Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Popups and IE problems and Stalling WinXP


  • Please log in to reply

#1
subinutah

subinutah

    New Member

  • Member
  • Pip
  • 3 posts
As soon as I navigate away from my email I get so many pop-ups i can't do anything. It took over an hour to download the Hijackthis program and get here to request help. I am so frustrated. I tried to follow some of the other threads, but I think I'm a touch stupid, cause I got lost (and nothing helped).

I did the whole smitfraud thing, and it didn't find anything. I downloaded avast and have done full scans in and out of safe mode. I tried to download some of the other programs you list but IE stops working right after the first pop up and links don't work and downloads won't function. The only way I got the HJThis program to work is by rebooting and clicking before the 1st pop-up.

Once I get pop-ups I can't right click anything, ctrl-alt-delete doesn't work until all pip-ups are closed and i can't even click the start button to restart or log-off.

I tried stopzilla, but I guess it costs money, which i don't have. It said I have zlog and mulovia or something like that.

I will do anything - please help!!

Here's my hijack log
Logfile of HijackThis v1.99.1
Scan saved at 9:56:23 AM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\AWS\WEATHE~1\Weather.exe
D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5bcc8523-2a01-4150-9f86-dbcb41782317} - D:\WINDOWS\system32\c_1ify.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - D:\WINDOWS\system32\tmp25.tmp.dll
O3 - Toolbar: BeInSync - {4F2530BA-8C1D-4A6A-8BA0-74E93ADC9B12} - D:\PROGRA~1\BeInSync\BISShellEx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "D:\WINDOWS\ssrpqo.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BeInSync] "D:\Program Files\BeInSync\BeInSync.exe" /NOGUI
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Weather] D:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: BeInSync - {EE84A04D-8992-4b19-970F-6EA7A01F7331} - D:\PROGRA~1\BeInSync\BISShellEx.dll
O9 - Extra 'Tools' menuitem: BeInSync - {EE84A04D-8992-4b19-970F-6EA7A01F7331} - D:\PROGRA~1\BeInSync\BISShellEx.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175715428718
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.game...itched/main.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: c_1ify - D:\WINDOWS\SYSTEM32\c_1ify.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe

thanks !!!!!
Kimberly
  • 0

Advertisements


#2
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Download Combofix by sUBs from here and save it to your Desktop.
  • Double click combo.exe to run it and follow the prompts.
  • When the tool has finished, it will produce a log C:\ComboFix.txt - copy and paste it into your next reply.
  • Post a fresh HJT log as well.
  • Let me know how the PC is behaving.
Please Note:
  • Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash.
  • Disable Script Blocking if you have NAV installed as it will interfere with the normal working of this tool.
  • Trojan Hunter has been reported to detect this tool as Worm.Qiv.100 - please ignore this, it's a false-positive.
Also, run HJT and click on Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.

  • 0

#3
subinutah

subinutah

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
thank you for your help!!!

