookie,Overall Risk Impact: Low,Action taken: Fully removed"
12/26/2006 10:00:52 AM,Virus scanner,Tracking Cookie,Removal not attempted,File,2006.12.25.006,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: ,Risk category: Cookie,Overall Risk Impact: Low,Action taken: Removal not attempted"
12/22/2006 9:06:35 PM,Virus scanner,Tracking Cookie,Removal not attempted,File,2006.12.22.009,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: ,Risk category: Cookie,Overall Risk Impact: Low,Action taken: Removal not attempted"
12/8/2006 9:25:37 PM,Virus scanner,Tracking Cookie,Removal not attempted,File,2006.12.08.017,10.0.0.86,SYSTEM,OWNER-E68F4BE52,"Source: ,Risk category: Cookie,Overall Risk Impact: Low,Action taken: Removal not attempted"

This post has been edited by Spartan2090: Jun 15 2007, 08:10 PM
Go to the top of the page
 
+Quote Post
miekiemoes
post Jun 16 2007, 12:05 AM
Post #2


Malware Expert
Group Icon
Posts: 5,196
From: Belgium
OS: XP Home, XP Pro, Vista
Hello,

First of all, you didn't unzip/extract hijackthis.. and it's still in the tempfolder.
So I strongly advise to unzip/extract hijackthis.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Create a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.
How do you make a permanent folder:

Click My Computer, then C:\ and then on Program Files.
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.

Then, * Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
Go to the top of the page
 
+Quote Post
Spartan2090
post Jun 16 2007, 12:42 PM
Post #3


New Member
*
Posts: 9
From: Washington State USA
OS: Window XP SP2
Thank you so much for your help. I will give you only log files that you ask for.

__________________________________________________________________

Logfile of
HijackThis v1.99.1
Scan saved at 11:41:11 AM, on 6/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Tor\tor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files\Tor\tor.exe" --nt-service -f "C:\Documents and Settings\Owner\Application Data\Vidalia\torrc" ControlPort 9051 (file missing)


*___________________________________________________________________________________________*

ComboFix 07-06-13.3 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-16 11:28:36 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\winxtx32.dll
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.bak2
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\ddeeg.tmp
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.bak2
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\ddeeg.tmp
C:\WINDOWS\system32\geedd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 )))))))))))))))))))))))))))))))


2007-06-16 11:28 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-14 19:37 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-06-14 19:37 126,016 --a------ C:\WINDOWS\system32\xtakmbdu.dll
2007-06-14 18:52 <DIR> d-------- C:\Program Files\Advanced Spyware Remover
2007-06-14 16:53 126,016 --a------ C:\WINDOWS\system32\sowxvdew.dll
2007-06-14 15:20 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-14 15:17 <DIR> d-------- C:\WINDOWS\pss
2007-06-14 15:01 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-13 14:56 56,832 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\ctqbgngx.exe
2007-06-12 16:47 <DIR> d-------- C:\Program Files\THQ
2007-06-12 16:44 24,643 --a------ C:\WINDOWS\system32\ssqqrst.dll
2007-06-12 16:42 24,643 --a------ C:\WINDOWS\system32\tuvvspo.dll
2007-05-31 22:01 77,824 --a------ C:\WINDOWS\system32\nmapwin.exe
2007-05-31 22:01 561,179 --a------ C:\WINDOWS\system32\dao360.dll
2007-05-31 22:01 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-05-31 22:01 452,096 --a------ C:\WINDOWS\system32\nmap.exe
2007-05-31 22:01 299,008 --a------ C:\WINDOWS\system32\MSDBRPTR.DLL
2007-05-31 22:01 290,816 --a------ C:\WINDOWS\system32\nmapserv.exe
2007-05-31 22:01 192 --a------ C:\WINDOWS\system32\nmap_performance.reg
2007-05-31 22:01 137,216 --a------ C:\WINDOWS\system32\MSDERUN.DLL
2007-05-31 22:01 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-05-31 22:01 114,688 --a------ C:\WINDOWS\system32\CCGNU32.dll
2007-05-31 22:01 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-05-31 22:01 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2007-05-31 22:01 <DIR> d-------- C:\Program Files\Net Tools
2007-05-29 05:32 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\tor
2007-05-28 22:45 <DIR> d-------- C:\Program Files\Vidalia
2007-05-28 22:45 <DIR> d-------- C:\Program Files\Torbutton
2007-05-28 22:45 <DIR> d-------- C:\Program Files\Privoxy
2007-05-28 22:45 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Vidalia
2007-05-28 22:44 <DIR> d-------- C:\Program Files\Tor
2007-05-28 22:44 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Tor
2007-05-26 23:54 1,156 -ra------ C:\WINDOWS\mozver.dat
2007-05-26 12:55 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Talkback
2007-05-26 12:50 <DIR> d-------- C:\Program Files\DivX
2007-05-18 19:40 <DIR> d-------- C:\Program Files\TSO
2007-05-18 16:06 <DIR> d-------- C:\Program Files\Shiny