here's the combofix log

"Kimberly Mulder" - 2007-06-07 15:26:21 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "D:\Documents and Settings\Kimberly Mulder\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\ddbxvv.dll
D:\WINDOWS\efdbay.dll
D:\WINDOWS\fccbcb.dll
D:\WINDOWS\hgdebb.dll
D:\WINDOWS\opqnkl.dll
D:\WINDOWS\pmkhgd.dll
D:\WINDOWS\pmklih.dll
D:\WINDOWS\qomlmn.dll
D:\WINDOWS\qopmkh.dll
D:\WINDOWS\qoppon.dll
D:\WINDOWS\rqoopm.dll
D:\WINDOWS\ssrpqo.dll
D:\WINDOWS\xxvurs.dll
D:\WINDOWS\yaxwtu.dll
D:\WINDOWS\bbedgh.ini
D:\WINDOWS\lknqpo.ini
D:\WINDOWS\mpooqr.ini
D:\WINDOWS\oqprss.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\DOCUME~1\KIMBER~1\Desktop.\internet explorer.lnk
D:\WINDOWS\system32\tmp12.tmp.dll
D:\WINDOWS\system32\tmp14.tmp.dll
D:\WINDOWS\system32\tmp19.tmp.dll
D:\WINDOWS\system32\tmp1F.tmp.dll
D:\WINDOWS\system32\tmp2.tmp.dll
D:\WINDOWS\system32\tmp25.tmp.dll
D:\WINDOWS\system32\tmp2D.tmp.dll
D:\WINDOWS\system32\tmp3.tmp.dll
D:\WINDOWS\system32\tmp4.tmp.dll
D:\WINDOWS\system32\tmp6.tmp.dll
D:\WINDOWS\system32\tmp9.tmp.dll
D:\WINDOWS\system32\tmpA.tmp.dll
D:\WINDOWS\system32\tmpB.tmp.dll
D:\WINDOWS\system32\tmpD.tmp.dll
D:\WINDOWS\system32\tmpE.tmp.dll


((((((((((((((((((((((((( Files Created from 2007-05-07 to 2007-06-07 )))))))))))))))))))))))))))))))


2007-06-07 10:23 3,968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-07 10:18 <DIR> d-------- D:\!KillBox
2007-06-07 09:53 50,970 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp25.tmp.exe
2007-06-07 09:41 252,221 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp22.tmp.exe
2007-06-07 09:41 2,560 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp23.tmp.exe
2007-06-07 09:40 50,970 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp21.tmp.exe
2007-06-07 09:21 252,221 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp1B.tmp.exe
2007-06-07 09:21 2,560 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp1C.tmp.exe
2007-06-07 09:16 50,970 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp1A.tmp.exe
2007-06-07 09:07 252,221 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp16.tmp.exe
2007-06-07 09:07 2,560 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp17.tmp.exe
2007-06-07 02:53 252,221 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp11.tmp.exe
2007-06-07 02:17 2,560 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmpF.tmp.exe
2007-06-06 01:53 50,970 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp4.tmp.exe
2007-06-05 14:26 2,560 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp8.tmp.exe
2007-06-05 14:24 252,221 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp7.tmp.exe
2007-06-05 09:32 <DIR> d-------- D:\VundoFix Backups
2007-06-05 09:27 251,682 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp15.tmp.exe
2007-06-05 09:17 <DIR> d-------- D:\WINDOWS\system32\ActiveScan
2007-06-05 09:08 786,432 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-05 08:51 1,920 --a------ D:\WINDOWS\system32\tmp.reg
2007-06-05 08:51 <DIR> d-------- D:\DOCUME~1\KIMBER~1\SmitfraudFix
2007-06-05 08:50 53,248 --a------ D:\WINDOWS\system32\Process.exe
2007-06-05 08:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2007-06-05 08:50 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2007-06-05 08:49 50,970 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp14.tmp.exe
2007-06-05 08:49 2,560 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp13.tmp.exe
2007-06-05 08:29 50,970 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp10.tmp.exe
2007-06-05 08:15 50,970 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmpD.tmp.exe
2007-06-05 03:20 50,970 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmpA.tmp.exe
2007-06-05 03:20 252,221 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmpB.tmp.exe
2007-06-05 01:41 2,560 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp9.tmp.exe
2007-06-05 01:31 2,560 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp6.tmp.exe
2007-06-04 17:17 252,177 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp34.tmp.exe
2007-06-04 17:17 2,560 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp35.tmp.exe
2007-06-04 16:54 2,560 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp12.tmp.exe
2007-06-04 16:52 <DIR> d-------- D:\WINDOWS\SxsCaPendDel
2007-06-03 12:16 252,221 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp5.tmp.exe
2007-06-03 02:05 2,560 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp3.tmp.exe
2007-06-02 23:08 252,221 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmp2.tmp.exe
2007-06-02 22:11 95,872 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-06-02 22:11 94,552 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-02 22:11 85,952 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-06-02 22:11 43,176 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-02 22:11 26,888 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-02 22:11 23,416 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-02 22:10 745,600 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-06-02 22:10 499,712 --a------ D:\WINDOWS\system32\MSVCP71.dll
2007-06-02 22:10 <DIR> d-------- D:\Program Files\Alwil Software
2007-06-02 21:40 50,970 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmpE.tmp.exe
2007-06-02 21:37 2,560 --a------ D:\DOCUME~1\KIMBER~1\APPLIC~1\tmpC.tmp.exe
2007-06-02 19:32 <DIR> d-------- D:\Program Files\STOPzilla!
2007-06-02 19:32 <DIR> d-------- D:\Program Files\Common Files\iS3
2007-06-02 19:32 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-05-31 13:39 47,988 --a------ D:\WINDOWS\system32\ddaba.exe
2007-05-31 13:39 37,500 --a------ D:\WINDOWS\system32\c_1ify.dll
2007-05-31 13:34 8,443 --a------ D:\WINDOWS\system32\pmnlkij.dll
2007-05-30 14:45 <DIR> d-------- D:\DOCUME~1\KIMBER~1\Shared
2007-05-30 14:45 <DIR> d-------- D:\DOCUME~1\KIMBER~1\Incomplete
2007-05-30 14:45 <DIR> d-------- D:\DOCUME~1\KIMBER~1\APPLIC~1\LimeWire
2007-05-30 14:39 <DIR> d-------- D:\Program Files\LimeWire
2007-05-17 19:38 182,272 --a------ D:\WINDOWS\patchw32.dll