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-16 17:45:56 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-16 05:11:09 -------- d-----w C:\Program Files\Warcraft III
2007-06-15 00:58:22 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\OpenOffice.org2
2007-06-14 22:52:24 8,192 --s-a-w C:\WINDOWS\system32\xikor.dll
2007-06-13 03:20:12 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-13 01:38:01 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-12 23:26:20 -------- d-----w C:\Program Files\EA GAMES
2007-06-12 03:24:05 -------- d-----w C:\Program Files\LimeWire
2007-06-12 01:35:12 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\U3
2007-06-11 00:54:59 6,784 ----a-w C:\WINDOWS\system32\drivers\scsk4.sys
2007-06-09 23:58:35 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-06-09 23:58:29 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-06-07 00:23:01 -------- d-----w C:\Program Files\WarRock
2007-06-04 04:17:40 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-06-04 01:23:26 -------- d-----w C:\Program Files\AIM6
2007-06-04 01:23:20 -------- d-----w C:\Program Files\Viewpoint
2007-06-03 20:45:07 -------- d-----w C:\Program Files\World of Warcraft
2007-06-02 16:30:28 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\teamspeak2
2007-05-28 22:13:56 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Xfire
2007-05-28 14:13:39 -------- d-s---w C:\Program Files\Xfire
2007-05-27 01:31:52 729,088 -c--a-r C:\WINDOWS\iun6002.exe
2007-05-26 22:56:33 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\IGN_DLM
2007-05-24 01:37:36 2,108 ----a-r C:\WINDOWS\eReg.dat
2007-05-20 20:15:37 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\BitTorrent
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 22:27:25 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\scar5
2007-05-12 22:27:19 -------- d-----w C:\Program Files\scar5
2007-05-12 22:16:44 -------- d-----w C:\Program Files\CCleaner
2007-05-12 21:21:38 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-05-07 23:53:08 -------- d-----w C:\Program Files\ANNO 1602 - Gold Edition
2007-05-07 04:21:55 -------- d-----w C:\Program Files\D-Tools
2007-05-04 00:48:38 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\yahoo!
2007-05-04 00:48:29 -------- d-----w C:\Program Files\Yahoo!
2007-04-29 21:14:35 -------- d-----w C:\Program Files\Diablo II
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-22 00:21:27 -------- d-----w C:\Program Files\MySpace
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-02 00:31:40 76,549 ----a-r C:\WINDOWS\War3Unin.dat
2007-04-01 16:28:22 21,840 -c--atw C:\WINDOWS\system32\SIntfNT.dll
2007-04-01 16:28:22 17,212 -c--atw C:\WINDOWS\system32\SIntf32.dll
2007-04-01 16:28:22 12,067 -c--atw C:\WINDOWS\system32\SIntf16.dll
2007-04-01 15:26:05 2,829 ----a-r C:\WINDOWS\War3Unin.pif
2007-04-01 15:26:05 139,264 ----a-r C:\WINDOWS\War3Unin.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38