2007-05-17 19:38 <DIR> d-------- D:\Program Files\Ubi Soft Games
2007-05-17 19:38 <DIR> d-------- D:\Program Files\Common Files\PocketSoft
2007-05-17 19:34 0 --a------ D:\WINDOWS\PowerReg.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-07 16:26:56 -------- d-----r D:\DOCUME~1\KIMBER~1\APPLIC~1\BeInSync Settings
2007-06-07 07:45:53 -------- d-----w D:\Program Files\sSa_Opper
2007-06-03 04:00:59 -------- d-----w D:\DOCUME~1\KIMBER~1\APPLIC~1\WeatherBug
2007-06-03 03:57:16 -------- d-----w D:\Program Files\McAfee
2007-05-18 22:34:49 11,973 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-05-18 22:33:29 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-05-18 19:59:03 -------- d-----w D:\Program Files\Common Files\InstallShield
2007-05-06 23:57:59 -------- d-----w D:\Program Files\Glidden
2007-05-06 23:56:01 724,992 ----a-w D:\WINDOWS\iun6002.exe
2007-05-06 19:11:58 -------- d-----w D:\Program Files\BeInSync
2007-05-01 23:57:33 -------- d-----w D:\Program Files\Common Files\Adobe Systems Shared
2007-05-01 23:54:29 20,640 ------w D:\WINDOWS\system32\drivers\PxHelp20.sys
2007-05-01 23:54:29 108,544 ------w D:\WINDOWS\system32\pxcpyi64.exe
2007-05-01 23:54:28 109,568 ------w D:\WINDOWS\system32\pxinsi64.exe
2007-05-01 21:13:29 -------- d-----w D:\DOCUME~1\KIMBER~1\APPLIC~1\Kazaa Lite
2007-05-01 18:32:43 106,496 ----a-w D:\WINDOWS\rtpmsi32.dll
2007-04-23 23:52:38 664 ----a-w D:\WINDOWS\system32\d3d9caps.dat
2007-04-23 21:20:38 -------- d-----w D:\DOCUME~1\KIMBER~1\APPLIC~1\Apple Computer
2007-04-23 21:20:32 -------- d-----w D:\Program Files\iTunes
2007-04-23 21:20:26 -------- d-----w D:\Program Files\iPod
2007-04-23 01:59:28 -------- d-----w D:\DOCUME~1\KIMBER~1\APPLIC~1\Microsoft Web Folders
2007-04-23 01:59:16 -------- d-----w D:\Program Files\microsoft frontpage
2007-04-22 23:01:43 -------- d-----w D:\Program Files\QuickTime
2007-04-22 04:54:29 -------- d-----w D:\Program Files\Apple Software Update
2007-04-21 21:37:06 -------- d--h--w D:\DOCUME~1\KIMBER~1\APPLIC~1\Move Networks
2007-04-18 19:29:41 -------- d-----w D:\Program Files\AWS
2007-04-18 16:12:23 2,854,400 ----a-w D:\WINDOWS\system32\msi.dll
2007-04-17 04:47:36 33,624 ----a-w D:\WINDOWS\system32\wups.dll
2007-04-17 04:45:54 1,710,936 ----a-w D:\WINDOWS\system32\wuaueng.dll
2007-04-17 04:45:48 549,720 ----a-w D:\WINDOWS\system32\wuapi.dll
2007-04-17 04:45:42 325,976 ----a-w D:\WINDOWS\system32\wucltui.dll
2007-04-17 04:45:36 203,096 ----a-w D:\WINDOWS\system32\wuweb.dll
2007-04-17 04:45:28 92,504 ----a-w D:\WINDOWS\system32\cdm.dll
2007-04-17 04:45:20 53,080 ----a-w D:\WINDOWS\system32\wuauclt.exe
2007-04-17 04:45:20 43,352 ----a-w D:\WINDOWS\system32\wups2.dll
2007-04-17 04:44:20 271,224 ----a-w D:\WINDOWS\system32\mucltui.dll
2007-04-17 04:44:18 208,248 ----a-w D:\WINDOWS\system32\muweb.dll
2007-04-15 20:05:04 -------- d-----w D:\Program Files\Yahoo!
2007-04-15 18:25:22 1,131 ----a-w D:\WINDOWS\unins000.dat
2007-04-14 19:21:12 -------- d-----w D:\DOCUME~1\KIMBER~1\APPLIC~1\Help
2007-04-04 21:35:38 270,336 ----a-w D:\WINDOWS\system32\msvcp71c.dll
2007-04-04 18:42:55 21,640 ----a-w D:\WINDOWS\system32\emptyregdb.dat
2007-03-23 12:07:56 1,683,280 ------w D:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 12:07:54 583,504 ------w D:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 02:25:02 124,928 ------w D:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w D:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w D:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w D:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w D:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w D:\WINDOWS\system32\win32k.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=D:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 15:29]
{5bcc8523-2a01-4150-9f86-dbcb41782317}=D:\WINDOWS\system32\c_1ify.dll [2007-05-31 13:39]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=d:\program files\google\googletoolbar1.dll [2007-04-04 15:28]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 D:\WINDOWS\soundman.exe]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 09:42]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 06:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"BeInSync"="D:\Program Files\BeInSync\BeInSync.exe" [2006-12-14 09:55]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 15:27]
"Weather"="D:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [2006-04-07 15:02]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{561F5138-43B1-45D9-AEC9-478C51C1BD09}"="D:\PROGRA~1\BeInSync\BISShellEx.dll" [2006-12-14 09:58]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 08:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c_1ify]
c_1ify.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

*Newly Created Service* - AVGASCLN

Contents of the 'Scheduled Tasks' folder
2007-06-02 15:18:00 D:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-07 15:33:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-07 15:34:20 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-06-07 15:34

--- E O F ---

And the new HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 3:37:12 PM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\AWS\WEATHE~1\Weather.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5bcc8523-2a01-4150-9f86-dbcb41782317} - D:\WINDOWS\system32\c_1ify.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: BeInSync - {4F2530BA-8C1D-4A6A-8BA0-74E93ADC9B12} - D:\PROGRA~1\BeInSync\BISShellEx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BeInSync] "D:\Program Files\BeInSync\BeInSync.exe" /NOGUI
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Weather] D:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\WINDOWS\system32\c_1ify.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: BeInSync - {EE84A04D-8992-4b19-970F-6EA7A01F7331} - D:\PROGRA~1\BeInSync\BISShellEx.dll
O9 - Extra 'Tools' menuitem: BeInSync - {EE84A04D-8992-4b19-970F-6EA7A01F7331} - D:\PROGRA~1\BeInSync\BISShellEx.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175715428718
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.game...itched/main.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: c_1ify - D:\WINDOWS\SYSTEM32\c_1ify.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe

AND the uninstall list

Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Help Center 2.1
Adobe Photoshop 7.0
Adobe Photoshop Elements 5.0
Adobe Reader 8
Apple Software Update
ATI Display Driver
avast! Antivirus
AVG Anti-Spyware 7.5
BeInSync
C-Media 3D Audio
[email protected]
Conflict Zone
Game Service 4
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
Java™ SE Runtime Environment 6 Update 1
LimeWire 4.13.6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Standard
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
Move Networks Player for Internet Explorer
MSXML 6.0 Parser (KB927977)
PiraMod_20003.17
QuickTime
Realtek AC'97 Audio
Rome - Total War™
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
URGE
Ventrilo Client
VIA Rhine-Family Fast-Ethernet Adapter
WeatherBug
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool

AND in 15 minutes NO POPUPS!!!! My but you're wonderful!!!!! THANK you
  • 0

#4
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
You managed to pick up a fair amount of slime there, so i'd like you to run an online scan to see that it's all gone.

First, pay a visit to D:\DOCUME~1\KIMBER~1\APPLIC~1 and delete any of these that you find: tmp**.tmp.exe
* The tilde(~) in either a file or folder name indicates that this name is longer than six characters and these have been replaced by the tilde for brevity. E.G. C:\DOCUME~1 = C:\Documents and Settings
The first file, or folder, that uses these particular six letters gets the suffix ~1, the next ~2 and so on.
The above is probably the Application Data folder, which means you'll need to set Windows to show hidden folders and stuff - see a bit lower down for that, if you need it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download ATF Cleaner by Atribune from here and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You have an entry in your log that points to a file on your PC that I would like to have checked - if it is still present.

Please go to Jotti's and click on the Browse... button at the top and navigate to the following file and then click on Submit:

D:\WINDOWS\system32\c_1ify.dll

When all the scans have been completed, please copy and paste the results into your next reply.

If this site is busy, try VirusTotal: Click the Browse ... button at the top, navigate to the file and double click it and then click the Send button.

You may need to set Windows to show All Hidden Files and Folders - Instructions can be found here.
* These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after you have done.
*

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Go here and click the Kaspersky Online Scanner button.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • 0

#5
subinutah

subinutah

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you!

I did the following

delete any of these that you find: tmp**.tmp.exe
ATF-Cleaner.exe

and here's the results for the VirusTotal scan

Antivirus Version Update Result
AhnLab-V3 2007.6.9.0 06.08.2007 no virus found
AntiVir 7.4.0.32 06.09.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 06.09.2007 no virus found
AVG 7.5.0.467 06.09.2007 no virus found
BitDefender 7.2 06.10.2007 no virus found
CAT-QuickHeal 9.00 06.09.2007 no virus found
ClamAV devel-20070416 06.09.2007 no virus found
DrWeb 4.33 06.09.2007 no virus found
eSafe 7.0.15.0 06.06.2007 no virus found
eTrust-Vet 30.7.3707 06.09.2007 no virus found
Ewido 4.0 06.09.2007 no virus found
FileAdvisor 1 06.10.2007 no virus found
Fortinet 2.85.0.0 06.10.2007 suspicious
F-Prot 4.3.2.48 06.08.2007 no virus found
F-Secure 6.70.13030.0 06.08.2007 no virus found
Ikarus T3.1.1.8 06.09.2007 AdWare.Win32.Virtumonde.ke
Kaspersky 4.0.2.24 06.10.2007 no virus found
McAfee 5049 06.08.2007 no virus found
Microsoft 1.2503 06.10.2007 no virus found
NOD32v2 2320 06.09.2007 no virus found
Norman 5.80.02 06.08.2007 no virus found
Panda 9.0.0.4 06.09.2007 Spyware/DuncanMonitor
Prevx1 V2 06.10.2007 no virus found
Sophos 4.18.0 06.01.2007 no virus found
Sunbelt 2.2.907.0 06.09.2007 VIPRE.Suspicious
Symantec 10 06.10.2007 no virus found
TheHacker 6.1.6.131 06.08.2007 no virus found
VBA32 3.12.0 06.07.2007 AdWare.Win32.Virtumonde.ke
VirusBuster 4.3.23:9 06.09.2007 no virus found
Webwasher-Gateway 6.0.1 06.09.2007 Win32.Malware.gen (suspicious)


and here's the report for kapersky

Saturday, June 09, 2007 7:57:57 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 10/06/2007
Kaspersky Anti-Virus database records: 341811


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Folders
D:\

Scan Statistics
Total number of scanned objects 50124
Number of viruses found 9
Number of infected objects 97
Number of suspicious objects 0
Duration of the scan process 00:43:08

Infected Object Name Virus Name Last Action
D:\Documents and Settings\Kimberly Mulder\Cookies\index.dat Object is locked skipped

D:\Documents and Settings\Kimberly Mulder\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

D:\Documents and Settings\Kimberly Mulder\Desktop\SmitfraudFix\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

D:\Documents and Settings\Kimberly Mulder\Desktop\SmitfraudFix\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

D:\Documents and Settings\Kimberly Mulder\Desktop\SmitfraudFix\SmitfraudFix.exe RarSFX: infected - 2 skipped

D:\Documents and Settings\Kimberly Mulder\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped

D:\Documents and Settings\Kimberly Mulder\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped

D:\Documents and Settings\Kimberly Mulder\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

D:\Documents and Settings\Kimberly Mulder\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

D:\Documents and Settings\Kimberly Mulder\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

D:\Documents and Settings\Kimberly Mulder\Local Settings\History\History.IE5\index.dat Object is locked skipped

D:\Documents and Settings\Kimberly Mulder\Local Settings\History\History.IE5\MSHist012007060920070610\index.dat Object is locked skipped

D:\Documents and Settings\Kimberly Mulder\Local Settings\Temp\Perflib_Perfdata_9a0.dat Object is locked skipped

D:\Documents and Settings\Kimberly Mulder\Local Settings\Temp\~DF802C.tmp Object is locked skipped

D:\Documents and Settings\Kimberly Mulder\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

D:\Documents and Settings\Kimberly Mulder\NTUSER.DAT Object is locked skipped

D:\Documents and Settings\Kimberly Mulder\NTUSER.DAT.LOG Object is locked skipped

D:\Documents and Settings\Kimberly Mulder\Shared\(CDZ) adobe photoshop elements 5.0 (full) (2)\Setup.exe Infected: Trojan-Dropper.Win32.Mudrop.du skipped

D:\Documents and Settings\Kimberly Mulder\Shared\(CDZ) adobe photoshop elements 5.0 (full) (2).zip/Setup.exe Infected: Trojan-Dropper.Win32.Mudrop.du skipped

D:\Documents and Settings\Kimberly Mulder\Shared\(CDZ) adobe photoshop elements 5.0 (full) (2).zip ZIP: infected - 1 skipped

D:\Documents and Settings\Kimberly Mulder\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

D:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

D:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

D:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

D:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

D:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

D:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

D:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

D:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

D:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

D:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

D:\Program Files\sSa_Opper\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

D:\Program Files\Yahoo!\Messenger\logs\billing_Kimberly Mulder.log Object is locked skipped

D:\Program Files\Yahoo!\Messenger\logs\client_Kimberly Mulder.log Object is locked skipped

D:\Program Files\Yahoo!\Messenger\logs\network_Kimberly Mulder.log Object is locked skipped

D:\QooBox\Quarantine\D\WINDOWS\ddbxvv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\QooBox\Quarantine\D\WINDOWS\hgdebb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\QooBox\Quarantine\D\WINDOWS\opqnkl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\QooBox\Quarantine\D\WINDOWS\pmkhgd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\QooBox\Quarantine\D\WINDOWS\qomlmn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\QooBox\Quarantine\D\WINDOWS\ssrpqo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\QooBox\Quarantine\D\WINDOWS\xxvurs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\QooBox\Quarantine\D\WINDOWS\yaxwtu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP63\A0031442.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP63\A0031443.exe Infected: Trojan.Win32.Agent.agv skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032562.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032563.exe Infected: Trojan.Win32.Agent.agv skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032569.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032570.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032572.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032574.exe Infected: Trojan.Win32.Agent.agv skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032575.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032576.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032577.exe Infected: Trojan.Win32.Agent.agv skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032578.exe Infected: Trojan.Win32.Agent.agv skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032579.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032580.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032581.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032582.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032583.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP64\A0032584.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP66\A0033919.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP66\A0033920.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP66\A0033996.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP66\A0033998.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP67\A0034999.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP67\A0035999.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP67\A0036001.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP67\A0036003.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036030.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036032.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036033.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036041.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036042.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036043.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036044.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036046.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036055.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036057.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036058.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036059.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036075.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036076.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036077.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036079.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036080.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036085.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036108.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036111.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036113.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036117.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036118.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP68\A0036119.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036236.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036237.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036238.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036239.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036240.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036241.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036242.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036243.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036244.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036246.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036247.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036248.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036249.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036250.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036251.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036252.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036254.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036255.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036256.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036257.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036258.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036259.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036260.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036261.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036262.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036263.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036264.exe Infected: Trojan.Win32.BHO.g skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036265.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\A0036266.exe Infected: Trojan.Win32.Agent.anr skipped

D:\System Volume Information\_restore{74AE5C43-0FC4-44A7-A813-C2D6E708EAC7}\RP70\change.log Object is locked skipped

D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

D:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped

D:\WINDOWS\SchedLgU.Txt Object is locked skipped

D:\WINDOWS\SoftwareDistribution\EventCache\{5E811F80-9340-4BF1-BEAB-C7437860B9F1}.bin Object is locked skipped

D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

D:\WINDOWS\Sti_Trace.log Object is locked skipped

D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

D:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

D:\WINDOWS\system32\config\default Object is locked skipped

D:\WINDOWS\system32\config\default.LOG Object is locked skipped

D:\WINDOWS\system32\config\Internet.evt Object is locked skipped

D:\WINDOWS\system32\config\SAM Object is locked skipped

D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

D:\WINDOWS\system32\config\SECURITY Object is locked skipped

D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

D:\WINDOWS\system32\config\software Object is locked skipped

D:\WINDOWS\system32\config\software.LOG Object is locked skipped

D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

D:\WINDOWS\system32\config\system Object is locked skipped

D:\WINDOWS\system32\config\system.LOG Object is locked skipped

D:\WINDOWS\system32\h323log.txt Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

D:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat Object is locked skipped

D:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

D:\WINDOWS\wiadebug.log Object is locked skipped

D:\WINDOWS\wiaservc.log Object is locked skipped

D:\WINDOWS\WindowsUpdate.log Object is locked skipped
  • 0

#6
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
The Kaspersky log got cut off, so i'll need another copy - i'd post it on it's own to avoid it happening again.
I'd also like to know how the PC is behaving.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP